What are common audit recommendations on Revenue?
Cash Handling
Separation of Duties
- Separate duties of receiving and handling cash payments, reconciling the source documents to the deposit, and posting the payments and adjustments to customer accounts
Approval and Documentation
- Ensure voids, paid-outs and adjustments are properly approved and documented.
- Establish accountability for all forms of revenue received such as using cash receipt books or logs, cash registers or tickets.
Reconciliation and Review
- Use cashier-validated cash transmittal or bank-validated deposit slips when reconciling deposits to the monthly financial records (e.g. Budget Activity Report).
- Reconcile source documents (e.g. pre-numbered cash receipts, logs, cash register tapes) to validated cash transmittals or bank deposit slips.
- Account for the sequential “Z” readings of cash register machines, or non-resettable cumulative totals during the reconciliation process.
Safeguarding
- Endorse checks upon receipt.
- Store cash (includes checks and credit card slips) in a locked secure location.
- Restrict access to cash to the minimum number of authorized employees.
- Change the safe combination when employees leave the unit.
- Perform unannounced cash counts.
Billings
Separation of Duties
- Separate duties of receiving and handling cash payments, reconciling the source documents to the deposit, and posting the payments and adjustments to customer accounts.
Approval and Documentation
- Ensure billing adjustments are properly approved and supported.
References:
What are common audit recommendations on Research?
Award Management
- Ensure signature authority forms are complete and accurate. (GIM 14)
- Obtain prior approval from the sponsor for certain activities and expenditures excluded from expanded authorities.
Cost Sharing
- Document and monitor all cost sharing each quarter to ensure that commitments are being met.
- Submit non-salary cost sharing to Grant and Contract Accounting each quarter.
- Review the budget system (BGT) for accuracy of cost sharing pledged and reported.
Effort Reporting
- Ensure the Grant and Contract Certification Reports (GCCRs) and Faculty Effort Certification Reports (FECs) are reviewed, signed, and dated by the due date.
- Ensure that FECs are returned to Management Accounting and Analysis by the due date.
- Person reviewing and signing the GCCRs should be the principal investigator or someone with suitable means of verifying the work performed.
- Salary transfers should be promptly noted on the GCCRs and FECs. (GIM 15)
- Salary transfers documentation should include justification as to how the project being charged benefits. (GIM 15)
Fiscal Management
- Use a reasonable basis for allocating costs benefiting more than one project. (GIM 23)
- Ensure federal funds are not used for interim funding by obtaining an advance budget number, or temporarily charging costs to a non-federal, non-sponsored budget. (GIM 15)Documentation should show that expenditures are approved by the principal investigator or someone with delegated authority.
- Ensure that costs incurred for the same purpose, in like circumstances, are consistently charged as either direct or indirect costs. (GIM 23)
References
Office of Management and Budget Circulars:
A-21 – Cost Principles for Higher Education
Grant Information Memorandum (GIM)
What are common audit recommendations on Recharge Centers?
Authorization
- Submit rates to Management Accounting and Analysis whenever the rate calculation methodology changes significantly.
- Submit rates to the Dean’s Office for review and approval.
Documentation
- Develop written policies and procedures. It should include the department’s pricing policies and methodology for computing rates.
- Identify all costs. If applicable, develop a cost recovery strategy that keeps the rates affordable and identifies sources of funding for all costs.
Reconciliation/Review
- Perform a comparison of all identifiable rechargeable costs and recoveries on an annual basis. Projections and rate calculations should be adjusted if significant discrepancies are noted.
Reference
Management Accounting & Analysis – Recharge and Cost Center Rate Policy
What are common audit recommendations on Payroll?
Authorization
- Submit hourly timesheets directly to the business office for processing after the supervisor approves. Timesheets should not be returned to the employee.
- Obtain prior authorization for planned leave and overtime.
- Ensure timesheets are approved by employees and by supervisors with first-hand knowledge of hours worked.
Documentation
- Ensure employee timesheets are promptly submitted for processing, and paid in the proper pay period.
- Establish procedures for obtaining original timesheets when faxed timesheets are used. Compare the original timesheet to the faxed timesheet.
- Include information on timesheets required by University policies and the Federal Labor Standards Act (FLSA) such as weekly totals
- Use ink to fill out timesheets. The employee and supervisor should initial any changes.
Reconciliation/Review
- Perform an annual audit of the Online Work and Leave System (OWLS) which includes reconciliation to supporting documentation (i.e. timesheets, leave/overtime requests)
- Monitor hours for hourly and student employees to ensure compliance with the University’s maximum hours 1050 total yearly hours (hourly employees/19 ½ weekly hours (student employees)
Safeguarding
- Implement formal check-in and check-out procedures for employees newly hired or leaving the department.
