VULNERABILITY
ASSESSMENT
Assessment in Process
12/8/2004
Department’s Main Function
Part I.
Please describe the main function(s) of your department:
Does the campus define goals and objectives for the department?
Yes
No
Please specify the type of data (if any) that is generated and/or stored within your department:
Additional comments:
Does any of the above data contain confidential information?
(Example: social security numbers, medical information, grades, and financial information)
Yes
No
Yes
No
If yes, please specify which documents (and list the information contained in the report.)
Where are these records or documents stored daily?
Do these records or documents get forwarded to another department or outside source?
If yes, please specify source:
2
How long are these records maintained in the department?
(Circle one): 1-3 months
3-5 months
5-7 months
7-12 months
1-5 years
Do any of these documents get transferred to another area for any length of time?
Yes
No
(i.e. storage area)
Are these documents shredded or otherwise destroyed when they are no longer needed?
Yes
No
Not sure
Who gives authority to destroy this data (or documents)?
Department Procedures
Part II.
Have there been significant changes in the department’s staff size or large personnel turnover within
the last year?
Yes
No
How often do you meet with your direct supervisor(s) to discuss departmental goals & current events?
(Circle one answer)
Daily
Weekly
Monthly
Annually
only when a problem occurs
How often do you meet with your staff? (Circle one answer)
Daily
Weekly
Monthly
Annually
N/A
Please rate the effectiveness of regular staff meeting with your department?
(On a scale of one<lowest> to ten <highest> please rate the effectiveness)
Please circle:
1
2
3
4
5
6
7
8
9
10
Have you participated in any departmental job training or cross training?
Yes
No
If yes, please circle one:
within the last 3 months
within the last 6 months
within the last year
Is training provided to keep employees up to date on new policies and procedures which effect this
department and the campus?
Yes
No
If yes, describe:
3
Have all employees within this department received a NYSCC internal control brochure? Yes No
Are there written procedures for each function conducted within the department?
Yes
No
Do you have any functions that cannot be performed by anyone else within the department in the
absence of the person who normally performs the function?
Yes No
If yes, please explain:
Workplace Safety
Part III.
Is there adequate lighting in your work area?
Yes
No
Is there sufficient heat and ventilation in your work area?
Yes
No
Is there an Emergency Evacuation Map posted within your department?
Yes
No
If no, please list where the closet map is located ___________________________________
Is there a fire extinguisher in your work area?
Yes
No
If no, please list where the closet extinguisher is located _____________________________
Are there emergency telephone numbers easily accessible to staff members in
case of an emergency?
Yes
No
Are there chemicals used or stored within your work areas?
If the answer is yes: Please list the names of chemicals used/stored:
Yes
No
Is protective gear needed to handle above chemicals?
Yes
No
Is there protective gear provided to handle above chemicals?
Yes
No
How are these chemicals stored within your work area?
4
Are there written procedures on spills/accidents?
Yes
No
Are there procedures on discarding chemicals?
Yes
No
Yes
No
Is there a designated person who issues keys for this department?
Yes
No
Is there a designated person who receives each key if no longer
needed from an employee?
Yes
No
Yes
No
Yes
No
No
N/A
Are these codes or passwords available to department managers?
Yes
No
Are these codes or passwords available to everyone within the department?
Yes
No
No
N/A
Yes
No
Asset Protection
Part IV.
Are office keys issued to all staff members within the department?
How many keys are issued from this department?
Circle one:
1-3
3-5
5-7
7-9
over 9
What is the procedure on surrending keys?
Where are keys stored upon surrender?
Is there any documentation or form completed listing everyone that
has a key within this department?
If yes, where is this form kept?
Does the department have an alarm system?
Does each employee have his or her own user code or password?
Does the alarm system work in a power outage?
Are there written procedures on how to handle a robbery or theft within
the department?
Yes
Yes
5
How often are these robbery/theft procedures updated?
Please circle:
Monthly
Yearly
Less than 5 years
More than 5 years
How often are employees trained on these and other emergency procedures?
To the best of your knowledge, have there been any instances of employee sabotage, computer abuse,
fraud, or missing data reports from this department in the recent past?
Yes No
If yes, describe the type of occurrence, and to whom it was reported:
Financial Management
Part V.
Does this department perform data entry on financial accounts?
Yes
No
Are reports generated from data entry performed within the department?
Yes
No
Are these reports or documents confidential?
Yes
No
Is confidential data stored in a locked or secured area?
Yes
No
If so, how many staff members perform data entry on financial accounts?
Please circle:
1-3
3-5
5-7
Over 7
If yes, please state what type of secured area they are stored in:
Who has access to this secured area?
If no, please state where they are stored:
6
Please list any procedures that are in place pertaining to backing up electronic data within the
department: (N/A if you do not have computers)
Cash Control
Part VI.
Does this department handle any cash/checks?
Yes
No
For what purpose is the department collecting funds?
How many employees are responsible for collecting and handling funds? (cash, check, credit cards,
money order) Circle one:
1-3
3-5
5-7
Over 7
Please specify where the funds are stored daily: (both during and after normal working hours)
Are these funds deposited in a NYSCC IFR account?
If yes, how often (Please circle one):
Daily
Yes
Weekly
Monthly
No
Other
If other, please specify:
Does this department have a petty cash fund?
Yes
No
Yes
No
How many employees in the department have access to these monetary funds?
Please circle:
1-3
3-5
5-7
7 and over
Does this department offer services to anyone outside of NYSCC?
(excluding students, faculty, employee’s of NYSCC)
7
Does this department have an account with College Auxiliary Services, the NYSCC Foundation
or the Students Association?
Yes No
If yes, please name the agency and describe the purpose(s):
Who within the department is responsible for monitoring/reconciling the agency account(s)?
Does your department have a copy of the campus “Cash Procedures”?
Yes
No
Yes
No
Yes
No
Inventory Control
Part VII.
Does this department maintain an inventory?
Describe the inventory (general terms) that is in your department:
Does this department conduct a physical inventory count?
If yes, please circle how often:
Monthly
Bi-Annually
Annually
Please state the last time a physical inventory count was performed:
Please give an estimated value of the inventory:
Where is the inventory stored?
8
Who has access to the inventory during business hours? (Circle all that apply)
Staff
Custodial
Faculty
Students
Other
If other, please specify:
Does anyone have access to the inventory when the department is closed?
Yes
No
If yes, please list who has access and for what purpose:
Further Information
Is there any area or procedure that you wish to receive guidance about from the Internal Control
Officer?
Completed by:
Name: _______________________________
Date: _________________
Title: _______________________________
Phone: ________________
Office: ______________________________
Please feel free to call if you have any questions regarding this survey.
Thank you for your time.
Brice Weigman
Director of Business Affairs & Internal Control Officer
Statutory Affairs Office
Carnegie Hall
Phone: (607) 871-2484
Fax: (607) 871-3071
Email: weigman@alfred.edu
9
10