Best Practices Final

Internal Controls
and
Best Practices
Robert McGee, Associate Controller
Holley Schramski, Associate Vice President and Controller
Dale Wetzelberger, Director Internal Auditing Division
Goals
Describe Basic Internal Control Objectives

Describe the Best Practice Procedures Applied in Specific Areas
Cash Receipts
Signature Authority
Procurement
Accounts Payable
Payroll
Independent Contractors
Travel
Business Meals and Entertainment
Account Status Reports
Property Management
Conflict of Interest
Information Technology

Areas Covered in Other Programs
P-Card and Petty Cash
Sponsored Research Topics
Department Sales Accounts
Human Resources Issues

Internal Controls 101

Primary Objectives of Internal Controls

Accurate Financial Information
Compliance with Policies and Procedures
Safeguarding Assets
Efficient Use of Resources
Accomplishment of Objectives and Goals

-Institute of Internal Auditors
Why are Internal Controls Important?
Internal controls are designed to provide reasonable
assurance regarding the achievement of objectives in
the following categories:
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with Laws and Regulations

Source: Internal Control Integrated Framework Executive Summary,
Committee of Sponsoring Organizations of the Treadway Commission
(COSO)
http://www.coso.org/publications/executive_summary_integrated_framework.htm

Why are Internal Controls Important?

addresses an entity's basic business objectives, including performance
and profitability goals and safeguarding of resources.
preparation of reliable financial statements and publicly reported
financial data.
compliance with those laws and regulations to which the entity is
subject.
-COSO Integrated Framework Executive Summary

Internal Controls
Internal Controls
Its Good for Your Fiscal Health


Its Good for Your Physical Health

Balanced Diet
Exercise
Good balance of leisure and work-mental health
(Tegen and Stinson, SACUBO April 2006)


Internal control consists of five interrelated components:

Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
The Five Interrelated Components

Control Environment

The control environment sets the tone of an organization,
influencing the control consciousness of its people. It is the
foundation for all other components of internal control,
providing discipline and structure. Control environment factors
include the integrity, ethical values and competence of the
entity's people; management's philosophy and operating style;
the way management assigns authority and responsibility,
and organizes and develops its people; and the attention and
direction provided by the board of directors.

Creating the Control Environment
Create environment that fosters internal controls
Expect Ethical Behavior
Hire qualified staff
Get to know your staff
Clear assignment of responsibility/Job Description
Supervision
Clear Communication


Risk Assessment

Every entity faces a variety of risks from external and internal
sources that must be assessed. A precondition to risk
assessment is establishment of objectives, linked at different
levels and internally consistent. Risk assessment is the
identification and analysis of relevant risks to achievement of
the objectives, forming a basis for determining how the risks
should be managed. Because economic, industry, regulatory
and operating conditions will continue to change, mechanisms
are needed to identify and deal with the special risks
associated with change.
Types of Risk
Financial
Research
Student
Academic
Athletic
Human Resources
Faculty
Crime and Safety
Enrollment
Facilities


Examples of Financial Risk:
Accounting processes
Auditing Matters
Compliance with Regulatory Issues
Falsification of reports/records
Fraud
Improper receipt of gifts
Improper vendor activity
Theft
Waste and Abuse
Misuse of Resources

Control Activities

Control activities are the policies and procedures that help ensure
management directives are carried out. They help ensure that
necessary actions are taken to address risks to achievement
of the entity's objectives. Control activities occur throughout
the organization, at all levels and in all functions. They include
a range of activities as diverse as approvals, authorizations,
verifications, reconciliations, reviews of operating
performance, security of assets and segregation of duties.
Key Components Control Activities
Policies and Procedures
Administrative Policies and Procedures
(http://www.busfin.uga.edu/manual/)
Staff Training
Organization Charts/Job Descriptions
Performance Measures
Segregation of Duties
Preventing one individual from having virtually complete
control over a financial process.
Key Components-Control Activities
Adequate Transaction Documentation
A record of (paper or electronic)
for Revenue
Receipt
Transfer
Deposit
for Expense
Purpose
Authorization
for Other
Delegation of Signature Authority
Monthly Account Status Report Reconciliation
Annual Property Inventory

Properly Designed Documentation
Unique numbering
Independent Verification


Information and Communication

Pertinent information must be identified, captured and communicated in a form and
timeframe that enable people to carry out their responsibilities. Information
systems produce reports, containing operational, financial and compliance-
related information, that make it possible to run and control the business. They
deal not only with internally generated data, but also information about
external events, activities and conditions necessary to informed business
decision-making and external reporting. Effective communication also must
occur in a broader sense, flowing down, across and up the organization. All
personnel must receive a clear message from top management that control
responsibilities must be taken seriously. They must understand their own role
in the internal control system, as well as how individual activities relate to the
work of others. They must have a means of communicating significant
information upstream. There also needs to be effective communication with
external parties, such as customers, suppliers, regulators and shareholders.

