Embed

NCSU INTERNAL AUDIT DIVISION

Document Sample

Tags

NCSU INTERNAL AUDIT DIVISION, Internal Audit Division, CPA firm, Audit Report, Dallas Office, Internal Audit, Raleigh NC, the North, CPA certificate, Internal Audit Department

Stats

views:: 11
posted:: 8/22/2009
language:: English
pages:: 24

Public Domain

NCSU Internal Audit

Division

Presents:

Basic Financial

and IT

Controls –

Identifying

Risks

1

Financial Risk Management –

Don’t Risk It!

I. Introduction

II. Overview of Common Audit Issues

III. Information Technology (IT)

Computer Security Discussion

IV. Conclusion

2

I. Introduction

Identifying Risks

Risk is the possibility that an event will

occur and adversely affect the

achievement of objectives (Per COSO)

3

II. Overview of Common

Audit Issues

Don’t risk it…

• Ultimately, the Department/Unit Head is

responsible for fiscal management

• Avoid potential fraud by ensuring that

proper controls are in place and working

effectively!

4

Common Audit Issues

A. Receipt Monitoring F. Human Resources

B. Expenditure Documentation G. Contracts and Grants

C. Checks H. Foundations

D. Account Reconciliation I. Misuse of State Funds

E. Segregation of Duties

5

A. Receipt Monitoring

• Must be an authorized receipt center

• Retain receipts for all funds

• Retain original voided receipts

• Make timely deposits

• Daily deposits

• Weekly if less than $250

• Use pre-numbered receipt books

• Track receipt books

• Reconcile receipts to deposits each month

NCSU PRR, Reg 07.30.04, “Receipt Centers – Request for Authorization.”

NCSU PRR, Reg 07.30.02, “Receipt Centers - Deposit of Funds.”

NCSU PRR,Reg 07.30.03, “Receipt Centers - Operations and Use.”

N.C.G.S. § 147-77, Daily Deposit of Funds to Credit of Treasurer. 6

B. Expenditure Documentation

Purchases

• Purchase order

• Receipt

• Invoice/receiving documentation

• Evidence of business purpose

• Sales tax exemption status verification

NCSU PRR, Reg 07.05.01, “Payments – Documentation Requirement for Expenditures.”

Tax Exemption Letter, NCSU Controller’s office, available at

http://www.fis.ncsu.edu/controller/tax/vendor_notification_letter.doc.

7

B. Expenditure Documentation

Travel

•Conference Agenda or Brochure

•Hotel Deposits

•Itinerary

•Mileage

•Airlines – book on the web

•Reimbursement – within 30 days

NCSU PRR, Reg 07.65.05, “Travel, Personal Vehicle.”

NCSU PRR, Reg 07.65.11, “Travel, Travel Reimbursements.”

8

B. Expenditure Documentation

Documentation should answer:

Who?

What?

When?

Where?

NCSU PRR, Reg 07.05.01, “Payments – Documentation Requirement for

Expenditures.”

9

C. Checks from Imprest Accounts

• Must be pre-numbered

• Do not sign a blank check

• Do not sign checks payable to yourself

• Must be supported by proper

documentation, especially if check is to an

individual

NCSU PRR, Reg 07.30.09, “Imprest Checking Accounts.”

10

D. Account Reconciliation

• Perform monthly reconciliation

• Verify all receipts deposited

• Verify all expenses cleared

• Provides budgetary control

•NCSU PRR, Reg 06.15.01, “Effective Financial Controls at

the County level.”

11

E. Segregation of Duties

• Receipting

• Depositing

• Reconciling Accounts

• Compensating Control – Department Head’s

Review and Oversight

NCSU PRR, Reg 07.30.03, “Receipt Centers.”

12

F. Human Resources

Timesheets

• Leave Taken

• Compensatory Time Off

• Overtime

• Required Signatures

• Approvals (Supervisor’s Responsibility)

NCSU PRR, Staff Handbook, Employee Time Record

http://www.ncsu.edu/policies/employment/salary_admin/time_record.php

13

F. Human Resources

Employment

• Completion of Form I-9

• BASIC Pilot Program (new requirement

1/1/07)

Employment Eligibility Verification Form, Immigration Services of the Department of Homeland Security.

14

G. Contracts and Grants

• Compliance with grant and other policies

• Supporting documentation for all

expenditures

• Timely expenditures

• Personnel costs should match effort

NCSU PRR, Reg 10.5.1-15, “Contracts and Grants Circular A110 & A21.”

15

H. Foundations

• Associated Entities

• Management and Financial Control

UNC Policy Manual, 600.2.5.2[R], “Required Elements of University – Associated Entity

Relationships.”

16

I. Misuse of State Funds (Resources)

• What is Misuse?

• Who reports, and how?

• Internal Audit, Legal Affairs, Campus

Police work together

• State Auditor’s Hotline 1-800-730-TIPS

Ref: PRR Reg 07.40.2 (G.S. 114-15.1), “Reporting Misuse of State Property”

17

Common Audit Issues Summary

Remember…

• Ultimately, the Department/Unit Head is

responsible for fiscal management.

• Avoid potential fraud by ensuring that

proper controls are in place and using

them effectively.

18

III. IT - Computer Security

Discussion

“What’s happening in your area?”

• What computer-based activities do you

have and how often are you performing

them?

• What issues are you aware of from a

security or data protection standpoint?

Goal of Discussion =

Customized “12 Step Program”

19

New State and Federal Laws

• Privacy and Identity Theft

http://www.fis.ncsu.edu/etss/files/idprevention.pdf

• Payment Card Industry (PCI) Data Security

Standards

• PCI Security Council: https://www.pcisecuritystandards.org/index.htm

• Visa: www.visa/cisp

New NCSU Regulations

• Data Management (and Classification) Procedure

http://www.ncsu.edu/policies/informationtechnology/REG08.00.3.php

• Password Requirements

http://www.ncsu.edu/it/essentials/your_unity_account/password.html

20

Physical and Logical Security

• Physical

• Locks on hardware

• Configure screensaver

• Safe storage of software

• Logical

• Password protect system

• Separate user identities on shared systems

• Anti-Virus, Anti-Spyware

• Locked files

• Routers/firewalls

• Encryption

21

Ref: http://www.ncsu.edu/it/essentials/antivirus_security/index.html

Security for Electronic and Hard-Copy Data

• Desire = data integrity

• Driver = data sensitivity

• Primary focus should be:

•WHAT: What Data?

•WHO: Who has access to the data?

•Read •Update

•Write •Delete

•WHERE:

•Where does it originate?

•Where does it reside?

•Where is it going?

•HOW: How does it get where it’s going?

22

Back-Up

• Local drives or devices

• Portable drives or devices

• Off-site storage

Disaster Recovery

• Hardware

• Software

Business Continuity

• Develop and document a plan

• Plan should include:

• Call trees or rendevous points

• Manual work-around processes

Ref: http://www.itd.ncsu.edu/staff/disaster-recovery.php

23

http://www.ncsu.edu/ehs/BCP/

Computer Security Discussion

Points to Remember

• Develop local security practices and

promote awareness

• Protect yourself and you protect your

office and the network

24