Audit Daggers

and Shields

Vicky Sharp & Tina MaierUniversity Audit

http://www.universityaudit.ucf.edu/

Millican Hall 341

407-823-2889

report-fraud@ucf.edu

Vicky.Sharp@ucf.edu

Tina.Maier@ucf.edu

Contact information

• Chief Audit Executive• 2 Associate Directors• 3 Senior Auditors• 1 Administrative Assistant

About University Audit

• Reports functionally to the Audit, Operations

Review, Compliance, and Ethics Committee of the Board of Trustees

• Reports administratively to the Office of the President

• Quality Assurance Review - every 5 years

About University Audit

• Internal Audits

Determined from risk assessment• Management Advisory Services

Usually requested by the department• Investigations

Typically from a complaint to University Audit, which can be anonymous

Services Provided

Common Audit Findings

and Ways to Protect Your Department

• ePAFs must be submitted timely • To stop over payment and eligibility for benefits

• Exit Checklists must be completed• To verify that university property, keys, and

PCards are returned and access to information systems is removed

Termination Procedures

• Actual hours worked per day should be

recorded• If timecards are approved in advance, then

supervisors should verify whether employees worked the hours reported

• Faculty must use Sick Leave if they cancel class due to illness

• Students should not be working during their scheduled class hours

• Employees should not sign or stamp another’s name as signatory on official documents

Timecard / LAPERs

• Departments should run the Departmental

Leave Report, and verify that leave was accurately processed for A&P, Faculty and USPS

• Employees should never share their PeopleSoft passwords, even if your supervisor asks you for it or directs you to share

Departmental Leave Reports

Policy 3-008.1 - Employment of Relatives was revised on 1/21/14• Appointment of relatives is permitted, BUT• No person shall be employed by, transferred

to, or promoted where a direct or indirect supervisory relationship would exist, or when other situations exist which place relatives in circumstances of actual or reasonably foreseeable conflict between the interests of the university and the interests of the relatives

• Conflict Management Plan should be developed

Employment of Relatives

• Chapter 112, Part III, Florida Statutes, “Code of

Ethics for Public Officers and Employees,” and

• University Regulation UCF-3.018, Conflict of Interest or Commitment; Outside Activity or Employment

Applies to all UCF employees whether or not they are members of a bargaining unit.

Conflict of Interest or Commitment

Include procedures for:• Hiring, paying, and

terminating employees • Completing employee

performance reviews, outside activity forms, and exit checklists

• Revenue handling• Purchases and PCard

transactions• Authorizing and

reimbursing travel• Reviewing system

access; securing data• Issuing and

inventorying keys

Written Procedures

Reduce errors and promote consistency of work, as well as provide guidance to new staff members.

• One person should not be responsible for

collecting, depositing, recording, and reconciling revenues

• Use transfer documents when transferring funds between employees

Separation of Revenue Duties

• Record and deposit all revenues collected as

required by UCF Policy 3-200.1, Receipt and Deposit of Funds by Departments

• Only one cashier working out of each cash register drawer

• Reconcile and document management’s review• Submit safe combinations with the Facilities

locksmith, as required by UCF Policy 3-108, Safe Combinations and Access

Revenue Controls

• Have written procedures including:

o How often to send statements or demand letterso When to review old receivableso When to turn them over to a collection agency o When to write the account off

• Account Receivable total (with detail support) should be sent to Finance and Accounting quarterly

Accounts Receivable

• PCards and/or just the credit card number must

not be shared

• Approvers must review receipts before approving in PeopleSoft

• It is not OK to split purchases to avoid PCard limits.

Purchasing Cards

Employees must have: • A background check on file with HR

• Sign the Credit Card Security Ethics Certification (F&A Form 41-915), and

• Complete the F&A Annual Credit Card Information Security training session (FSC 111)

Credit Card Security

• Section 112.061, Florida Statute, requires that

the traveler’s supervisor approve a trip before the travel commences

• UCF requires approval by the dean and provost for trips exceeding 30 days

Travel Compliance

• Departmental personnel should monitor

overall budget positions and reconcile accounting ledgers to supporting documentation

• Department Chairs, Deans and Directors should review reports from financial systems along with prepared reconciliations

Reconciling Departmental Ledger

• In accordance with UCF Policy 2-102.2,

Contract Review, written agreements should be submitted to the Office of the General Counsel for legal review

• Only employees with delegated signature authority, per UCF Policy 2-107.2, Signature Authority Policy, should execute agreements, this is probably not you

Contract Management

• Departments should prepare/maintain an

accurate inventory of keys• Resolve any differences with Facilities

Operations’ key list• Should have procedures for keys, including:

o Control over and limited distribution of master keys

o Regular review of active key userso Performing periodic key inventory

Facilities Access

• Do not save restricted data on workstations• College should comply with Computer Services

and Telecommunication’s Computer Security Standards and Guidelines

http://www.cst.ucf.edu/about/information-security-office/computer-security-standards-and-guidelines/

• College needs to have business continuity plans that address specific needs for their area

Information Technology Controls

Departments/colleges with vehicles should have an internal policy for vehicle management, including:• Ensuring vehicle drivers have valid drivers’

licenses using: https://services.flhsmv.gov/DLCheck/

• Safety and security of vehicles • Management’s review of usage and

maintenance costs • Plan for replacing obsolete vehicles

Vehicle Management

• Material and Supply fee

• Equipment fee

Student Fees

Family Educational Rights and Privacy Act of 1974 protects the privacy

of student educational records. Directory Information:• Name • Current Mailing Address • Telephone Number • Date of Birth • Major • Dates of Attendance • Enrollment Status (Full/Part-time) • Degrees/Awards Received • Participation in Officially Recognized Activities and Sports • Athletes’ Height/Weight

FERPA

• Personal Identifying Information (PII) kept in

departments

Emerging Issue

Questions???