Best Practices Final

Internal Controls and

Best Practices

Robert McGee, Associate Controller

Holley Schramski, Associate Vice President and Controller

Dale Wetzelberger, Director Internal Auditing Division

Goals Describe Basic Internal Control Objectives

Describe the Best Practice Procedures Applied in Specific Areas

Cash Receipts Signature Authority Procurement Accounts Payable Payroll Independent Contractors Travel Business Meals and Entertainment Account Status Reports Property Management Conflict of Interest Information Technology

Areas Covered in Other Programs P-Card and Petty Cash Sponsored Research Topics Department Sales Accounts Human Resources Issues

Internal Controls 101

Primary Objectives of Internal Controls

Accurate Financial Information Compliance with Policies and Procedures Safeguarding Assets Efficient Use of Resources Accomplishment of Objectives and Goals

-Institute of Internal Auditors


Why are Internal Controls Important?

Internal controls are designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with Laws and Regulations

Source: Internal Control – Integrated Framework Executive Summary, Committee of Sponsoring Organizations of the Treadway Commission (COSO)

http://www.coso.org/publications/executive_summary_integrated_framework.htm


Why are Internal Controls Important?

Effectiveness and Efficiency of Operations addresses an entity's basic business objectives, including performance

and profitability goals and safeguarding of resources.

Reliability of Financial Reporting preparation of reliable financial statements and publicly reported

financial data.

Compliance with Laws and Regulations compliance with those laws and regulations to which the entity

is subject.

-COSO Integrated Framework Executive Summary

Internal Controls

Internal ControlsIt’s Good for Your Fiscal Health

Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with Laws and Regulations

It’s Good for Your Physical Health

Balanced Diet Exercise Good balance of leisure and work-mental health

(Tegen and Stinson, SACUBO April 2006)


Internal control consists of five interrelated components:

Control Environment Risk Assessment Control Activities Information and Communication Monitoring



The Five Interrelated Components

Control Environment

The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors.



Creating the Control Environment Create environment that fosters internal controls Expect Ethical Behavior Hire qualified staff Get to know your staff Clear assignment of responsibility/Job Description Supervision Clear Communication



Risk Assessment

Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.



Types of Risk Financial Research Student Academic Athletic Human Resources Faculty Crime and Safety Information Technology Enrollment Facilities


Examples of Financial Risk: Accounting processes Auditing Matters Compliance with Regulatory Issues Falsification of reports/records Fraud Improper receipt of gifts Improper vendor activity Theft Waste and Abuse Misuse of Resources



Control Activities

Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.



Key Components – Control Activities Policies and Procedures

Administrative Policies and Procedures (http://www.busfin.uga.edu/manual/)

Staff Training Organization Charts/Job Descriptions Performance Measures Segregation of Duties

Preventing one individual from having virtually complete control over a financial process.


Key Components-Control Activities Adequate Transaction Documentation

A record of (paper or electronic) for Revenue Receipt Transfer Deposit

for Expense Purpose Authorization

for Other Delegation of Signature Authority Monthly Account Status Report Reconciliation Annual Property Inventory

Properly Designed Documentation Unique numbering

Independent Verification



Information and Communication

Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders.




Monitoring

A process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board.



Why Monitoring is Important: Inherent Risks

Complexity Decentralization – many hands, need accountability Repeat Problems Unresponsive to prior weaknesses

Exposures Changes in Regulatory Environment Personnel Changes System and Process Changes Rapid Growth New Programs, services and staff


Types of ControlsPreventive Controls Forestall errors and thereby avoid the cost of correction Discourage fraud

Detective Controls Measure the effectiveness of preventive controls Uncover errors and misappropriations Provide the means to establish accountability


Are Internal Controls Foolproof ?

Controls will not always prevent fraud or misappropriation.

Making controls infallible is cost prohibitive and unnecessarily cumbersome.

Controls do not eliminate the “human factor”. To a significant extent, systems of internal control rely on people and their actions.


