Audit

1. Chapter-5
Internal Controls

2. Primary Objectives of Internal Controls
 Accurate Financial Information
 Compliance with Policies and Procedures
 Safeguarding Assets
 Efficient Use of Resources
 Accomplishment of Objectives and Goals

3. Why are Internal Controls Important?
Internal controls are designed to
provide reasonable assurance regarding
the achievement of objectives in the
following categories:
 Effectiveness and Efficiency of Operations
 Reliability of Financial Reporting
 Compliance with Laws and Regulations

4. Effectiveness and Efficiency of
Operations
 addresses an entity's basic business objectives,
including performance and profitability goals and
safeguarding of resources.
Reliability of Financial Reporting
 preparation of reliable financial statements and
publicly reported financial data.
Compliance with Laws and Regulations
 compliance with those laws and regulations to
which the entity is subject.

5. Internal control consists of five interrelated
components:
 Control Environment
 Risk Assessment
 Control Activities
 Information and Communication
 Monitoring
-COSO Integrated Framework Executive Summary

6. The Five Interrelated Components
Control Environment
The control environment sets the tone of an
organization, influencing the control
consciousness of its people. It is the foundation
for all other components of internal control,
providing discipline and structure. Control
environment factors include the integrity, ethical
values and competence of the entity's people;
management's philosophy and operating style; the
way management assigns authority and
responsibility, and organizes and develops its
people; and the attention and direction provided
by the board of directors.

7. Creating the Control Environment
 Create environment that fosters internal controls
 Expect Ethical Behavior
 Hire qualified staff
 Get to know your staff
 Clear assignment of responsibility/Job Description
 Supervision
 Clear Communication

8. The Five Interrelated Components
Risk Assessment
Every entity faces a variety of risks from external and internal
sources that must be assessed. A precondition to risk
assessment is establishment of objectives, linked at different
levels and internally consistent. Risk assessment is the
identification and analysis of relevant risks to achievement of
the objectives, forming a basis for determining how the risks
should be managed. Because economic, industry, regulatory
and operating conditions will continue to change, mechanisms
are needed to identify and deal with the special risks
associated with change.
-COSO Integrated Framework Executive Summary

9. Types of Risk
 Financial
 Research
 Student
 Academic
 Athletic
 Human Resources
 Faculty
 Crime and Safety
 Information Technology
 Enrollment
 Facilities

10. Examples of Financial Risk:
 Accounting processes
 Auditing Matters
 Compliance with Regulatory Issues
 Falsification of reports/records
 Fraud
 Improper receipt of gifts
 Improper vendor activity
 Theft
 Waste and Abuse
 Misuse of Resources

11. The Five Interrelated Components
Control Activities
Control activities are the policies and procedures that help ensure
management directives are carried out. They help ensure that
necessary actions are taken to address risks to achievement
of the entity's objectives. Control activities occur throughout
the organization, at all levels and in all functions. They
include a range of activities as diverse as approvals,
authorizations, verifications, reconciliations, reviews of
operating performance, security of assets and segregation of
duties.
-COSO Integrated Framework Executive Summary

12. Key Components – Control Activities
 Policies and Procedures
Administrative Policies and Procedures
(http://www.busfin.uga.edu/manual/)
 Staff Training
 Organization Charts/Job Descriptions
 Performance Measures
 Segregation of Duties
Preventing one individual from having virtually complete
control over a financial process.

13. Key Components-Control Activities
 Adequate Transaction Documentation
A record of (paper or electronic)
for Revenue
 Receipt
 Transfer
 Deposit
for Expense
 Purpose
 Authorization
for Other
 Delegation of Signature Authority
 Monthly Account Status Report Reconciliation
 Annual Property Inventory
 Properly Designed Documentation
 Unique numbering
 Independent Verification

14. The Five Interrelated Components
Information and Communication
Pertinent information must be identified, captured and communicated in a form
and timeframe that enable people to carry out their responsibilities.
Information systems produce reports, containing operational, financial and
compliance-related information, that make it possible to run and control the
business. They deal not only with internally generated data, but also
information about external events, activities and conditions necessary to
informed business decision-making and external reporting. Effective
communication also must occur in a broader sense, flowing down, across and
up the organization. All personnel must receive a clear message from top
management that control responsibilities must be taken seriously. They must
understand their own role in the internal control system, as well as how
individual activities relate to the work of others. They must have a means of
communicating significant information upstream. There also needs to be
effective communication with external parties, such as customers, suppliers,
regulators and shareholders.
-COSO Integrated Framework Executive Summary

