Quick Reference Guide
Revised September 2007
Internal Audit has documented the following miscellaneous procedures as a quick reference for departments. They represent university policies or best practices that Internal Audit believes will create good internal controls. This is not an all-inclusive list of all university procedures and, at any time, these procedures may change. Current policies and procedures can be found on the following websites: The Office of the Controller (www.controller.cmich.edu), Human Resources (www.hrs.cmich.edu), Purchasing Services (www.purchasing.cmich.edu), and General Counsel (www.cmich.edu/gencounsel). If more detail is needed, contact the department listed or Internal Audit at extension 7082.
To provide adequate safeguarding of critical information, Internal Audit recommends
that critical computer files be backed upon a periodic basis. The importance of the
information and the amount of time needed to recreate the information should be considered
when determining how often to back up computer files. The back-up disks or tapes should be
stored off-site. Internal Audit also recommends that departments contact the Office
of Information Technology to discuss the latest software options used on campus for
automatic backup through SMS (System Management Server).
If a department requires, or uses, a change fund, see Suggestions for Change Funds for more information.
Though it is ideal to process revenue through the Receivable Accounting Office, departments occasionally receive cash and checks directly from the payee. When this occurs, the following should be considered:
- Endorse checks immediately upon receipt. A proper endorsement includes "Central Michigan University" and "For Deposit Only" on the back of the check.
- Money collected should be kept in a secure location, such as a locked filing cabinet, locked box or safe. Keys or combinations should only be given to those employees that need them to perform their job responsibilities. Preferably, only two people (one serving as a backup) should have access to the keys or know the combinations. If an employee who has access to one of these devices leaves the employ of the department, keys should be returned and any combinations should be changed.
- If large sums of money are collected, deposits should be made frequently. Departments need to determine what amount they would be willing to put at risk when determining when a deposit should be made.
- The safety of employees who deliver deposits should be considered.
For additional information concerning cash receipts, see
Suggestions
for Cash Receipts.
If a department allows employees to work overtime and the employee elects the option of compensatory time,
the actual hours of overtime worked should be recorded as compensatory time on the timesheet. This will
be calculated at 1.5 times the hours reported. Contact the
Payroll office with specific questions.
A significant amount of money is spent each year on computer equipment. Departments rely heavily on information created, processed and stored on computers. Consequently, departments should implement good computer and password controls. See Suggestions for Computer Security and Suggestions for Password Security for more information.
Computer Virus Protection Software
New computer viruses are being created at an alarming rate per month. Consequently, Internal Audit recommends
that computer virus protection software be used continuously and updated on a weekly (at the minimum) basis. Contact
the Office of Information Technology with specific questions.
Anyone signing contracts must have the proper authority. The Office of the Vice President of Finance and
Administrative Services maintains a list of all individuals who have been delegated the authority to sign
contracts on the university's behalf. The list can be viewed on the
Purchasing Services web site. For more information, contact the Finance and
Administrative Services office.
Capitalized Equipment (all tangible, non-expendable property, having a useful life of more than one year and a value of $5,000 or more) and Non-Capitalized Equipment (tagged with a purchase price of $1,000-$5,000 OR technology related) should be verified annually. Typical "technology" related items include cameras, digital cameras, stereos, audio visual equipment, televisions, VCRs, DVDs, printers, computers, electronics, and digital media equipment. These items are tagged with university property identification tags to deter theft and provide a basis for university departments to conduct equipment inventory.
Fixed Assets should be notified of any assets that have been scrapped, stolen, sold, traded in, loaned out for an extended period, or transferred. If any equipment is delivered directly to the department, Assets should be notified so that the equipment can be tagged and added to the inventory list. Any unused or obsolete equipment should be given to Assets. If a department is considering donating or giving equipment away, Fixed Assets should be contacted prior to doing so.
Whenever equipment is transferred from one department to another or moved to a substantially different physical location, but stays within the same department, the transferring department should contact Fixed Assets and provide the updated information. This information will allow their office to accurately track equipment locations and responsible cost centers while improving the overall accuracy of departmental equipment inventories.
If equipment is taken off campus on a
long-term basis, Fixed Assets should be notified. See the Request
to Take Equipment Off Campus form that should be used for equipment taken off campus on a long-term basis. If equipment is
taken off campus on a short-term basis, the department should require employees to
complete a sign-out sheet. This provides written support for the location of the
equipment.
All fees should be approved through the Budget and Planning office and
collected by Receivable Accounting.
Development and Alumni Relations should be notified when monetary gifts are received. Upon receipt of non-monetary gifts, you must contact your college development officer or work directly with Development and Alumni Relations at extension 1012.
An Independent Contractor Questionnaire must be completed and submitted to Employment and Compensation/HR
before the service of an individual
(i.e., sole proprietor) is considered for hiring as an independent contractor. It
must be completed even in those cases where payment is to be made to a business name
rather than to the individual. If it is determined that the individual qualifies as
an independent contractor, then the department will receive a copy of an independent
contractor agreement which should be completed, signed by an individual with contracting
authority and submitted along with the copy of the questionnaire to Payable Accounting at
the time payment is to be processed. If it is determined that the individual should
be processed as an employee rather than an independent contractor, then the necessary
employment appointment forms should be processed through the normal channels. For
additional information, see forms on the
Employment and Compensation/HR web site. If the services are being provided by a business (a
corporation or partnership), the normal procurement policies should be followed.
Unless an authorization log is completed, only the cardholder is authorized to make purchases with a university CMU Business Card.
