The following list of control reminders should be used, as
applicable, by University
business managers as guidelines for establishing sound internal controls and effective resource
stewardship within their units.
The list includes selected generic findings involving widely applicable issues from actual internal
audits. For example, the proper handling of University
property affects all
departments and is listed so that the broader University community might benefit from the recent
experiences of one or a few units. The list is not a compendium of all University policies and
standards and will be updated periodically as issues change over time.
Please contact us for
assistance at x2762 or by e-mail if you have any questions about implementing these or
other control issues affecting your department.
Segregation of Duties
- Segregation of duties should be a core component of your internal control environment. Generally, one person should not have custody of, or access to an asset (e.g., cash) and the ability to update the underlying accounting records for the asset without mitigating controls (e.g., independent review by a non-subordinate, provable receipts through pre-numbered forms or inventory levels). More details are provided in the following sections.
Management Audit and Analysis
- Managers should routinely scrutinize individual financial transactions, review University monthly budget account statements, and analyze overall results of operations to validate their expectations and trust in their unit's business processes and people. Meaningful self-auditing or analytical procedures should be used to monitor transactions and financial data for compliance with University standards, and to understand, explain and follow-up on fluctuations or significant deviations. Analytical techniques should include individual transactions, comparisons between budget and actual, comparisons between financial data from year to year, and between financial and non-financial data.
Records Retention
- Transaction source documents which support reported financial results (e.g.,registration/attendance rosters) should be retained in accordance with University records retention requirements (generally three years). Consult the University Archivist for the specific requirements for your departmental records.
Training and Adherence to Policies and Procedures
- Departments should provide appropriate training to their employees. If University policies are not followed, procedures may change over time, without authorization, to where they no longer adhere to policies. Unfamiliarity with policies and procedures can result in individuals either acting without authority, or not knowing what is expected of them.
Recording Business Activities
- All department business activities should be recorded in the University's central accounting system.
Monthly Reconciliations
- Detailed department records, such as sales journals, receivable ledgers or inventory balances should be reconciled to the corresponding general ledger accounts at least every month. Contact the Associate Treasurer for Financial Services for assistance in setting up appropriate accounts for your department's needs.
Object Codes
- Departments should monitor all financial transactions they originate for correct object code usage to maintain the integrity of University business information and assist them in future budgeting.
Conflicts of Interest
- All University employees are expected to uphold the highest ethical standards. Potential conflicts of interest should always be disclosed in accordance with University policies 4-26 and 4-41, Conflict of Interest and Ethical Conduct.
University Policy 3-22
- Whether cash is collected in-person, through the mail or via credit card, there must be controls in place to ensure that all sales and cash collections are recorded and deposited in authorized University accounts. Managers of employees handling cash receipts should assure that they are familiar with and follow policy 3-22.
Segregation of Duties
- Departments engaged in revenue producing activities must be sure that no one performs too many functions without having mitigating checks and balances in place to ensure that all monies collected are deposited and properly recorded. Examples of functions which should typically be performed by separate individuals include customer billing, receiving payments directly or through the mail, recording payments against customer accounts, preparing and making bank deposits, and reconciliations.
Management Review
- Managers should perform meaningful independent reviews in which source documents or other records are scrutinized to provide reasonable assurance that everything collected is deposited to the appropriate bank in a timely manner and recorded correctly. Also, these reviews should include examination of the adequacy of the transaction documentation - e.g., do the pre-numbered sales receipts include sufficient transaction descriptions, dates, amounts, who bought it, etc?
Use of Pre-Numbered Forms
- In many instances, pre-numbered forms (e.g., tickets) can be used to effectively ensure that all cash collections are recorded. If pre-numbered forms are used, they should be strictly controlled and inventoried each day to prove cash collections.
Use of Cash Registers
- Cash registers should be used to control major cash collections at the point of sale.
Sensitive Transactions
- Certain sensitive transactions should be subject to additional controls such as specific policies, additional independent manager approval or after-the-fact scrutiny. For example, giving away complimentary items, writing-off of past-due receivable balances, voids, refunds, discounts and fee waivers should be authorized and controlled by policy, sufficiently documented, and independently validated. "No sale" register openings should also be reported to, and scrutinized by managers.
Billing and Collection Systems
- Departments should utilize the University's central billing, receivable and collection system (BRS). In limited circumstances where appropriate and approved in writing by the Director of Billing and Collection, departments may maintain their own systems subject to effective local controls.
- If a unit receives written approval from the Director of Billing and Collection to maintain its own billing and collection subsystem, the department must be sure to send monthly billings to customers, follow-up on non-payment, and reconcile the subsidiary receivable ledger and general ledger balances each month.
Proper Remittance Instructions
- When departments do their own billing, remittance instructions should clearly state that checks are to be made payable to the "University of Delaware" and payment should be sent directly to the University Cashier, not the department. Receipts by departments must be approved in writing by the Director of Billing and Collection.
