Is Your Job Worth the Risk

Document Sample
Is Your Job Worth the Risk Powered By Docstoc
					Syracuse University AMAS Newsletter                                                                     Fall 2006


Message from the Director:                                       Is Your Job Worth the Risk?
T   his issue of Audit Insights contains several articles
    on topics we feel will be beneficial to our primary
readers – administrative dept. heads, budget managers,
                                                             I   n the nearly 30 years that I
                                                                 and my staff of internal
                                                             auditors have criss-crossed the
accountants and administrative assistants. They are          SU campus visiting dozens of
representative of the kinds of things the AMAS staff has     academic and administrative
seen during recent audits, or helpful tools that have come   departments and operating
                    to our attention and may be useful to    units, we have been impressed
                    you as well. The lead article on the     and encouraged by the level of professionalism,
                    risks of taking part in fraudulent       commitment and honesty we have observed among the
                    activity is a reminder that such         many management and staff employees charged with
                    behavior is unacceptable and will not    conducting the University’s business activities. Those
                    be tolerated.                            qualities are essential for a large, complex organization
                                                             like SU to remain successful and competitive. Although
To assist those whose responsibilities include signature     it is very rare, we have seen a few cases where an
approval or authorization of documents and transactions,     employee has taken inappropriate advantage of his or her
we hope you will find the guidelines on what it means to     position of trust and access to University assets for their
be an ‘approver’ to be helpful.                              personal benefit. When such a situation is identified,
                                                             either by an audit or an anonymous tip, we have the
With many employees now authorized to carry and use a        unenviable task of informing senior management,
SU procurement or travel card, our “Ask the Auditors”        conducting an investigation, coordinating with other SU
column answers why it is not a good idea to allow            officials and attorneys to determine the facts and
someone other than the assigned cardholder to use it.        ultimate resolution. Once it has been clearly determined
                                                             that a fraud has indeed occurred, the Office of Human
Have you begun using MyCodes in the new FAB                  Resources will enforce the appropriate disciplinary
financial system? We have identified several unique          measures. These may include restitution and/or
ways some departments have tailored the use of               termination of employment from SU. The University
MyCodes for their particular needs.                          also reserves the right to prosecute such cases through
                                                             the local law enforcement authorities.
We hope you will find these tidbits of audit wisdom to
be helpful in your daily work routine. On behalf of the      By maintaining high professional and ethical standards
AMAS staff, have a wonderful holiday season.                 of conduct and by promoting sound internal control and
                                                             monitoring procedures, the number and severity of these
                -   Steve Colicci, Director of AMAS          cases can be kept to a minimum.

               In this issue:                                Regardless of the dollar magnitude, Syracuse University
                                                             considers fraudulent activity by any member of the SU
⇒ Internal Controls – Approval, Authorization and            community a very serious violation. Even a small theft
  Verification Controls                                      could result in termination. When one considers the
⇒ Is Your Job Worth the Risk?                                negative economic and emotional impact, it should
⇒ MyCodes for Monitoring Financial Activity                  become evident that losing one’s job and having a
⇒ Ask the Auditors – Sharing of credit cards                 criminal record is a very high price to pay for getting
⇒ Quick Tips and Tricks – privacy rights, internet           involved in fraudulent activity. It’s just not worth the
  safety, equipment monitoring                               risk!
                                                                                                          Fall 2006


