What are common audit recommendations on Revenue?
Separation of Duties
- Separate duties of receiving and handling cash payments, reconciling the source documents to the deposit, and posting the payments and adjustments to customer accounts
Approval and Documentation
- Ensure voids, paid-outs and adjustments are properly approved and documented.
- Establish accountability for all forms of revenue received such as using cash receipt books or logs, cash registers or tickets.
Reconciliation and Review
- Use cashier-validated cash transmittal or bank-validated deposit slips when reconciling deposits to the monthly financial records (e.g. Budget Activity Report).
- Reconcile source documents (e.g. pre-numbered cash receipts, logs, cash register tapes) to validated cash transmittals or bank deposit slips.
- Account for the sequential “Z” readings of cash register machines, or non-resettable cumulative totals during the reconciliation process.
- Endorse checks upon receipt.
- Store cash (includes checks and credit card slips) in a locked secure location.
- Restrict access to cash to the minimum number of authorized employees.
- Change the safe combination when employees leave the unit.
- Perform unannounced cash counts.
Separation of Duties
- Separate duties of receiving and handling cash payments, reconciling the source documents to the deposit, and posting the payments and adjustments to customer accounts.
Approval and Documentation
- Ensure billing adjustments are properly approved and supported.
What are common audit recommendations on Research?
- Ensure signature authority forms are complete and accurate. (GIM 14)
- Obtain prior approval from the sponsor for certain activities and expenditures excluded from expanded authorities.
- Document and monitor all cost sharing each quarter to ensure that commitments are being met.
- Submit non-salary cost sharing to Grant and Contract Accounting each quarter.
- Review the budget system (BGT) for accuracy of cost sharing pledged and reported.
- Ensure the Grant and Contract Certification Reports (GCCRs) and Faculty Effort Certification Reports (FECs) are reviewed, signed, and dated by the due date.
- Ensure that FECs are returned to Management Accounting and Analysis by the due date.
- Person reviewing and signing the GCCRs should be the principal investigator or someone with suitable means of verifying the work performed.
- Salary transfers should be promptly noted on the GCCRs and FECs. (GIM 15)
- Salary transfers documentation should include justification as to how the project being charged benefits. (GIM 15)
- Use a reasonable basis for allocating costs benefiting more than one project. (GIM 23)
- Ensure federal funds are not used for interim funding by obtaining an advance budget number, or temporarily charging costs to a non-federal, non-sponsored budget. (GIM 15)Documentation should show that expenditures are approved by the principal investigator or someone with delegated authority.
- Ensure that costs incurred for the same purpose, in like circumstances, are consistently charged as either direct or indirect costs. (GIM 23)
Office of Management and Budget Circulars:
What are common audit recommendations on Recharge Centers?
- Submit rates to Management Accounting and Analysis whenever the rate calculation methodology changes significantly.
- Submit rates to the Dean’s Office for review and approval.
- Develop written policies and procedures. It should include the department’s pricing policies and methodology for computing rates.
- Identify all costs. If applicable, develop a cost recovery strategy that keeps the rates affordable and identifies sources of funding for all costs.
- Perform a comparison of all identifiable rechargeable costs and recoveries on an annual basis. Projections and rate calculations should be adjusted if significant discrepancies are noted.
What are common audit recommendations on Payroll?
- Submit hourly timesheets directly to the business office for processing after the supervisor approves. Timesheets should not be returned to the employee.
- Obtain prior authorization for planned leave and overtime.
- Ensure timesheets are approved by employees and by supervisors with first-hand knowledge of hours worked.
- Ensure employee timesheets are promptly submitted for processing, and paid in the proper pay period.
- Establish procedures for obtaining original timesheets when faxed timesheets are used. Compare the original timesheet to the faxed timesheet.
- Include information on timesheets required by University policies and the Federal Labor Standards Act (FLSA) such as weekly totals
- Use ink to fill out timesheets. The employee and supervisor should initial any changes.
