Best Practices Final

Internal Controls andBest PracticesRobert McGee, Associate ControllerHolley Schramski, Associate Vice President and ControllerDale Wetzelberger, Director Internal Auditing Division

Goals Describe Basic Internal Control Objectives Describe the Best Practice Procedures Applied in Specific AreasCash ReceiptsSignature AuthorityProcurementAccounts PayablePayrollIndependent ContractorsTravelBusiness Meals and EntertainmentAccount Status ReportsProperty ManagementConflict of InterestInformation Technology

Areas Covered in Other ProgramsP-Card and Petty CashSponsored Research Topics Department Sales AccountsHuman Resources Issues

Internal Controls 101

Primary Objectives of Internal Controls

Accurate Financial InformationCompliance with Policies and ProceduresSafeguarding AssetsEfficient Use of ResourcesAccomplishment of Objectives and Goals

-Institute of Internal Auditors

Internal Controls 101 Why are Internal Controls Important? Internal controls are designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and Efficiency of OperationsReliability of Financial ReportingCompliance with Laws and Regulations

Source: Internal Control Integrated Framework Executive Summary, Committee of Sponsoring Organizations of the Treadway Commission (COSO) http://www.coso.org/publications/executive_summary_integrated_framework.htm

Internal Controls 101Why are Internal Controls Important?

Effectiveness and Efficiency of Operationsaddresses an entity's basic businessobjectives, including performance and profitability goals and safeguarding of resources. Reliability of Financial Reportingpreparation of reliable financial statements and publicly reported financial data.Compliance with Laws and Regulationscompliance with those laws and regulations to which the entity is subject.-COSO Integrated Framework Executive Summary

Internal Controls Internal ControlsIts Good for Your Fiscal Health

Effectiveness and Efficiency of OperationsReliability of Financial ReportingCompliance with Laws and Regulations

Its Good for Your Physical Health

Balanced DietExerciseGood balance of leisure and work-mental health (Tegen and Stinson, SACUBO April 2006)

Internal Controls 101Internal control consists of five interrelated components:

Control EnvironmentRisk AssessmentControl ActivitiesInformation and CommunicationMonitoring -COSO Integrated Framework Executive Summary

Internal Controls 101The Five Interrelated Components

Control Environment

The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, andorganizes and develops its people; and the attention and direction provided by the board of directors. -COSO Integrated Framework Executive Summary


Creating the Control EnvironmentCreate environment that fosters internal controlsExpect Ethical BehaviorHire qualified staffGet to know your staffClear assignment of responsibility/Job DescriptionSupervisionClear Communication


Risk Assessment

Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change. -COSO Integrated Framework Executive Summary

Internal Controls 101Types of RiskFinancialResearchStudent AcademicAthleticHuman ResourcesFacultyCrime and SafetyInformation TechnologyEnrollmentFacilities


Examples of Financial Risk:Accounting processesAuditing MattersCompliance with Regulatory IssuesFalsification of reports/recordsFraudImproper receipt of giftsImproper vendor activityTheftWaste and AbuseMisuse of Resources


Control Activities

Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. -COSO Integrated Framework Executive Summary

Internal Controls 101Key Components Control ActivitiesPolicies and Procedures Administrative Policies and Procedures (http://www.busfin.uga.edu/manual/)Staff TrainingOrganization Charts/Job DescriptionsPerformance Measures Segregation of Duties Preventing one individual from having virtually complete control over a financial process.

Internal Controls 101Key Components-Control ActivitiesAdequate Transaction DocumentationA record of (paper or electronic) for RevenueReceiptTransferDeposit for ExpensePurposeAuthorization for OtherDelegation of Signature AuthorityMonthly Account Status Report ReconciliationAnnual Property Inventory

Properly Designed DocumentationUnique numberingIndependent Verification


Information and Communication

Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders. -COSO Integrated Framework Executive Summary


Monitoring

A process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board. -COSO Integrated Framework Executive Summary


Why Monitoring is Important:Inherent RisksComplexityDecentralization many hands, need accountabilityRepeat ProblemsUnresponsive to prior weaknessesExposuresChanges in Regulatory EnvironmentPersonnel ChangesSystem and Process ChangesRapid GrowthNew Programs, services and staff


Types of ControlsPreventive ControlsForestall errors and thereby avoid the cost of correctionDiscourage fraudDetective ControlsMeasure the effectiveness of preventive controlsUncover errors and misappropriationsProvide the means to establish accountability

Internal Controls 101Are Internal Controls Foolproof ?