 MyCodes: A Useful Monitoring Tool                             Information regarding how to Update and Add a
                                                               MyCode (MyCode_Update), perform a MyCode
As you may know, optional MyCodes can be used for              Adjustment (MyCode Adjustment) and how to process a
any special financial reporting needs a department may         query to get a report of all active and inactive SU
have that are not provided by other ChartFields. But           MyCodes (MyCode Listing) can be found at the
have you really put them into practice?                        following links on the FAB website at fab.syr.edu:
Following are a few examples of how some Budget                MyCode Update
Managers are currently using MyCodes to their                  http://fab.syr.edu/Financials/uploads/MyCode_Update.p
advantage:                                                     df
Managing Travel Expenses by Employee: Are your
                                                               MyCode Adjustment
staff members’ travel costs shared with another
                                                               http://fab.syr.edu/Financials/uploads/Mycode%20Adjust
department and cumbersome to monitor?
                                                               ment.pdf
Solution: MyCodes - By assigning MyCodes to
individual staff members in your department, you can           MyCode Listing
save significant time in tracking and managing your            http://fab.syr.edu/Financials/uploads/MyCodeListing.pdf
departments travel expense. Make sure any MBNA
statements, purchase requisitions, employee expense            For further questions/concerns regarding MyCodes
vouchers, etc. have the employee’s corresponding               contact the FAB Service Center
MyCode entered in the ChartField.                              Phone: 443-8787
                                                               Email: fabhelp@syr.edu
Research Fund Accounts by Faculty Member: Do
you have Research Funds with several faculty
members assigned to each research fund?
                                                                         Business Ethics Hotline
Solution: MyCodes - Assigning MyCodes by individual            As a reminder, Syracuse University’s hotline reporting
faculty member will assist in the tracking of individual       service is available to the University community to
faculty research expenses. Again, utilize the MyCodes          provide a simple and confidential mechanism to report
on all appropriate expense forms to assist you in              inappropriate behavior involving any of the University’s
monitoring total expenditures per faculty member.              business or financial activities or records.
                                                                            Individuals wishing to utilize the hotline on
Event Tracking: Does your department host several
                                                                            the web may do so at www.EthicsPoint.com
events every year and would you like an easier method
                                                                            by typing “Syracuse University” in the
to monitor the associated costs per event?
                                                                            organization name field. A link to the
Solution: MyCodes – By assigning MyCodes per event             hotline has been added on the MySlice menu page in the
you can more easily identify/monitor the total cost of a       University Resources pagelet under “Other Links.”
single event.
                                                               Links are also located on the AMAS web page
Project Expenditures: Do you have multiple projects            http://amas.syr.edu and the BFAS web page
that warrant detailed monitoring?                              http://bfasweb.syr.edu .

Solution: MyCodes – Assigning MyCodes per project              Those preferring to submit reports
will enable you to monitor and track expenses charged to       by telephone may do so by calling
the various projects.                                          the EthicsPoint 24/7 toll-free call
                                                               center at 1-866-384-4277.
These are just a few examples of how MyCodes can
work to your advantage. Think critically and determine
the best use of MyCodes for your area/department.              "When you have a fraud, you don't have a fraud
                                                               problem - you have a business problem." Steve
                                                               Albrecht

