Internal Controls

and
Best Practices

Robert McGee, Associate Controller

Holley Schramski, Associate Vice President and Controller
Dale Wetzelberger, Director Internal Auditing Division
Goals
Describe Basic Internal Control Objectives

Describe the Best Practice Procedures Applied in Specific Areas

 Cash Receipts
 Signature Authority
 Procurement
 Accounts Payable
 Payroll
 Independent Contractors
 Travel
 Business Meals and Entertainment
 Account Status Reports
 Property Management
 Conflict of Interest
 Information Technology

Areas Covered in Other Programs

 P-Card and Petty Cash
 Sponsored Research Topics
 Department Sales Accounts
 Human Resources Issues
Internal Controls 101

Primary Objectives of Internal Controls

 Accurate Financial Information

 Compliance with Policies and Procedures
 Safeguarding Assets
 Efficient Use of Resources
 Accomplishment of Objectives and Goals

-Institute of Internal Auditors

Internal Controls 101
Why are Internal Controls Important?
Internal controls are designed to provide reasonable
assurance regarding the achievement of objectives in
the following categories:
 Effectiveness and Efficiency of Operations
 Reliability of Financial Reporting
 Compliance with Laws and Regulations

Source: Internal Control – Integrated Framework Executive Summary,

Committee of Sponsoring Organizations of the Treadway Commission
(COSO)
http://www.coso.org/publications/executive_summary_integrated_framework.htm
Internal Controls 101
Why are Internal Controls Important?

Effectiveness and Efficiency of Operations

 addresses an entity's basic business objectives, including performance
and profitability goals and safeguarding of resources.
Reliability of Financial Reporting
 preparation of reliable financial statements and publicly reported
financial data.
Compliance with Laws and Regulations
 compliance with those laws and regulations to which the entity is
subject.
-COSO Integrated Framework Executive Summary
Internal Controls
Internal Controls
It’s Good for Your Fiscal Health

 Effectiveness and Efficiency of Operations

 Reliability of Financial Reporting
 Compliance with Laws and Regulations

It’s Good for Your Physical Health

 Balanced Diet
 Exercise
 Good balance of leisure and work-mental health
(Tegen and Stinson, SACUBO April 2006)
Internal Controls 101

Internal control consists of five interrelated components:

 Control Environment
 Risk Assessment
 Control Activities
 Information and Communication
 Monitoring
-COSO Integrated Framework Executive Summary
Internal Controls 101
The Five Interrelated Components

Control Environment

The control environment sets the tone of an organization,

influencing the control consciousness of its people. It is the
foundation for all other components of internal control,
providing discipline and structure. Control environment factors
include the integrity, ethical values and competence of the
entity's people; management's philosophy and operating style;
the way management assigns authority and responsibility,
and organizes and develops its people; and the attention and
direction provided by the board of directors.
-COSO Integrated Framework Executive Summary
Internal Controls 101

Creating the Control Environment

 Create environment that fosters internal controls
 Expect Ethical Behavior
 Hire qualified staff
 Get to know your staff
 Clear assignment of responsibility/Job Description
 Supervision
 Clear Communication
Internal Controls 101
The Five Interrelated Components

Risk Assessment

Every entity faces a variety of risks from external and internal

sources that must be assessed. A precondition to risk
assessment is establishment of objectives, linked at different
levels and internally consistent. Risk assessment is the
identification and analysis of relevant risks to achievement of
the objectives, forming a basis for determining how the risks
should be managed. Because economic, industry, regulatory
and operating conditions will continue to change, mechanisms
are needed to identify and deal with the special risks
associated with change.
-COSO Integrated Framework Executive Summary
Internal Controls 101
Types of Risk
 Financial
 Research
 Student
 Academic
 Athletic
 Human Resources
 Faculty
 Crime and Safety
 Information Technology
 Enrollment
 Facilities
Internal Controls 101

Examples of Financial Risk:

 Accounting processes
 Auditing Matters
 Compliance with Regulatory Issues
 Falsification of reports/records
 Fraud
 Improper receipt of gifts
 Improper vendor activity
 Theft
 Waste and Abuse
 Misuse of Resources
Internal Controls 101
The Five Interrelated Components