Controls will not always prevent fraud or misappropriation.Making controls infallible is cost prohibitive and unnecessarily cumbersome.Controls do not eliminate the human factor. To a significant extent, systems of internal control rely on people and their actions.

Internal Controls 101Real World SummaryWhy Internal Controls Are Important

Provides management with confidence that the entity is operating according to standards which are monitored-someone is watching.Indicates to staff that what they are doing is important and that QUALITY is important.Sends a signal that certain behaviors will not be tolerated.

Cash Receipts

The term cash receipts includes: Currency Checks Credit cardsWire transfers received by mail or in person

Cash ReceiptsUse of Revenue Object Codesamounts received forPayment of delivery of goods or services Reimbursement of expenses or Contributions

Examples of third party receipts include:General revenues for tuition and fees Auxiliary incomeParking incomeSponsored awards and events Revenues from sale of goods and servicesGifts and other designated funds Reimbursements from: affiliated institutionsconferences and seminarsalumni functions

Cash ReceiptsUse of Expense CreditsRefunds from vendorsPrice adjustment of goods or services Use same object code of the original expense.

Examples include:Returned or rejected itemsOverpayments

Cash Receipts Internal Controls ObjectiveEnsure that all funds are timely deposited in the bank and are properly recorded in the appropriate account.

Risks Theft/fraud.Mismanagement of funds. Mis-statement of revenue and expenditures. Noncompliance with University, BOR, State and Federal policies.

Cash Receipts Internal Controls

Audit Check List Persons verifying the monthly Account Status Reports do not process cash receipts.

Timely and adequate restrictive endorsement of checks

Documentation and procedures are sufficient so that loss or misappropriation of funds can be traced to the responsible individual(s).

Cash Receipts Internal Controls

Documentation and ProceduresTypes of documentationPre-numbered cash receipt formPayment logCash register tape using locked-in sales totalsWorkshop attendance roster

Cash Receipts Internal ControlsDocumentation and ProceduresVerification ProceduresDepositing cash receipts timely and intact.Independently tracing cash receipt forms, logs and/or register tapes to the Bursar Office receipt and the Account Status Reports.Comparing attendance rosters to revenue posted to workshop account.Reviewing deposit documentation before gift acknowledgement letters are signed and mailed.Accounting for unsold tickets.Maintaining control over pre-numbered receipts.Immediate notification to the Controllers Office of detected shortages or inappropriate activity.

Signature Authority Transactions must be reviewed and approved by those officers under whose responsibility the project lies.

Signatory authority may be delegated however, primary responsibility for funds and transactions remains with the budgetary unit head. It is therefore necessary for a policy to be in writing to ensure the delegation is authorized.

Signature Authority The written signatory authority document should be:

Initiated by the budgetary unit head.

Contain:A description of the documents for which authority is being conveyed. Examples:Vouchers. Purchase requests.Specimen signatures of persons to whom authority is conveyed.

Signed by the appropriate department head, dean/director or vice president.

Copies sent to: Accounts PayablePayroll

Budgetary units should revise the policy when personnel or job assignments change.

Signature Authority Internal Controls Objectives Documents are properly authorized.Budgetary unit heads and principal investigators understand their responsibility.

Risks Noncompliance with federal regulations. Noncompliance with University policies.Misappropriation of funds/fraud.Disallowance of costs. Personal liability.

Signature Authority Internal ControlsAudit Check ListThe department has identified faculty and staff members authorized to sign documents in either paper or electronic form. The list is up-to-date.

Budgetary unit heads and principal investigators understand their responsibility. Documents are signed by the appropriate individuals at both the departmental and college/school levels

Delegated faculty / staff members sign their own name and not the dean or budgetary unit heads name.