Monitoring

A process that assesses the quality of the system's performance
over time. This is accomplished through ongoing monitoring
activities, separate evaluations or a combination of the two.
Ongoing monitoring occurs in the course of operations. It
includes regular management and supervisory activities, and
other actions personnel take in performing their duties. The
scope and frequency of separate evaluations will depend
primarily on an assessment of risks and the effectiveness of
ongoing monitoring procedures. Internal control deficiencies
should be reported upstream, with serious matters reported to
top management and the board.

Why Monitoring is Important:
Inherent Risks
Complexity
Decentralization many hands, need accountability
Repeat Problems
Unresponsive to prior weaknesses
Exposures
Changes in Regulatory Environment
Personnel Changes
System and Process Changes
Rapid Growth
New Programs, services and staff


Types of Controls
Preventive Controls
Forestall errors and thereby avoid the cost of correction
Discourage fraud
Detective Controls
Measure the effectiveness of preventive controls
Uncover errors and misappropriations
Provide the means to establish accountability
Are Internal Controls Foolproof ?

Controls will not always prevent fraud or
misappropriation.
Making controls infallible is cost prohibitive
and unnecessarily cumbersome.
Controls do not eliminate the human factor.
To a significant extent, systems of internal
control rely on people and their actions.
Real World Summary
Why Internal Controls Are Important

Provides management with confidence that the entity
is operating according to standards which are
monitored-someone is watching.
Indicates to staff that what they are doing is important
and that QUALITY is important.
Sends a signal that certain behaviors will not be
tolerated.
Cash Receipts

The term cash receipts includes:
Currency
Checks
Credit cards
Wire transfers
received by mail or in person
Cash Receipts
Use of Revenue Object Codes
amounts received for
Payment of delivery of goods or services
Reimbursement of expenses or
Contributions

Examples of third party receipts include:
General revenues for tuition and fees
Auxiliary income
Parking income
Sponsored awards and events
Revenues from sale of goods and services
Gifts and other designated funds
Reimbursements from:
affiliated institutions
conferences and seminars
alumni functions
Cash Receipts
Use of Expense Credits
Refunds from vendors
Price adjustment of goods or services
Use same object code of the original expense.

Examples include:
Returned or rejected items
Overpayments
Cash Receipts Internal Controls
Objective
Ensure that all funds are timely deposited in the bank and are
properly recorded in the appropriate account.

Risks
Theft/fraud.
Mismanagement of funds.
Mis-statement of revenue and expenditures.
Noncompliance with University, BOR, State and Federal policies.

Audit Check List
Persons verifying the monthly Account Status Reports do not
process cash receipts.

Timely and adequate restrictive endorsement of checks

Documentation and procedures are sufficient so that loss or
misappropriation of funds can be traced to the responsible
individual(s).

Documentation and Procedures
Types of documentation
Pre-numbered cash receipt form
Payment log
Cash register tape using locked-in sales totals
Workshop attendance roster
Documentation and Procedures
Verification Procedures
Depositing cash receipts timely and intact.
Independently tracing cash receipt forms, logs and/or register
tapes to the Bursar Office receipt and the Account Status
Reports.
Comparing attendance rosters to revenue posted to workshop
account.
Reviewing deposit documentation before gift acknowledgement
letters are signed and mailed.
Accounting for unsold tickets.
Maintaining control over pre-numbered receipts.
Immediate notification to the Controllers Office of detected
shortages or inappropriate activity.
Signature Authority

Transactions must be reviewed and approved by those officers
under whose responsibility the project lies.

Signatory authority may be delegated however, primary
responsibility for funds and transactions remains with the
budgetary unit head.

It is therefore necessary for a policy to be in writing to ensure
the delegation is authorized.
Signature Authority
The written signatory authority document should be:

Initiated by the budgetary unit head.