Control Activities

Control activities are the policies and procedures that help ensure
management directives are carried out. They help ensure that
necessary actions are taken to address risks to achievement
of the entity's objectives. Control activities occur throughout
the organization, at all levels and in all functions. They include
a range of activities as diverse as approvals, authorizations,
verifications, reconciliations, reviews of operating
performance, security of assets and segregation of duties.
-COSO Integrated Framework Executive Summary
Internal Controls 101
Key Components – Control Activities
 Policies and Procedures
Administrative Policies and Procedures
(http://www.busfin.uga.edu/manual/)
 Staff Training
 Organization Charts/Job Descriptions
 Performance Measures
 Segregation of Duties
Preventing one individual from having virtually complete
control over a financial process.
Internal Controls 101
Key Components-Control Activities
 Adequate Transaction Documentation
A record of (paper or electronic)
for Revenue
 Receipt
 Transfer
 Deposit
for Expense
 Purpose
 Authorization
for Other
 Delegation of Signature Authority
 Monthly Account Status Report Reconciliation
 Annual Property Inventory

 Properly Designed Documentation

 Unique numbering
 Independent Verification
Internal Controls 101
The Five Interrelated Components

Information and Communication

Pertinent information must be identified, captured and communicated in a form and

timeframe that enable people to carry out their responsibilities. Information
systems produce reports, containing operational, financial and compliance-
related information, that make it possible to run and control the business. They
deal not only with internally generated data, but also information about
external events, activities and conditions necessary to informed business
decision-making and external reporting. Effective communication also must
occur in a broader sense, flowing down, across and up the organization. All
personnel must receive a clear message from top management that control
responsibilities must be taken seriously. They must understand their own role
in the internal control system, as well as how individual activities relate to the
work of others. They must have a means of communicating significant
information upstream. There also needs to be effective communication with
external parties, such as customers, suppliers, regulators and shareholders.
-COSO Integrated Framework Executive Summary
Internal Controls 101
The Five Interrelated Components

Monitoring

A process that assesses the quality of the system's performance

over time. This is accomplished through ongoing monitoring
activities, separate evaluations or a combination of the two.
Ongoing monitoring occurs in the course of operations. It
includes regular management and supervisory activities, and
other actions personnel take in performing their duties. The
scope and frequency of separate evaluations will depend
primarily on an assessment of risks and the effectiveness of
ongoing monitoring procedures. Internal control deficiencies
should be reported upstream, with serious matters reported to
top management and the board.
-COSO Integrated Framework Executive Summary
Internal Controls 101

Why Monitoring is Important:

 Inherent Risks
 Complexity
 Decentralization – many hands, need accountability
 Repeat Problems
 Unresponsive to prior weaknesses
 Exposures
 Changes in Regulatory Environment
 Personnel Changes
 System and Process Changes
 Rapid Growth
 New Programs, services and staff
Internal Controls 101

Types of Controls
Preventive Controls
 Forestall errors and thereby avoid the cost of correction
 Discourage fraud
Detective Controls
 Measure the effectiveness of preventive controls
 Uncover errors and misappropriations
 Provide the means to establish accountability
Internal Controls 101
Are Internal Controls Foolproof ?

 Controls will not always prevent fraud or

misappropriation.
 Making controls infallible is cost prohibitive
and unnecessarily cumbersome.
 Controls do not eliminate the “human factor”.
To a significant extent, systems of internal
control rely on people and their actions.
Internal Controls 101
Real World Summary
Why Internal Controls Are Important

 Provides management with confidence that the entity

is operating according to standards which are
monitored-someone is watching.
 Indicates to staff that what they are doing is important
and that QUALITY is important.
 Sends a signal that certain behaviors will not be
tolerated.
Cash Receipts

The term “cash receipts” includes:

 Currency
 Checks
 Credit cards
 Wire transfers
received by mail or in person
Cash Receipts
Use of Revenue Object Codes
amounts received for
 Payment of delivery of goods or services
 Reimbursement of expenses or
 Contributions

Examples of third party receipts include:

 General revenues for tuition and fees
 Auxiliary income
 Parking income
 Sponsored awards and events
 Revenues from sale of goods and services
 Gifts and other designated funds
 Reimbursements from:
 affiliated institutions
 conferences and seminars
 alumni functions
Cash Receipts
Use of Expense Credits
 Refunds from vendors
 Price adjustment of goods or services
Use same object code of the original expense.

