Basic Departmental Internal Controls - PowerPoint PPT Presentation

Loading...

PPT – Basic Departmental Internal Controls PowerPoint presentation | free to download - id: 44e61-ZmU2O



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Basic Departmental Internal Controls

Description:

... change without expectation of relief. FZICHFB -200,000.00. 100, ... should be deposited weekly or when balance reaches $200, whichever comes first. ( OP 62.07) ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 71
Provided by: donz3
Learn more at: http://www.msstate.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Basic Departmental Internal Controls


1
Basic Departmental Internal Controls
Presented byThe Office of Internal Audit2010
Office of Internal Audit Integrity
Accountability Security
2
Basic Control Assessment Report
Our training today is going to focus on the
fifteen areas reviewed in the report
Office of Internal Audit Integrity
Accountability Security
3
Fifteen Key Areas
  • RECONCILIATION OF ACCOUNT BALANCE
  • LEAVE
  • RECORDS OF HOURS WORKED
  • PAYROLL PROCESS
  • COMPENSATORY TIME BALANCES
  • CASH ON HAND
  • CASH RECEIPTS/HANDLING
  • APPROVAL
  • PROCUREMENT CARD
  • LONG DISTANCE / CELL PHONE CHARGES
  • PROPERTY MANAGEMENT
  • FACILITIES MANAGEMENT

FLEET CARD
  • SPONSORED RESEARCH
  • INFORMATION SECURITY
  • General Administration

Office of Internal Audit Integrity
Accountability Security
4
A. RECONCILIATION OF ACCOUNT BALANCES
See policy Account Reconciliation, 61.01
Office of Internal Audit Integrity
Accountability Security
5
A. RECONCILIATION OF ACCOUNT BALANCES
  • Reconciliation methods will vary depending on
    the size of the department and/or the account
    being reconciled.
  • All reconciliations should be supported by a
    Banner ledger report such as FWREXEG or FWREXDP.

Office of Internal Audit Integrity
Accountability Security
6
A. RECONCILIATION OF ACCOUNT BALANCES
FWREXEG
1. Documentation exists to support timely
reconciliation of departmental accounts on a
consistent basis.
  • Must be
  • Timely
  • Supported by detailed ledger report
  • Reconciled consistently.

Office of Internal Audit Integrity
Accountability Security
7
A. RECONCILIATION OF ACCOUNT BALANCES
FWREXEG
2. Documentation exists to support reviewed
timely by the department head, designee, or
principal investigator.
  • Must be
  • Signed by reconciler
  • Signed by reviewer

Without Documentation (I.E. signature) cannot
verify that review took place.
Office of Internal Audit Integrity
Accountability Security
8
What is the purpose of review?
  • The purpose of reviewing a reconciliation or any
    other document is to ensure the document appears
    accurate.
  • Therefore, the reviewer should be someone who was
    knowledgeable regarding the area being presented
    and would be able to identify errors or
    irregularities.

9
A. RECONCILIATION OF ACCOUNT BALANCES
FWREXDP
Same requirements apply for non-EG (I.E.,
timely, detailed, consistent).
Except, principal investigators should always
review their own (research) account
reconciliations. OP 61.01
Required to ensure compliance with OMB A-21 and
OMB A-133.
Office of Internal Audit Integrity
Accountability Security
10
A. RECONCILIATION OF ACCOUNT BALANCES
3. Departmental account fund balances appear
adequately provided for without significant
deficits.
FZICHFB
-200,000.00
  • We and departments should be concerned about
  • Accounts with significant deficits.
  • Accounts with negative change without
    expectation of relief.