References:
Human Resources Compensation: Overtime for Non-Academic Staff—Overtime Eligibility and Compensation
Human Resources Compensation: Overtime for Non-Academic Staff—Timekeeping
What are common audit recommendations on Information Systems?
Strategic planning
- Align the department’s strategic plan with business and computing objectives.
- Define the current capabilities and future needs for information technology.
Risk assessments
- Perform a risk assessment to identify the impact and likelihood of threats and vulnerabilities to business processes and goals.
- Develop an action plan to ensure cost-effective controls and security measures minimize risks to an acceptable level.
Technology infrastructure
- Ensure that performance and capacity meet department computing objectives.
- Adopt hardware acquisition standards to provide cost efficient and stable platforms for distributed applications
- Provide consistent system administration.
Systems security
- Monitor and re-evaluate security of all information systems
- Configure operating systems and anti-virus software for the timely application of patches and updates.
- Implement procedures for detecting, reporting, and responding to security threats
- Ensure host based firewalls are active and limit internet protocols permitted through the firewall.
Physical security
- Restrict physical access to information technology facilities and equipment to individuals with a business need for accessing the systems.
- Protect servers from physical and environmental damage.
Disaster recovery
- Develop, document, and implement backup procedures, disaster recovery plans, and cross-training for key information technology personnel.
- Store backup media in a secure offsite location that meets all archival, backup, and recovery needs for University systems.
- Test backup media on a regular basis to verify the ability to restore critical systems and data.
Service provider contracts
- Establish a comprehensive data sharing agreement for sensitive and confidential information on systems managed or owned by vendors
Access
- Implement access controls for department critical systems.
- Promptly issue, alter, and revoke user access, and periodically review and verify that user access aligns with current job duties.
- Document and retain authorizations for access.
- Use unique user names and strengthen password controls to identify and authenticate system users.
- Perform periodic reviews of user access rights to ensure appropriateness
- Discontinue the use of default passwords, improve the communication method for issuing access credentials, and ensure initial login passwords are changed in a timely manner.
References
What are common audit recommendations on Gifts?
Documentation
- Maintain complete documentation on gift budgets so that the department has information needed to spend gift funds in accordance with donor intent.
- Ensure scholarships and fellowships are awarded in compliance with donors’ intent.
- Ensure external funds are properly classified.
Reconciliation/Review
- Verify that the gift receipts sent to Gift Administration and Policy are received and properly recorded to the correct budget.
References
Office of Development & Alumni Relations Gift Processing Guidelines
What are common audit recommendations on Equipment?
Separation of Duties
- Separate the duties so that the equipment inventory custodian does not perform or verify the physical inventory.
Documentation
- Tag equipment when received.
- Establish procedures for checking out equipment removed from University facilities,
- Complete the Equipment Inventory Form 1024 when equipment is surplussed.
Reconciliation and Reviews
- Perform timely physical inventories.
References
Administrative Policy Statement 61.1 Equipment Inventory Management
Administrative Policy Statement 61.8 Construction Capitalization
What are common audit recommendations on Disbursement and Purchasing?
Purchasing
- Assign to separate people the duties of approving purchases, receiving and reconciling transactions to the My Financial Desktop (FD).
- Purchase must be approved by an authorized individual
- Ensure disbursements are supported by appropriate documentation which includes purchase authorization, invoices, and evidence that goods and services were received prior to payment.
- Do not use signature stamps to authorize transactions
References:
Procard
- Monitor procard transactions to ensure users do not split purchases to avoid exceeding the transaction limits and competitive bid requirements.
- Establish procedures for issuing and cancelling procards.
- The cardholder and reviewer must sign and date the “UW Transaction Detail with Notes & Accounting Codes” report review for signifying appropriate business purpose, reasonableness and accuracy of transaction
References
Petty Cash and Revolving Funds
- Separate the custodian’s duties so that no one person has custody of the fund, approves reimbursements, and reconciles the bank statement.
- Retain voided checks
- Ensure checks are not made out to “Cash”
- Perform annual unannounced fund verifications.
References:
Cellular phone
- Review cellular phone billings to ensure appropriate usage
Travel
- Ensure that travel expense reports are approved by supervisors or a designee who does not report to the claimant.
- Ensure that out-of-state and foreign travel is properly authorized in advance when require
- Ensure personal leg of travel is not reimbursed by the University
- Retain conference brochures to support ravel status and per diem reimbursements.