Examples include:
 Returned or rejected items

 Overpayments
Cash Receipts Internal Controls

Objective
Ensure that all funds are timely deposited in the bank and are
properly recorded in the appropriate account.

Risks
 Theft/fraud.
 Mismanagement of funds.
 Mis-statement of revenue and expenditures.
 Noncompliance with University, BOR, State and Federal policies.
Cash Receipts Internal Controls

Audit Check List

 Persons verifying the monthly Account Status Reports do not
process cash receipts.

 Timely and adequate restrictive endorsement of checks

 Documentation and procedures are sufficient so that loss or

misappropriation of funds can be traced to the responsible
individual(s).
Cash Receipts Internal Controls

Documentation and Procedures

Types of documentation
 Pre-numbered cash receipt form
 Payment log
 Cash register tape using locked-in sales totals
 Workshop attendance roster
Cash Receipts Internal Controls
Documentation and Procedures
Verification Procedures
 Depositing cash receipts timely and intact.
 Independently tracing cash receipt forms, logs and/or register
tapes to the Bursar’ Office receipt and the Account Status
Reports.
 Comparing attendance rosters to revenue posted to workshop
account.
 Reviewing deposit documentation before gift acknowledgement
letters are signed and mailed.
 Accounting for unsold tickets.
 Maintaining control over pre-numbered receipts.
 Immediate notification to the Controller’s Office of detected
shortages or inappropriate activity.
Signature Authority

Transactions must be reviewed and approved by those officers

under whose responsibility the project lies.

Signatory authority may be delegated however, primary

responsibility for funds and transactions remains with the
budgetary unit head.

It is therefore necessary for a policy to be in writing to ensure

the delegation is authorized.
Signature Authority
The written signatory authority document should be:

 Initiated by the budgetary unit head.

 Contain:
 A description of the documents for which authority is being conveyed.
Examples:
 Vouchers.
 Purchase requests.
 Specimen signatures of persons to whom authority is conveyed.

 Signed by the appropriate department head, dean/director or vice president.

 Copies sent to:

 Accounts Payable
 Payroll

Budgetary units should revise the policy when personnel or job

assignments change.
Signature Authority Internal Controls

Objectives
 Documents are properly authorized.
 Budgetary unit heads and principal investigators
understand their responsibility.

Risks
 Noncompliance with federal regulations.
 Noncompliance with University policies.
 Misappropriation of funds/fraud.
 Disallowance of costs.
 Personal liability.
Signature Authority Internal Controls

Audit Check List

 The department has identified faculty and staff members authorized
to sign documents in either paper or electronic form.

 The list is up-to-date.

 Budgetary unit heads and principal investigators understand their

responsibility.

 Documents are signed by the appropriate individuals at both the

departmental and college/school levels

 Delegated faculty / staff members sign their own name and not the
dean or budgetary unit head’s name.
Procurement and Accounts Payable
Procurement
 The University Procurement Office has sole responsibility for the coordination of
all University procurement activities.

 Departments are authorized to make direct purchases with P-Cards and Petty
Cash.
 Streamline payment procedures
 Reduce the administrative burden

 All purchasing is subject to:

 State of Georgia purchasing regulations
 Board of Regents' policies
 University of Georgia policies

 The budgetary unit heads have the primary responsibility for the approval of all
purchases charged against the accounts under their administration.

 Budgetary units should maintain a file of their own purchasing documents.

Procurement and Accounts Payable
Procurement
 Purchase requests may be generated electronically or manually.

 Purchase requests should be limited to items that can be supplied by one

vendor.

 When formal quotations are needed:

 Complete as much of the Purchase Request Form as possible.
 Forward the departmental copy (blue) directly to the Procurement Office for use in
obtaining quotations.
 Place a note on the face of the purchase request providing the reason for using
this procedure.

 All check requests must be accompanied by an original of the invoice for

payment.