Procurement and Accounts Payable ProcurementThe University Procurement Office has sole responsibility for the coordination of all University procurement activities.

Departments are authorized to make direct purchases with P-Cards and Petty Cash.Streamline payment proceduresReduce the administrative burden

All purchasing is subject to: State of Georgia purchasing regulationsBoard of Regents' policiesUniversity of Georgia policies

The budgetary unit heads have the primary responsibility for the approval of all purchases charged against the accounts under their administration.

Budgetary units should maintain a file of their own purchasing documents.

Procurement and Accounts PayableProcurementPurchase requests may be generated electronically or manually.

Purchase requests should be limited to items that can be supplied by one vendor.

When formal quotations are needed: Complete as much of the Purchase Request Form as possible. Forward the departmental copy (blue) directly to the Procurement Office for use in obtaining quotations. Place a note on the face of the purchase request providing the reason for using this procedure.

All check requests must be accompanied by an original of the invoice for payment.

The responsibility for receiving and inspecting supplies and equipment rests with:The central receiving units.Budgetary units requesting the supplies and equipment.

Procurement and Accounts PayableAccounts PayableThe Accounts Payable Department is responsible for: examining all accounts, claims, and demands against the University, and making payment of all the University's legally incurred obligations No payments are to be made:Unless there is money in the account for such payments. Until the Accounts Payable Department has been presented with supporting documents.Purchase AuthorizationOriginal InvoiceReceiving Report

Procurement and Accounts PayableAccounts PayableThe department will encumber all:

Purchase orders Physical plant work orders Requests for authority to travel

Procurement and Accounts Payable Internal ControlsObjectives Expenses charged are reasonable and allowable.Expenses are properly coded.Unallowable charges are separately designated.Purchase order processing is completed promptly and accurately.

Risks Misappropriation of funds.Loss of sponsored funding. Disallowance of costs. Noncompliance with federal regulations. Delay of future funding.Delay of delivery of goods and services.Delay of payments to vendors. Jeopardized relationships with vendors.Jeopardized credit standing of the University.

Procurement and Accounts Payable Internal Controls

Audit Check ListTransactions are properly approved and the stated purpose is reasonable.

Invoices are submitted to Accounts Payable timely. Account Status Reports are independently reviewed for accuracy of encumbrances and charges.

Payroll Payroll disbursements represent the single largest expense category to the University.

All payrolls are processed electronically through a web based electronic payroll system. All new employees are required to have their payments made through direct deposit.

The University processes four types of payrolls:Monthly Payroll Academic PayrollSalaried BiweeklyHourly Biweekly

Payroll Monthly Payroll Faculty (other than those on an "A" or "L" contract code). Administrative personnel.

Graduate assistants (other than those on a "S" contract code). Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)

Academic PayrollFaculty with a contract code of "A" or "L.

Graduate assistants with a contract code of "S.

Compensation is earned at the rate of one-half of the contract salary for each academic semester.

Additional payments for Maymester & summer session classes can be made.

Payroll Salaried BiweeklyPayroll employees covered under the Fair Labor Standards Act.

The hourly rate of pay is determined by dividing the annual rate by the number of available work hours in the fiscal year.

The gross amount of each check is determined by multiplying the hourly rate of pay by the number of hours reported on the time sheet. Hourly BiweeklyEmployees covered under the Fair Labor Standards Act. Temporary or part-time employees (paid from lump sum positions in the University budget).

The gross amount of each check is determined by multiplying the hourly rate of pay by the number of hours reported on the time sheet.

Payroll

The basic documents used to effect payroll payments are:Personnel Report

Payroll Voucher

Time Records

Payroll The Personnel Report is used to document:Employment Termination Change in status of all personnel Approved by: Department heads Deans Vice presidents (in some cases )

Personnel Reports are electronically routed to the appropriate units.

Payroll Payroll Vouchers contain: Names of all persons paid on the preceding payroll Social security numbers Hourly rate of pay or gross salary

Approved by: Department heads

Payroll vouchers are sent to the Payroll Department.