Contain:
A description of the documents for which authority is being conveyed.
Examples:
Vouchers.
Purchase requests.
Specimen signatures of persons to whom authority is conveyed.

Signed by the appropriate department head, dean/director or vice president.

Copies sent to:
Accounts Payable
Payroll

Budgetary units should revise the policy when personnel or job
assignments change.
Signature Authority Internal Controls
Objectives
Documents are properly authorized.
Budgetary unit heads and principal investigators
understand their responsibility.

Risks
Noncompliance with federal regulations.
Noncompliance with University policies.
Misappropriation of funds/fraud.
Disallowance of costs.
Personal liability.
Signature Authority Internal Controls
Audit Check List
The department has identified faculty and staff members authorized
to sign documents in either paper or electronic form.

The list is up-to-date.

Budgetary unit heads and principal investigators understand their
responsibility.

Documents are signed by the appropriate individuals at both the
departmental and college/school levels

Delegated faculty / staff members sign their own name and not the
dean or budgetary unit heads name.
Procurement and Accounts Payable
Procurement
The University Procurement Office has sole responsibility for the coordination of
all University procurement activities.

Departments are authorized to make direct purchases with P-Cards and Petty
Cash.
Streamline payment procedures
Reduce the administrative burden

All purchasing is subject to:
State of Georgia purchasing regulations
Board of Regents' policies
University of Georgia policies

The budgetary unit heads have the primary responsibility for the approval of all
purchases charged against the accounts under their administration.

Budgetary units should maintain a file of their own purchasing documents.
Procurement
Purchase requests may be generated electronically or manually.

Purchase requests should be limited to items that can be supplied by one
vendor.

When formal quotations are needed:
Complete as much of the Purchase Request Form as possible.
Forward the departmental copy (blue) directly to the Procurement Office for use in
obtaining quotations.
Place a note on the face of the purchase request providing the reason for using
this procedure.

All check requests must be accompanied by an original of the invoice for
payment.

The responsibility for receiving and inspecting supplies and equipment rests with:
The central receiving units.
Budgetary units requesting the supplies and equipment.
Accounts Payable
The Accounts Payable Department is responsible for:
examining all accounts, claims, and demands against
the University, and
making payment of all the University's legally incurred
obligations

No payments are to be made:
Unless there is money in the account for such
payments.
Until the Accounts Payable Department has been
presented with supporting documents.
Purchase Authorization
Original Invoice
Receiving Report
Accounts Payable
The department will encumber all:

Purchase orders
Physical plant work orders
Requests for authority to travel

Procurement and Accounts Payable Internal Controls
Objectives
Expenses charged are reasonable and allowable.
Expenses are properly coded.
Unallowable charges are separately designated.
Purchase order processing is completed promptly and accurately.

Risks
Misappropriation of funds.
Loss of sponsored funding.
Delay of future funding.
Delay of delivery of goods and services.
Delay of payments to vendors.
Jeopardized relationships with vendors.
Jeopardized credit standing of the University.
Procurement and Accounts Payable Internal Controls

Audit Check List
Transactions are properly approved and the stated purpose is reasonable.

Invoices are submitted to Accounts Payable timely.

Account Status Reports are independently reviewed for accuracy of
encumbrances and charges.
Payroll
Payroll disbursements represent the single largest expense
category to the University.

All payrolls are processed electronically through a web based
electronic payroll system.

All new employees are required to have their payments made
through direct deposit.

The University processes four types of payrolls:
Monthly Payroll
Academic Payroll
Salaried Biweekly
Hourly Biweekly
Payroll
Monthly Payroll
Faculty (other than those on an "A" or "L" contract code).

Administrative personnel.

Graduate assistants (other than those on a "S" contract code).

Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)

Academic Payroll
Faculty with a contract code of "A" or "L.

Graduate assistants with a contract code of "S.

Compensation is earned at the rate of one-half of the contract salary for each academic
semester.

Additional payments for Maymester & summer session classes can be made.
Payroll
Salaried Biweekly
Payroll employees covered under the Fair Labor Standards Act.

The hourly rate of pay is determined by dividing the annual rate by the number of available
work hours in the fiscal year.

The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.

Hourly Biweekly
Employees covered under the Fair Labor Standards Act.

Temporary or part-time employees
(paid from lump sum positions in the University budget).