 The responsibility for receiving and inspecting supplies and equipment rests with:
 The central receiving units.
 Budgetary units requesting the supplies and equipment.
Procurement and Accounts Payable

Accounts Payable
 The Accounts Payable Department is responsible for:
 examining all accounts, claims, and demands against
the University, and
 making payment of all the University's legally incurred
obligations

 No payments are to be made:

 Unless there is money in the account for such
payments.
 Until the Accounts Payable Department has been
presented with supporting documents.
 Purchase Authorization
 Original Invoice
 Receiving Report
Procurement and Accounts Payable

Accounts Payable
 The department will encumber all:

 Purchase orders
 Physical plant work orders
 Requests for authority to travel
Procurement and Accounts Payable Internal Controls

Objectives
 Expenses charged are reasonable and allowable.
 Expenses are properly coded.
 Unallowable charges are separately designated.
 Purchase order processing is completed promptly and accurately.

Risks
 Misappropriation of funds.
 Loss of sponsored funding.
 Disallowance of costs.
 Noncompliance with federal regulations.
 Delay of future funding.
 Delay of delivery of goods and services.
 Delay of payments to vendors.
 Jeopardized relationships with vendors.
 Jeopardized credit standing of the University.
Procurement and Accounts Payable Internal Controls

Audit Check List

 Transactions are properly approved and the stated purpose is reasonable.

 Invoices are submitted to Accounts Payable timely.

 Account Status Reports are independently reviewed for accuracy of

encumbrances and charges.
Payroll
Payroll disbursements represent the single largest expense
category to the University.

All payrolls are processed electronically through a web based

electronic payroll system.

All new employees are required to have their payments made

through direct deposit.

The University processes four types of payrolls:

 Monthly Payroll
 Academic Payroll
 Salaried Biweekly
 Hourly Biweekly
Payroll
Monthly Payroll
 Faculty (other than those on an "A" or "L" contract code).

 Administrative personnel.

 Graduate assistants (other than those on a "S" contract code).

 Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)

Academic Payroll
 Faculty with a contract code of "A" or "L“.

 Graduate assistants with a contract code of "S“.

 Compensation is earned at the rate of one-half of the contract salary for each academic
semester.

 Additional payments for Maymester & summer session classes can be made.
Payroll
Salaried Biweekly
 Payroll employees covered under the Fair Labor Standards Act.

 The hourly rate of pay is determined by dividing the annual rate by the number of available
work hours in the fiscal year.

 The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.

Hourly Biweekly
 Employees covered under the Fair Labor Standards Act.

 Temporary or part-time employees

(paid from lump sum positions in the University budget).

 The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.
Payroll

The basic documents used to effect payroll payments are:

 Personnel Report

 Payroll Voucher

 Time Records
Payroll
The Personnel Report is used to document:
 Employment
 Termination
 Change in status of all personnel

Approved by:
 Department heads
 Deans
 Vice presidents (in some cases )

Personnel Reports are electronically routed to the appropriate units.

Payroll
Payroll Vouchers contain:
 Names of all persons paid on the preceding payroll
 Social security numbers
 Hourly rate of pay or gross salary

Approved by:
 Department heads

Payroll vouchers are sent to the Payroll Department.

Payroll
Time Records, are prepared for each employee who is covered and
nonexempt under the Federal Fair Labor Standards Act. The document
records:
 Name of employee
 Pay period
 Hours worked

Approved by:
 employee,
 Supervisor

These signatures and dates are important in complying with Federal

Regulations.

The time records should be retained by the Department for 5 years

after the fiscal year ends.
Payroll
International Employees
 All international employees are required to complete the
UGA Tax Information Form for Internationals

 The completed form must be submitted to the International

Tax Coordinator along with:
 Immigration documents
 Passport
 I-94 card and
 Visa

 The International Tax Coordinator will perform a tax analysis

and will provide the appropriate payroll withholding forms to
the employee for review and signature.
Payroll Internal Controls
Objectives
 Proper authorization and payment of salary and wages.

 Responsibility for payroll processing separated between:

 authorization/processing
 distribution of the pay check

 Proper allocation of resources and system access privileges.

 Current submission of payroll documents.

Risks
 Noncompliance with federal/state regulations.
 Civil liability/lawsuits.
 Non-compliance with University policies.
 Penalties/fines.
 Fraud/theft.
 Retroactive transactions.
 Personal/employer tax liabilities.
 Overpayments/unallowable costs.
Payroll Internal Controls
Audit Check List
 Staff members who approve or process payroll documents do not have access to payroll checks.

 Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours
worked.

 Payroll vouchers agree with time sheets and leave records.

 Payroll vouchers are signed and approved on the last working day of the pay period.

 Time cards are checked for accuracy.

 Overtime if paid is allowable and approved in advance.

 Time cards are not returned to employees after they are approved by supervisors.

 Terminated employees are removed promptly from payroll.

 New hires are processed and paid in the appropriate pay cycle.

 Visa expiration dates are monitored.

 I-9 documentation is complete and on file for all employees.

Payments to Non-Employees
Independent Contractors
 General Rule: the employer has the right to control or
direct only the result of the work, and not the means
and methods of accomplishing the result

 Some of the other factors to determine if a worker is an

independent contractor include:
 Has the contractor other clients?

 Is the person an employee of any State of Georgia

agency or institution?
 Is there a contract for services?

 Does the service involve an independent profession,

trade, or business?
Payments to Non-Employees
Independent Contractors - Minimum standards of documentation to use
of independent contractors as consultants require evidence that:

 The services are needed.

 Cannot be met by direct salaries provided under the contract or grant.

 A selection process was used to identify the most qualified individual

available.

 The individual or firm qualifies as an independent contractor.

 The fee is appropriate considering the qualifications and services to be

provided.

 The express advance approval by the sponsoring and parent Federal

agency of a consultant who is also a full-time employee of the Federal
government.
Payments to Non-Employees
Honoraria
 An honorarium is:
 A onetime tax-reportable payment
 To a non-University employee
 For general service in education, research, or public service
 Where the University does not expect nor is payment contingent upon a
particular result.

 Examples are
 Guest lecturers
 Workshop leaders.

 An "Honoraria and Fees Information Sheet" must be completed and

attached to the check request when payment is requested.

 Payments can not be prepared in advance of service performance.

Payments to Non-Employees
Prizes and Awards
 Prizes and awards are classified by the IRS as tax-reportable
income.

 Prizes and awards to employees, which recognize professional

achievements related to employment, are paid through payroll.

 Prizes and awards to non-employees or students (whose part-time

employment has no professional connection to the award) are paid
through Accounts Payable and are issued an IRS Form 1099.
Payments to Non-Employees
Stipends/Fellowships
 A stipend / fellowship is in the form of financial aid for
which no services are performed.

 Three tests to determine whether or not payments for

stipends and fellowships are taxable to the recipient:
 Only students (candidates for a degree) qualify
for exclusions.
 Up to the total of tuition and required fees, books,
supplies and equipment can be excluded.
 Amounts related to services performed even if
such services were requirements for the degree
can not be excluded.
Payments to Non-Employees Internal Controls

Objective
Individuals are classified correctly as either an employee or
consultant / independent contractor for tax withholding
purposes.

Risks
 Noncompliance with federal regulations.
 Noncompliance with University policies.
 Fines and penalties.
Payments to Non-Employees Internal Controls

Audit Check List

 The department’s determination on the classification of an individual as
either an independent contractor/consultant or employee meets the
IRS criteria.

 There is sufficient documentation for need, qualifications, and selection

process.

 The fee is reasonable considering the qualifications and services to be

provided.

 Departments have properly completed:

 Honoraria and Fees Information Sheet.
 Consulting Agreement Form.
Forms are signed by consultant/contractor and
the appropriate University official.
Travel
The University reimburses employees for approved, necessary, and reasonable
travel expenses incurred while conducting business for the University.

Each employee is required to have travel approved by his/her department head

or other designated official.

For out-of-state travel, it is necessary to obtain:

 Prior approval from the appropriate dean's, director's, or other unit head's office.
 A financial review by the Travel and Encumbrance Section of the Accounts
Payable Department.

Travel outside of the continental limits of the United States must be approved
first by the appropriate vice president and then by the President's Office.

Reimbursement for travel expenses (meals, lodging, transportation and

miscellaneous expenses) is requested using an Employee Travel Expense
Statement.
Travel

In general, services (as well as materials, goods, or

supplies) must be received before payment can be
remitted.