100,000.00
-100,000.00
-300,000.00
Office of Internal Audit Integrity
Accountability Security
11
B. LEAVE
  • See policies
  • HRM 60-201
  • and
  • AOP 13.13

Office of Internal Audit Integrity
Accountability Security
12
B. LEAVE
1. All eligible employees appear to be reporting
leave usage.
Applies to all employees, faculty and staff.
Being reviewed by our office during assessments
and annually university wide.
The authorizing or taking leave without the
completion and submission of appropriate leave
forms is considered a misuse of assets (policy
01.19) and would be subject to disciplinary
action.
Office of Internal Audit Integrity
Accountability Security
13
B. LEAVE
2. Documentation exists to support that leave
usage and balances are reviewed timely.
Each department should have one individual
responsible for reviewing/ reconciling leave
processed/input to leave reported in Banner.
Must have documentation of review/reconciliation.
Should be initialed by reviewer.
- Errors in leave balances are found in many of
our control assessments!
Office of Internal Audit Integrity
Accountability Security
14
B. LEAVE
2. Documentation exists to support that leave
usage and balances are reviewed timely.
Office of Internal Audit Integrity
Accountability Security
15
B. LEAVE
3. Documentation exists to support independent
review of the processor's leave.
Must have documentation that the leave of the
individual responsible for processing leave is
also reviewed.
Must have documentation of review such as
reconciliation initialed or signed by department
head or designee.
Office of Internal Audit Integrity
Accountability Security
16
C. RECORDS OF HOURS WORKED
1. Time sheets/cards are maintained by the
department for all non-exempt employees.
Based on federal/state law, rules and regs.
Non-exempt employees include -
Clerical/Secretarial - Technical/Paraprofessiona
l - Skilled Crafts - Service/Maintenance -
Temporary Employees
Office of Internal Audit Integrity
Accountability Security
17
C. RECORDS OF HOURS WORKED
1. Time sheets/cards are maintained by the
department for all non-exempt employees.
Generally any employee that shows up on the
Post-Time Entry report that is printed after
entering time.
PERS requires a time record for all rehired
retirees. Non exempt retirees use standard time
report. Exempt retirees would use Rehired Retiree
Work Record (Both forms located on HRM website).
Office of Internal Audit Integrity
Accountability Security
18
C. RECORDS OF HOURS WORKED
2. Time sheets/cards appear accurate and include
the recording of both leave and compensatory time.
Leave and comp time forms should be compared to
timesheets to ensure they agree.
Office of Internal Audit Integrity
Accountability Security
19
C. RECORDS OF HOURS WORKED
3/4. Time sheets/cards are signed and dated by
the employee/ supervisor after the time period
being reported.
Signatures document agreement as to the hours
worked.
Office of Internal Audit Integrity
Accountability Security
20
D. PAYROLL PROCESS
In our review/assessment of the payroll process
our main objective is to ensure that hourly
employees are paid for the hours worked and
recorded on the timesheets.
This should not be to the exclusion of
salaried/exempt employees pay. If possible all
pay should be reconciled, including that of
salaried/exempt employees.
Office of Internal Audit Integrity
Accountability Security
21
D. PAYROLL PROCESS (Timesheet to Ledger)
1. Documentation exists to support that time
sheets are reconciled to Post Time Entry Reports.
Timesheet showing 5.25 hours
Office of Internal Audit Integrity
Accountability Security
22
D. PAYROLL PROCESS (Timesheet to Ledger)
1. Documentation exists to support that time
sheets are reconciled to Post Time Entry Reports.
Timesheet 5.25 hours
Post-Time Entry Report 5.25 hours
Office of Internal Audit Integrity
Accountability Security
23
D. PAYROLL PROCESS (Timesheet to Ledger)
2. Documentation exists to support that Post Time
Entry Reports are reconciled to Payroll Vouchers.
Post-Time Entry Report 5.25 hours
Payroll Voucher 5.25 hours for total pay of 30.71
Office of Internal Audit Integrity
Accountability Security
24
D. PAYROLL PROCESS (Timesheet to Ledger)
3. Documentation exists to support that Payroll
Vouchers are reconciled to Banner.
Ledger Report pay of 30.71
Payroll Voucher 5.25 hours for total pay of 30.71
Office of Internal Audit Integrity
Accountability Security
25
D. PAYROLL PROCESS
(Timesheet to Ledger)
Office of Internal Audit Integrity
Accountability Security
26
No Payroll Voucher?
  • Reconcile directly from Post-Time Entry Report
    (PTER) to Banner or
  • Use Banner report PWRDSPV or PWRVOCC