The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.
Payroll

The basic documents used to effect payroll payments are:
Personnel Report

Payroll Voucher

Time Records
Payroll
The Personnel Report is used to document:
Employment
Termination
Change in status of all personnel

Approved by:
Department heads
Deans
Vice presidents (in some cases )

Personnel Reports are electronically routed to the appropriate units.
Payroll
Payroll Vouchers contain:
Names of all persons paid on the preceding payroll
Social security numbers
Hourly rate of pay or gross salary

Approved by:
Department heads

Payroll vouchers are sent to the Payroll Department.
Payroll
Time Records, are prepared for each employee who is covered and
nonexempt under the Federal Fair Labor Standards Act. The
document records:
Name of employee
Pay period
Hours worked

Approved by:
employee,
Supervisor

These signatures and dates are important in complying with Federal
Regulations.

The time records should be retained by the Department for 5 years
after the fiscal year ends.
Payroll
International Employees
All international employees are required to complete the
UGA Tax Information Form for Internationals

The completed form must be submitted to the International
Tax Coordinator along with:
Immigration documents
Passport
I-94 card and
Visa

The International Tax Coordinator will perform a tax analysis
and will provide the appropriate payroll withholding forms to
the employee for review and signature.
Payroll Internal Controls
Objectives
Proper authorization and payment of salary and wages.

Responsibility for payroll processing separated between:
authorization/processing
distribution of the pay check

Proper allocation of resources and system access privileges.

Current submission of payroll documents.

Risks
Noncompliance with federal/state regulations.
Civil liability/lawsuits.
Non-compliance with University policies.
Penalties/fines.
Fraud/theft.
Retroactive transactions.
Personal/employer tax liabilities.
Overpayments/unallowable costs.
Payroll Internal Controls
Audit Check List
Staff members who approve or process payroll documents do not have access to payroll checks.

Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours
worked.

Payroll vouchers agree with time sheets and leave records.

Payroll vouchers are signed and approved on the last working day of the pay period.

Time cards are checked for accuracy.

Overtime if paid is allowable and approved in advance.

Time cards are not returned to employees after they are approved by supervisors.

Terminated employees are removed promptly from payroll.

New hires are processed and paid in the appropriate pay cycle.

Visa expiration dates are monitored.

I-9 documentation is complete and on file for all employees.
Payments to Non-Employees
Independent Contractors
General Rule: the employer has the right to control or
direct only the result of the work, and not the means
and methods of accomplishing the result

Some of the other factors to determine if a worker is an
independent contractor include:
Has the contractor other clients?
Is the person an employee of any State of Georgia
agency or institution?
Is there a contract for services?
Does the service involve an independent profession,
trade, or business?
Independent Contractors - Minimum standards of documentation to use
of independent contractors as consultants require evidence that:

The services are needed.

Cannot be met by direct salaries provided under the contract or grant.

A selection process was used to identify the most qualified individual
available.

The individual or firm qualifies as an independent contractor.

The fee is appropriate considering the qualifications and services to be
provided.

The express advance approval by the sponsoring and parent Federal
agency of a consultant who is also a full-time employee of the Federal
government.
Honoraria
An honorarium is:
A onetime tax-reportable payment
To a non-University employee
For general service in education, research, or public service
Where the University does not expect nor is payment contingent upon a
particular result.

Examples are
Guest lecturers
Workshop leaders.

An "Honoraria and Fees Information Sheet" must be completed and
attached to the check request when payment is requested.

Payments can not be prepared in advance of service performance.

Prizes and Awards
Prizes and awards are classified by the IRS as tax-reportable
income.

Prizes and awards to employees, which recognize professional
achievements related to employment, are paid through payroll.

Prizes and awards to non-employees or students (whose part-time
employment has no professional connection to the award) are paid
through Accounts Payable and are issued an IRS Form 1099.
Stipends/Fellowships
A stipend / fellowship is in the form of financial aid for
which no services are performed.

Three tests to determine whether or not payments for
stipends and fellowships are taxable to the recipient:
Only students (candidates for a degree) qualify
for exclusions.
Up to the total of tuition and required fees, books,
supplies and equipment can be excluded.
Amounts related to services performed even if
such services were requirements for the degree
can not be excluded.
Payments to Non-Employees Internal Controls

Objective
Individuals are classified correctly as either an employee or
consultant / independent contractor for tax withholding
purposes.

Risks
Noncompliance with University policies.
Fines and penalties.
Payments to Non-Employees Internal Controls
Audit Check List
The departments determination on the classification of an individual as
either an independent contractor/consultant or employee meets the
IRS criteria.