15. The Five Interrelated Components
Monitoring
A process that assesses the quality of the system's performance
over time. This is accomplished through ongoing monitoring
activities, separate evaluations or a combination of the two.
Ongoing monitoring occurs in the course of operations. It
includes regular management and supervisory activities, and
other actions personnel take in performing their duties. The
scope and frequency of separate evaluations will depend
primarily on an assessment of risks and the effectiveness of
ongoing monitoring procedures. Internal control deficiencies
should be reported upstream, with serious matters reported
to top management and the board.
-COSO Integrated Framework Executive Summary

16. Why Monitoring is Important:
 Inherent Risks
 Complexity
 Decentralization – many hands, need accountability
 Repeat Problems
 Unresponsive to prior weaknesses
 Exposures
 Changes in Regulatory Environment
 Personnel Changes
 System and Process Changes
 Rapid Growth
 New Programs, services and staff

17. Types of Controls
Preventive Controls
 Forestall errors and thereby avoid the cost of correction
 Discourage fraud
Detective Controls
 Measure the effectiveness of preventive controls
 Uncover errors and misappropriations
 Provide the means to establish accountability

18. Are Internal Controls Foolproof ?
 Controls will not always prevent fraud or
misappropriation.
 Making controls infallible is cost prohibitive and
unnecessarily cumbersome.
 Controls do not eliminate the “human factor”. To
a significant extent, systems of internal control
rely on people and their actions.

19. Real World Summary
Why Internal Controls Are Important
 Provides management with confidence that the
entity is operating according to standards which are
monitored-someone is watching.
 Indicates to staff that what they are doing is
important and that QUALITY is important.
 Sends a signal that certain behaviors will not be
tolerated.

20. The term “cash receipts” includes:
 Currency
 Checks
 Credit cards
 Wire transfers
received by mail or in person

21. Use of Revenue Object Codes
amounts received for
 Payment of delivery of goods or services
 Reimbursement of expenses or
 Contributions
Examples of third party receipts include:
 General revenues for tuition and fees
 Auxiliary income
 Parking income
 Sponsored awards and events
 Revenues from sale of goods and services
 Gifts and other designated funds
 Reimbursements from:
 affiliated institutions
 conferences and seminars
 alumni functions

22. Use of Expense Credits
 Refunds from vendors
 Price adjustment of goods or services
Use same object code of the original expense.
Examples include:
 Returned or rejected items
 Overpayments

23. Objective
Ensure that all funds are timely deposited in the bank and are
properly recorded in the appropriate account.
Risks
 Theft/fraud.
 Mismanagement of funds.
 Mis-statement of revenue and expenditures.
 Noncompliance with University, BOR, State and Federal policies.

24. Audit Check List
 Persons verifying the monthly Account Status Reports do not
process cash receipts.
 Timely and adequate restrictive endorsement of checks
 Documentation and procedures are sufficient so that loss or
misappropriation of funds can be traced to the responsible
individual(s).

25. Documentation and Procedures
Types of documentation
 Pre-numbered cash receipt form
 Payment log
 Cash register tape using locked-in sales totals
 Workshop attendance roster

26. Documentation and Procedures
Verification Procedures
 Depositing cash receipts timely and intact.
 Independently tracing cash receipt forms, logs and/or register
tapes to the Bursar’ Office receipt and the Account Status
Reports.
 Comparing attendance rosters to revenue posted to workshop
account.
 Reviewing deposit documentation before gift acknowledgement
letters are signed and mailed.
 Accounting for unsold tickets.
 Maintaining control over pre-numbered receipts.
 Immediate notification to the Controller’s Office of detected
shortages or inappropriate activity.

27. Transactions must be reviewed and approved by those officers
under whose responsibility the project lies.
Signatory authority may be delegated however, primary
responsibility for funds and transactions remains with the
budgetary unit head.
It is therefore necessary for a policy to be in writing to ensure
the delegation is authorized.

28. The written signatory authority document should be:
 Initiated by the budgetary unit head.
 Contain:
 A description of the documents for which authority is being conveyed.
Examples:
 Vouchers.
 Purchase requests.
 Specimen signatures of persons to whom authority is conveyed.
 Signed by the appropriate department head, dean/director or vice president.
 Copies sent to:
 Accounts Payable
 Payroll
Budgetary units should revise the policy when personnel or job
assignments change.