27
D. PAYROLL PROCESS
4. Payroll duties appear to be adequately
separated.
The more duties are separated the better the
internal controls. At a minimum, two persons
should be involved in the payroll process. Note
Time sheets should not be delivered for input
by the employee or student represented. After
reviewing and signing, the supervisor should
forward timesheets for processing.
Office of Internal Audit Integrity
Accountability Security
28
E. COMPENSATORY TIME BALANCES
1. Documentation exists to support that
compensatory time balances are reconciled by one
individual.
Comp balances should be reconciled to time sheets
and documentation retained/maintained by one
individual. Each employee that accrues comp time
should not be responsible with keeping up with
their own comp time.
Office of Internal Audit Integrity
Accountability Security
29
E. COMPENSATORY TIME BALANCES
2. Documentation exists to support that the
reconcilers compensatory time balance is
reviewed.
Many times the individual responsible for
maintaining comp balances also accrues comp time.
If so, someone else should review their comp
balance. - Review documented by reviewers
initials.
Office of Internal Audit Integrity
Accountability Security
30
E. COMPENSATORY TIME BALANCES
Departments are HIGHLY encouraged to maintain
compensatory time balances in Banner. This
provides a centralized and uniform process that
provides greater internal control.
Office of Internal Audit Integrity
Accountability Security
31
F. CASH ON HAND
1. Documentation exists to support that cash on
hand is properly reconciled.
Petty cash or change funds must be reconciled in
a timely manner and accurately reflect amounts
indicated in Banner. If you receive cash how do
you make change unless you have a change fund? -
University funds used for change must be
recorded in Banner.
Office of Internal Audit Integrity
Accountability Security
32
F. CASH ON HAND
2. Cash appears to be adequately safeguarded.
Change funds and cash receipts should be kept
secure, preferably locked away in a fireproof
safe or file cabinet.
Office of Internal Audit Integrity
Accountability Security
33
G. CASH RECEIPTS/HANDLING
See the Cash Handling policy 62.07
Office of Internal Audit Integrity
Accountability Security
34
G. CASH RECEIPTS/HANDLING
1. Documentation exists to support that cash
receipts are reconciled to Banner.
Account reconciliation should include the
reconciliation of cash receipts. However, during
our control assessments we have noted most
departments reconcile expenditures but few
reconcile cash.
Documentation of cash received, especially
currency or checks received directly by the
department, should be reconciled from receipt
documentation (cash receipt form, cash log, etc.)
to BANNER.
Office of Internal Audit Integrity
Accountability Security
35
G. CASH RECEIPTS/HANDLING
2. A pre-numbered receipt, cash log, register
tape, or etc. is used to document cash received.
Must have some documentation that provides
accurate record of funds received in order to
reconcile.
Office of Internal Audit Integrity
Accountability Security
36
G. CASH RECEIPTS/HANDLING
3. Cash is physically safeguarded in a secured
area until deposit.
As was stated with change funds, cash receipts
should be kept secure, preferably locked away in
a fireproof safe or file cabinet. Cash receipts
should be deposited weekly or when balance
reaches 200, whichever comes first. (OP 62.07)
Office of Internal Audit Integrity
Accountability Security
37
G. CASH RECEIPTS/HANDLING
Note Because of the liquid nature of cash
this area may receive more scrutiny than any
other during a control assessment. It is highly
recommended for individual departments to get out
of the cash (includes currency and checks)
collection business if at all possible. If cash
is being collected from students other
alternatives should be considered such as direct
charges to students accounts receivable instead
of receiving cash.
Office of Internal Audit Integrity
Accountability Security
38
I. PROCUREMENT/FLEET CARD
1. Card transactions are adequately supported and
reconciled to bank statements.
Someone needs to be looking at the transactions
on the statement and comparing them to actual
vendor receipts to make sure they appear
appropriate. Once again, need documentation,
I.E., initials of reconciler, tick marks, and
supporting documents.
Office of Internal Audit Integrity
Accountability Security
39
FLEET CARDS
We are now including a review of fleet card
transactions in our control assessments. This
includes any fuel cards Shell, Chevron, BP,
Fuelman.
  • Will need detailed statements that show what was
    purchased, when purchased, quantity, and price.
  • Should be supported by detailed receipts.
  • Should be tied to a specific vehicle and or
    other use. (For vehicles should be tied to
    vehicle log).
  • We must be able to prove/verify that purchase was
    made for the use/benefit of university.