Real World Summary

Why Internal Controls Are Important

Provides management with confidence that the entity is operating according to standards which are monitored-someone is watching.

Indicates to staff that what they are doing is important and that QUALITY is important.

Sends a signal that certain behaviors will not be tolerated.

Cash Receipts

The term “cash receipts” includes: Currency Checks Credit cards Wire transfers

received by mail or in person

Cash Receipts

Use of Revenue Object Codesamounts received for Payment of delivery of goods or services Reimbursement of expenses or Contributions

Examples of third party receipts include: General revenues for tuition and fees Auxiliary income Parking income Sponsored awards and events Revenues from sale of goods and services Gifts and other designated funds Reimbursements from:

affiliated institutions conferences and seminars alumni functions

Cash Receipts

Use of Expense Credits Refunds from vendors

Price adjustment of goods or services Use same object code of the original expense.

Examples include: Returned or rejected items Overpayments

Cash Receipts Internal Controls

ObjectiveEnsure that all funds are timely deposited in the bank and are

properly recorded in the appropriate account.

Risks Theft/fraud. Mismanagement of funds. Mis-statement of revenue and expenditures. Noncompliance with University, BOR, State and Federal policies.


Audit Check List Persons verifying the monthly Account Status Reports do not

process cash receipts.

Timely and adequate restrictive endorsement of checks

Documentation and procedures are sufficient so that loss or misappropriation of funds can be traced to the responsible individual(s).


Documentation and Procedures

Types of documentation Pre-numbered cash receipt form Payment log Cash register tape using locked-in sales totals Workshop attendance roster


Documentation and Procedures

Verification Procedures Depositing cash receipts timely and intact. Independently tracing cash receipt forms, logs and/or register

tapes to the Bursar’ Office receipt and the Account Status Reports.

Comparing attendance rosters to revenue posted to workshop account.

Reviewing deposit documentation before gift acknowledgement letters are signed and mailed.

Accounting for unsold tickets. Maintaining control over pre-numbered receipts. Immediate notification to the Controller’s Office of detected

shortages or inappropriate activity.

Signature Authority

Transactions must be reviewed and approved by those officers under whose responsibility the project lies.

Signatory authority may be delegated however, primary responsibility for funds and transactions remains with the budgetary unit head.

It is therefore necessary for a policy to be in writing to ensure the delegation is authorized.

Signature Authority

The written signatory authority document should be:

Initiated by the budgetary unit head.

Contain: A description of the documents for which authority is being conveyed.

Examples: Vouchers. Purchase requests.

Specimen signatures of persons to whom authority is conveyed.

Signed by the appropriate department head, dean/director or vice president.

Copies sent to: Accounts Payable Payroll

Budgetary units should revise the policy when personnel or job assignments change.

Signature Authority Internal Controls

Objectives Documents are properly authorized. Budgetary unit heads and principal investigators

understand their responsibility.

Risks Noncompliance with federal regulations. Noncompliance with University policies. Misappropriation of funds/fraud. Disallowance of costs. Personal liability.

Signature Authority Internal Controls

Audit Check List The department has identified faculty and staff members authorized

to sign documents in either paper or electronic form. The list is up-to-date.

Budgetary unit heads and principal investigators understand their responsibility.

Documents are signed by the appropriate individuals at both the

departmental and college/school levels

Delegated faculty / staff members sign their own name and not the dean or budgetary unit head’s name.

Procurement and Accounts Payable

Procurement The University Procurement Office has sole responsibility for the coordination of

all University procurement activities.

Departments are authorized to make direct purchases with P-Cards and Petty Cash.

Streamline payment procedures Reduce the administrative burden

All purchasing is subject to: State of Georgia purchasing regulations Board of Regents' policies University of Georgia policies

The budgetary unit heads have the primary responsibility for the approval of all purchases charged against the accounts under their administration.

Budgetary units should maintain a file of their own purchasing documents.


Procurement Purchase requests may be generated electronically or manually.

Purchase requests should be limited to items that can be supplied by one vendor.