29. Objectives
 Documents are properly authorized.
 Budgetary unit heads and principal investigators
understand their responsibility.
Risks
 Noncompliance with federal regulations.
 Noncompliance with University policies.
 Misappropriation of funds/fraud.
 Disallowance of costs.
 Personal liability.

30. Audit Check List
 The department has identified faculty and staff members
authorized to sign documents in either paper or electronic form.
 The list is up-to-date.
 Budgetary unit heads and principal investigators understand their
responsibility.
 Documents are signed by the appropriate individuals at both the
departmental and college/school levels
 Delegated faculty / staff members sign their own name and not the
dean or budgetary unit head’s name.

31. Procurement
 The University Procurement Office has sole responsibility for the coordination of
all University procurement activities.
 Departments are authorized to make direct purchases with P-Cards and Petty
Cash.
 Streamline payment procedures
 Reduce the administrative burden
 All purchasing is subject to:
 State of Georgia purchasing regulations
 Board of Regents' policies
 University of Georgia policies
 The budgetary unit heads have the primary responsibility for the approval of all
purchases charged against the accounts under their administration.
 Budgetary units should maintain a file of their own purchasing documents.

32. Procurement
 Purchase requests may be generated electronically or manually.
 Purchase requests should be limited to items that can be supplied by one vendor.
 When formal quotations are needed:
 Complete as much of the Purchase Request Form as possible.
 Forward the departmental copy (blue) directly to the Procurement Office for use in
obtaining quotations.
 Place a note on the face of the purchase request providing the reason for using this
procedure.
 All check requests must be accompanied by an original of the invoice for
payment.
 The responsibility for receiving and inspecting supplies and equipment rests
with:
 The central receiving units.
 Budgetary units requesting the supplies and equipment.

33. Accounts Payable
 The Accounts Payable Department is responsible for:
 examining all accounts, claims, and demands against
the University, and
 making payment of all the University's legally incurred
obligations
 No payments are to be made:
 Unless there is money in the account for such
payments.
 Until the Accounts Payable Department has been
presented with supporting documents.
 Purchase Authorization
 Original Invoice
 Receiving Report

34. Accounts Payable
 The department will encumber all:
 Purchase orders
 Physical plant work orders
 Requests for authority to travel

35. Objectives
 Expenses charged are reasonable and allowable.
 Expenses are properly coded.
 Unallowable charges are separately designated.
 Purchase order processing is completed promptly and accurately.
Risks
 Misappropriation of funds.
 Loss of sponsored funding.
 Disallowance of costs.
 Noncompliance with federal regulations.
 Delay of future funding.
 Delay of delivery of goods and services.
 Delay of payments to vendors.
 Jeopardized relationships with vendors.
 Jeopardized credit standing of the University.

36. Audit Check List
 Transactions are properly approved and the stated purpose is reasonable.
 Invoices are submitted to Accounts Payable timely.
 Account Status Reports are independently reviewed for accuracy of
encumbrances and charges.

37. Payroll disbursements represent the single largest expense
category to the University.
All payrolls are processed electronically through a web based
electronic payroll system.
All new employees are required to have their payments made
through direct deposit.
The University processes four types of payrolls:
 Monthly Payroll
 Academic Payroll
 Salaried Biweekly
 Hourly Biweekly

38. Monthly Payroll
 Faculty (other than those on an "A" or "L" contract code).
 Administrative personnel.
 Graduate assistants (other than those on a "S" contract code).
 Employees exempt from coverage under the Fair Labor Standards Act (Wage and Hour Law)
Academic Payroll
 Faculty with a contract code of "A" or "L“.
 Graduate assistants with a contract code of "S“.
 Compensation is earned at the rate of one-half of the contract salary for each academic
semester.
 Additional payments for Maymester & summer session classes can be made.

39. Salaried Biweekly
 Payroll employees covered under the Fair Labor Standards Act.
 The hourly rate of pay is determined by dividing the annual rate by the number of available
work hours in the fiscal year.
 The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.
Hourly Biweekly
 Employees covered under the Fair Labor Standards Act.
 Temporary or part-time employees
(paid from lump sum positions in the University budget).
 The gross amount of each check is determined by multiplying the hourly rate of pay by the
number of hours reported on the time sheet.