Office of Internal Audit Integrity
Accountability Security
40
I. PROCUREMENT/FLEET CARD
2. Documentation exists to support review of card
journal entries and statements.
This is a review by someone other than the
reconciler. Must be documented (Bank/credit card
statement also initialed by reviewer) Reviewer
must be knowledgeable about what should or
shouldnt be purchased/charged on the card and
should question unusual purchases.
This includes Fleet/Gas Card Statements
Office of Internal Audit Integrity
Accountability Security
41
I. PROCUREMENT/FLEET CARD
3. A sign in sheet, containing adequate
information, is maintained to record card users.
The need for and/or amount of information
necessary on a sign in sheet depends on the
number of individuals allowed to use a given
procurement card the frequency of
transactions. Should include who, what,
when(date time), where, why, and how much. -
documentation must be adequate to determine who
made a particular purchase and why it is a
legitimate University purchase.
Office of Internal Audit Integrity
Accountability Security
42
I. PROCUREMENT/FLEET CARD
4. All cards are kept in a secure place such as a
locked drawer or file cabinet.
Yes you can take it out to use, but keep it safe,
dont carry it around when you dont need
it. Dont carry on weekends or on vacation or
even overnight if you dont have to!!
Office of Internal Audit Integrity
Accountability Security
43
J. LONG DISTANCE PHONE CHARGES
1. Documentation exists to support that
statements are reviewed by the responsible
employee.
Employees responsible for LDS number should
review. Each Employee making long distance calls
should have their own unique LDS number.
Office of Internal Audit Integrity
Accountability Security
44
J. LONG DISTANCE PHONE CHARGES
2. Documentation exists to support that
statements are reviewed by the department
head/designee.
Department head or designee should review. Need
to document by signing or initialing statement.
Office of Internal Audit Integrity
Accountability Security
45
K. PROPERTY MANAGEMENT
1. Documentation exists to support annual
observation of inventory by someone other than
or in addition to the inventory representative.
Adequate internal controls require having more
than one person involved in custody/monitoring/
processing of assets.
Office of Internal Audit Integrity
Accountability Security
46
K. PROPERTY MANAGEMENT
1. Documentation exists to support annual
observation of inventory by someone other than
or in addition to the inventory representative.
At least once a year someone other than the
person normally responsible, should make sure
everything can be accounted for! We recommend
this be done during the physical inventory
required by receiving and property control. Once
again, must be documented (I.E., have inventory
observer sign the property report). (person
should be involved in observation process)
Office of Internal Audit Integrity
Accountability Security
47
K. PROPERTY MANAGEMENT
2. Documentation exists to support the use of
Hand Receipts for the removal of property off
campus.
When it is necessary to remove equipment from
assigned department in order to conduct official
University business, a hand receipt should be
kept on file by the department with a copy
forwarded to RPC. This includes cell phones and
laptops. (MSU Property Manual) The idea is to be
able to either produce the actual property item
or documentation of where it is at all times.
Office of Internal Audit Integrity
Accountability Security
48
K. PROPERTY MANAGEMENT
3. Documentation exists to support independent
observation when processing Hand Receipts.
Whenever a hand receipt is issued, the inventory
representative must physically observe the
equipment in question. This includes when
initial hand receipt is issued or when it is
updated every twelve months. (I.E. independent
verification of the property).
Office of Internal Audit Integrity
Accountability Security
49
K. PROPERTY MANAGEMENT
4. Documentation exists to adequately support
vehicle fuel and maintenance expenditures.
How much does it cost to operate and maintain
your departments vehicle? A fuel and maintenance
log should be kept for each vehicle that records
all related expenditures. This should include
the type (fuel, oil, repair) and the cost. The
log should include the odometer reading (mileage)
when the expenditure took place.
Office of Internal Audit Integrity
Accountability Security
50
K. FLEET MANAGEMENT
Vehicle log books are now available from
Receiving and Property Control

