audit daggers and shields
DESCRIPTION
Audit Daggers and Shields. Vicky Sharp & Tina Maier University Audit http://www.universityaudit.ucf.edu/. Contact information. Millican Hall 341 407-823-2889 [email protected] [email protected] [email protected]. About University Audit. Chief Audit Executive - PowerPoint PPT PresentationTRANSCRIPT
Audit Daggers
and Shields
Vicky Sharp & Tina MaierUniversity Audit
http://www.universityaudit.ucf.edu/
Millican Hall 341
407-823-2889
Contact information
• Chief Audit Executive• 2 Associate Directors• 3 Senior Auditors• 1 Administrative Assistant
About University Audit
• Reports functionally to the Audit, Operations
Review, Compliance, and Ethics Committee of the Board of Trustees
• Reports administratively to the Office of the President
• Quality Assurance Review - every 5 years
About University Audit
• Internal Audits
Determined from risk assessment• Management Advisory Services
Usually requested by the department• Investigations
Typically from a complaint to University Audit, which can be anonymous
Services Provided
Common Audit Findings
and Ways to Protect Your Department
• ePAFs must be submitted timely • To stop over payment and eligibility for benefits
• Exit Checklists must be completed• To verify that university property, keys, and
PCards are returned and access to information systems is removed
Termination Procedures
• Actual hours worked per day should be
recorded• If timecards are approved in advance, then
supervisors should verify whether employees worked the hours reported
• Faculty must use Sick Leave if they cancel class due to illness
• Students should not be working during their scheduled class hours
• Employees should not sign or stamp another’s name as signatory on official documents
Timecard / LAPERs
• Departments should run the Departmental
Leave Report, and verify that leave was accurately processed for A&P, Faculty and USPS
• Employees should never share their PeopleSoft passwords, even if your supervisor asks you for it or directs you to share
Departmental Leave Reports
Policy 3-008.1 - Employment of Relatives was revised on 1/21/14• Appointment of relatives is permitted, BUT• No person shall be employed by, transferred
to, or promoted where a direct or indirect supervisory relationship would exist, or when other situations exist which place relatives in circumstances of actual or reasonably foreseeable conflict between the interests of the university and the interests of the relatives
• Conflict Management Plan should be developed
Employment of Relatives
• Chapter 112, Part III, Florida Statutes, “Code of
Ethics for Public Officers and Employees,” and
• University Regulation UCF-3.018, Conflict of Interest or Commitment; Outside Activity or Employment
Applies to all UCF employees whether or not they are members of a bargaining unit.
Conflict of Interest or Commitment
Include procedures for:• Hiring, paying, and
terminating employees • Completing employee
performance reviews, outside activity forms, and exit checklists
• Revenue handling• Purchases and PCard
transactions• Authorizing and
reimbursing travel• Reviewing system
access; securing data• Issuing and
inventorying keys
Written Procedures
Reduce errors and promote consistency of work, as well as provide guidance to new staff members.
• One person should not be responsible for
collecting, depositing, recording, and reconciling revenues
• Use transfer documents when transferring funds between employees
Separation of Revenue Duties
• Record and deposit all revenues collected as
required by UCF Policy 3-200.1, Receipt and Deposit of Funds by Departments
• Only one cashier working out of each cash register drawer
• Reconcile and document management’s review• Submit safe combinations with the Facilities
locksmith, as required by UCF Policy 3-108, Safe Combinations and Access
Revenue Controls
• Have written procedures including:
o How often to send statements or demand letterso When to review old receivableso When to turn them over to a collection agency o When to write the account off
• Account Receivable total (with detail support) should be sent to Finance and Accounting quarterly
Accounts Receivable
• PCards and/or just the credit card number must
not be shared
• Approvers must review receipts before approving in PeopleSoft
• It is not OK to split purchases to avoid PCard limits.
Purchasing Cards
Employees must have: • A background check on file with HR
• Sign the Credit Card Security Ethics Certification (F&A Form 41-915), and
• Complete the F&A Annual Credit Card Information Security training session (FSC 111)
Credit Card Security
• Section 112.061, Florida Statute, requires that
the traveler’s supervisor approve a trip before the travel commences
• UCF requires approval by the dean and provost for trips exceeding 30 days
Travel Compliance
• Departmental personnel should monitor
overall budget positions and reconcile accounting ledgers to supporting documentation
• Department Chairs, Deans and Directors should review reports from financial systems along with prepared reconciliations
Reconciling Departmental Ledger
• In accordance with UCF Policy 2-102.2,
Contract Review, written agreements should be submitted to the Office of the General Counsel for legal review
• Only employees with delegated signature authority, per UCF Policy 2-107.2, Signature Authority Policy, should execute agreements, this is probably not you
Contract Management
• Departments should prepare/maintain an
accurate inventory of keys• Resolve any differences with Facilities
Operations’ key list• Should have procedures for keys, including:
o Control over and limited distribution of master keys
o Regular review of active key userso Performing periodic key inventory
Facilities Access
• Do not save restricted data on workstations• College should comply with Computer Services
and Telecommunication’s Computer Security Standards and Guidelines
http://www.cst.ucf.edu/about/information-security-office/computer-security-standards-and-guidelines/
• College needs to have business continuity plans that address specific needs for their area
Information Technology Controls
Departments/colleges with vehicles should have an internal policy for vehicle management, including:• Ensuring vehicle drivers have valid drivers’
licenses using: https://services.flhsmv.gov/DLCheck/
• Safety and security of vehicles • Management’s review of usage and
maintenance costs • Plan for replacing obsolete vehicles
Vehicle Management
• Material and Supply fee
• Equipment fee
Student Fees
Family Educational Rights and Privacy Act of 1974 protects the privacy
of student educational records. Directory Information:• Name • Current Mailing Address • Telephone Number • Date of Birth • Major • Dates of Attendance • Enrollment Status (Full/Part-time) • Degrees/Awards Received • Participation in Officially Recognized Activities and Sports • Athletes’ Height/Weight
FERPA
• Personal Identifying Information (PII) kept in
departments
Emerging Issue
Questions???