There is sufficient documentation for need, qualifications, and selection
process.

The fee is reasonable considering the qualifications and services to be
provided.

Departments have properly completed:
Honoraria and Fees Information Sheet.
Consulting Agreement Form.
Forms are signed by consultant/contractor and
the appropriate University official.
Travel
The University reimburses employees for approved, necessary, and reasonable
travel expenses incurred while conducting business for the University.

Each employee is required to have travel approved by his/her department head
or other designated official.

For out-of-state travel, it is necessary to obtain:
Prior approval from the appropriate dean's, director's, or other unit head's office.
A financial review by the Travel and Encumbrance Section of the Accounts
Payable Department.

Travel outside of the continental limits of the United States must be approved
first by the appropriate vice president and then by the President's Office.

Reimbursement for travel expenses (meals, lodging, transportation and
miscellaneous expenses) is requested using an Employee Travel Expense
Statement.
Travel

In general, services (as well as materials, goods, or
supplies) must be received before payment can be
remitted.

Food, lodging or other non-conference related
expenses must be paid by the employee.

The employee will be reimbursed, as appropriate,
using normal travel reimbursement procedures.
Travel
Non-employees or any other organization for rendering a service
Travel and subsistence expenses must be in accordance with the University
of Georgia Travel Policy.

A "Honoraria and Fees Information Sheet" and check request is used to
process reimbursement.

Charges are recorded as per diem and fees expense and not travel for non-
employees.

Prospective employees may be reimbursed for travel expenses.
Travel Internal Controls
Objectives
Expenses charged are reasonable and comply with University policies.
Expenses are legitimate and approved by authorized department
personnel.
Expenses are accurately calculated.
Expenses are coded to the proper object codes, and unallowable
charges are separately designated.
Special Purpose Petty Cash Funds (travel advances) are properly
requested, utilized, and accounted for in a timely manner.

Risks
Improper use of University funds.
Noncompliance with Internal Revenue Service and other regulatory
authorities.
Noncompliance with granting agencies.
Excessive aging of travel advances.
Travel Internal Controls
Audit Check List
Special Purpose Petty Cash Funds are approved, utilized appropriately
and promptly returned.

Travel forms are signed by the traveler and an authorized approver.

Reported expenses are in compliance with the Universitys policies and
procedures:
Correct per diem rates
Correct currency conversion rates
forms are accurately totaled

Original receipts or other appropriate documentation attached to
support charges on the Travel Expense Statement and Honoraria and
Fees Information Sheet.

Paid consultant travel expenses are included in the consulting contract.
Business Meals and Entertainment
All University funds should be used only for activities related to the Universitys
mission of education, research, and public service.

In general, University accounts cannot be used to pay for the cost of University
related entertainment.
Sponsoring entities occasionally include a provision that funds may be expended
for University related entertainment.
It is important to note that expenses, personal in nature, such staff social parties
(celebrations of a birthday, marriage, birthetc) or holiday celebrations are not
reimbursable.

Employees may be reimbursed for meals, not associated with overnight travel, if:

The meals are part of a required registration fee; or
The employees is on a work assignment more than 30 miles away from home or
headquarters).

Approved, necessary, and reasonable business expenses may be reimbursed
by submitting a Travel Expense Statement or Reimbursement of University
Related Entertainment Expenses Form.
Business Meal and Entertainment Internal Controls
Objectives
Reimbursements for business meals and entertainment are made only
when considered necessary and reasonable to fulfill the Universitys
mission of education, research, and public service.

Entertainment expenses are supported by proper documentation.

Expenses are charged in accordance with University policies and
sponsoring agency guidelines.

Risks
Non-compliance with federal regulations.
Loss of funding.
Penalties/fines.
Personal liability.
Impairment of reputation.

Business Meal and Entertainment Internal Controls
Audit Checklist
Entertainment costs are in compliance with the Universitys policies and
procedures and sponsoring agency regulations.

The purpose for these types of expenses are of a business nature
rather than personal.

Expense reimbursement requests include written documentation
stating the business purpose of the activity, the names of all individuals
present and original receipts.

The proper object codes are used when coding various entertainment
expenses.

Departmental personnel approving such expenses are familiar with the
Universitys policies and procedures.

Monthly verification of the Account Status
Reports is a critical control.
A certification of financial information at the
department level.
Performed timely.

