Audit Daggers and Shields

advertisement
Vicky Sharp & Tina Maier
University Audit
http://www.universityaudit.ucf.edu/
Contact information

Millican Hall 341
407-823-2889
report-fraud@ucf.edu
Vicky.Sharp@ucf.edu
Tina.Maier@ucf.edu
About University Audit

•
•
•
•
Chief Audit Executive
2 Associate Directors
3 Senior Auditors
1 Administrative Assistant
About University Audit

• Reports functionally to the Audit, Operations
Review, Compliance, and Ethics Committee of the
Board of Trustees
• Reports administratively to the Office of the
President
• Quality Assurance Review - every 5 years
Services Provided

• Internal Audits
 Determined from risk assessment
• Management Advisory Services
 Usually requested by the department
• Investigations
 Typically from a complaint to University
Audit, which can be anonymous
Common Audit
Findings
and Ways to Protect
Your Department
Termination Procedures
•

ePAFs must be submitted timely
•
To stop over payment and eligibility for benefits
• Exit Checklists must be completed
•
To verify that university property, keys, and PCards are
returned and access to information systems is removed
Timecard / LAPERs

Actual hours worked per day should be recorded
•
• If timecards are approved in advance, then
supervisors should verify whether employees
worked the hours reported
• Faculty must use Sick Leave if they cancel class due
to illness
• Students should not be working during their
scheduled class hours
• Employees should not sign or stamp another’s name
as signatory on official documents
Departmental Leave Reports
•

Departments should run the Departmental Leave
Report, and verify that leave was accurately
processed for A&P, Faculty and USPS
• Employees should never share their PeopleSoft
passwords, even if your supervisor asks you for it or
directs you to share
Employment of Relatives

Policy 3-008.1 - Employment of Relatives was revised on
1/21/14
• Appointment of relatives is permitted, BUT
• No person shall be employed by, transferred to, or
promoted where a direct or indirect supervisory
relationship would exist, or when other situations
exist which place relatives in circumstances of actual
or reasonably foreseeable conflict between the
interests of the university and the interests of the
relatives
• Conflict Management Plan should be developed
Conflict of Interest or Commitment
•

Chapter 112, Part III, Florida Statutes, “Code of Ethics
for Public Officers and Employees,” and
• University Regulation UCF-3.018, Conflict of Interest
or Commitment; Outside Activity or Employment
Applies to all UCF employees whether or not they are
members of a bargaining unit.
Written Procedures

Reduce errors and promote consistency of work, as well as
provide guidance to new staff members.
Include procedures for:
• Hiring, paying, and
terminating employees
• Completing employee
performance reviews,
outside activity forms,
and exit checklists
• Revenue handling
• Purchases and PCard
transactions
• Authorizing and
reimbursing travel
• Reviewing system
access; securing data
• Issuing and
inventorying keys
Separation of Revenue Duties
•

One person should not be responsible for collecting,
depositing, recording, and reconciling revenues
• Use transfer documents when transferring funds
between employees
•
Revenue Controls

Record and deposit all revenues collected as required
by UCF Policy 3-200.1, Receipt and Deposit of Funds by
Departments
• Only one cashier working out of each cash register
drawer
• Reconcile and document management’s review
• Submit safe combinations with the Facilities
locksmith, as required by UCF Policy 3-108, Safe
Combinations and Access
Accounts Receivable

• Have written procedures including:
o
o
o
o
How often to send statements or demand letters
When to review old receivables
When to turn them over to a collection agency
When to write the account off
• Account Receivable total (with detail support) should
be sent to Finance and Accounting quarterly
•
Purchasing Cards

PCards and/or just the credit card number must not
be shared
• Approvers must review receipts before approving in
PeopleSoft
• It is not OK to split purchases to avoid PCard limits.
Credit Card Security

Employees must have:
• A background check on file with HR
• Sign the Credit Card Security Ethics Certification
(F&A Form 41-915), and
• Complete the F&A Annual Credit Card Information
Security training session (FSC 111)
Travel Compliance

• Section 112.061, Florida Statute, requires that the
traveler’s supervisor approve a trip before the travel
commences
• UCF requires approval by the dean and provost for
trips exceeding 30 days
Reconciling Departmental Ledger

• Departmental personnel should monitor overall
budget positions and reconcile accounting ledgers to
supporting documentation
• Department Chairs, Deans and Directors should
review reports from financial systems along with
prepared reconciliations
Contract Management

• In accordance with UCF Policy 2-102.2, Contract
Review, written agreements should be submitted to
the Office of the General Counsel for legal review
• Only employees with delegated signature authority,
per UCF Policy 2-107.2, Signature Authority Policy,
should execute agreements, this is probably not you
Facilities Access

• Departments should prepare/maintain an accurate
inventory of keys
• Resolve any differences with Facilities Operations’
key list
• Should have procedures for keys, including:
o Control over and limited distribution of master keys
o Regular review of active key users
o Performing periodic key inventory
Information Technology Controls

• Do not save restricted data on workstations
• College should comply with Computer Services and
Telecommunication’s Computer Security Standards and
Guidelines
http://www.cst.ucf.edu/about/information-securityoffice/computer-security-standards-and-guidelines/
• College needs to have business continuity plans that
address specific needs for their area
Vehicle Management

Departments/colleges with vehicles should have an
internal policy for vehicle management, including:
• Ensuring vehicle drivers have valid drivers’ licenses
using: https://services.flhsmv.gov/DLCheck/
• Safety and security of vehicles
• Management’s review of usage and maintenance
costs
• Plan for replacing obsolete vehicles
Student Fees

• Material and Supply fee
• Equipment fee
FERPA

Family Educational Rights and Privacy Act of 1974 protects the
privacy of student educational records.
Directory Information:
• Name
• Current Mailing Address
• Telephone Number
• Date of Birth
• Major
• Dates of Attendance
• Enrollment Status (Full/Part-time)
• Degrees/Awards Received
• Participation in Officially Recognized Activities and Sports
• Athletes’ Height/Weight
Emerging Issue

• Personal Identifying Information (PII) kept in
departments
Questions???

Download