40. The basic documents used to effect payroll payments are:
 Personnel Report
 Payroll Voucher
 Time Records

41. The Personnel Report is used to document:
 Employment
 Termination
 Change in status of all personnel
Approved by:
 Department heads
 Deans
 Vice presidents (in some cases )
Personnel Reports are electronically routed to the appropriate units.

42. Payroll Vouchers contain:
 Names of all persons paid on the preceding payroll
 Social security numbers
 Hourly rate of pay or gross salary
Approved by:
 Department heads
Payroll vouchers are sent to the Payroll Department.

43. Time Records, are prepared for each employee who is covered and
nonexempt under the Federal Fair Labor Standards Act. The
document records:
 Name of employee
 Pay period
 Hours worked
Approved by:
 employee,
 Supervisor
These signatures and dates are important in complying with Federal
Regulations.
The time records should be retained by the Department for 5 years
after the fiscal year ends.

44. International Employees
 All international employees are required to complete the
UGA Tax Information Form for Internationals
 The completed form must be submitted to the International
Tax Coordinator along with:
 Immigration documents
 Passport
 I-94 card and
 Visa
 The International Tax Coordinator will perform a tax
analysis and will provide the appropriate payroll
withholding forms to the employee for review and signature.

45. Objectives
 Proper authorization and payment of salary and wages.
 Responsibility for payroll processing separated between:
 authorization/processing
 distribution of the pay check
 Proper allocation of resources and system access privileges.
 Current submission of payroll documents.
Risks
 Noncompliance with federal/state regulations.
 Civil liability/lawsuits.
 Non-compliance with University policies.
 Penalties/fines.
 Fraud/theft.
 Retroactive transactions.
 Personal/employer tax liabilities.
 Overpayments/unallowable costs.

46. Audit Check List
 Staff members who approve or process payroll documents do not have access to payroll checks.
 Payroll vouchers are properly approved by an appropriate supervisor having knowledge of the hours
worked.
 Payroll vouchers agree with time sheets and leave records.
 Payroll vouchers are signed and approved on the last working day of the pay period.
 Time cards are checked for accuracy.
 Overtime if paid is allowable and approved in advance.
 Time cards are not returned to employees after they are approved by supervisors.
 Terminated employees are removed promptly from payroll.
 New hires are processed and paid in the appropriate pay cycle.
 Visa expiration dates are monitored.
 I-9 documentation is complete and on file for all employees.

47. Independent Contractors
 General Rule: the employer has the right to control or
direct only the result of the work, and not the means
and methods of accomplishing the result
 Some of the other factors to determine if a worker is an
independent contractor include:
 Has the contractor other clients?
 Is the person an employee of any State of Georgia
agency or institution?
 Is there a contract for services?
 Does the service involve an independent profession,
trade, or business?

48. Independent Contractors - Minimum standards of documentation to use
of independent contractors as consultants require evidence that:
 The services are needed.
 Cannot be met by direct salaries provided under the contract or grant.
 A selection process was used to identify the most qualified individual
available.
 The individual or firm qualifies as an independent contractor.
 The fee is appropriate considering the qualifications and services to be
provided.
 The express advance approval by the sponsoring and parent Federal
agency of a consultant who is also a full-time employee of the Federal
government.

49. Honoraria
 An honorarium is:
 A onetime tax-reportable payment
 To a non-University employee
 For general service in education, research, or public service
 Where the University does not expect nor is payment contingent upon a
particular result.
 Examples are
 Guest lecturers
 Workshop leaders.
 An "Honoraria and Fees Information Sheet" must be completed and
attached to the check request when payment is requested.
 Payments can not be prepared in advance of service performance.

50. Prizes and Awards
 Prizes and awards are classified by the IRS as tax-reportable
income.
 Prizes and awards to employees, which recognize professional
achievements related to employment, are paid through payroll.
 Prizes and awards to non-employees or students (whose part-time
employment has no professional connection to the award) are paid
through Accounts Payable and are issued an IRS Form 1099.

51. Stipends/Fellowships
 A stipend / fellowship is in the form of financial aid for
which no services are performed.
 Three tests to determine whether or not payments for
stipends and fellowships are taxable to the recipient:
 Only students (candidates for a degree) qualify for
exclusions.
 Up to the total of tuition and required fees, books,
supplies and equipment can be excluded.
 Amounts related to services performed even if such
services were requirements for the degree can not be
excluded.

52. Objective
Individuals are classified correctly as either an employee or
consultant / independent contractor for tax withholding
purposes.
Risks
 Noncompliance with federal regulations.
 Noncompliance with University policies.
 Fines and penalties.

