Eric Anderson, City Manager. Scottie Nix, Internal Auditor
|
|
- Agnes Hunt
- 6 years ago
- Views:
Transcription
1 City of Tacoma Internal Audit Office Memorandum TO: FROM: SUBJECT: Eric Anderson, City Manager Scottie Nix, Internal Auditor Improving SAP Roles Assignment and Monitoring at the City of Tacoma Follow Up Report DATE: The following is our report from our recent review of the City of Tacoma s current SAP role assignment process and the City s efforts to implement prior recommendations to improve and clarify SAP roles. If you have questions or comments, please call me at Finance department and Information Technology department managers and staff have agreed, and have begun, to implement all of our recommendations so we have not included a separate response from them in regards to the corrective action plan. They have begun and in some cases finished corrective action on most of our recommendations. We appreciate the time and effort they have spent on this and want to thank them. Background In late 2006, the Finance department brought to the attention of this office concerns about the process used by the City of Tacoma for role assignments within SAP. In particular, Finance managers were concerned about the number of staff assigned conflicting roles within their programs, and the possibility that controls governing the proper segregation of duties were not sufficient. After first considering the purchase of additional software to clarify and improve role definitions, both the Finance and the Information Technology departments concluded that the City could create a process in-house that could be used to serve the needs of the City of Tacoma until the SAP upgrade. The upgrade includes software that tracks role exceptions and reports them to Internal Audit and other users and managers. However, any processes created and implemented by the Finance department and Information Technology department should be part of an integrated, citywide approach to role assignment and compliance monitoring within SAP and the tasks performed by users in the City. Therefore, the purpose of this audit and report is to provide our observations and recommendations to help provide assurance that role assignments in SAP, and any exceptions granted, are consistent with a strong system of internal controls operating in the City programs. Audit Scope and Objectives The audit covers the period from SAP implementation in 2003 to the present. The purpose of this audit was to review the role assignment process and recommend improvements. The audit scope was limited to conflicting purchasing roles. 747 Market Street, Room 1520 Tacoma, Washington (253) FAX (253)
2 Page 2 The audit objectives were to: Review the role assignment process; Determine if the process used to authorize exceptions to roles has created conflicting roles and compromised controls for segregation of duties; Determine if exceptions to roles are properly approved, properly authorized, properly tracked, monitored and timely; and Review recommendations implemented since we first began this project. Audit Method and Analysis To conduct this audit, we interviewed City officials about the processes used to assign roles and to grant exceptions to the separation of duties standard. We created a summary of the current process used to assign and grant roles. We reviewed SAP documentation and information to obtain a better understanding of the SAP system and the part played by role assignments. We also reviewed literature related to internal control principles with a focus on segregation of duties. Defining and Explaining Roles in SAP R/3 According to SAP documents, within the SAP R/3 software the authorization concept provides for the protection of programs and data from unauthorized use. Access to the system is restricted through roles or authorization profiles. Roles are used to administer access of users. In other words, a role is a collection of privileges that allow a system user to access areas of the system and make certain allowed changes. In many cases a role or authorization generally equates to: A job - e.g., accounts payable clerk, payroll manager, senior tax accountant, treasury analyst or distribution manager; A role - e.g., journal entry creator, journal entry approver, payroll maintainer, invoice entry, recurring payment processor, personal data reporter; or A job task - e.g., create purchase order, release invoice, and perform payment run. One of the key components in SAP is the ability to prohibit users from being able to perform functions that could open the door to fraud or mistakes in transactions. Two of the most critical areas where these controls are based are in Purchasing and Payroll/Timekeeping. These areas rely on the concept of segregation of duties using the model called SAP Incompatible Roles. One of the customizations that occurred when the City implemented SAP involved some modifications to the standard SAP roles; we did not identify all these modifications 1. Defining Segregation of Duties Segregation of duties is a basic, key internal control and one of the most difficult to achieve. It 1 Finance staff believes that this is actually what caused the role conflict problem to begin with. Role assignments need to be specific for each position rather than a job class in their view. An office assistant in one area may need to input goods receipts, while one in another office may only need to do timecards, so wouldn't need both roles, even if such tasks are considered standard clerical assignments. Also, roles are assigned to a position number, not to a person or job classification. An idea may be to come up with a role assignment template, that doesn't include any conflicting or case-by-case assignment roles, for groups of similar job that includes menu options for conflicting roles, explanation of exception process, etc.