When formal quotations are needed: Complete as much of the Purchase Request Form as possible. Forward the departmental copy (blue) directly to the Procurement Office for use

in obtaining quotations. Place a note on the face of the purchase request providing the reason for using

this procedure.

All check requests must be accompanied by an original of the invoice for payment.

The responsibility for receiving and inspecting supplies and equipment rests with:

The central receiving units. Budgetary units requesting the supplies and equipment.


Accounts Payable The Accounts Payable Department is responsible for:

examining all accounts, claims, and demands against the University, and

making payment of all the University's legally incurred obligations

No payments are to be made:

Unless there is money in the account for such payments.

Until the Accounts Payable Department has been presented with supporting documents.

Purchase Authorization Original Invoice Receiving Report


Accounts Payable The department will encumber all:

Purchase orders Physical plant work orders Requests for authority to travel

Procurement and Accounts Payable Internal Controls

Objectives Expenses charged are reasonable and allowable. Expenses are properly coded. Unallowable charges are separately designated. Purchase order processing is completed promptly and accurately.

Risks Misappropriation of funds. Loss of sponsored funding. Disallowance of costs. Noncompliance with federal regulations. Delay of future funding. Delay of delivery of goods and services. Delay of payments to vendors. Jeopardized relationships with vendors. Jeopardized credit standing of the University.

Procurement and Accounts Payable Internal Controls

Audit Check List Transactions are properly approved and the stated purpose is reasonable.

Invoices are submitted to Accounts Payable timely.

Account Status Reports are independently reviewed for accuracy of

encumbrances and charges.

Payroll

Payroll disbursements represent the single largest expense category to the University.

All payrolls are processed electronically through a web based electronic payroll system.

All new employees are required to have their payments made through direct deposit.

The University processes four types of payrolls: Monthly Payroll Academic Payroll Salaried Biweekly Hourly Biweekly

Payroll

Monthly Payroll Faculty (other than those on an "A" or "L" contract code). Administrative personnel.

Graduate assistants (other than those on a "S" contract code). Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)

Academic Payroll Faculty with a contract code of "A" or "L“.

Graduate assistants with a contract code of "S“.

Compensation is earned at the rate of one-half of the contract salary for each academic semester.

Additional payments for Maymester & summer session classes can be made.

Payroll

Salaried Biweekly Payroll employees covered under the Fair Labor Standards Act.

The hourly rate of pay is determined by dividing the annual rate by the number of available work hours in the fiscal year.

The gross amount of each check is determined by multiplying the hourly rate of pay by the number of hours reported on the time sheet.

Hourly Biweekly

Employees covered under the Fair Labor Standards Act.

Temporary or part-time employees

(paid from lump sum positions in the University budget).

The gross amount of each check is determined by multiplying the hourly rate of pay by the number of hours reported on the time sheet.

Payroll

The basic documents used to effect payroll payments are: Personnel Report

Payroll Voucher

Time Records

Payroll

The Personnel Report is used to document: Employment Termination Change in status of all personnel

Approved by: Department heads Deans Vice presidents (in some cases )

Personnel Reports are electronically routed to the appropriate units.

Payroll

Payroll Vouchers contain: Names of all persons paid on the preceding payroll Social security numbers Hourly rate of pay or gross salary

Approved by: Department heads

Payroll vouchers are sent to the Payroll Department.

Payroll

Time Records, are prepared for each employee who is covered and nonexempt under the Federal Fair Labor Standards Act. The document records: Name of employee Pay period Hours worked

Approved by: employee, Supervisor

These signatures and dates are important in complying with Federal Regulations.

The time records should be retained by the Department for 5 years after the fiscal year ends.

Payroll

International Employees All international employees are required to complete the

UGA Tax Information Form for Internationals The completed form must be submitted to the International

Tax Coordinator along with: Immigration documents Passport I-94 card and Visa

The International Tax Coordinator will perform a tax analysis and will provide the appropriate payroll withholding forms to the employee for review and signature.