Food, lodging or other non-conference related

expenses must be paid by the employee.

The employee will be reimbursed, as appropriate,

using normal travel reimbursement procedures.
Travel
Non-employees or any other organization for rendering a service
 Travel and subsistence expenses must be in accordance with the University
of Georgia Travel Policy.

 A "Honoraria and Fees Information Sheet" and check request is used to

process reimbursement.

 Charges are recorded as per diem and fees expense and not travel for non-
employees.

 Prospective employees may be reimbursed for travel expenses.

Travel Internal Controls
Objectives
 Expenses charged are reasonable and comply with University policies.
 Expenses are legitimate and approved by authorized department
personnel.
 Expenses are accurately calculated.
 Expenses are coded to the proper object codes, and unallowable
charges are separately designated.
 Special Purpose Petty Cash Funds (travel advances) are properly
requested, utilized, and accounted for in a timely manner.

Risks
 Improper use of University funds.
 Noncompliance with Internal Revenue Service and other regulatory
authorities.
 Noncompliance with granting agencies.
 Excessive aging of travel advances.
Travel Internal Controls
Audit Check List
 Special Purpose Petty Cash Funds are approved, utilized appropriately
and promptly returned.

 Travel forms are signed by the traveler and an authorized approver.

 Reported expenses are in compliance with the University’s policies and

procedures:
 Correct per diem rates
 Correct currency conversion rates
 forms are accurately totaled

 Original receipts or other appropriate documentation attached to

support charges on the Travel Expense Statement and Honoraria and
Fees Information Sheet.

 Paid consultant travel expenses are included in the consulting contract.

Business Meals and Entertainment
All University funds should be used only for activities related to the University’s
mission of education, research, and public service.

In general, University accounts cannot be used to pay for the cost of University
related entertainment.
 Sponsoring entities occasionally include a provision that funds may be expended
for University related entertainment.
 It is important to note that expenses, personal in nature, such staff social parties
(celebrations of a birthday, marriage, birth…etc) or holiday celebrations are not
reimbursable.

Employees may be reimbursed for meals, not associated with overnight travel, if:
 The meals are part of a required registration fee; or
 The employees is on a work assignment more than 30 miles away from home or
headquarters).

Approved, necessary, and reasonable business expenses may be reimbursed

by submitting a Travel Expense Statement or Reimbursement of University
Related Entertainment Expenses Form.
Business Meal and Entertainment Internal Controls

Objectives
 Reimbursements for business meals and entertainment are made only
when considered necessary and reasonable to fulfill the University’s
mission of education, research, and public service.

 Entertainment expenses are supported by proper documentation.

 Expenses are charged in accordance with University policies and

sponsoring agency guidelines.

Risks
 Non-compliance with federal regulations.
 Loss of funding.
 Penalties/fines.
 Disallowance of costs.
 Personal liability.
 Impairment of reputation.
Business Meal and Entertainment Internal Controls

Audit Checklist
 Entertainment costs are in compliance with the University’s policies and
procedures and sponsoring agency regulations.

 The purpose for these types of expenses are of a business nature

rather than personal.

 Expense reimbursement requests include written documentation

stating the business purpose of the activity, the names of all individuals
present and original receipts.

 The proper object codes are used when coding various entertainment
expenses.

 Departmental personnel approving such expenses are familiar with the

University’s policies and procedures.
Account Status Reports
Monthly verification of the Account Status
Reports is a critical control.
 A certification of financial information at the
department level.
 Performed timely.

The Controller’s Office distributes to

departments each month the Account Status
Reports for all accounts that had activity
during the year.
Account Status Reports
A review of the account status reports can be called:
 Account Reconciliation
 Transaction Verification

No matter what the procedure is called

 Source documents retained by the department need to be compared to the
account status report entries.
 Timely.
 Preferably by someone who is independent of the processed transaction.

Prompt reconciliation of revenue, expenditures and encumbrances can reveal

 Missing or misapplied deposits.
 Unallowable charges
 Duplicate payments or
 Non-payment of invoices.

Exceptions must be promptly researched and corrected.

Account Status Reports
Fiscal management responsibility rests with
the department directors or principal
investigators (PIs)
 Transaction verification procedures may be delegated to
the administrative staff.