3 Page 3 is used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. Segregation of duties provides two benefits: 1. A deliberate fraud is more difficult to achieve because it requires collusion of two or more persons. 2. It is much more likely that innocent errors will be found. At the most basic level, segregation of duties means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties. If a single person can carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities, they have generally been assigned or allowed access to incompatible duties or responsibilities. Some examples of incompatible duties are: Authorizing a transaction, then receiving and maintaining custody of the asset that resulted from the transaction. Receiving checks (payment on accounts receivable) and approving write-offs. Depositing cash and reconciling bank statements. Approving time cards and having custody of paychecks. Having unlimited access to alter or adjust assets and accounting records, and computer terminals and programs. For instance, having access to, and using checks, as the source documents to post to accounting records rather than using a check log or receipts. There are four general categories of duties or responsibilities that are examined when segregation of duties is discussed: Authorization; Custody; Recordkeeping; and Reconciliation. In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties - especially when dealing with cash, negotiable checks and inventories. In those instances where duties cannot be fully segregated, mitigating or compensating controls must be established. Mitigating or compensating controls are additional procedures designed to reduce the risk of errors or irregularities. For instance, if the record keeper also performs a reconciliation process, a detailed review of the reconciliation could be performed and documented by a supervisor to provide additional control over the assignment of incompatible functions. Segregation of duties is more difficult to achieve in a centralized, computerized environment. Compensating controls in that arena include passwords, inquiry only access, logs, dual authorization requirements, and documented reviews of input/output. In the specific case of the City SAP system, the roles that are incompatible (which are the causes of the most problems) stem from role assignments related to Payroll/Timekeeping and Purchasing. Many of these situations occur in City offices where there is a single administrative person who may support several managers and staff. In these cases, conflicting roles related to the tasks listed below have often been assigned to a single individual.
4 Page 4 The table below lists the role assignments that have been determined by the Finance department as having potential conflicts if assigned in certain combinations: 2 Payroll/Timekeeping Assignments Purchasing Assignments 3 Add an employee to the system PR: Create a purchase requisition Change pay information PR: Approve a purchase requisition Approve changes to payroll information PO: Create a purchase order 4 Issue the paycheck Receiving: Document that items ordered were received 5 Understanding the Current Process of Assigning Roles/Privileges and Granting of Exceptions at the City of Tacoma in SAP As part of our audit we documented the process used to assign and grant roles at the City of Tacoma. The table below describes the current process step-by step. ROLES NARRATIVE Action By Action 1 Supervisor/requestor Hires employee and needs to have roles in the SAP system, completes online role request and submits electronically. 6 2 IT SAP Office Assistant/ Management Analyst Receives electronic role request, Completes electronic cover sheet, with screenshots PO13, SUD1 and training Information, Posts to IT shared drive, and Sends an to team leads. (i.e., requests for purchasing roles forwarded to the functional team that supports Finance divisions.) 3 IT Functional Team Leads Approves allowed 7 purchasing roles. 2 There are two purchasing role conflicts: PR Create with PR Approve and PO Create with Receiving. 3 No conflict exists between PR Create and PO Create, PR Create and Receiving or PR Approve and Receiving. 4 POs under $5K are not "released" (approved) as they are below Tacoma's threshold requiring competition. POs over $5K are created and released (approved) by Purchasing staff. All purchase requisitions and goods receipts are entered by department end users. When Purchasing staff create the purchase order, separation of duties is accomplished. 5 Payment roles are restricted to designated AP staff. LESA, ETC and Library staff enter and release their own invoices, but the checks are cut by AP. Power Management has a few staff that enter invoices for power purchases but the checks are cut by AP. 6 Many supervisors are at a loss as to the best roles to assign and the way to do this. They often seek help from others, including IT and Purchasing staff (with respect to purchasing roles). Currently, many supervisors use the previous role assignments for the position and this is, for the most part, a good practice if they have recently reviewed the roles and job duties for the position.