Payroll Internal Controls Objectives

Proper authorization and payment of salary and wages. Responsibility for payroll processing separated between:

authorization/processing distribution of the pay check

Proper allocation of resources and system access privileges.

Current submission of payroll documents.

Risks Noncompliance with federal/state regulations. Civil liability/lawsuits. Non-compliance with University policies. Penalties/fines. Fraud/theft. Retroactive transactions. Personal/employer tax liabilities. Overpayments/unallowable costs.

Payroll Internal Controls

Audit Check List Staff members who approve or process payroll documents do not have access to payroll checks.

Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours worked.

Payroll vouchers agree with time sheets and leave records.

Payroll vouchers are signed and approved on the last working day of the pay period. Time cards are checked for accuracy.

Overtime if paid is allowable and approved in advance.

Time cards are not returned to employees after they are approved by supervisors.

Terminated employees are removed promptly from payroll.

New hires are processed and paid in the appropriate pay cycle.

Visa expiration dates are monitored.

I-9 documentation is complete and on file for all employees.

Payments to Non-Employees

Independent Contractors General Rule: the employer has the right to control or

direct only the result of the work, and not the means and methods of accomplishing the result

Some of the other factors to determine if a worker is an

independent contractor include: Has the contractor other clients? Is the person an employee of any State of Georgia

agency or institution? Is there a contract for services? Does the service involve an independent profession,

trade, or business?


Independent Contractors - Minimum standards of documentation to use of independent contractors as consultants require evidence that:

The services are needed. Cannot be met by direct salaries provided under the contract or grant.

A selection process was used to identify the most qualified individual available.

The individual or firm qualifies as an independent contractor.

The fee is appropriate considering the qualifications and services to be provided.

The express advance approval by the sponsoring and parent Federal agency of a consultant who is also a full-time employee of the Federal government.


Honoraria An honorarium is:

A onetime tax-reportable payment To a non-University employee For general service in education, research, or public service Where the University does not expect nor is payment contingent upon a

particular result.

Examples are Guest lecturers Workshop leaders.

An "Honoraria and Fees Information Sheet" must be completed and attached to the check request when payment is requested.

Payments can not be prepared in advance of service performance.


Prizes and Awards Prizes and awards are classified by the IRS as tax-reportable

income.

Prizes and awards to employees, which recognize professional achievements related to employment, are paid through payroll.

Prizes and awards to non-employees or students (whose part-time employment has no professional connection to the award) are paid through Accounts Payable and are issued an IRS Form 1099.


Stipends/Fellowships A stipend / fellowship is in the form of financial aid for

which no services are performed.

Three tests to determine whether or not payments for stipends and fellowships are taxable to the recipient:

Only students (candidates for a degree) qualify for exclusions.

Up to the total of tuition and required fees, books, supplies and equipment can be excluded.

Amounts related to services performed even if such services were requirements for the degree can not be excluded.

Payments to Non-Employees Internal Controls

Objective

Individuals are classified correctly as either an employee or consultant / independent contractor for tax withholding purposes.

Risks Noncompliance with federal regulations. Noncompliance with University policies. Fines and penalties.

Payments to Non-Employees Internal Controls

Audit Check List The department’s determination on the classification of an individual as

either an independent contractor/consultant or employee meets the IRS criteria.

There is sufficient documentation for need, qualifications, and selection

process. The fee is reasonable considering the qualifications and services to be

provided.

Departments have properly completed: Honoraria and Fees Information Sheet. Consulting Agreement Form.

Forms are signed by consultant/contractor and the appropriate University official.

Travel

The University reimburses employees for approved, necessary, and reasonable travel expenses incurred while conducting business for the University.

Each employee is required to have travel approved by his/her department head or other designated official.

For out-of-state travel, it is necessary to obtain:

Prior approval from the appropriate dean's, director's, or other unit head's office. A financial review by the Travel and Encumbrance Section of the Accounts

Payable Department.