53. Audit Check List
 The department’s determination on the classification of an individual
as either an independent contractor/consultant or employee meets the
IRS criteria.
 There is sufficient documentation for need, qualifications, and selection
process.
 The fee is reasonable considering the qualifications and services to be
provided.
 Departments have properly completed:
 Honoraria and Fees Information Sheet.
 Consulting Agreement Form.
Forms are signed by consultant/contractor and
the appropriate University official.

54. The University reimburses employees for approved, necessary, and reasonable
travel expenses incurred while conducting business for the University.
Each employee is required to have travel approved by his/her department head
or other designated official.
For out-of-state travel, it is necessary to obtain:
 Prior approval from the appropriate dean's, director's, or other unit head's office.
 A financial review by the Travel and Encumbrance Section of the Accounts
Payable Department.
Travel outside of the continental limits of the United States must be approved
first by the appropriate vice president and then by the President's Office.
Reimbursement for travel expenses (meals, lodging, transportation and
miscellaneous expenses) is requested using an Employee Travel Expense
Statement.

55. In general, services (as well as materials, goods, or
supplies) must be received before payment can be
remitted.
Food, lodging or other non-conference related
expenses must be paid by the employee.
The employee will be reimbursed, as appropriate,
using normal travel reimbursement procedures.

56. Non-employees or any other organization for rendering a service
 Travel and subsistence expenses must be in accordance with the University
of Georgia Travel Policy.
 A "Honoraria and Fees Information Sheet" and check request is used to
process reimbursement.
 Charges are recorded as per diem and fees expense and not travel for non-
employees.
 Prospective employees may be reimbursed for travel expenses.

57. Objectives
 Expenses charged are reasonable and comply with University policies.
 Expenses are legitimate and approved by authorized department
personnel.
 Expenses are accurately calculated.
 Expenses are coded to the proper object codes, and unallowable
charges are separately designated.
 Special Purpose Petty Cash Funds (travel advances) are properly
requested, utilized, and accounted for in a timely manner.
Risks
 Improper use of University funds.
 Noncompliance with Internal Revenue Service and other regulatory
authorities.
 Noncompliance with granting agencies.
 Excessive aging of travel advances.

58. Audit Check List
 Special Purpose Petty Cash Funds are approved, utilized appropriately
and promptly returned.
 Travel forms are signed by the traveler and an authorized approver.
 Reported expenses are in compliance with the University’s policies and
procedures:
 Correct per diem rates
 Correct currency conversion rates
 forms are accurately totaled
 Original receipts or other appropriate documentation attached to
support charges on the Travel Expense Statement and Honoraria and
Fees Information Sheet.
 Paid consultant travel expenses are included in the consulting contract.

59. All University funds should be used only for activities related to the University’s
mission of education, research, and public service.
In general, University accounts cannot be used to pay for the cost of University
related entertainment.
 Sponsoring entities occasionally include a provision that funds may be expended
for University related entertainment.
 It is important to note that expenses, personal in nature, such staff social parties
(celebrations of a birthday, marriage, birth…etc) or holiday celebrations are not
reimbursable.
Employees may be reimbursed for meals, not associated with overnight travel, if:
 The meals are part of a required registration fee; or
 The employees is on a work assignment more than 30 miles away from home or
headquarters).
Approved, necessary, and reasonable business expenses may be reimbursed by
submitting a Travel Expense Statement or Reimbursement of University Related
Entertainment Expenses Form.

60. Objectives
 Reimbursements for business meals and entertainment are made only
when considered necessary and reasonable to fulfill the University’s
mission of education, research, and public service.
 Entertainment expenses are supported by proper documentation.
 Expenses are charged in accordance with University policies and
sponsoring agency guidelines.
Risks
 Non-compliance with federal regulations.
 Loss of funding.
 Penalties/fines.
 Disallowance of costs.
 Personal liability.
 Impairment of reputation.

61. Audit Checklist
 Entertainment costs are in compliance with the University’s policies
and procedures and sponsoring agency regulations.
 The purpose for these types of expenses are of a business nature rather
than personal.
 Expense reimbursement requests include written documentation
stating the business purpose of the activity, the names of all individuals
present and original receipts.
 The proper object codes are used when coding various entertainment
expenses.
 Departmental personnel approving such expenses are familiar with the
University’s policies and procedures.