5 Page 5 Action By Action List on cover page. List approved role and derivative. List tasks, Customer Interaction Center (CIC). If request includes conflicting roles, get approval from Finance-Purchasing. Complete electronic signature. Forward to Training to schedule required training for the roles that are being granted. 4 Finance Purchasing Division Management Analyst Reviews purchasing role requests with identified conflicts as well as requests for PO Create, which is assigned on a case-by-case basis. For conflicting roles, Purchasing contacts the supervisor and advises that functions be separated between staff to maintain internal controls. If that is not possible, departments are advised to submit an exception request to Purchasing detailing their unique circumstances and the compensating measures that will be taken to ensure that internal controls are maintained, as well as an explanation of how they will monitor such control efforts. The exception is reviewed by Purchasing staff, and if adequate information is provided, forwarded to the Finance director, who approves or denies. The outcome is sent to IT as well as the supervisor. Approvals are forwarded to Internal Audit. 5 IT Training Staff Creates training plan and communicates to user and his/her supervisor options for attending required training. 6 User Attends any required SAP training for the roles requested. 7 IT Training Staff Once training is complete, lets Basis staff know 8 Basis Staff Assigns roles per form, communicates to requestor/supervisor when the roles are in place and can be used within the SAP system. Determining the Criteria for Granting Exceptions Based on discussions with previous Finance directors, we were told that it is impractical for every departmental program in the City of Tacoma to have enough staff to assign different roles to at least two, or preferably three or four, people to maintain the needed compliance with SAP 7 Functional team leads "approve" assignment of purchasing roles that don't have conflicts or restricted access, and deny roles that are restricted to Purchasing staff. If conflicts are identified, the requests are forwarded to Purchasing for resolution.
6 Page 6 role assignments and the proper segregation of duties. As of October 2008, there are 285 purchasing role conflicts, with the majority of these conflicts in place since SAP implementation in 2003: 207 staff have a PO Create-Receiving conflict, including 14 approved exceptions since February staff have a PR Create-PR Approve conflict, including one exception approved since February staff have both conflicts, with no approved exceptions. Role conflicts in place in late 2006 included users who had access to create purchase orders and confirm delivery of goods and services by entering receipts against those purchase orders. There was no central listing of the exceptions granted or the compensating controls prior to February 2007 when Finance became involved in SAP role assignments. Results and Conclusions Based on the work performed we found that there were several opportunities for the City to improve the role exceptions granted and monitoring process. In 2007 we discussed the process with Finance, and it is as described in the Roles Narrative table. The table below illustrates the improvements made by the Finance department since that time. Description of Needed Control and Progress toward Improvement Maintaining a log/listing/database of all the exceptions they grant. Status 2007 Status Fall 2008 Yes - as of February 2007 Yes Documenting the compensating control. Asking for and/or documenting how the compensating control will be monitored by management or the supervisor. Providing oversight and review to determine that the compensating control is in place and working in a manner consistent with its approval. Communicating the results of their oversight reviews to IT and Internal Audit. Clean up of the older listed role conflicts. Yes - request saved and data input into "Exception Request" table. Yes, since July 2007 No No No Yes using a consistent system to document the control and exceptions granted Yes and documenting some supervisor compliance Yes in process Not yet, in process Not yet, in process Based on our 2007 review, we made the following recommendations related to the Finance
