NCSU Internal Audit Division Presents: - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

NCSU Internal Audit Division Presents:

Description:

Risk is the possibility that an event will occur and adversely affect the ... Configure screensaver. Safe storage of software. Logical. Password protect system ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 25
Provided by: rmk8
Category:

less

Transcript and Presenter's Notes

Title: NCSU Internal Audit Division Presents:


1
NCSU Internal Audit DivisionPresents
  • Basic Financial and IT Controls
  • Identifying Risks

2
Financial Risk Management Dont Risk It!
  • Introduction
  • Overview of Common Audit Issues
  • Information Technology (IT) Computer Security
    Discussion
  • Conclusion

3
I. Introduction
Identifying Risks
  • Risk is the possibility that an event will occur
    and adversely affect the achievement of
    objectives (Per COSO)

4
II. Overview of Common Audit Issues
  • Dont risk it
  • Ultimately, the Department/Unit Head is
    responsible for fiscal management
  • Avoid potential fraud by ensuring that proper
    controls are in place and working effectively!

5
Common Audit Issues
F. Human Resources
A. Receipt Monitoring
B. Expenditure Documentation
G. Contracts and Grants
C. Checks
H. Foundations
D. Account Reconciliation
I. Misuse of State Funds
E. Segregation of Duties
6
A. Receipt Monitoring
  • Must be an authorized receipt center
  • Retain receipts for all funds
  • Retain original voided receipts
  • Make timely deposits
  • Daily deposits
  • Weekly if less than 250
  • Use pre-numbered receipt books
  • Track receipt books
  • Reconcile receipts to deposits each month

NCSU PRR, Reg 07.30.04, Receipt Centers
Request for Authorization. NCSU PRR, Reg
07.30.02, Receipt Centers - Deposit of
Funds. NCSU PRR,Reg 07.30.03, Receipt Centers -
Operations and Use. N.C.G.S. 147-77, Daily
Deposit of Funds to Credit of Treasurer.
7
B. Expenditure Documentation
  • Purchases
  • Purchase order
  • Receipt
  • Invoice/receiving documentation
  • Evidence of business purpose
  • Sales tax exemption status verification

NCSU PRR, Reg 07.05.01, Payments Documentation
Requirement for Expenditures. Tax Exemption
Letter, NCSU Controllers office, available at
http//www.fis.ncsu.edu/controller/tax/vendor_noti
fication_letter.doc.
8
B. Expenditure Documentation
  • Travel
  • Conference Agenda or Brochure
  • Hotel Deposits
  • Itinerary
  • Mileage
  • Airlines book on the web
  • Reimbursement within 30 days

NCSU PRR, Reg 07.65.05, Travel, Personal
Vehicle. NCSU PRR, Reg 07.65.11, Travel, Travel
Reimbursements.
9
B. Expenditure Documentation
  • Documentation should answer

Who?
What?
When?
Where?
NCSU PRR, Reg 07.05.01, Payments Documentation
Requirement for Expenditures.
10
C. Checks from Imprest Accounts
  • Must be pre-numbered
  • Do not sign a blank check
  • Do not sign checks payable to yourself
  • Must be supported by proper documentation,
    especially if check is to an individual

NCSU PRR, Reg 07.30.09, Imprest Checking
Accounts.
11
D. Account Reconciliation
  • Perform monthly reconciliation
  • Verify all receipts deposited
  • Verify all expenses cleared
  • Provides budgetary control
  • NCSU PRR, Reg 06.15.01, Effective Financial
    Controls at the County level.

12
E. Segregation of Duties
  • Receipting
  • Depositing
  • Reconciling Accounts
  • Compensating Control Department Heads Review
    and Oversight

NCSU PRR, Reg 07.30.03, Receipt Centers.
13
F. Human Resources
  • Timesheets
  • Leave Taken
  • Compensatory Time Off
  • Overtime
  • Required Signatures
  • Approvals (Supervisors Responsibility)

NCSU PRR, Staff Handbook, Employee Time Record
http//www.ncsu.edu/policies/employment/salar
y_admin/time_record.php
14
F. Human Resources
  • Employment
  • Completion of Form I-9
  • BASIC Pilot Program (new requirement 1/1/07)

Employment Eligibility Verification Form,
Immigration Services of the Department of
Homeland Security.
15
G. Contracts and Grants
  • Compliance with grant and other policies
  • Supporting documentation for all expenditures
  • Timely expenditures
  • Personnel costs should match effort

NCSU PRR, Reg 10.5.1-15, Contracts and Grants
Circular A110 A21.
16
H. Foundations
  • Associated Entities
  • Management and Financial Control

UNC Policy Manual, 600.2.5.2R, Required
Elements of University Associated Entity
Relationships.
17
I. Misuse of State Funds (Resources)
  • What is Misuse?
  • Who reports, and how?
  • Internal Audit, Legal Affairs, Campus Police
    work together
  • State Auditors Hotline 1-800-730-TIPS

Ref PRR Reg 07.40.2 (G.S. 114-15.1), Reporting
Misuse of State Property
18
Common Audit Issues Summary
  • Remember
  • Ultimately, the Department/Unit Head is
    responsible for fiscal management.
  • Avoid potential fraud by ensuring that proper
    controls are in place and using them effectively.

19
III. IT - Computer Security Discussion
  • Whats happening in your area?
  • What computer-based activities do you have and
    how often are you performing them?
  • What issues are you aware of from a security or
    data protection standpoint?
  • Goal of Discussion Customized 12 Step Program

20
  • New State and Federal Laws
  • Privacy and Identity Theft http//www.fis.ncsu.edu
    /etss/files/idprevention.pdf
  • Payment Card Industry (PCI) Data Security
    Standards
  • PCI Security Council https//www.pcisecuritystand
    ards.org/index.htm
  • Visa www.visa/cisp
  • New NCSU Regulations
  • Data Management (and Classification) Procedure
    http//www.ncsu.edu/policies/informationtechnology
    /REG08.00.3.php
  • Password Requirements http//www.ncsu.edu/it/essen
    tials/your_unity_account/password.html

21
  • Physical and Logical Security
  • Physical
  • Locks on hardware
  • Configure screensaver
  • Safe storage of software
  • Logical
  • Password protect system
  • Separate user identities on shared systems
  • Anti-Virus, Anti-Spyware
  • Locked files
  • Routers/firewalls
  • Encryption

Ref http//www.ncsu.edu/it/essentials/antivirus_s
ecurity/index.html
22
  • Security for Electronic and Hard-Copy Data
  • Desire data integrity
  • Driver data sensitivity
  • Primary focus should be
  • WHAT

What Data?
  • WHO

Who has access to the data?
  • Read
  • Update
  • Write
  • Delete
  • WHERE
  • Where does it originate?
  • Where does it reside?
  • Where is it going?
  • HOW

How does it get where its going?
23
  • Back-Up
  • Local drives or devices
  • Portable drives or devices
  • Off-site storage
  • Disaster Recovery
  • Hardware
  • Software
  • Business Continuity
  • Develop and document a plan
  • Plan should include
  • Call trees or rendevous points
  • Manual work-around processes

Ref http//www.itd.ncsu.edu/staff/disast
er-recovery.php http//www.ncsu.edu/ehs/BCP/
24
  • Computer Security Discussion Points to Remember
  • Develop local security practices and promote
    awareness
  • Protect yourself and you protect your office and
    the network
Write a Comment
User Comments (0)
About PowerShow.com