62. Monthly verification of the Account Status
Reports is a critical control.
 A certification of financial information at the
department level.
 Performed timely.
The Controller’s Office distributes to departments
each month the Account Status Reports for all
accounts that had activity during the year.

63. A review of the account status reports can be called:
 Account Reconciliation
 Transaction Verification
No matter what the procedure is called
 Source documents retained by the department need to be compared to the account
status report entries.
 Timely.
 Preferably by someone who is independent of the processed transaction.
Prompt reconciliation of revenue, expenditures and encumbrances can reveal
 Missing or misapplied deposits.
 Unallowable charges
 Duplicate payments or
 Non-payment of invoices.
Exceptions must be promptly researched and corrected.

64. Fiscal management responsibility rests with the
department directors or principal investigators
(PIs)
 Transaction verification procedures may be delegated to
the administrative staff.
 Oversight of such delegated fiscal responsibilities remains
with the department directors, or PIs.
 Department directors or PIs should review the monthly
Account Status Reports to ensure revenue and
expenditure transactions are reconciled and reasonable.

65. Objectives
 Revenue and expenditures are correct and reflected in the appropriate
account with the proper object/revenue codes.
 Expenditures are allowable and comply with federal regulations and
University policies
 The report reconciliation process is completed monthly
 Department directors and PIs understand their fiscal responsibilities
Risks
 Non-compliance with federal regulations and University policies
 Disallowance of costs
 Delay or loss of future funding
 Delay in the discovery of inappropriate transactions
 No budgetary control
 Loss of revenue

66. Audit Checklist
 Revenue and expenditure transactions are reconciled monthly.
 Verification of transactions are performed by staff who are knowledgeable of
University and sponsoring agency cost policies.
 When possible, verification procedures are performed by staff who do not:
 Have access to cash or checks,
 Make purchases, or
 authorize payments.
 The reconciliation between source documents and the Account Status Report
would likely detect items:
 On the report and not in departmental records.
 In departmental records and not on the report.
 All unresolved items are promptly researched and corrected.
 The department director or PI review the monthly reports once the
reconciliation is completed

67. Movable personal property must be inventoried
and tracked if:
 Estimated usable life of three or more years.
 Acquisition cost of $3,000 or more.
The University also inventories items costing
under $3,000 but more that $500 which include:
 Office Machines.
 Electronic Audio/Visual Equipment.
 Photographic Apparatus.

68. The following items are inventory controlled
without regard to cost:
 Books if procured through the Library Accounts and
catalogued by the Libraries.
 Firearms.
 Art objects/Antiques.
 Vehicles licensed for road use.

69. Items acquired through the University Procurement Office do
not require any additional reporting by the custodian of the
equipment for purposes of establishing the inventory records.
Items received from other sources do require action initiated by
the custodian.
 Notice of Change in Departmental Equipment.
 Notify the University Property Control Office.

70. Assistant Inventory Control Officer (AICO)
 Designated by the head of each college, school,
department, or other administrative office.
 Responsible for the departmental procedures related to
equipment.
 Notification of equipment transfers.
 Completion of an annual physical inventory.
 Ensuring initial and annual authorization of off-campus
equipment.

71. Surplus Property
The Unassigned Property Unit is responsible for:
 Acquisition,
 Reutilization, and
 Disposition
of excess, surplus, unassigned, and unneeded equipment
Each unit must initiate action with Property Control to remove items
 Disposed,
 Cannibalized,
 Traded-in, or
 Judged obsolete
from the department's accountable records.
 Whenever the loss or theft of equipment is discovered, the custodian must
 Immediately report the loss to Campus Police
 Submit a Notice of Change and copy of the police report to Property Control

72. Objectives
 Equipment is properly identified.
 Equipment is properly labeled with a tag.
 Proper object codes are used.
 Property Control is notified of equipment acquired other than through the
standard University procedures.
 Property Control is notified of equipment lost, stolen, salvaged, or scrapped
 Inventory is conducted annually.
Risks
 Non-compliance with federal or state regulations.
 Not identified as equipment (not in system).
 No record for insurance claims or theft.
 Reduced value of the inventory system (affects depreciation, which impacts the
facility and administrative [F&A] cost rates).
 Value of equipment inventory overstated.
 Loss of public confidence.