The university has a policy regarding what can be purchased with the university CMU Business Card. See Highlights of expenditure policy, for more information.
Per the Office of the Controller cardholder guidelines, CMU Business Cards should be handled the same way one would handle cash. Therefore, the cards should be kept in a secure location (e.g., carried by the cardholder, or in a locked desk, cabinet, or safe).
Supporting documentation for CMU Business Card transactions must be kept for three years per the CMU Business Card agreement. Internal Audit suggests attaching the supporting documentation to the monthly statement for filing. This documentation should include credit card receipts that contain a descriptive itemization of items purchased, amounts, price and vendor.
For additional information, contact
the Office of the Controller or visit their website section
Credit
Card.
Reconciling the Department's Accounts
Ideally, the department's accounts should be reconciled within two weeks from the month-end close dates. It is important that the accounts be reconciled to ensure that they accurately include authorized transactions. Each transaction, other than payroll and mailroom, should be supported by documentation. The payroll and mailroom entries should be reviewed for reasonableness. Reconciling the department's accounts provides a good internal control environment.
In addition to identifying unauthorized transactions, the reconciliation should include identification of transactions initiated by the department but not yet posted on the general ledger. Financial information should be adjusted to reflect pending transactions identified, thereby providing up-to-date financial information to be used in the monitoring of the availability of funds.
After completing the reconciliation, the statements along with the supporting documentation
should be given to a second person for review. This review should be completed within a month.
After the review, it is a good practice to initial the statements and file them with supporting
documentation. For more information on the reconciliation process, see
Suggestions for
Expenditure Approval and Reconciliation.
The university has an official
record retention schedule.
A copy can be downloaded from the Internal Audit website. A department
can submit changes to Internal Audit at any time.
Review Mailroom, Phone, Fax, and
Copier Usage
Mailroom, phone, fax, and copier charges should be reviewed for reasonableness. Personal use of any university resources should be reimbursed.
All scholarships should be established through the
Scholarships and Financial Aid Office. The scholarship accounts should be monitored by the
department.
CMU Police should be informed of any
security system installed on campus. Keys or codes should be given only to those
employees who need them to perform their job responsibilities. However, at least two
people (one serving as backup) should have the keys or codes. If an employee who
knows the code or has a key to the security system leaves the employ of the department,
the code should be changed or the key returned.
Though more difficult to accomplish in small departments, segregation of duties is possible in any office containing two or more people. Departments should review revenue, payroll, expenditure, and credit card processing to ensure adequate controls are in place. The following is a list of ideal processes that would provide adequate controls.
- Revenue
Processing: One person receives the revenue and creates payment documentation
(receipt, receipt log, copy of check). A second person prepares the deposit and
reconciles the amounts to the account during the monthly reconciliation. A receipt
from the Receivable Accounting Office is given back to the first person who uses it to
compare to the payment documentation. The second person reconciles the amount
collected to what should have been collected. For more information see
Suggestions for Cash
Receipts.
back to top - Payroll Processing: One person prepares the timesheets
and gives them to a second person to approve. The timesheets are delivered to Payroll. The second person reviews
the monthly account reconciliation for reasonableness. For more information, see
Suggestions for
Expenditure Approval and Reconciliation.
back to top - Expenditure
Processing: For the best internal controls, one person approves the expenditures
while a second person receives the deliveries and performs the account reconciliation.
The first person reviews the reconciled account with the supporting documentation.
One person could have authority to approve expenditures, receive deliveries, and
reconcile the accounts as long as a second person reviews the statements and supporting
documentation. For more information concerning the expenditure process, see
Suggestions for Expenditure Approval and Reconciliation.
back to top - Credit
Card Processing: The cardholder reconciles the monthly credit card statement to
the supporting documentation. Someone other than the cardholder should review the
reconciled statement with the supporting documentation.
back to top
Most purchased software programs used at the university are copyrighted and/or patented. These copyrights and patents prohibit the university or its employees from making duplicates of the software and may also restrict the use of the software program to a particular machine. As users and/or purchasers of software packages, departments have the responsibility to be aware of the various agreements pertaining to each. Making illegal copies of licensed software may result in an individual and/or the university being held liable.
A good rule of thumb regarding software purchased is to assume the software:
- is not to be copied except for making a back-up
- is designated for use with only one PC/Laptop at a time and is not to be used by multiple users on a local area network.
- is not normally maintained and updated by the vendor unless departments have paid an annual maintenance/support fee or paid for an updated version.
If you do copy software for a back-up, the manufacturer's copyright notice should be placed on all copies or portions of the software reproduced.
Employment and Compensation/HR has created a Staff Termination Checklist and a Student Employment Termination Notice that should be completed by the supervisor and signed by the employee upon employee termination. Internal Audit suggests that the department complete the termination forms for all employees when employment has terminated. For staff employees, this form should be returned to Employment and Compensation/ HR Services (RW 109) and the student termination notices should be sent to Student Employment Services (UC 206)
Transfer of funds should be done according to procedures located at the Accounting Services website. The department requesting the transfer is responsible for forwarding a copy of the e-mail message or memo to departments that are affected by the transfer.
Per university policy, all Employee Reimbursement Forms must be approved by someone administratively senior to the individual seeking reimbursement. It is a good practice to have travel approved prior to the travel occurring in order to provide proper authorization over travel expenditures. For more information, contact the Travel Clerk in Payroll or visit the Travel section on the Controller's web page.