The Controllers Office distributes to
departments each month the Account Status
Reports for all accounts that had activity
during the year.
A review of the account status reports can be called:
Account Reconciliation
Transaction Verification

No matter what the procedure is called
Source documents retained by the department need to be compared to the
account status report entries.
Timely.
Preferably by someone who is independent of the processed transaction.

Prompt reconciliation of revenue, expenditures and encumbrances can reveal
Missing or misapplied deposits.
Unallowable charges
Duplicate payments or
Non-payment of invoices.

Exceptions must be promptly researched and corrected.
Fiscal management responsibility rests with
the department directors or principal
investigators (PIs)
Transaction verification procedures may be delegated to
the administrative staff.

Oversight of such delegated fiscal responsibilities
remains with the department directors, or PIs.

Department directors or PIs should review the monthly
Account Status Reports to ensure revenue and
expenditure transactions are reconciled and reasonable.

Account Status Report Internal Controls
Objectives
Revenue and expenditures are correct and reflected in the appropriate
account with the proper object/revenue codes.
Expenditures are allowable and comply with federal regulations and
University policies
The report reconciliation process is completed monthly
Department directors and PIs understand their fiscal responsibilities

Risks
Non-compliance with federal regulations and University policies
Disallowance of costs
Delay or loss of future funding
Delay in the discovery of inappropriate transactions
No budgetary control
Loss of revenue

Account Status Report Internal Controls
Audit Checklist
Revenue and expenditure transactions are reconciled monthly.

Verification of transactions are performed by staff who are knowledgeable of
University and sponsoring agency cost policies.

When possible, verification procedures are performed by staff who do not:
Have access to cash or checks,
Make purchases, or
authorize payments.

The reconciliation between source documents and the Account Status Report
would likely detect items:
On the report and not in departmental records.
In departmental records and not on the report.

All unresolved items are promptly researched and corrected.

The department director or PI review the monthly reports once the reconciliation
is completed
Property and Equipment
Movable personal property must be
inventoried and tracked if:
Estimated usable life of three or more years.
Acquisition cost of $3,000 or more.

The University also inventories items costing
under $3,000 but more that $500 which
include:
Office Machines.
Electronic Audio/Visual Equipment.
Photographic Apparatus.
The following items are inventory controlled
without regard to cost:
Books if procured through the Library Accounts
and catalogued by the Libraries.

Firearms.

Art objects/Antiques.

Vehicles licensed for road use.

Items acquired through the University Procurement Office do not
require any additional reporting by the custodian of the
equipment for purposes of establishing the inventory records.

Items received from other sources do require action initiated by
the custodian.
Notice of Change in Departmental Equipment.
Notify the University Property Control Office.
Assistant Inventory Control Officer (AICO)
Designated by the head of each college, school,
department, or other administrative office.

Responsible for the departmental procedures related to
equipment.
Notification of equipment transfers.
Completion of an annual physical inventory.
Ensuring initial and annual authorization of off-campus
equipment.

Surplus Property

The Unassigned Property Unit is responsible for:
Acquisition,
Reutilization, and
Disposition
of excess, surplus, unassigned, and unneeded equipment

Each unit must initiate action with Property Control to remove items
Disposed,
Cannibalized,
Traded-in, or
Judged obsolete
from the department's accountable records.

Whenever the loss or theft of equipment is discovered, the custodian must
Immediately report the loss to Campus Police
Submit a Notice of Change and copy of the police report to Property Control
Property and Equipment Internal Controls
Objectives
Equipment is properly identified.
Equipment is properly labeled with a tag.
Proper object codes are used.
Property Control is notified of equipment acquired other than through the
standard University procedures.
Property Control is notified of equipment lost, stolen, salvaged, or scrapped
Inventory is conducted annually.

Risks
Non-compliance with federal or state regulations.
Not identified as equipment (not in system).
No record for insurance claims or theft.
Reduced value of the inventory system (affects depreciation, which impacts the
facility and administrative [F&A] cost rates).
Value of equipment inventory overstated.
Loss of public confidence.
Property and Equipment Internal Controls
Audit Checklist
Equipment purchases are made in accordance with purchasing
guidelines, properly authorized, and recorded.

Proper equipment object codes are used for equipment with a per unit
cost of $5,000 or more and with a useful life of more than three or more
years.

