Syracuse University AMAS Newsletter Fall 2006
Message from the Director: Is Your Job Worth the Risk?
T his issue of Audit Insights contains several articles
on topics we feel will be beneficial to our primary
readers – administrative dept. heads, budget managers,
I n the nearly 30 years that I
and my staff of internal
auditors have criss-crossed the
accountants and administrative assistants. They are SU campus visiting dozens of
representative of the kinds of things the AMAS staff has academic and administrative
seen during recent audits, or helpful tools that have come departments and operating
to our attention and may be useful to units, we have been impressed
you as well. The lead article on the and encouraged by the level of professionalism,
risks of taking part in fraudulent commitment and honesty we have observed among the
activity is a reminder that such many management and staff employees charged with
behavior is unacceptable and will not conducting the University’s business activities. Those
be tolerated. qualities are essential for a large, complex organization
like SU to remain successful and competitive. Although
To assist those whose responsibilities include signature it is very rare, we have seen a few cases where an
approval or authorization of documents and transactions, employee has taken inappropriate advantage of his or her
we hope you will find the guidelines on what it means to position of trust and access to University assets for their
be an ‘approver’ to be helpful. personal benefit. When such a situation is identified,
either by an audit or an anonymous tip, we have the
With many employees now authorized to carry and use a unenviable task of informing senior management,
SU procurement or travel card, our “Ask the Auditors” conducting an investigation, coordinating with other SU
column answers why it is not a good idea to allow officials and attorneys to determine the facts and
someone other than the assigned cardholder to use it. ultimate resolution. Once it has been clearly determined
that a fraud has indeed occurred, the Office of Human
Have you begun using MyCodes in the new FAB Resources will enforce the appropriate disciplinary
financial system? We have identified several unique measures. These may include restitution and/or
ways some departments have tailored the use of termination of employment from SU. The University
MyCodes for their particular needs. also reserves the right to prosecute such cases through
the local law enforcement authorities.
We hope you will find these tidbits of audit wisdom to
be helpful in your daily work routine. On behalf of the By maintaining high professional and ethical standards
AMAS staff, have a wonderful holiday season. of conduct and by promoting sound internal control and
monitoring procedures, the number and severity of these
- Steve Colicci, Director of AMAS cases can be kept to a minimum.
In this issue: Regardless of the dollar magnitude, Syracuse University
considers fraudulent activity by any member of the SU
⇒ Internal Controls – Approval, Authorization and community a very serious violation. Even a small theft
Verification Controls could result in termination. When one considers the
⇒ Is Your Job Worth the Risk? negative economic and emotional impact, it should
⇒ MyCodes for Monitoring Financial Activity become evident that losing one’s job and having a
⇒ Ask the Auditors – Sharing of credit cards criminal record is a very high price to pay for getting
⇒ Quick Tips and Tricks – privacy rights, internet involved in fraudulent activity. It’s just not worth the
safety, equipment monitoring risk!
MyCodes: A Useful Monitoring Tool Information regarding how to Update and Add a
MyCode (MyCode_Update), perform a MyCode
As you may know, optional MyCodes can be used for Adjustment (MyCode Adjustment) and how to process a
any special financial reporting needs a department may query to get a report of all active and inactive SU
have that are not provided by other ChartFields. But MyCodes (MyCode Listing) can be found at the
have you really put them into practice? following links on the FAB website at fab.syr.edu:
Following are a few examples of how some Budget MyCode Update
Managers are currently using MyCodes to their http://fab.syr.edu/Financials/uploads/MyCode_Update.p
Managing Travel Expenses by Employee: Are your
staff members’ travel costs shared with another
department and cumbersome to monitor?
Solution: MyCodes - By assigning MyCodes to
individual staff members in your department, you can MyCode Listing
save significant time in tracking and managing your http://fab.syr.edu/Financials/uploads/MyCodeListing.pdf
departments travel expense. Make sure any MBNA
statements, purchase requisitions, employee expense For further questions/concerns regarding MyCodes
vouchers, etc. have the employee’s corresponding contact the FAB Service Center
MyCode entered in the ChartField. Phone: 443-8787
Research Fund Accounts by Faculty Member: Do
you have Research Funds with several faculty
members assigned to each research fund?
Business Ethics Hotline
Solution: MyCodes - Assigning MyCodes by individual As a reminder, Syracuse University’s hotline reporting
faculty member will assist in the tracking of individual service is available to the University community to
faculty research expenses. Again, utilize the MyCodes provide a simple and confidential mechanism to report
on all appropriate expense forms to assist you in inappropriate behavior involving any of the University’s
monitoring total expenditures per faculty member. business or financial activities or records.
Individuals wishing to utilize the hotline on
Event Tracking: Does your department host several
the web may do so at www.EthicsPoint.com
events every year and would you like an easier method
by typing “Syracuse University” in the
to monitor the associated costs per event?
organization name field. A link to the
Solution: MyCodes – By assigning MyCodes per event hotline has been added on the MySlice menu page in the
you can more easily identify/monitor the total cost of a University Resources pagelet under “Other Links.”
Links are also located on the AMAS web page
Project Expenditures: Do you have multiple projects http://amas.syr.edu and the BFAS web page
that warrant detailed monitoring? http://bfasweb.syr.edu .