73. Audit Checklist
 Equipment purchases are made in accordance with purchasing
guidelines, properly authorized, and recorded.
 Proper equipment object codes are used for equipment with a per unit
cost of $5,000 or more and with a useful life of more than three or more
years.
 All University equipment have a decal that is easily visible
 Property Control are notified of:
 Donations, transfers, or fabrication of equipment.
 Equipment lost, stolen, salvaged, or scrapped.
 Equipment moved to an off-campus location.
 An annual departmental inventory report is completed and returned to
Property Control by the due date.

74. The appearance of a conflict of interest exists when a
reasonable person will conclude that the employee's ability to
protect the public interest or perform public duties is
compromised by personal interest.
Unlawful for any full-time state employee to transact any
business with the agency by which such employee is employed.
A full-time employee is forbidden from acting for
himself/herself, on behalf of any third party, or on behalf of any
business in which the employee or a member of his/her family
has a substantial interest.

75. The term "transact any business" includes
 the sale or lease of any personal property, real
property or services, or
 the purchase of any surplus real or personal property.

76. Unlawful for any part-time state employee, on
his own behalf or on behalf of any business, to
transact business with the agency by which he is
employed, unless:
 the amount of any single transaction between the
employee and the University does not exceed $250 and
 the aggregate does not exceed $9,000 per calendar
year.

77. Objectives
 To provide effectiveness of operations by the safeguarding of
human resources, i.e., faculty and staff members are devoted
primarily to University objectives.
Risk
 Impairment of the University’s reputation.
 Independent scholarly inquiry threatened.
 Competition with the University’s business interests.
 Impairment of the individual’s ability to perform the duties
of his/her University position.
 Non-compliance with federal regulations.
 Financial penalties.

78. Audit Checklist
 All faculty and staff members in the department have access
to the University’s policies regarding conflict of interest.
 Faculty and staff members know the conditions when special
permission needs to be obtained before undertaking any
commitment that may appear to be a conflict of interest.
 Faculty and/or staff members have not made purchases with
vendors where there is a personal interest or reward.
 The department is free of situations where a staff member
supervises or has significant control over the work or career
of another staff member who is his/her relative or is
someone with whom he/she shares a residence.

79. Information Security
 Protect information from:
 destruction,
 unauthorized access, or
 unauthorized change.
Users are responsible for the security of data.
 An assessment of the University’s business processes
related to sensitive data is being performed.
 Training.
 Evaluations.
 Monitoring.

80. Passwords – limiting unauthorized access
 Passwords should be at least six characters long and have an
alpha and numeric combination.
 Do not share computer IDs or passwords.
 Request a change in a computer password immediately if
there is any suspicion that it has become known to another
party.
 User ID’s must be deactivated if an employee has transferred
or terminated.
 Passwords should be changed on a regular basis

81. Professional Use of University Resources
Messages, sentiments, and declarations sent as
electronic mail or as electronic postings should meet
high and ethical standards
Those users publishing their opinions electronically
should
 clearly and accurately identify such as their own
opinion or the opinion of the group which they are
authorized to represent.
 Users are not permitted to transmit chain letters or
display images, sounds, or messages that create an
atmosphere of discomfort or harassment.

82. Important data should be backed up frequently.
 Backup disks should be stored in a location away from
the originals.
Anti-virus software should be installed and
frequently updated.

83. Unauthorized copying of licensed software is illegal.
 Retain all documents on purchase and licensee agreements.
 There should be license documentation for all software loaded
on each machine

84. Objectives
 University’s intellectual and electronic information is secured from
inappropriate access or destruction
 Information technology is used only for appropriate business purposes
 Proper and reliable backup procedures are used.
 All software is properly licensed
Risks
 Breach of system integrity and loss of critical data
 Non-compliance with federal and state laws regarding computer and
data communications use
 Destruction of critical information by unauthorized users
 Violation of software licensee agreements and possible fines
 Employee dismissal and legal action
 Impairment of the University’s reputation

85. AUDIT CHECKLIST
 Employees with access to computer systems have an established need for the access.
 Passwords are secure and not shared.
 Procedures are in place to prevent unauthorized use or transmission of information.
 Access to the system is removed for terminated or transferred faculty, and staff, timely.
 Computers located in heavily traveled public areas have a screen saver with password
activation invoked.
 Each computer software package is licensed for the current user.
 Computer files are backed up on a regular basis. Backup data is stored in a location away
from the originals
 The department has sufficient technical support for ongoing operations to keep downtime
minimal.
 The department has adequate resumption procedures for their automated systems that are
considered critical or vital to their daily operations.