7 Page 7 Purchasing division roles exception process: 1. A log/listing/database be created and maintained 8 in the Finance department that documents each exception granted with the following detailed information about the exception and the compensating control: Documenting the compensating control. Documenting how the compensating control will be monitored by management or the supervisor. Documenting the plan to provide oversight. Reviewing the process at each site to determine that the compensating control is in place and working in a manner consistent with its approval. Communicating the results of their oversight reviews to IT and Internal Audit. This information should be maintained by Finance and made accessible for future audits. As of today, most of these recommendations are in place and working. In addition the Finance Purchasing Division is in the process of implementing and following up on all the recommended actions. Finance was not involved with SAP role assignments until February 2007 when they negotiated with IT to refer all conflicting purchasing role requests to Purchasing for review and approval before IT grants such role assignments. Prior to this time, IT granted roles as requested by supervisors. Most of the conflicts stem from the original role assignments granted at SAP implementation by the project team. We recommended: The role conflict list needs to be updated and reviewed by a committee of Finance and IT managers and staff 9. Users with role conflicts without an approved exception and their supervisors should be contacted to resolve the conflict, whether by removing conflicting roles or advancing through the exception process. Other Issues and Recommendations: 2. The IT department does not currently have a process to run periodic reports about conflicting roles and their usage. Reports that detail the number and departments with conflicting role assignments and a report showing their usage would help the City to better monitor conflicting role assignments and their usage. Included within the SAP system is a process that alerts system users if they are allowing incompatible roles. Recommendation: IT develops a process that will list activity so they can alert supervisors. Run this process on a regular basis and notify the supervisors, as well as Finance and Internal Audit. 8 An exception list has been created and is being maintained at this time. 9 The City had an ad hoc group that attended presentations by various vendors related to roles in This group has not met since that time and many members have changed jobs or are no longer with the City, the committee members were Scottie Nix, Karen Jones, Mark Meyer, Kathy Palon, Paul Federighi, Dan Hilleren, Lorraine Stargel, Eric Pugmire, and Kathy Everett.
8 Page 8 3. There is a long list of SAP roles available to end users, though several are restricted by job scope. For example, only Purchasing staff can create and release purchase orders over $5,000. Many supervisors indicate they are at a loss about the best roles to assign staff, and in all likelihood, for all but newly created positions, supervisors typically assign roles based on those held by the previous person in the position. This is, for the most part, a good practice if they have recently reviewed the roles and job duties for the position. Recommendation: IT should work with Finance to develop reminders that there is already a list of role definitions on the IT website, including restrictions and conflicting assignments. Purchasing also has a role FAQ and definitions document on its website to help supervisors to understand the trade off between incompatible duties and compensating controls. Recommendation: We recommend the available information be publicized-marketed and an online assistant be created to help supervisors when they are requesting roles for their staff. Cc Rey Arellano Robert Biles Michelle Lewis-Hodges Mark Meyer Richelle Krienke