PayrollTime Records, are prepared for each employee who is covered and nonexempt under the Federal Fair Labor Standards Act. The document records:Name of employeePay periodHours worked

Approved by: employee, Supervisor These signatures and dates are important in complying with Federal Regulations. The time records should be retained by the Department for 5 years after the fiscal year ends.

PayrollInternational EmployeesAll international employees are required to complete the UGA Tax Information Form for Internationals The completed form must be submitted to the International Tax Coordinator along with: Immigration documents Passport I-94 card and Visa

The International Tax Coordinator will perform a tax analysis and will provide the appropriate payroll withholding forms to the employee for review and signature.

Payroll Internal Controls Objectives Proper authorization and payment of salary and wages. Responsibility for payroll processing separated between:authorization/processing distribution of the pay check

Proper allocation of resources and system access privileges.

Current submission of payroll documents.

Risks Noncompliance with federal/state regulations.Civil liability/lawsuits.Non-compliance with University policies.Penalties/fines.Fraud/theft.Retroactive transactions.Personal/employer tax liabilities.Overpayments/unallowable costs.

Payroll Internal Controls Audit Check ListStaff members who approve or process payroll documents do not have access to payroll checks.

Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours worked.

Payroll vouchers agree with time sheets and leave records.

Payroll vouchers are signed and approved on the last working day of the pay period. Time cards are checked for accuracy.

Overtime if paid is allowable and approved in advance.

Time cards are not returned to employees after they are approved by supervisors.

Terminated employees are removed promptly from payroll.

New hires are processed and paid in the appropriate pay cycle.

Visa expiration dates are monitored.

I-9 documentation is complete and on file for all employees.

Payments to Non-Employees Independent Contractors General Rule: the employer has the right to control or direct only the result of the work, and not the means and methods of accomplishing the result Some of the other factors to determine if a worker is an independent contractor include:Has the contractor other clients?Is the person an employee of any State of Georgia agency or institution? Is there a contract for services?Does the service involve an independent profession, trade, or business?

Payments to Non-Employees Independent Contractors - Minimum standards of documentation to use of independent contractors as consultants require evidence that: The services are needed. Cannot be met by direct salaries provided under the contract or grant.

A selection process was used to identify the most qualified individual available.

The individual or firm qualifies as an independent contractor.

The fee is appropriate considering the qualifications and services to be provided.

The express advance approval by the sponsoring and parent Federal agency of a consultant who is also a full-time employee of the Federal government.

Payments to Non-Employees Honoraria An honorarium is: A onetime tax-reportable payment To a non-University employee For general service in education, research, or public service Where the University does not expect nor is payment contingent upon a particular result. Examples are Guest lecturersWorkshop leaders.

An "Honoraria and Fees Information Sheet" must be completed and attached to the check request when payment is requested.

Payments can not be prepared in advance of service performance.

Payments to Non-Employees Prizes and Awards Prizes and awards are classified by the IRS as tax-reportable income.

Prizes and awards to employees, which recognize professional achievements related to employment, are paid through payroll.

Prizes and awards to non-employees or students (whose part-time employment has no professional connection to the award) are paid through Accounts Payable and are issued an IRS Form 1099.

Payments to Non-EmployeesStipends/Fellowships A stipend / fellowship is in the form of financial aid for which no services are performed.

Three tests to determine whether or not payments for stipends and fellowships are taxable to the recipient:Only students (candidates for a degree) qualify for exclusions.Up to the total of tuition and required fees, books, supplies and equipment can be excluded.Amounts related to services performed even if such services were requirements for the degree can not be excluded.

Payments to Non-Employees Internal Controls

Objective Individuals are classified correctly as either an employee or consultant / independent contractor for tax withholding purposes.

Risks Noncompliance with federal regulations.Noncompliance with University policies.Fines and penalties.

Payments to Non-Employees Internal ControlsAudit Check List The departments determination on the classification of an individual as either an independent contractor/consultant or employee meets the IRS criteria. There is sufficient documentation for need, qualifications, and selection process. The fee is reasonable considering the qualifications and services to be provided.

Departments have properly completed: Honoraria and Fees Information Sheet.Consulting Agreement Form.Forms are signed by consultant/contractor and the appropriate University official.