- Perform an annual audit of the Online Work and Leave System (OWLS) which includes reconciliation to supporting documentation (i.e. timesheets, leave/overtime requests)
- Monitor hours for hourly and student employees to ensure compliance with the University’s maximum hours 1050 total yearly hours (hourly employees/19 ½ weekly hours (student employees)
- Implement formal check-in and check-out procedures for employees newly hired or leaving the department.
What are common audit recommendations on Information Systems?
- Align the department’s strategic plan with business and computing objectives.
- Define the current capabilities and future needs for information technology.
- Perform a risk assessment to identify the impact and likelihood of threats and vulnerabilities to business processes and goals.
- Develop an action plan to ensure cost-effective controls and security measures minimize risks to an acceptable level.
- Ensure that performance and capacity meet department computing objectives.
- Adopt hardware acquisition standards to provide cost efficient and stable platforms for distributed applications
- Provide consistent system administration.
- Monitor and re-evaluate security of all information systems
- Configure operating systems and anti-virus software for the timely application of patches and updates.
- Implement procedures for detecting, reporting, and responding to security threats
- Ensure host based firewalls are active and limit internet protocols permitted through the firewall.
- Restrict physical access to information technology facilities and equipment to individuals with a business need for accessing the systems.
- Protect servers from physical and environmental damage.
- Develop, document, and implement backup procedures, disaster recovery plans, and cross-training for key information technology personnel.
- Store backup media in a secure offsite location that meets all archival, backup, and recovery needs for University systems.
- Test backup media on a regular basis to verify the ability to restore critical systems and data.
Service provider contracts
- Establish a comprehensive data sharing agreement for sensitive and confidential information on systems managed or owned by vendors
- Implement access controls for department critical systems.
- Promptly issue, alter, and revoke user access, and periodically review and verify that user access aligns with current job duties.
- Document and retain authorizations for access.
- Use unique user names and strengthen password controls to identify and authenticate system users.
- Perform periodic reviews of user access rights to ensure appropriateness
- Discontinue the use of default passwords, improve the communication method for issuing access credentials, and ensure initial login passwords are changed in a timely manner.
What are common audit recommendations on Gifts?
- Maintain complete documentation on gift budgets so that the department has information needed to spend gift funds in accordance with donor intent.
- Ensure scholarships and fellowships are awarded in compliance with donors’ intent.
- Ensure external funds are properly classified.
- Verify that the gift receipts sent to Gift Administration and Policy are received and properly recorded to the correct budget.
What are common audit recommendations on Equipment?
Separation of Duties
- Separate the duties so that the equipment inventory custodian does not perform or verify the physical inventory.
- Tag equipment when received.
- Establish procedures for checking out equipment removed from University facilities,
- Complete the Equipment Inventory Form 1024 when equipment is surplussed.
Reconciliation and Reviews
- Perform timely physical inventories.
What are common audit recommendations on Disbursement and Purchasing?
- Assign to separate people the duties of approving purchases, receiving and reconciling transactions to the My Financial Desktop (FD).
- Purchase must be approved by an authorized individual
- Ensure disbursements are supported by appropriate documentation which includes purchase authorization, invoices, and evidence that goods and services were received prior to payment.
- Do not use signature stamps to authorize transactions
- Monitor procard transactions to ensure users do not split purchases to avoid exceeding the transaction limits and competitive bid requirements.
- Establish procedures for issuing and cancelling procards.
- The cardholder and reviewer must sign and date the “UW Transaction Detail with Notes & Accounting Codes” report review for signifying appropriate business purpose, reasonableness and accuracy of transaction
Petty Cash and Revolving Funds
- Separate the custodian’s duties so that no one person has custody of the fund, approves reimbursements, and reconciles the bank statement.
- Retain voided checks
- Ensure checks are not made out to “Cash”
- Perform annual unannounced fund verifications.
- Review cellular phone billings to ensure appropriate usage
- Ensure that travel expense reports are approved by supervisors or a designee who does not report to the claimant.
- Ensure that out-of-state and foreign travel is properly authorized in advance when require
- Ensure personal leg of travel is not reimbursed by the University
- Retain conference brochures to support ravel status and per diem reimbursements.