Fraud Risk Management
Fraud Risk Management Specific Anti-Fraud Controls (Process or Transaction Level) 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization have adequate staffing
More informationTen Payment Fraud Protections
Ten Payment Fraud Protections 1. Payee Positive Pay a. Provided by banks b. Banks match check serial numbers and dollar amounts against a company provided list of checks issued and only pays those checks
More informationCommittee for Senior Business Administrators. Segregation of Duties
Committee for Senior Business Administrators Segregation of Duties Presented by: Tammy R. Hoskens and Margaret (Peggy) B. Zapalac University Risk and Compliance May 21, 2009 Segregation of Duties Segregation
More informationSegregation of Duties
Segregation of Duties The Basics of Accounting Controls Segregation of Duties The Basics of Accounting Controls 2014 SP Plus Corporation. All rights reserved. No part of this publication may be reproduced,
More informationEGYPTIAN AREA AGENCY ON AGING Fiscal Monitoring Program
EGYPTIAN AREA AGENCY ON AGING Fiscal Monitoring Program Fiscal Year: Name of Project/Site: (TIN #) Address: (city) (state) (zip code) Project Director/Site Manager: Geographic Area Served: (county) Project/Site
More informationAPPENDIX 2 COMMUNITY DEVELOPMENT COMMISSION FINANCIAL CHECKLIST REQUIRED FOR ALL APPLICANTS (A SITE VISIT MAY BE CONDUCTED LATER)
REQUIRED FOR ALL APPLICANTS (A SITE VISIT MAY BE CONDUCTED LATER) AGENCY NAME: AGENCY ADDRESS AGENCY PHONE: DATE PREPARED: PREPARED BY: TITLE: EMAIL: AGENCY GENERAL INFORMATION EXECUTIVE DIRECTOR /CITY
More informationINTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been completed/validated since last report in August 2016
INTERNAL S REVIEW PROGRESS REPORT Yellow highlighted items have been completed/validated since last report in August 2016 RECOMMENDATIONS ADDRESSED THROUGH INTERNAL AUDIT WORK PLANS Monthly Reconciliation
More informationINTERNAL CONTROLS REVIEW PROGRESS REPORT Highlighted items have been completed since last report in January 2016
INTERNAL S REVIEW PROGRESS REPORT Highlighted items have been completed since last report in January 2016 RECOMMENDATIONS ADDRESSED THROUGH INTERNAL AUDIT WORK PLANS Internal Audit: prepare documentation
More informationThis Questionnaire/Guide is intended to assist you in decision making, as well as in day-to-day operations. Best Regards,
In an effort to disseminate information and assure that we are in compliance with guidelines caused by the Sarbanes Oxley Act that proper internal controls are being adhered to, we have developed some
More informationAdvanced Finance for Governing Board Members. Charter Schools: Advancing the Promise!! 2015 Annual Conference
Advanced Finance for Governing Board Members Charter Schools: Advancing the Promise!! 2015 Annual Conference Governing Body Responsibilities with regard to finance Fiduciary responsibilities outlined in
More informationINTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2017
INTERNAL S REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2017 RECOMMENDATIONS ADDRESSED THROUGH INTERNAL AUDIT WORK PLANS Internal Audit: prepare documentation
More informationInternal Control Evaluation
INTERNAL CONTROL EVALUATION Adapted from a checklist created by Jackie F. Breland, CPA (www.jackiebreland.com) Organization: Date Prepared or Updated: Prepared by: Introduction The purpose of this checklist
More informationINTERNAL CONTROLS REVIEW PROGRESS REPORT
INTERNAL S REVIEW PROGRESS REPORT RECOMMENDATIONS ADDRESSED THROUGH INTERNAL AUDIT WORK PLANS Monthly Reconciliation 1 High High Accounts Receivable Training 2, 8, 9 High Moderate 1 12, 13 High High 3
More informationINTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2016
INTERNAL S REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2016 RECOMMENDATIONS ADDRESSED THROUGH INTERNAL AUDIT WORK PLANS Internal Audit: prepare documentation