Solution: MyCodes – Assigning MyCodes per project Those preferring to submit reports
will enable you to monitor and track expenses charged to by telephone may do so by calling
the various projects. the EthicsPoint 24/7 toll-free call
center at 1-866-384-4277.
These are just a few examples of how MyCodes can
work to your advantage. Think critically and determine
the best use of MyCodes for your area/department. "When you have a fraud, you don't have a fraud
problem - you have a business problem." Steve
Proper Approvals, Authorization Ask the Auditors!
and Verification Controls Q: I have been assigned a
University issued credit card. Is it
The action of approving transactions should not be taken allowable for me to let another staff
lightly. Please take a moment to review the basic member utilize the card with my
principles for controls surrounding authorizations: permission?
• An approval indicates that the approver has reviewed
A: The policies currently in place at SU for both
the supporting documentation, ensured it is
procurement and travel and entertainment credit cards
appropriate, accurate, and in compliance with
dictate that cardholders be the sole users of a University
university policy and procedures. Thus, responsibility
assigned credit card. Each employee assigned a card
and accountability for a transaction comes along with
signs an acceptance statement agreeing that the card will
an approval. Supporting documentation should be
be used for University business only and that they will
sufficient for the approver to fully understand what
be the sole user of the card. From an audit perspective,
they are approving. Any unusual items should be
the problem with sharing or treating cards as
questioned. Don’t use rubber stamps, initial
departmental cards is the lack of accountability over
approvals, share passwords or sign blank forms.
transactions. Cardholders should treat a University
• Review approval levels to ensure they are issued credit card as if it were their personal credit card,
commensurate with the nature and significance of the without making personal charges of course. How many
transaction. Persons approving transactions should allow others to use your personal credit card?
have the authority and knowledge to make informed
decisions to execute binding contracts, approve In spite of policy and the common sense approach to
purchase transactions, approve personnel actions (i.e. managing and securing credit cards, we suspect that
hiring, terminations, promotions etc), access there may be occasions when departments will allow
confidential computerized or hard copy information others to use a staff member’s assigned credit card (or
relevant to their work responsibilities (i.e. “need-to- number), to facilitate a purchase in a timely and efficient
know” access). manner, for example. We strongly encourage them to
follow policy, but if such an instance occurs, the
• Authorization to pay/reimburse business-related accountability controls should be fully established to
expenses of an employee should always be obtained ensure all transactions conducted on the card are
from a higher-level supervisor of that employee. This identifiable as to who initiated the transaction and what
would include Department Heads, Directors, Vice- was supposed to be purchased.
Presidents, Deans, etc. who ordinarily would have
signatory authority over such transactions. No one It is the cardholder's responsibility to obtain itemized
should be allowed to approve such payments to transaction receipts from the vendor each time a
him/herself or to suppliers/vendors for expenses they University credit card is used. Policy also obligates each
have personally incurred on behalf of the University. cardholder to review their monthly credit card statements
to ensure the validity of all transactions, a crucial control
• Authorization and access privileges must be modified step to detect inappropriate charges prior to settlement.
or deleted, as appropriate, immediately upon the
transfer or termination of employees in order to protect Make this newsletter an outlet you can use! The AMAS
the integrity of the internal control system. Actions to staff has a lot of University experience and we’ll do our
take upon transfer/termination of an employee include: best to give you good advice. Send your questions to:
o Return of keys to buildings, offices, and vehicles.
o Return of SU travel card and/or procurement card.
o Notification to SU ID Card Office relative to
building access privileges. Happy Holidays from
o Notification to the Comptroller’s Office of change
in signature authority.
Deletion of computer access privileges.
the staff at AMAS!
Quick Tricks & Tips:
Here are some helpful hints we’ve discovered along our travels:
1. Privacy Rights Clearinghouse: The Privacy Rights Clearinghouse web page contains info on identity theft (of
course). It also has info on telephone privacy, financial privacy, medical records privacy, general privacy alerts, and
Their web address is http://privacyrights.org/
2. Internet Kid Safety: For all you parents and kid minders out there to think about.
1) Age appropriate Kid Internet safety pledges:
2) Internet terms and acronyms that Kids use:
3. Equipment Monitoring: Many University departments have equipment items (desktop/laptop computers, video
equipment, cameras, phones, etc) under the University’s capitalization threshold of $5,000 that may be of great value
to an individual department. All valued equipment should be kept physically secure. Departmental records can be
maintained of easily misappropriated equipment that is not capitalized, and that equipment can be periodically
verified and reconciled to those records. These measures can help to protect against loss via theft or other
misappropriation and avoid costly replacement of the equipment.
If you are not on our distribution list or know someone who would like to receive this publication, please let us know.
How to Contact Us:
E-mail: firstname.lastname@example.org Visit Us Online!
Fax: 315-443-5151 Our website has a lot more detailed information, articles
Address: Audit & Management Advisory Services (AMAS) and resources. We couldn’t pack everything into this
621 Skytop Road, Suite 100 edition, so until the next one arrives, visit us at:
Syracuse, NY 13244 http://amas.syr.edu