51
K. FLEET MANAGEMENT
Vehicle log books are now available from
Receiving and Property Control

52
K. FLEET MANAGEMENT
Vehicle log books are now available from
Receiving and Property Control

53
K. PROPERTY MANAGEMENT
5. Documentation exists to support adherence to
Fleet Management Guidelines.
How many of you new we even had Fleet Management
Guidelines? Located _at_ http//www.procurement.msst
ate.edu Documentation would include appropriate
vehicle records, employee vehicle use forms.
Office of Internal Audit Integrity
Accountability Security
54
L. FACILITIES MANAGEMENT
1. Documentation exists to support the
maintenance of an accurate record of keys issued
and periodic analysis of missing keys to ensure
adequate security.
When was the last time your office, suite,
building and/or facility was keyed or
rekeyed? Can you account for all keys issued?
Are people, property, and information adequately
secured?
Office of Internal Audit Integrity
Accountability Security
55
L. FACILITIES MANAGEMENT
1. Documentation exists to support the
maintenance of an accurate record of keys issued
and periodic analysis of missing keys to ensure
adequate security.
Each department should have a current and
accurate list of all keys issued to the
department (and keys issued by the department to
employees) to ensure that all keys can be
accounted for and to help reduce the chance that
access to sensitive/restricted areas could be
gained by unauthorized persons.
Office of Internal Audit Integrity
Accountability Security
56
M. SPONSORED RESEARCH
1. Documentation exists to support the timely,
accurate completion of Confirmation of Effort
reports by someone with a suitable means of
verification that the work was performed.
This is a federal regulation (OMB A-21).
Suitable means of verification is straight
out of OMB A-21. This infers that the individual
signing the form has received definitive and
verifiable confirmation from the individual
performing the work or from an individual that
has specific knowledge of the work. Verification
should be accompanied by written documentation.
Office of Internal Audit Integrity
Accountability Security
57
M. SPONSORED RESEARCH
1. Documentation exists to support the timely,
accurate completion of Confirmation of Effort
reports by someone with a suitable means of
verification that the work was performed.
Therefore, the person signing the confirmation
should either be the individual represented, the
Principle Investigator, or someone with
documented verification as to the effort being
reported.
Office of Internal Audit Integrity
Accountability Security
58
M. SPONSORED RESEARCH
1. Documentation exists to support the timely,
accurate completion of Confirmation of Effort
reports by someone with a suitable means of
verification that the work was performed.
If you have non-exempt employees being charged to
sponsored projects then timesheets must provide
sufficient documentation as to how much time was
spent on a specific project. Additional care
should be taken if individual work on multiple
projects during a given time period.
Office of Internal Audit Integrity
Accountability Security
59
N. INFORMATION SECURITY
1. Sensitive information appears to be adequately
secured.
  • Sensitive Information would include but is not
    limited to
  • Social Security Numbers
  • Credit Card Numbers
  • Patient medical records
  • Financial records (donor, student, employee)
  • Personnel/Human Resources records
  • Student records (scores, transcripts, etc.)
  • Passwords, access codes, encryption keys
  • Research data

Office of Internal Audit Integrity
Accountability Security
60
N. INFORMATION SECURITY
1. Sensitive information appears to be adequately
secured.
  • For any sensitive info
  • Access should be limited to only with those with
    a need to know.
  • Physical (paper) documents should be kept safe
    and locked in a secure area.
  • Departmental policy should require password
    protection on computers and encryption software
    on laptops.
  • Local area networks should be properly secured.

