Professional Documents
Culture Documents
Internal Controls and Best Practices
Internal Controls and Best Practices
and
Best Practices
Balanced Diet
Exercise
Good balance of leisure and work-mental health
(Tegen and Stinson, SACUBO April 2006)
Internal Controls 101
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
-COSO Integrated Framework Executive Summary
Internal Controls 101
The Five Interrelated Components
Control Environment
Risk Assessment
Control Activities
Control activities are the policies and procedures that help ensure
management directives are carried out. They help ensure that
necessary actions are taken to address risks to achievement
of the entity's objectives. Control activities occur throughout
the organization, at all levels and in all functions. They include
a range of activities as diverse as approvals, authorizations,
verifications, reconciliations, reviews of operating
performance, security of assets and segregation of duties.
-COSO Integrated Framework Executive Summary
Internal Controls 101
Key Components – Control Activities
Policies and Procedures
Administrative Policies and Procedures
(http://www.busfin.uga.edu/manual/)
Staff Training
Organization Charts/Job Descriptions
Performance Measures
Segregation of Duties
Preventing one individual from having virtually complete
control over a financial process.
Internal Controls 101
Key Components-Control Activities
Adequate Transaction Documentation
A record of (paper or electronic)
for Revenue
Receipt
Transfer
Deposit
for Expense
Purpose
Authorization
for Other
Delegation of Signature Authority
Monthly Account Status Report Reconciliation
Annual Property Inventory
Monitoring
Types of Controls
Preventive Controls
Forestall errors and thereby avoid the cost of correction
Discourage fraud
Detective Controls
Measure the effectiveness of preventive controls
Uncover errors and misappropriations
Provide the means to establish accountability
Internal Controls 101
Are Internal Controls Foolproof ?
Examples include:
Returned or rejected items
Overpayments
Cash Receipts Internal Controls
Objective
Ensure that all funds are timely deposited in the bank and are
properly recorded in the appropriate account.
Risks
Theft/fraud.
Mismanagement of funds.
Mis-statement of revenue and expenditures.
Noncompliance with University, BOR, State and Federal policies.
Cash Receipts Internal Controls
Contain:
A description of the documents for which authority is being conveyed.
Examples:
Vouchers.
Purchase requests.
Specimen signatures of persons to whom authority is conveyed.
Objectives
Documents are properly authorized.
Budgetary unit heads and principal investigators
understand their responsibility.
Risks
Noncompliance with federal regulations.
Noncompliance with University policies.
Misappropriation of funds/fraud.
Disallowance of costs.
Personal liability.
Signature Authority Internal Controls
Delegated faculty / staff members sign their own name and not the
dean or budgetary unit head’s name.
Procurement and Accounts Payable
Procurement
The University Procurement Office has sole responsibility for the coordination of
all University procurement activities.
Departments are authorized to make direct purchases with P-Cards and Petty
Cash.
Streamline payment procedures
Reduce the administrative burden
The budgetary unit heads have the primary responsibility for the approval of all
purchases charged against the accounts under their administration.
The responsibility for receiving and inspecting supplies and equipment rests with:
The central receiving units.
Budgetary units requesting the supplies and equipment.
Procurement and Accounts Payable
Accounts Payable
The Accounts Payable Department is responsible for:
examining all accounts, claims, and demands against
the University, and
making payment of all the University's legally incurred
obligations
Accounts Payable
The department will encumber all:
Purchase orders
Physical plant work orders
Requests for authority to travel
Procurement and Accounts Payable Internal Controls
Objectives
Expenses charged are reasonable and allowable.
Expenses are properly coded.
Unallowable charges are separately designated.
Purchase order processing is completed promptly and accurately.
Risks
Misappropriation of funds.
Loss of sponsored funding.
Disallowance of costs.
Noncompliance with federal regulations.
Delay of future funding.
Delay of delivery of goods and services.
Delay of payments to vendors.
Jeopardized relationships with vendors.
Jeopardized credit standing of the University.
Procurement and Accounts Payable Internal Controls
Administrative personnel.
Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)
Academic Payroll
Faculty with a contract code of "A" or "L“.
Compensation is earned at the rate of one-half of the contract salary for each academic
semester.
Additional payments for Maymester & summer session classes can be made.
Payroll
Salaried Biweekly
Payroll employees covered under the Fair Labor Standards Act.
The hourly rate of pay is determined by dividing the annual rate by the number of available
work hours in the fiscal year.
The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.
Hourly Biweekly
Employees covered under the Fair Labor Standards Act.
The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.
Payroll
Payroll Voucher
Time Records
Payroll
The Personnel Report is used to document:
Employment
Termination
Change in status of all personnel
Approved by:
Department heads
Deans
Vice presidents (in some cases )
Approved by:
Department heads
Approved by:
employee,
Supervisor
Risks
Noncompliance with federal/state regulations.
Civil liability/lawsuits.
Non-compliance with University policies.
Penalties/fines.
Fraud/theft.
Retroactive transactions.
Personal/employer tax liabilities.
Overpayments/unallowable costs.
Payroll Internal Controls
Audit Check List
Staff members who approve or process payroll documents do not have access to payroll checks.
Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours
worked.
Payroll vouchers are signed and approved on the last working day of the pay period.