 Oversight of such delegated fiscal responsibilities

remains with the department directors, or PIs.

 Department directors or PIs should review the monthly

Account Status Reports to ensure revenue and
expenditure transactions are reconciled and reasonable.
Account Status Report Internal Controls

Objectives
 Revenue and expenditures are correct and reflected in the appropriate
account with the proper object/revenue codes.
 Expenditures are allowable and comply with federal regulations and
University policies
 The report reconciliation process is completed monthly
 Department directors and PIs understand their fiscal responsibilities

Risks
 Non-compliance with federal regulations and University policies
 Disallowance of costs
 Delay or loss of future funding
 Delay in the discovery of inappropriate transactions
 No budgetary control
 Loss of revenue
Account Status Report Internal Controls

Audit Checklist
 Revenue and expenditure transactions are reconciled monthly.

 Verification of transactions are performed by staff who are knowledgeable of

University and sponsoring agency cost policies.

 When possible, verification procedures are performed by staff who do not:

 Have access to cash or checks,
 Make purchases, or
 authorize payments.

 The reconciliation between source documents and the Account Status Report
would likely detect items:
 On the report and not in departmental records.
 In departmental records and not on the report.

 All unresolved items are promptly researched and corrected.

 The department director or PI review the monthly reports once the reconciliation
is completed
Property and Equipment
Movable personal property must be
inventoried and tracked if:
 Estimated usable life of three or more years.
 Acquisition cost of $3,000 or more.

The University also inventories items costing

under $3,000 but more that $500 which
include:
 Office Machines.
 Electronic Audio/Visual Equipment.
 Photographic Apparatus.
Property and Equipment
The following items are inventory controlled
without regard to cost:
 Books if procured through the Library Accounts
and catalogued by the Libraries.

 Firearms.

 Art objects/Antiques.

 Vehicles licensed for road use.

Property and Equipment

Items acquired through the University Procurement Office do not

require any additional reporting by the custodian of the
equipment for purposes of establishing the inventory records.

Items received from other sources do require action initiated by

the custodian.
 Notice of Change in Departmental Equipment.
 Notify the University Property Control Office.
Property and Equipment
Assistant Inventory Control Officer (AICO)
 Designated by the head of each college, school,
department, or other administrative office.

 Responsible for the departmental procedures related to

equipment.
 Notification of equipment transfers.
 Completion of an annual physical inventory.
 Ensuring initial and annual authorization of off-campus
equipment.
Property and Equipment
Surplus Property

The Unassigned Property Unit is responsible for:

 Acquisition,
 Reutilization, and
 Disposition
of excess, surplus, unassigned, and unneeded equipment

Each unit must initiate action with Property Control to remove items
 Disposed,
 Cannibalized,
 Traded-in, or
 Judged obsolete
from the department's accountable records.

 Whenever the loss or theft of equipment is discovered, the custodian must

 Immediately report the loss to Campus Police
 Submit a Notice of Change and copy of the police report to Property Control
Property and Equipment Internal Controls

Objectives
 Equipment is properly identified.
 Equipment is properly labeled with a tag.
 Proper object codes are used.
 Property Control is notified of equipment acquired other than through the
standard University procedures.
 Property Control is notified of equipment lost, stolen, salvaged, or scrapped
 Inventory is conducted annually.

Risks
 Non-compliance with federal or state regulations.
 Not identified as equipment (not in system).
 No record for insurance claims or theft.
 Reduced value of the inventory system (affects depreciation, which impacts the
facility and administrative [F&A] cost rates).
 Value of equipment inventory overstated.
 Loss of public confidence.
Property and Equipment Internal Controls

Audit Checklist
 Equipment purchases are made in accordance with purchasing
guidelines, properly authorized, and recorded.

 Proper equipment object codes are used for equipment with a per unit
cost of $5,000 or more and with a useful life of more than three or more
years.

 All University equipment have a decal that is easily visible

 Property Control are notified of:

 Donations, transfers, or fabrication of equipment.
 Equipment lost, stolen, salvaged, or scrapped.
 Equipment moved to an off-campus location.

 An annual departmental inventory report is completed and returned to

Property Control by the due date.
Conflict of Interest
The appearance of a conflict of interest exists when a
reasonable person will conclude that the employee's ability to
protect the public interest or perform public duties is
compromised by personal interest.

