Title: NCSU Internal Audit Division Presents:
1NCSU Internal Audit DivisionPresents
- Basic Financial and IT Controls
- Identifying Risks
2Financial Risk Management Dont Risk It!
- Introduction
- Overview of Common Audit Issues
- Information Technology (IT) Computer Security
Discussion - Conclusion
3I. Introduction
Identifying Risks
- Risk is the possibility that an event will occur
and adversely affect the achievement of
objectives (Per COSO)
4II. Overview of Common Audit Issues
- Dont risk it
- Ultimately, the Department/Unit Head is
responsible for fiscal management - Avoid potential fraud by ensuring that proper
controls are in place and working effectively!
5Common Audit Issues
F. Human Resources
A. Receipt Monitoring
B. Expenditure Documentation
G. Contracts and Grants
C. Checks
H. Foundations
D. Account Reconciliation
I. Misuse of State Funds
E. Segregation of Duties
6A. Receipt Monitoring
- Must be an authorized receipt center
- Retain receipts for all funds
- Retain original voided receipts
- Make timely deposits
- Daily deposits
- Weekly if less than 250
- Use pre-numbered receipt books
- Track receipt books
- Reconcile receipts to deposits each month
NCSU PRR, Reg 07.30.04, Receipt Centers
Request for Authorization. NCSU PRR, Reg
07.30.02, Receipt Centers - Deposit of
Funds. NCSU PRR,Reg 07.30.03, Receipt Centers -
Operations and Use. N.C.G.S. 147-77, Daily
Deposit of Funds to Credit of Treasurer.
7 B. Expenditure Documentation
- Purchases
- Purchase order
- Receipt
- Invoice/receiving documentation
- Evidence of business purpose
- Sales tax exemption status verification
NCSU PRR, Reg 07.05.01, Payments Documentation
Requirement for Expenditures. Tax Exemption
Letter, NCSU Controllers office, available at
http//www.fis.ncsu.edu/controller/tax/vendor_noti
fication_letter.doc.
8 B. Expenditure Documentation
- Travel
- Conference Agenda or Brochure
- Hotel Deposits
- Itinerary
- Mileage
- Airlines book on the web
- Reimbursement within 30 days
NCSU PRR, Reg 07.65.05, Travel, Personal
Vehicle. NCSU PRR, Reg 07.65.11, Travel, Travel
Reimbursements.
9 B. Expenditure Documentation
- Documentation should answer
Who?
What?
When?
Where?
NCSU PRR, Reg 07.05.01, Payments Documentation
Requirement for Expenditures.
10 C. Checks from Imprest Accounts
- Must be pre-numbered
- Do not sign a blank check
- Do not sign checks payable to yourself
- Must be supported by proper documentation,
especially if check is to an individual
NCSU PRR, Reg 07.30.09, Imprest Checking
Accounts.
11 D. Account Reconciliation
- Perform monthly reconciliation
- Verify all receipts deposited
- Verify all expenses cleared
- Provides budgetary control
- NCSU PRR, Reg 06.15.01, Effective Financial
Controls at the County level.
12 E. Segregation of Duties
- Receipting
- Depositing
- Reconciling Accounts
- Compensating Control Department Heads Review
and Oversight
NCSU PRR, Reg 07.30.03, Receipt Centers.
13 F. Human Resources
- Timesheets
- Leave Taken
- Compensatory Time Off
- Overtime
- Required Signatures
- Approvals (Supervisors Responsibility)
NCSU PRR, Staff Handbook, Employee Time Record
http//www.ncsu.edu/policies/employment/salar
y_admin/time_record.php
14 F. Human Resources
- Employment
- Completion of Form I-9
- BASIC Pilot Program (new requirement 1/1/07)
Employment Eligibility Verification Form,
Immigration Services of the Department of
Homeland Security.
15 G. Contracts and Grants
- Compliance with grant and other policies
- Supporting documentation for all expenditures
- Timely expenditures
- Personnel costs should match effort
NCSU PRR, Reg 10.5.1-15, Contracts and Grants
Circular A110 A21.
16H. Foundations
- Associated Entities
- Management and Financial Control
UNC Policy Manual, 600.2.5.2R, Required
Elements of University Associated Entity
Relationships.
17 I. Misuse of State Funds (Resources)
- What is Misuse?
- Who reports, and how?
- Internal Audit, Legal Affairs, Campus Police
work together - State Auditors Hotline 1-800-730-TIPS
Ref PRR Reg 07.40.2 (G.S. 114-15.1), Reporting
Misuse of State Property
18Common Audit Issues Summary
- Remember
- Ultimately, the Department/Unit Head is
responsible for fiscal management. - Avoid potential fraud by ensuring that proper
controls are in place and using them effectively.
19III. IT - Computer Security Discussion
- Whats happening in your area?
- What computer-based activities do you have and
how often are you performing them? - What issues are you aware of from a security or
data protection standpoint?
- Goal of Discussion Customized 12 Step Program
20- New State and Federal Laws
- Privacy and Identity Theft http//www.fis.ncsu.edu
/etss/files/idprevention.pdf - Payment Card Industry (PCI) Data Security
Standards - PCI Security Council https//www.pcisecuritystand
ards.org/index.htm - Visa www.visa/cisp
- New NCSU Regulations
- Data Management (and Classification) Procedure
http//www.ncsu.edu/policies/informationtechnology
/REG08.00.3.php - Password Requirements http//www.ncsu.edu/it/essen
tials/your_unity_account/password.html
21- Physical and Logical Security
- Physical
- Locks on hardware
- Configure screensaver
- Safe storage of software
- Logical
- Password protect system
- Separate user identities on shared systems
- Anti-Virus, Anti-Spyware
- Locked files
- Routers/firewalls
- Encryption
Ref http//www.ncsu.edu/it/essentials/antivirus_s
ecurity/index.html
22- Security for Electronic and Hard-Copy Data
- Desire data integrity
- Driver data sensitivity
- Primary focus should be
What Data?
Who has access to the data?
How does it get where its going?
23- Back-Up
- Local drives or devices
- Portable drives or devices
- Off-site storage
- Disaster Recovery
- Hardware
- Software
- Business Continuity
- Develop and document a plan
- Plan should include
- Call trees or rendevous points
- Manual work-around processes
Ref http//www.itd.ncsu.edu/staff/disast
er-recovery.php http//www.ncsu.edu/ehs/BCP/
24- Computer Security Discussion Points to Remember
- Develop local security practices and promote
awareness - Protect yourself and you protect your office and
the network