Travel The University reimburses employees for approved, necessary, and reasonable travel expenses incurred while conducting business for the University. Each employee is required to have travel approved by his/her department head or other designated official. For out-of-state travel, it is necessary to obtain: Prior approval from the appropriate dean's, director's, or other unit head's office.A financial review by the Travel and Encumbrance Section of the Accounts Payable Department. Travel outside of the continental limits of the United States must be approved first by the appropriate vice president and then by the President's Office. Reimbursement for travel expenses (meals, lodging, transportation and miscellaneous expenses) is requested using an Employee Travel Expense Statement.

Travel In general, services (as well as materials, goods, or supplies) must be received before payment can be remitted.

Food, lodging or other non-conference related expenses must be paid by the employee.

The employee will be reimbursed, as appropriate, using normal travel reimbursement procedures.

Travel Non-employees or any other organization for rendering a serviceTravel and subsistence expenses must be in accordance with the University of Georgia Travel Policy. A "Honoraria and Fees Information Sheet" and check request is used to process reimbursement. Charges are recorded as per diem and fees expense and not travel for non-employees.

Prospective employees may be reimbursed for travel expenses.

Travel Internal Controls Objectives Expenses charged are reasonable and comply with University policies.Expenses are legitimate and approved by authorized department personnel.Expenses are accurately calculated.Expenses are coded to the proper object codes, and unallowable charges are separately designated.Special Purpose Petty Cash Funds (travel advances) are properly requested, utilized, and accounted for in a timely manner.

Risks Improper use of University funds.Noncompliance with Internal Revenue Service and other regulatory authorities.Noncompliance with granting agencies.Excessive aging of travel advances.

Travel Internal ControlsAudit Check List Special Purpose Petty Cash Funds are approved, utilized appropriately and promptly returned.

Travel forms are signed by the traveler and an authorized approver. Reported expenses are in compliance with the Universitys policies and procedures:Correct per diem rates Correct currency conversion rates forms are accurately totaled

Original receipts or other appropriate documentation attached to support charges on the Travel Expense Statement and Honoraria and Fees Information Sheet.

Paid consultant travel expenses are included in the consulting contract.

Business Meals and Entertainment All University funds should be used only for activities related to the Universitys mission of education, research, and public service.

In general, University accounts cannot be used to pay for the cost of University related entertainment. Sponsoring entities occasionally include a provision that funds may be expended for University related entertainment. It is important to note that expenses, personal in nature, such staff social parties (celebrations of a birthday, marriage, birthetc) or holiday celebrations are not reimbursable.

Employees may be reimbursed for meals, not associated with overnight travel, if:

The meals are part of a required registration fee; or The employees is on a work assignment more than 30 miles away from home or headquarters).Approved, necessary, and reasonable business expenses may be reimbursed by submitting a Travel Expense Statement or Reimbursement of University Related Entertainment Expenses Form.

Business Meal and Entertainment Internal ControlsObjectives Reimbursements for business meals and entertainment are made only when considered necessary and reasonable to fulfill the Universitys mission of education, research, and public service.

Entertainment expenses are supported by proper documentation.

Expenses are charged in accordance with University policies and sponsoring agency guidelines.

Risks Non-compliance with federal regulations.Loss of funding.Penalties/fines.Disallowance of costs.Personal liability.Impairment of reputation.

Business Meal and Entertainment Internal ControlsAudit ChecklistEntertainment costs are in compliance with the Universitys policies and procedures and sponsoring agency regulations.

The purpose for these types of expenses are of a business nature rather than personal.

Expense reimbursement requests include written documentation stating the business purpose of the activity, the names of all individuals present and original receipts.

The proper object codes are used when coding various entertainment expenses.

Departmental personnel approving such expenses are familiar with the Universitys policies and procedures.

Account Status ReportsMonthly verification of the Account Status Reports is a critical control. A certification of financial information at the department level.Performed timely.

The Controllers Office distributes to departments each month the Account Status Reports for all accounts that had activity during the year.