Unlawful for any full-time state employee to transact any

business with the agency by which such employee is employed.

A full-time employee is forbidden from acting for himself/herself,

on behalf of any third party, or on behalf of any business in
which the employee or a member of his/her family has a
substantial interest.
Conflict of Interest

The term "transact any business" includes

 the sale or lease of any personal property, real
property or services, or
 the purchase of any surplus real or personal
property.
Conflict of Interest
Unlawful for any part-time state employee, on
his own behalf or on behalf of any business,
to transact business with the agency by which
he is employed, unless:
 the amount of any single transaction between the
employee and the University does not exceed
$250 and
 the aggregate does not exceed $9,000 per
calendar year.
Conflict of Interest Internal Controls
Objectives
 To provide effectiveness of operations by the safeguarding of
human resources, i.e., faculty and staff members are
devoted primarily to University objectives.

Risk
 Impairment of the University’s reputation.
 Independent scholarly inquiry threatened.
 Competition with the University’s business interests.
 Impairment of the individual’s ability to perform the duties of
his/her University position.
 Non-compliance with federal regulations.
 Financial penalties.
Conflict of Interest Internal Controls
Audit Checklist
 All faculty and staff members in the department have access
to the University’s policies regarding conflict of interest.

 Faculty and staff members know the conditions when special

permission needs to be obtained before undertaking any
commitment that may appear to be a conflict of interest.

 Faculty and/or staff members have not made purchases with

vendors where there is a personal interest or reward.

 The department is free of situations where a staff member

supervises or has significant control over the work or career
of another staff member who is his/her relative or is
someone with whom he/she shares a residence.
Information Technology
Information Security
 Protect information from:
 destruction,

 unauthorized access, or

 unauthorized change.

Users are responsible for the security of data.

 An assessment of the University’s business processes

related to sensitive data is being performed.
 Training.

 Evaluations.

 Monitoring.
Information Technology
Passwords – limiting unauthorized access

 Passwords should be at least six characters long and have

an alpha and numeric combination.

 Do not share computer IDs or passwords.

 Request a change in a computer password immediately if

there is any suspicion that it has become known to another
party.

 User ID’s must be deactivated if an employee has

transferred or terminated.

 Passwords should be changed on a regular basis

Information Technology
Professional Use of University Resources
Messages, sentiments, and declarations sent as
electronic mail or as electronic postings should meet
high and ethical standards

Those users publishing their opinions electronically

should
 clearly and accurately identify such as their own
opinion or the opinion of the group which they are
authorized to represent.

 Users are not permitted to transmit chain letters or

display images, sounds, or messages that create an
atmosphere of discomfort or harassment.
Information Technology

Important data should be backed up

frequently.
 Backup disks should be stored in a location away
from the originals.

Anti-virus software should be installed and

frequently updated.
Information Technology

Unauthorized copying of licensed software is illegal.

 Retain all documents on purchase and licensee agreements.

 There should be license documentation for all software loaded

on each machine
Information Technology Internal Controls

Objectives
 University’s intellectual and electronic information is secured from
inappropriate access or destruction
 Information technology is used only for appropriate business purposes
 Proper and reliable backup procedures are used.
 All software is properly licensed

Risks
 Breach of system integrity and loss of critical data
 Non-compliance with federal and state laws regarding computer and
data communications use
 Destruction of critical information by unauthorized users
 Violation of software licensee agreements and possible fines
 Employee dismissal and legal action
 Impairment of the University’s reputation
Information Technology Internal Controls

AUDIT CHECKLIST
 Employees with access to computer systems have an established need for the access.

 Passwords are secure and not shared.

 Procedures are in place to prevent unauthorized use or transmission of information.

 Access to the system is removed for terminated or transferred faculty, and staff, timely.

 Computers located in heavily traveled public areas have a screen saver with password
activation invoked.

 Each computer software package is licensed for the current user.

 Computer files are backed up on a regular basis. Backup data is stored in a location away
from the originals

 The department has sufficient technical support for ongoing operations to keep downtime
minimal.

 The department has adequate resumption procedures for their automated systems that are
considered critical or vital to their daily operations.