Daily Closeout and Reconciliation
- Ensuring that all sales/collections are recorded is the first step in verifying that everything collected is deposited. For example, if a cash register is used, register totals for each day should equal a bank deposit, and they should be reconciled on a daily register closeout report. The daily report should also account for the register imprest balance, and any overage or shortage (i.e., a difference between recorded sales and cash on hand). Overages and shortages should be recorded on a University Cash Transmittal form, and monitored and investigated by management.
Record of Tender Types
- Tender types (e.g., $ cash, $ check, $ credit card) should be recorded at the point of sale and totaled on a University Cash Transmittal form and bank deposit slip to ensure that receipts are deposited intact.
Cash Flow Management
- For grants and contracts that depend on letter of credit draw downs, cash flow management is essential to ensure that the University does not have excess cash as defined by applicable Federal regulations, or is funding a substantial deficit cash position.
Markup and Cost Recovery
- Units selling goods or services are required to have an approved markup or cost recovery policy.
- If a unit's customers are using the goods or services for federally-sponsored research, rates must be set in accordance with OMB Circular A-21 which allows aggregate cost recovery when costs are supported by a cost study.
Purchasing Procedures
- Purchases of "big-ticket" goods and services should be supported by evidence of shopping for best value. Formal price quotes or competitive bids and detailed specifications should be obtained, recorded and retained with other purchase documentation, through the University Purchasing Department (University policy 5-1).
Proper Documentation
- Expenditures should be supported by invoices, bills, or other original documentation that includes vendor name, item descriptions, amount, purpose, payee and date.
Proper Approvals
- All expenditures should be properly approved in accordance with University policy, including changes to existing orders and requirements for dollar limit approval hierarchies. Requestors should not approve their own disbursements.
Receiving Controls
- The actual receipt of goods and services indicated on vendor invoices should be verified on at least a test basis by department personnel who are not subordinate to the procuring individual.
Purchasing Cards
- The University business purpose and supporting documentation for transactions of each purchasing card should be monitored by a properly trained independent reviewer and such reviews should be documented.
- University departments are accountable for obtaining and maintaining appropriate support documentation for all charges to purchasing cards, including items charged to Purchasing Department Buyer Cards.
- University departments should designate all purchasing card transactions in the On-line Transaction Review System on a timely basis.
Gross Pay Adjustment Forms
- Gross Pay Adjustment forms should always contain sufficient details (e.g., #hrs by day) to document what the pay adjustment is for and how it was determined.
Telephone Toll Calls
- Departments should review University monthly telephone distribution reports to provide reasonable assurance toll calls are necessary and personal calls are reimbursed to the University on a timely basis.
Segregation of Duties
- Segregation of duties between those with custodial access to valuable property and those with the ability to update the underlying records should exist in conjunction with meaningful management review of transactions, balances, and physical existence.
Inventory Management
- Managers of departments with inventories held for sale should be sure to monitor the number of item types and quantities on-hand to minimize holding costs and obsolescence.
Property Disposal
- Disposal of property, including obsolete inventory, should always be properly approved and documented (University policy 5-7).
Property Records
- Property should be supported by appropriately detailed records, including an adequate description, cost or basis and location.
Property Movement
- Valuable property should never be removed from University premises without proper written authorization, disclosure, contracts or other protective measures (University policy 2-9).
Physical Security
- Property should always have adequate physical security, especially valuable items or items which have high market desirability - e.g., cash should be stored in a locked safe. Also, access to valuable assets should be restricted to a limited number of people to minimize the risk of shortages.
Transfer of Research Equipment
- The transfer of property when a Principal Investigator leaves the University is limited to equipment only and restricted by funding source and other factors. Requirements for transferring University-owned equipment purchased on applicable contracts and grants include a written inventory, justification, certification and approvals (University policy 6-8).
Systems Administration
- Any information system under the exclusive control of a department should have an individual assigned as its system administrator. System administrators should be qualified to, or designate someone on their behalf to recognize and act on widely publicized security vulnerabilities, and monitor and follow-up on security related events.
Computer Access
- Computer user access/authorities should be determined by what each individual needs to know as a part of his/her job requirements.
Systems Backup
- Routine backups of information systems should be done regularly, and backup copies should be stored in a separate location for a length of time commensurate with the risk of data loss.
Terminated Employees
- Procedures should exist to ensure that terminated employees' system authorities are removed when they are terminated.
Password Control
- Passwords for all system users should be changed periodically, either through a system or policy requirement.
IRS Requirements for Gifts of Personal Property
- Gifts of tangible personal property (e.g., donations of expensive artworks) to the University must comply with IRS filing requirements, especially if subsequently sold. Contact the Associate Treasurer for Financial Services for specific guidance concerning gifts-in-kind.