Account Status ReportsA review of the account status reports can be called:Account ReconciliationTransaction Verification

No matter what the procedure is calledSource documents retained by the department need to be compared to the account status report entries.Timely.Preferably by someone who is independent of the processed transaction.

Prompt reconciliation of revenue, expenditures and encumbrances can revealMissing or misapplied deposits.Unallowable charges Duplicate payments orNon-payment of invoices.

Exceptions must be promptly researched and corrected.

Account Status ReportsFiscal management responsibility rests with the department directors or principal investigators (PIs) Transaction verification procedures may be delegated to the administrative staff.

Oversight of such delegated fiscal responsibilities remains with the department directors, or PIs.

Department directors or PIs should review the monthly Account Status Reports to ensure revenue and expenditure transactions are reconciled and reasonable.

Account Status Report Internal Controls Objectives Revenue and expenditures are correct and reflected in the appropriate account with the proper object/revenue codes. Expenditures are allowable and comply with federal regulations and University policies The report reconciliation process is completed monthly Department directors and PIs understand their fiscal responsibilities

Risks Non-compliance with federal regulations and University policies Disallowance of costsDelay or loss of future funding Delay in the discovery of inappropriate transactionsNo budgetary control Loss of revenue

Account Status Report Internal ControlsAudit ChecklistRevenue and expenditure transactions are reconciled monthly.

Verification of transactions are performed by staff who are knowledgeable of University and sponsoring agency cost policies.

When possible, verification procedures are performed by staff who do not: Have access to cash or checks, Make purchases, or authorize payments.

The reconciliation between source documents and the Account Status Report would likely detect items: On the report and not in departmental records. In departmental records and not on the report.

All unresolved items are promptly researched and corrected.

The department director or PI review the monthly reports once the reconciliation is completed

Property and Equipment Movable personal property must be inventoried and tracked if:Estimated usable life of three or more years. Acquisition cost of $3,000 or more.

The University also inventories items costing under $3,000 but more that $500 which include:Office Machines.Electronic Audio/Visual Equipment.Photographic Apparatus.

Property and Equipment The following items are inventory controlled without regard to cost:Books if procured through the Library Accounts and catalogued by the Libraries.

Firearms.

Art objects/Antiques.

Vehicles licensed for road use.

Property and Equipment Items acquired through the University Procurement Office do not require any additional reporting by the custodian of the equipment for purposes of establishing the inventory records.

Items received from other sources do require action initiated by the custodian. Notice of Change in Departmental Equipment. Notify the University Property Control Office.

Property and Equipment Assistant Inventory Control Officer (AICO)Designated by the head of each college, school, department, or other administrative office.

Responsible for the departmental procedures related to equipment.Notification of equipment transfers. Completion of an annual physical inventory.Ensuring initial and annual authorization of off-campus equipment.

Property and EquipmentSurplus Property

The Unassigned Property Unit is responsible for:Acquisition, Reutilization, and Disposition of excess, surplus, unassigned, and unneeded equipment

Each unit must initiate action with Property Control to remove itemsDisposed,Cannibalized, Traded-in, orJudged obsoletefrom the department's accountable records.

Whenever the loss or theft of equipment is discovered, the custodian must Immediately report the loss to Campus Police Submit a Notice of Change and copy of the police report to Property Control

Property and Equipment Internal Controls Objectives Equipment is properly identified. Equipment is properly labeled with a tag. Proper object codes are used. Property Control is notified of equipment acquired other than through the standard University procedures. Property Control is notified of equipment lost, stolen, salvaged, or scrapped Inventory is conducted annually.

Risks Non-compliance with federal or state regulations. Not identified as equipment (not in system). No record for insurance claims or theft. Reduced value of the inventory system (affects depreciation, which impacts the facility and administrative [F&A] cost rates). Value of equipment inventory overstated.Loss of public confidence.

Property and Equipment Internal ControlsAudit Checklist Equipment purchases are made in accordance with purchasing guidelines, properly authorized, and recorded.

Proper equipment object codes are used for equipment with a per unit cost of $5,000 or more and with a useful life of more than three or more years.

All University equipment have a decal that is easily visible

Property Control are notified of: Donations, transfers, or fabrication of equipment.Equipment lost, stolen, salvaged, or scrapped.Equipment moved to an off-campus location.