All University equipment have a decal that is easily visible

Property Control are notified of:
Donations, transfers, or fabrication of equipment.
Equipment lost, stolen, salvaged, or scrapped.
Equipment moved to an off-campus location.

An annual departmental inventory report is completed and returned to
Property Control by the due date.
The appearance of a conflict of interest exists when a
reasonable person will conclude that the employee's ability to
protect the public interest or perform public duties is
compromised by personal interest.

Unlawful for any full-time state employee to transact any
business with the agency by which such employee is employed.

A full-time employee is forbidden from acting for himself/herself,
on behalf of any third party, or on behalf of any business in
which the employee or a member of his/her family has a
substantial interest.

The term "transact any business" includes
the sale or lease of any personal property, real
property or services, or
the purchase of any surplus real or personal
property.
Unlawful for any part-time state employee, on
his own behalf or on behalf of any business,
to transact business with the agency by which
he is employed, unless:
the amount of any single transaction between the
employee and the University does not exceed
$250 and
the aggregate does not exceed $9,000 per
calendar year.
Conflict of Interest Internal Controls
Objectives
To provide effectiveness of operations by the safeguarding
of human resources, i.e., faculty and staff members are
devoted primarily to University objectives.

Risk
Impairment of the Universitys reputation.
Independent scholarly inquiry threatened.
Competition with the Universitys business interests.
Impairment of the individuals ability to perform the duties of
his/her University position.
Non-compliance with federal regulations.
Financial penalties.
Conflict of Interest Internal Controls
Audit Checklist
All faculty and staff members in the department have access
to the Universitys policies regarding conflict of interest.

Faculty and staff members know the conditions when special
permission needs to be obtained before undertaking any
commitment that may appear to be a conflict of interest.

Faculty and/or staff members have not made purchases with
vendors where there is a personal interest or reward.

The department is free of situations where a staff member
supervises or has significant control over the work or career
of another staff member who is his/her relative or is
someone with whom he/she shares a residence.
Information Security
Protect information from:
destruction,
unauthorized access, or
unauthorized change.

Users are responsible for the security of data.

An assessment of the Universitys business processes
related to sensitive data is being performed.
Training.
Evaluations.
Monitoring.
Passwords limiting unauthorized access

Passwords should be at least six characters long and have
an alpha and numeric combination.

Do not share computer IDs or passwords.

Request a change in a computer password immediately if
there is any suspicion that it has become known to another
party.

User IDs must be deactivated if an employee has
transferred or terminated.

Passwords should be changed on a regular basis
Professional Use of University Resources
Messages, sentiments, and declarations sent as
electronic mail or as electronic postings should meet
high and ethical standards

Those users publishing their opinions electronically
should
clearly and accurately identify such as their own
opinion or the opinion of the group which they are
authorized to represent.

Users are not permitted to transmit chain letters or
display images, sounds, or messages that create an
atmosphere of discomfort or harassment.

Important data should be backed up
frequently.
Backup disks should be stored in a location away
from the originals.

Anti-virus software should be installed and
frequently updated.

Unauthorized copying of licensed software is illegal.
Retain all documents on purchase and licensee agreements.

There should be license documentation for all software loaded
on each machine
Information Technology Internal Controls
Objectives
Universitys intellectual and electronic information is secured from
inappropriate access or destruction
Information technology is used only for appropriate business purposes
Proper and reliable backup procedures are used.
All software is properly licensed

Risks
Breach of system integrity and loss of critical data
Non-compliance with federal and state laws regarding computer and
data communications use
Destruction of critical information by unauthorized users
Violation of software licensee agreements and possible fines
Employee dismissal and legal action
Impairment of the Universitys reputation
Information Technology Internal Controls

AUDIT CHECKLIST
Employees with access to computer systems have an established need for the access.

Passwords are secure and not shared.

Procedures are in place to prevent unauthorized use or transmission of information.

Access to the system is removed for terminated or transferred faculty, and staff, timely.

Computers located in heavily traveled public areas have a screen saver with password
activation invoked.

Each computer software package is licensed for the current user.

Computer files are backed up on a regular basis. Backup data is stored in a location away
from the originals

The department has sufficient technical support for ongoing operations to keep downtime
minimal.

The department has adequate resumption procedures for their automated systems that are
considered critical or vital to their daily operations.

Best Practices Final

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Best Practices Final

Uploaded by

Copyright:

Available Formats

Internal Controls

You might also like