More informationFinal Audit Follow-Up As of May 31, 2015
Final Audit Follow-Up As of May 31, 2015 T. Bert Fletcher, CPA, CGMA City Auditor Audit of Selected Departments Performing Accounts Receivable Functions (Report #1204 issued February 15, 2012) Report #1512
More informationCHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS
5-1 CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION In accordance with Statements on Auditing Standards Numbers 78 and 94, issued by the American Institute of Certified Public Accountants
More informationInternal Control Checklist
Instructions: The may be used to document a review of the existing procedures and activities that make up your internal control system, or serve as a guide in developing additional controls. The provides
More informationAudit Follow-Up. Audit of Selected Departments Performing Accounts Receivable Functions (Report #1204 issued February 15, 2012)
Audit Follow-Up As of December 31, 2013 T. Bert Fletcher, CPA, CGMA City Auditor Audit of Selected Departments Performing Accounts Receivable Functions (Report #1204 issued February 15, 2012) Report #1414
More informationCommon Questions on Segregation of Duties
Common Questions on Segregation of Duties Why should duties be segregated? What duties should be segregated? How can management determine if duties are properly segregated? What if management has inadequate
More informationCash Reconciliations and Cash Handling
Cash Reconciliations and Cash Handling WASBO Accounting Conference March, 2016 Handling Cash Cash may be the most vulnerable asset in your LEA. How do you safeguard your cash? Timely reconciliation of
More informationSTATE OF MINNESOTA OFFICE OF THE STATE AUDITOR
REBECCA OTTO STATE AUDITOR STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR SUITE 500 525 PARK STREET SAINT PAUL, MN 55103-2139 (651) 296-2551 (Voice) (651) 296-4755 (Fax) state.auditor@osa.state.mn.us (E-mail)
More informationSeminar Internal Control Identification and Filtering
Seminar Internal Control Identification and Filtering 4 March 2011 by Stephen Ho Definition The process designed, implemented and maintained by those charged with governance, management and other personnel
More informationEXAMINATION OF CERTAIN FINANCIAL PROCESSES AND INTERNAL CONTROLS OF THE KENTUCKY CORRECTIONAL INDUSTRIES
EXAMINATION OF CERTAIN FINANCIAL PROCESSES AND INTERNAL CONTROLS OF THE KENTUCKY CORRECTIONAL INDUSTRIES CRIT LUALLEN AUDITOR OF PUBLIC ACCOUNTS www.auditor.ky.gov 105 SEA HERO ROAD, SUITE 2 FRANKFORT,
More informationSEGREGATION OF DUTIES for SAP
SEGREGATION OF DUTIES for SAP SEGREGATION-OF-DUTIES In todays modern, technology driven world, segregation-of-duties (SoD) is enforced through business applications and ERP s, but highlighting breakdowns
More informationCitywide Payroll
2019-07 City of Richmond, VA City Auditor s Office January 04, 2019 Executive Summary... i Background, Objectives, Scope, Methodology... 1 Findings and Recommendations... 4 Management Response...Appendix
More informationDepartment of Biology
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Department of Biology Report No. 14-10 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University
More informationCommon Questions on Segregation of Duties
Common Questions on Segregation of Duties Why should duties be segregated? What duties should be segregated? How can management determine if duties are properly segregated? What if management has inadequate
More informationPresentation 5. Landscaper Transactions & Reconciliations Educating Bookkeepers for Business, Inc.
Presentation 5 Landscaper Transactions & Reconciliations Chapter 1: Templates Edit: Preferences: Accounting Lists: Templates Templates: Select Template Type Lists: Templates: Basic Customization Lists:
More informationC. B. Smith Park Cash Handling Process
Exhibit 1 C. B. Smith Park Cash Handling Process May 15, 2014 Report No. 14 08 Office of County Auditor Evan A. Lukic, CPA County Auditor Table of Contents EXECUTIVE SUMMARY... 1 METHODOLOGY... 1 BACKGROUND...