An annual departmental inventory report is completed and returned to Property Control by the due date.

Conflict of Interest The appearance of a conflict of interest exists when a reasonable person will conclude that the employee's ability to protect the public interest or perform public duties is compromised by personal interest.

Unlawful for any full-time state employee to transact any business with the agency by which such employee is employed. A full-time employee is forbidden from acting for himself/herself, on behalf of any third party, or on behalf of any business in which the employee or a member of his/her family has a substantial interest.

Conflict of Interest The term "transact any business" includes the sale or lease of any personal property, real property or services, or the purchase of any surplus real or personal property.

Conflict of Interest Unlawful for any part-time state employee, on his own behalf or on behalf of any business, to transact business with the agency by which he is employed, unless: the amount of any single transaction between the employee and the University does not exceed $250 and the aggregate does not exceed $9,000 per calendar year.

Conflict of Interest Internal Controls Objectives To provide effectiveness of operations by the safeguarding of human resources, i.e., faculty and staff members are devoted primarily to University objectives.

Risk Impairment of the Universitys reputation.Independent scholarly inquiry threatened.Competition with the Universitys business interests.Impairment of the individuals ability to perform the duties of his/her University position. Non-compliance with federal regulations. Financial penalties.

Conflict of Interest Internal ControlsAudit Checklist All faculty and staff members in the department have access to the Universitys policies regarding conflict of interest.

Faculty and staff members know the conditions when special permission needs to be obtained before undertaking any commitment that may appear to be a conflict of interest.

Faculty and/or staff members have not made purchases with vendors where there is a personal interest or reward.

The department is free of situations where a staff member supervises or has significant control over the work or career of another staff member who is his/her relative or is someone with whom he/she shares a residence.

Information Technology Information Security Protect information from:destruction, unauthorized access, or unauthorized change.

Users are responsible for the security of data.

An assessment of the Universitys business processes related to sensitive data is being performed.Training.Evaluations.Monitoring.

Information Technology Passwords limiting unauthorized access

Passwords should be at least six characters long and have an alpha and numeric combination.

Do not share computer IDs or passwords.

Request a change in a computer password immediately if there is any suspicion that it has become known to another party.

User IDs must be deactivated if an employee has transferred or terminated.

Passwords should be changed on a regular basis

Information Technology Professional Use of University ResourcesMessages, sentiments, and declarations sent as electronic mail or as electronic postings should meet high and ethical standards

Those users publishing their opinions electronically should clearly and accurately identify such as their own opinion or the opinion of the group which they are authorized to represent.

Users are not permitted to transmit chain letters or display images, sounds, or messages that create an atmosphere of discomfort or harassment.

Information Technology

Important data should be backed up frequently. Backup disks should be stored in a location away from the originals.

Anti-virus software should be installed and frequently updated.

Information Technology

Unauthorized copying of licensed software is illegal. Retain all documents on purchase and licensee agreements. There should be license documentation for all software loaded on each machine

Information Technology Internal ControlsObjectives Universitys intellectual and electronic information is secured from inappropriate access or destructionInformation technology is used only for appropriate business purposes Proper and reliable backup procedures are used.All software is properly licensed

Risks Breach of system integrity and loss of critical dataNon-compliance with federal and state laws regarding computer and data communications useDestruction of critical information by unauthorized usersViolation of software licensee agreements and possible finesEmployee dismissal and legal actionImpairment of the Universitys reputation

Information Technology Internal Controls

AUDIT CHECKLIST Employees with access to computer systems have an established need for the access.

Passwords are secure and not shared.

Procedures are in place to prevent unauthorized use or transmission of information.

Access to the system is removed for terminated or transferred faculty, and staff, timely.

Computers located in heavily traveled public areas have a screen saver with password activation invoked.

Each computer software package is licensed for the current user. Computer files are backed up on a regular basis. Backup data is stored in a location away from the originals

The department has sufficient technical support for ongoing operations to keep downtime minimal.

The department has adequate resumption procedures for their automated systems that are considered critical or vital to their daily operations.