Travel outside of the continental limits of the United States must be approved first by the appropriate vice president and then by the President's Office.

Reimbursement for travel expenses (meals, lodging, transportation and miscellaneous expenses) is requested using an Employee Travel Expense Statement.

Travel

In general, services (as well as materials, goods, or supplies) must be received before payment can be remitted.

Food, lodging or other non-conference related expenses must be paid by the employee.

The employee will be reimbursed, as appropriate, using normal travel reimbursement procedures.

Travel

Non-employees or any other organization for rendering a service Travel and subsistence expenses must be in accordance with the University

of Georgia Travel Policy.

A "Honoraria and Fees Information Sheet" and check request is used to

process reimbursement.

Charges are recorded as per diem and fees expense and not travel for non-

employees.

Prospective employees may be reimbursed for travel expenses.

Travel Internal Controls

Objectives Expenses charged are reasonable and comply with University policies. Expenses are legitimate and approved by authorized department

personnel. Expenses are accurately calculated. Expenses are coded to the proper object codes, and unallowable

charges are separately designated. Special Purpose Petty Cash Funds (travel advances) are properly

requested, utilized, and accounted for in a timely manner.

Risks Improper use of University funds. Noncompliance with Internal Revenue Service and other regulatory

authorities. Noncompliance with granting agencies. Excessive aging of travel advances.

Travel Internal Controls

Audit Check List Special Purpose Petty Cash Funds are approved, utilized appropriately

and promptly returned.

Travel forms are signed by the traveler and an authorized approver. Reported expenses are in compliance with the University’s policies and

procedures: Correct per diem rates Correct currency conversion rates forms are accurately totaled

Original receipts or other appropriate documentation attached to support charges on the Travel Expense Statement and Honoraria and Fees Information Sheet.

Paid consultant travel expenses are included in the consulting contract.

Business Meals and Entertainment

All University funds should be used only for activities related to the University’s mission of education, research, and public service.

In general, University accounts cannot be used to pay for the cost of University related entertainment.

Sponsoring entities occasionally include a provision that funds may be expended for University related entertainment.

It is important to note that expenses, personal in nature, such staff social parties (celebrations of a birthday, marriage, birth…etc) or holiday celebrations are not reimbursable.

Employees may be reimbursed for meals, not associated with overnight travel, if:

The meals are part of a required registration fee; or The employees is on a work assignment more than 30 miles away from home or

headquarters).

Approved, necessary, and reasonable business expenses may be reimbursed by submitting a Travel Expense Statement or Reimbursement of University Related Entertainment Expenses Form.

Business Meal and Entertainment Internal Controls

Objectives Reimbursements for business meals and entertainment are made only

when considered necessary and reasonable to fulfill the University’s mission of education, research, and public service.

Entertainment expenses are supported by proper documentation.

Expenses are charged in accordance with University policies and sponsoring agency guidelines.

Risks Non-compliance with federal regulations. Loss of funding. Penalties/fines. Disallowance of costs. Personal liability. Impairment of reputation.

Business Meal and Entertainment Internal Controls

Audit Checklist Entertainment costs are in compliance with the University’s policies and

procedures and sponsoring agency regulations.

The purpose for these types of expenses are of a business nature rather than personal.

Expense reimbursement requests include written documentation stating the business purpose of the activity, the names of all individuals present and original receipts.

The proper object codes are used when coding various entertainment expenses.

Departmental personnel approving such expenses are familiar with the University’s policies and procedures.

Account Status Reports

Monthly verification of the Account Status Reports is a critical control.

A certification of financial information at the department level.

Performed timely.

The Controller’s Office distributes to departments each month the Account Status Reports for all accounts that had activity during the year.


A review of the account status reports can be called: Account Reconciliation Transaction Verification

No matter what the procedure is called Source documents retained by the department need to be compared to the

account status report entries. Timely. Preferably by someone who is independent of the processed transaction.

Prompt reconciliation of revenue, expenditures and encumbrances can reveal Missing or misapplied deposits. Unallowable charges Duplicate payments or Non-payment of invoices.