Office of Internal Audit Integrity
Accountability Security
61
N. INFORMATION SECURITY
2. Documentation exists to support compliance
with information security policies.
Policies in question would include Information
Security Policy, 01.10 Social Security Number
Usage, 01.23
Office of Internal Audit Integrity
Accountability Security
62
N. INFORMATION SECURITY
2. Documentation exists to support compliance
with information security policies.
By July of 2006, the SSN will no longer be used
as the primary identifier of individuals
associated with MSU.. - (Social Security Number
Usage, 01.23) So quit using it for - Time
Sheets - EAFS (other than original employment)
- Travel - Any other document where it is not
required!
Office of Internal Audit Integrity
Accountability Security
63
N. INFORMATION SECURITY
2. Documentation exists to support compliance
with information security policies.
  • At this point the control assessments focus
    mainly on the Social Security Number Usage
    policy, 01.23, which requires the following forms
    for the following situations
  • Form SSN01 for storing SSNs in computer system.
  • Form SSN02 for generating files and reports with
    SSNs.
  • - Form SSN03 for transmitting unencrypted SSNs
    off campus.
  • Form SSN04 for employees with electronic access
    to SSNs.
  • Form SSN05 for solicitation of SSNs.
  • - "Employee SSN Confidentiality Statement for
    employees with access to SSNs. (Will apply to
    almost all departments since if you hire
    employees you will have to get SSNs for
    payroll/tax purposes).

Office of Internal Audit Integrity
Accountability Security
64
N. INFORMATION SECURITY
3. Documentation exists to support compliance
with software licensing agreements.
Per OP 01.12, Examples of inappropriate and
unacceptable use of computing and networking
resources.violation of software license
agreements . Departments must have proof of
ownership/license agreements for software used on
university computers. Documentation could
include actual license agreement or copy of
vendor invoice. University (ITS) does not
maintain license for departments even for some
software pushed or accessed from the super
server.
Office of Internal Audit Integrity
Accountability Security
65
N. INFORMATION SECURITY
4. Documentation exists to support completion of
information security training by appropriate
persons.
Per MSUs Information Security Program, all
employees who have access to sensitive
information must complete the online information
security certification. Internal Audit can and
will run a report that tells us who has and has
not completed said certification. The
certification can be found on the onCampus
website under the Office tab. Departments can
monitor their employees completion of the
certification by running banner report PWRISTL.
Office of Internal Audit Integrity
Accountability Security
66
O. GENERAL ADMINISTRATION
1. Current desk manual exists for critical
departmental controls and procedures.
We recommend that a desk manual be developed
detailing critical procedures in the event of
hiring a new employee or temporary worker
substituting for an absent employee. We
recommend that the manual detail tasks to be
completed daily and tasks completed
periodically/monthly with recommended timelines.
The manual should be reviewed periodically with
any changes noted.
Office of Internal Audit Integrity
Accountability Security
67
O. GENERAL ADMINISTRATION
2. Required postings of information maintained
within department..
Whistleblower poster.
During assessments we will request to see where
these postings are displayed.
Office of Internal Audit Integrity
Accountability Security
68
Record Retention
There is no official MSU or IHL retention
Policy. We recommend for most documents such as
department copies of purchases, invoices,
ledgers, procard statements and support, and
etc Current Year plus three prior.
Office of Internal Audit Integrity
Accountability Security
69
Record Retention
Specific HR/Payroll Guidance (HRM
60-109) Departmental Employee File If a
department maintains a departmental employee
file, upon the employees separation, the file
must be forwarded to HRM. Leave Records Copies
of Application for Leave and associated documents
will be retained for four calendar years. Leave
records older than four years will be destroyed.
Time Records Departments who have non-exempt
employees should retain the employee time sheets
for a minimum of four years.
Office of Internal Audit Integrity
Accountability Security
70
Record Retention
Exceptions Any documents that support
sponsored/externally funded expenditures must be
retained according to the grant/contract/authorita
tive document. May be longer than 3 or 4
years. Need to talk to Registrar regarding
student files and Provost regarding faculty
files.
Office of Internal Audit Integrity
Accountability Security
About PowerShow.com