                                                           2
                                                                                                             Fall 2006



  Proper Approvals, Authorization                                Ask the Auditors!
     and Verification Controls                                   Q: I have been assigned a
                                                                 University issued credit card. Is it
The action of approving transactions should not be taken         allowable for me to let another staff
lightly. Please take a moment to review the basic                member utilize the card with my
principles for controls surrounding authorizations:              permission?
• An approval indicates that the approver has reviewed
                                                                 A: The policies currently in place at SU for both
  the supporting documentation, ensured it is
                                                                 procurement and travel and entertainment credit cards
  appropriate, accurate, and in compliance with
                                                                 dictate that cardholders be the sole users of a University
  university policy and procedures. Thus, responsibility
                                                                 assigned credit card. Each employee assigned a card
  and accountability for a transaction comes along with
                                                                 signs an acceptance statement agreeing that the card will
  an approval. Supporting documentation should be
                                                                 be used for University business only and that they will
  sufficient for the approver to fully understand what
                                                                 be the sole user of the card. From an audit perspective,
  they are approving. Any unusual items should be
                                                                 the problem with sharing or treating cards as
  questioned. Don’t use rubber stamps, initial
                                                                 departmental cards is the lack of accountability over
  approvals, share passwords or sign blank forms.
                                                                 transactions. Cardholders should treat a University
• Review approval levels to ensure they are                      issued credit card as if it were their personal credit card,
  commensurate with the nature and significance of the           without making personal charges of course. How many
  transaction. Persons approving transactions should             allow others to use your personal credit card?
  have the authority and knowledge to make informed
  decisions to execute binding contracts, approve                In spite of policy and the common sense approach to
  purchase transactions, approve personnel actions (i.e.         managing and securing credit cards, we suspect that
  hiring, terminations, promotions etc), access                  there may be occasions when departments will allow
  confidential computerized or hard copy information             others to use a staff member’s assigned credit card (or
  relevant to their work responsibilities (i.e. “need-to-        number), to facilitate a purchase in a timely and efficient
  know” access).                                                 manner, for example. We strongly encourage them to
                                                                 follow policy, but if such an instance occurs, the
• Authorization to pay/reimburse business-related                accountability controls should be fully established to
  expenses of an employee should always be obtained              ensure all transactions conducted on the card are
  from a higher-level supervisor of that employee. This          identifiable as to who initiated the transaction and what
  would include Department Heads, Directors, Vice-               was supposed to be purchased.
  Presidents, Deans, etc. who ordinarily would have
  signatory authority over such transactions. No one             It is the cardholder's responsibility to obtain itemized
  should be allowed to approve such payments to                  transaction receipts from the vendor each time a
  him/herself or to suppliers/vendors for expenses they          University credit card is used. Policy also obligates each
  have personally incurred on behalf of the University.          cardholder to review their monthly credit card statements
                                                                 to ensure the validity of all transactions, a crucial control
• Authorization and access privileges must be modified           step to detect inappropriate charges prior to settlement.
  or deleted, as appropriate, immediately upon the
  transfer or termination of employees in order to protect       Make this newsletter an outlet you can use! The AMAS
  the integrity of the internal control system. Actions to       staff has a lot of University experience and we’ll do our
  take upon transfer/termination of an employee include:         best to give you good advice. Send your questions to:
                                                                 amas@listserv.syr.edu
  o   Return of keys to buildings, offices, and vehicles.
  o   Return of SU travel card and/or procurement card.
  o   Notification to SU ID Card Office relative to
      building access privileges.                                  Happy Holidays from
  o   Notification to the Comptroller’s Office of change

  o
      in signature authority.
      Deletion of computer access privileges.
                                                                    the staff at AMAS!
                                                             3
                                                                                                                Fall 2006




                 Quick Tricks & Tips:

                 Here are some helpful hints we’ve discovered along our travels:


1. Privacy Rights Clearinghouse: The Privacy Rights Clearinghouse web page contains info on identity theft (of
   course). It also has info on telephone privacy, financial privacy, medical records privacy, general privacy alerts, and
   data breaches.

    Their web address is http://privacyrights.org/

2. Internet Kid Safety: For all you parents and kid minders out there to think about.

    1) Age appropriate Kid Internet safety pledges:

    http://www.netsmartz.org/resources/pledge.htm

    2) Internet terms and acronyms that Kids use:

    http://www.netlingo.com/top20teens.cfm
    http://www.city-net.com/~ched/help/lingo/chatslang.html

3. Equipment Monitoring: Many University departments have equipment items (desktop/laptop computers, video
    equipment, cameras, phones, etc) under the University’s capitalization threshold of $5,000 that may be of great value
    to an individual department. All valued equipment should be kept physically secure. Departmental records can be
    maintained of easily misappropriated equipment that is not capitalized, and that equipment can be periodically
    verified and reconciled to those records. These measures can help to protect against loss via theft or other
    misappropriation and avoid costly replacement of the equipment.




If you are not on our distribution list or know someone who would like to receive this publication, please let us know.

How to Contact Us:

E-mail: amas@listserv.syr.edu                                                            Visit Us Online!
Phone: 315-443-5150
Fax: 315-443-5151                                                    Our website has a lot more detailed information, articles
Address: Audit & Management Advisory Services (AMAS)                  and resources. We couldn’t pack everything into this
          621 Skytop Road, Suite 100                                     edition, so until the next one arrives, visit us at:
          Syracuse, NY 13244                                                           http://amas.syr.edu




                                                               4

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:10/17/2011
language:English
pages:4