Exceptions must be promptly researched and corrected.


Fiscal management responsibility rests with the department directors or principal investigators (PIs)

Transaction verification procedures may be delegated to the administrative staff.

Oversight of such delegated fiscal responsibilities remains with the department directors, or PIs.

Department directors or PIs should review the monthly Account Status Reports to ensure revenue and expenditure transactions are reconciled and reasonable.

Account Status Report Internal Controls

Objectives Revenue and expenditures are correct and reflected in the appropriate

account with the proper object/revenue codes. Expenditures are allowable and comply with federal regulations and

University policies The report reconciliation process is completed monthly Department directors and PIs understand their fiscal responsibilities

Risks Non-compliance with federal regulations and University policies Disallowance of costs Delay or loss of future funding Delay in the discovery of inappropriate transactions No budgetary control Loss of revenue

Account Status Report Internal Controls

Audit Checklist Revenue and expenditure transactions are reconciled monthly.

Verification of transactions are performed by staff who are knowledgeable of University and sponsoring agency cost policies.

When possible, verification procedures are performed by staff who do not: Have access to cash or checks, Make purchases, or authorize payments.

The reconciliation between source documents and the Account Status Report would likely detect items:

On the report and not in departmental records. In departmental records and not on the report.

All unresolved items are promptly researched and corrected.

The department director or PI review the monthly reports once the reconciliation is completed

Property and Equipment

Movable personal property must be inventoried and tracked if:

Estimated usable life of three or more years. Acquisition cost of $3,000 or more.

The University also inventories items costing under $3,000 but more that $500 which include:

Office Machines. Electronic Audio/Visual Equipment. Photographic Apparatus.


The following items are inventory controlled without regard to cost:

Books if procured through the Library Accounts and catalogued by the Libraries.

Firearms.

Art objects/Antiques.

Vehicles licensed for road use.


Items acquired through the University Procurement Office do not require any additional reporting by the custodian of the equipment for purposes of establishing the inventory records.

Items received from other sources do require action initiated by the custodian.

Notice of Change in Departmental Equipment. Notify the University Property Control Office.


Assistant Inventory Control Officer (AICO) Designated by the head of each college, school,

department, or other administrative office.

Responsible for the departmental procedures related to equipment.

Notification of equipment transfers. Completion of an annual physical inventory. Ensuring initial and annual authorization of off-campus

equipment.


Surplus Property

The Unassigned Property Unit is responsible for: Acquisition, Reutilization, and Disposition

of excess, surplus, unassigned, and unneeded equipment

Each unit must initiate action with Property Control to remove items Disposed, Cannibalized, Traded-in, or Judged obsolete

from the department's accountable records.

Whenever the loss or theft of equipment is discovered, the custodian must Immediately report the loss to Campus Police Submit a Notice of Change and copy of the police report to Property Control

Property and Equipment Internal Controls

Objectives Equipment is properly identified. Equipment is properly labeled with a tag. Proper object codes are used. Property Control is notified of equipment acquired other than through the

standard University procedures. Property Control is notified of equipment lost, stolen, salvaged, or scrapped Inventory is conducted annually.

Risks Non-compliance with federal or state regulations. Not identified as equipment (not in system). No record for insurance claims or theft. Reduced value of the inventory system (affects depreciation, which impacts the

facility and administrative [F&A] cost rates). Value of equipment inventory overstated. Loss of public confidence.

Property and Equipment Internal Controls

Audit Checklist Equipment purchases are made in accordance with purchasing

guidelines, properly authorized, and recorded.

Proper equipment object codes are used for equipment with a per unit cost of $5,000 or more and with a useful life of more than three or more years.

All University equipment have a decal that is easily visible

Property Control are notified of: Donations, transfers, or fabrication of equipment. Equipment lost, stolen, salvaged, or scrapped. Equipment moved to an off-campus location.

An annual departmental inventory report is completed and returned to Property Control by the due date.