Time cards are not returned to employees after they are approved by supervisors.
New hires are processed and paid in the appropriate pay cycle.
Examples are
Guest lecturers
Workshop leaders.
Objective
Individuals are classified correctly as either an employee or
consultant / independent contractor for tax withholding
purposes.
Risks
Noncompliance with federal regulations.
Noncompliance with University policies.
Fines and penalties.
Payments to Non-Employees Internal Controls
Travel outside of the continental limits of the United States must be approved
first by the appropriate vice president and then by the President's Office.
Charges are recorded as per diem and fees expense and not travel for non-
employees.
Risks
Improper use of University funds.
Noncompliance with Internal Revenue Service and other regulatory
authorities.
Noncompliance with granting agencies.
Excessive aging of travel advances.
Travel Internal Controls
Audit Check List
Special Purpose Petty Cash Funds are approved, utilized appropriately
and promptly returned.
In general, University accounts cannot be used to pay for the cost of University
related entertainment.
Sponsoring entities occasionally include a provision that funds may be expended
for University related entertainment.
It is important to note that expenses, personal in nature, such staff social parties
(celebrations of a birthday, marriage, birth…etc) or holiday celebrations are not
reimbursable.
Employees may be reimbursed for meals, not associated with overnight travel, if:
The meals are part of a required registration fee; or
The employees is on a work assignment more than 30 miles away from home or
headquarters).
Objectives
Reimbursements for business meals and entertainment are made only
when considered necessary and reasonable to fulfill the University’s
mission of education, research, and public service.
Risks
Non-compliance with federal regulations.
Loss of funding.
Penalties/fines.
Disallowance of costs.
Personal liability.
Impairment of reputation.
Business Meal and Entertainment Internal Controls
Audit Checklist
Entertainment costs are in compliance with the University’s policies and
procedures and sponsoring agency regulations.
The proper object codes are used when coding various entertainment
expenses.
Objectives
Revenue and expenditures are correct and reflected in the appropriate
account with the proper object/revenue codes.
Expenditures are allowable and comply with federal regulations and
University policies
The report reconciliation process is completed monthly
Department directors and PIs understand their fiscal responsibilities
Risks
Non-compliance with federal regulations and University policies
Disallowance of costs
Delay or loss of future funding
Delay in the discovery of inappropriate transactions
No budgetary control
Loss of revenue
Account Status Report Internal Controls
Audit Checklist
Revenue and expenditure transactions are reconciled monthly.
The reconciliation between source documents and the Account Status Report
would likely detect items:
On the report and not in departmental records.
In departmental records and not on the report.
The department director or PI review the monthly reports once the reconciliation
is completed
Property and Equipment
Movable personal property must be
inventoried and tracked if:
Estimated usable life of three or more years.
Acquisition cost of $3,000 or more.
Firearms.
Art objects/Antiques.
Each unit must initiate action with Property Control to remove items
Disposed,
Cannibalized,
Traded-in, or
Judged obsolete
from the department's accountable records.
Objectives
Equipment is properly identified.
Equipment is properly labeled with a tag.
Proper object codes are used.
Property Control is notified of equipment acquired other than through the
standard University procedures.
Property Control is notified of equipment lost, stolen, salvaged, or scrapped
Inventory is conducted annually.
Risks
Non-compliance with federal or state regulations.
Not identified as equipment (not in system).
No record for insurance claims or theft.
Reduced value of the inventory system (affects depreciation, which impacts the
facility and administrative [F&A] cost rates).
Value of equipment inventory overstated.
Loss of public confidence.
Property and Equipment Internal Controls
Audit Checklist
Equipment purchases are made in accordance with purchasing
guidelines, properly authorized, and recorded.
Proper equipment object codes are used for equipment with a per unit
cost of $5,000 or more and with a useful life of more than three or more
years.
Risk
Impairment of the University’s reputation.
Independent scholarly inquiry threatened.
Competition with the University’s business interests.
Impairment of the individual’s ability to perform the duties of
his/her University position.
Non-compliance with federal regulations.
Financial penalties.
Conflict of Interest Internal Controls
Audit Checklist
All faculty and staff members in the department have access
to the University’s policies regarding conflict of interest.
unauthorized access, or
unauthorized change.
Evaluations.
Monitoring.
Information Technology
Passwords – limiting unauthorized access
Objectives
University’s intellectual and electronic information is secured from
inappropriate access or destruction
Information technology is used only for appropriate business purposes
Proper and reliable backup procedures are used.
All software is properly licensed
Risks
Breach of system integrity and loss of critical data
Non-compliance with federal and state laws regarding computer and
data communications use
Destruction of critical information by unauthorized users
Violation of software licensee agreements and possible fines
Employee dismissal and legal action
Impairment of the University’s reputation
Information Technology Internal Controls
AUDIT CHECKLIST
Employees with access to computer systems have an established need for the access.
Access to the system is removed for terminated or transferred faculty, and staff, timely.
Computers located in heavily traveled public areas have a screen saver with password
activation invoked.
Computer files are backed up on a regular basis. Backup data is stored in a location away
from the originals
The department has sufficient technical support for ongoing operations to keep downtime
minimal.
The department has adequate resumption procedures for their automated systems that are
considered critical or vital to their daily operations.