Vicky Sharp & Tina Maier University Audit http://www.universityaudit.ucf.edu/ Contact information Millican Hall 341 407-823-2889 report-fraud@ucf.edu Vicky.Sharp@ucf.edu Tina.Maier@ucf.edu About University Audit • • • • Chief Audit Executive 2 Associate Directors 3 Senior Auditors 1 Administrative Assistant About University Audit • Reports functionally to the Audit, Operations Review, Compliance, and Ethics Committee of the Board of Trustees • Reports administratively to the Office of the President • Quality Assurance Review - every 5 years Services Provided • Internal Audits Determined from risk assessment • Management Advisory Services Usually requested by the department • Investigations Typically from a complaint to University Audit, which can be anonymous Common Audit Findings and Ways to Protect Your Department Termination Procedures • ePAFs must be submitted timely • To stop over payment and eligibility for benefits • Exit Checklists must be completed • To verify that university property, keys, and PCards are returned and access to information systems is removed Timecard / LAPERs Actual hours worked per day should be recorded • • If timecards are approved in advance, then supervisors should verify whether employees worked the hours reported • Faculty must use Sick Leave if they cancel class due to illness • Students should not be working during their scheduled class hours • Employees should not sign or stamp another’s name as signatory on official documents Departmental Leave Reports • Departments should run the Departmental Leave Report, and verify that leave was accurately processed for A&P, Faculty and USPS • Employees should never share their PeopleSoft passwords, even if your supervisor asks you for it or directs you to share Employment of Relatives Policy 3-008.1 - Employment of Relatives was revised on 1/21/14 • Appointment of relatives is permitted, BUT • No person shall be employed by, transferred to, or promoted where a direct or indirect supervisory relationship would exist, or when other situations exist which place relatives in circumstances of actual or reasonably foreseeable conflict between the interests of the university and the interests of the relatives • Conflict Management Plan should be developed Conflict of Interest or Commitment • Chapter 112, Part III, Florida Statutes, “Code of Ethics for Public Officers and Employees,” and • University Regulation UCF-3.018, Conflict of Interest or Commitment; Outside Activity or Employment Applies to all UCF employees whether or not they are members of a bargaining unit. Written Procedures Reduce errors and promote consistency of work, as well as provide guidance to new staff members. Include procedures for: • Hiring, paying, and terminating employees • Completing employee performance reviews, outside activity forms, and exit checklists • Revenue handling • Purchases and PCard transactions • Authorizing and reimbursing travel • Reviewing system access; securing data • Issuing and inventorying keys Separation of Revenue Duties • One person should not be responsible for collecting, depositing, recording, and reconciling revenues • Use transfer documents when transferring funds between employees • Revenue Controls Record and deposit all revenues collected as required by UCF Policy 3-200.1, Receipt and Deposit of Funds by Departments • Only one cashier working out of each cash register drawer • Reconcile and document management’s review • Submit safe combinations with the Facilities locksmith, as required by UCF Policy 3-108, Safe Combinations and Access Accounts Receivable • Have written procedures including: o o o o How often to send statements or demand letters When to review old receivables When to turn them over to a collection agency When to write the account off • Account Receivable total (with detail support) should be sent to Finance and Accounting quarterly • Purchasing Cards PCards and/or just the credit card number must not be shared • Approvers must review receipts before approving in PeopleSoft • It is not OK to split purchases to avoid PCard limits. Credit Card Security Employees must have: • A background check on file with HR • Sign the Credit Card Security Ethics Certification (F&A Form 41-915), and • Complete the F&A Annual Credit Card Information Security training session (FSC 111) Travel Compliance • Section 112.061, Florida Statute, requires that the traveler’s supervisor approve a trip before the travel commences • UCF requires approval by the dean and provost for trips exceeding 30 days Reconciling Departmental Ledger • Departmental personnel should monitor overall budget positions and reconcile accounting ledgers to supporting documentation • Department Chairs, Deans and Directors should review reports from financial systems along with prepared reconciliations Contract Management • In accordance with UCF Policy 2-102.2, Contract Review, written agreements should be submitted to the Office of the General Counsel for legal review • Only employees with delegated signature authority, per UCF Policy 2-107.2, Signature Authority Policy, should execute agreements, this is probably not you Facilities Access • Departments should prepare/maintain an accurate inventory of keys • Resolve any differences with Facilities Operations’ key list • Should have procedures for keys, including: o Control over and limited distribution of master keys o Regular review of active key users o Performing periodic key inventory Information Technology Controls • Do not save restricted data on workstations • College should comply with Computer Services and Telecommunication’s Computer Security Standards and Guidelines http://www.cst.ucf.edu/about/information-securityoffice/computer-security-standards-and-guidelines/ • College needs to have business continuity plans that address specific needs for their area Vehicle Management Departments/colleges with vehicles should have an internal policy for vehicle management, including: • Ensuring vehicle drivers have valid drivers’ licenses using: https://services.flhsmv.gov/DLCheck/ • Safety and security of vehicles • Management’s review of usage and maintenance costs • Plan for replacing obsolete vehicles Student Fees • Material and Supply fee • Equipment fee FERPA Family Educational Rights and Privacy Act of 1974 protects the privacy of student educational records. Directory Information: • Name • Current Mailing Address • Telephone Number • Date of Birth • Major • Dates of Attendance • Enrollment Status (Full/Part-time) • Degrees/Awards Received • Participation in Officially Recognized Activities and Sports • Athletes’ Height/Weight Emerging Issue • Personal Identifying Information (PII) kept in departments Questions???