Conflict of Interest

The appearance of a conflict of interest exists when a reasonable person will conclude that the employee's ability to protect the public interest or perform public duties is

compromised by personal interest.

Unlawful for any full-time state employee to transact any business with the agency by which such employee is employed.

A full-time employee is forbidden from acting for himself/herself, on behalf of any third party, or on behalf of any business in which the employee or a member of his/her family has a substantial interest.


The term "transact any business" includes the sale or lease of any personal property, real

property or services, or the purchase of any surplus real or personal

property.


Unlawful for any part-time state employee, on his own behalf or on behalf of any business, to transact business with the agency by which he is employed, unless:

the amount of any single transaction between the employee and the University does not exceed $250 and

the aggregate does not exceed $9,000 per calendar year.

Conflict of Interest Internal Controls

Objectives To provide effectiveness of operations by the safeguarding

of human resources, i.e., faculty and staff members are devoted primarily to University objectives.

Risk Impairment of the University’s reputation. Independent scholarly inquiry threatened. Competition with the University’s business interests. Impairment of the individual’s ability to perform the duties of

his/her University position. Non-compliance with federal regulations. Financial penalties.

Conflict of Interest Internal Controls

Audit Checklist All faculty and staff members in the department have access

to the University’s policies regarding conflict of interest.

Faculty and staff members know the conditions when special permission needs to be obtained before undertaking any commitment that may appear to be a conflict of interest.

Faculty and/or staff members have not made purchases with vendors where there is a personal interest or reward.

The department is free of situations where a staff member supervises or has significant control over the work or career of another staff member who is his/her relative or is someone with whom he/she shares a residence.

Information Technology

Information Security Protect information from:

destruction, unauthorized access, or unauthorized change.

Users are responsible for the security of data.

An assessment of the University’s business processes related to sensitive data is being performed.

Training. Evaluations. Monitoring.


Passwords – limiting unauthorized access

Passwords should be at least six characters long and have an alpha and numeric combination.

Do not share computer IDs or passwords.

Request a change in a computer password immediately if there is any suspicion that it has become known to another party.

User ID’s must be deactivated if an employee has transferred or terminated.

Passwords should be changed on a regular basis


Professional Use of University ResourcesMessages, sentiments, and declarations sent as electronic mail or as electronic postings should meet high and ethical standards

Those users publishing their opinions electronically should

clearly and accurately identify such as their own opinion or the opinion of the group which they are authorized to represent.

Users are not permitted to transmit chain letters or display images, sounds, or messages that create an atmosphere of discomfort or harassment.


Important data should be backed up frequently.

Backup disks should be stored in a location away from the originals.

Anti-virus software should be installed and frequently updated.


Unauthorized copying of licensed software is illegal. Retain all documents on purchase and licensee agreements.

There should be license documentation for all software loaded

on each machine

Information Technology Internal Controls

Objectives University’s intellectual and electronic information is secured from

inappropriate access or destruction Information technology is used only for appropriate business purposes Proper and reliable backup procedures are used. All software is properly licensed

Risks Breach of system integrity and loss of critical data Non-compliance with federal and state laws regarding computer and

data communications use Destruction of critical information by unauthorized users Violation of software licensee agreements and possible fines Employee dismissal and legal action Impairment of the University’s reputation

Information Technology Internal Controls

AUDIT CHECKLIST Employees with access to computer systems have an established need for the access.

Passwords are secure and not shared.

Procedures are in place to prevent unauthorized use or transmission of information.

Access to the system is removed for terminated or transferred faculty, and staff, timely.

Computers located in heavily traveled public areas have a screen saver with password activation invoked.

Each computer software package is licensed for the current user. Computer files are backed up on a regular basis. Backup data is stored in a location away

from the originals

The department has sufficient technical support for ongoing operations to keep downtime minimal.

The department has adequate resumption procedures for their automated systems that are considered critical or vital to their daily operations.

Best Practices Final

Documents

Transcript of Best Practices Final