More informationAudit Follow-Up. As of September 30, Summary
Audit Follow-Up As of September 30, 2016 T. Bert Fletcher, CPA, CGMA City Auditor Audit of Parks, Recreation and Neighborhood Affairs Trousdell Aquatics Center and Gymnastics Center Revenues (Report #1606,
More informationCENTRAL FLORIDA EXPRESSWAY AUTHORITY
CENTRAL FLORIDA EXPRESSWAY AUTHORITY Accounting Segregation of Duties and EDEN System Access Review April 7, 2017 Internal Audit, Risk, Business & Technology Consulting TABLE OF CONTENTS 03 Executive Summary
More informationCITY OF CORPUS CHRISTI
CITY OF CORPUS CHRISTI CITY AUDITOR S OFFICE Audit of Purchasing Program Project No. AU12-004 September 20, 2012 City Auditor Celia Gaona, CIA CISA CFE Auditor Nora Lozano, CIA CISA Executive Summary In
More informationCounty of Sutter. Management Letter. June 30, 2012
County of Sutter Management Letter June 30, 2012 County of Sutter Index Page Management Letter 3 Management Report Schedule of Current Year s 4 Schedule of Prior Auditor Comments 9 Prior Year Information
More informationHFTP Hospitality Financial and Technology Professionals
About our Sample Accounting Jobs Descriptions for Clubs: The HFTP Americas Research Center, with guidance from members of the HFTP Club Advisory Council, has developed example job descriptions for accounting
More informationDivision of Student Affairs Internal Control Questionnaire FY 2011
Control Environment Yes No N/A Notations Are the roles and responsibilities of financial and administrative staff (including the establishment of the unit Director as the appropriate signature authority)
More informationSegregation of Duties Employee Compensation
Segregation of Duties Employee Compensation Internal Controls A process the provides reasonable assurance that the objectives of the institution will be achieved. Not one event, but a series of actions
More informationThe definition of a deficiency is also set forth in the attached Appendix I.
Deloitte & Touche LLP 361 South Marine Corps Drive Tamuning, GU 96913-3973 USA Tel: (671)646-3884 Fax: (671)649-4932 www.deloitte.com May 26, 2014 Mr. David Paul General Manager Marshalls Energy Company,
More informationWhat does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP
What does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP What does an external auditor look for in SAP during SOX 404 Audits? Corporations have
More informationINTERNAL CONTROLS FOR NONPROFITS
INTERNAL S FOR NONPROFITS Best Practice Principles, Policies, and Procedures 1 INTERNAL S FOR NONPROFITS GUIDE BACK NEXT PAGE S WITH INTERNAL S FOR NONPROFITS: Best Practice Principles, Policies, and Procedures
More informationPetty Cash and Change Funds. Inventories (Equipment and Supplies)
UCLA Policy 360 Page 1 of 8 ATTACHMENT A Guidelines for Application of Internal Control Principles The following are control activities, as described in section III.B.3. of Policy 360, for applying the
More informationReview of City's Bank Reconciliation and Deposit Procedures
Review of City's Bank Reconciliation and Deposit Procedures The Audit Committee recommends the adoption of the following report (September 13, 2000) from the City Auditor. The Audit Committee reports,
More informationAmbulance Contract Billing Report October 12, 2016 KEY CONTROL FINDING RECOMMENDATION STATUS The City should:
Ambulance Contract Billing Report October 12, 2016 The City should: General Recordkeeping Inconsistencies exist in the basic recordkeeping related to ambulance calls. Continue with the implementation of
More informationInternal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division
Internal Audit Report Contract Administration: 601CT Contracts TxDOT Internal Audit Division Objective Review contract administration and governance of 601CT contracts for structural compliance with laws
More informationScope, Objectives, and Methodology. Report #1208
Audit Follow-Up As of September 30, 2012 Sam M. McCall, Ph.D., CPA, CGFM, CIA, CGAP City Auditor Treasurer-Clerk s Revenue Office (Report #1208 issued March 20, 2012) Report #1305 January 24, 2013 Summary
More informationLawrence Berkeley National Lab. Observations from Audit Procedures October 17, 2005
Lawrence Berkeley National Lab Observations from Audit Procedures October 17, 2005 Table of Contents Page Your Needs and Expectations 3 Background 4 Risk Assessment 5 Audit Strategy 6 Details of Work Performed
More informationGeneral Government and Gainesville Regional Utilities Vendor Master File Audit
FINAL AUDIT REPORT A Report to the City Commission General Government and Gainesville Regional Utilities Vendor Master File Audit Mayor Lauren Poe Mayor Pro-Tem Adrian Hayes-Santos Commission Members David
More informationOctober 27, Internal Audit Report Building Safety Division Cash Controls Development Services Department
Internal Audit Report 2008-12 Introduction. The Building Safety Division (Division) is a part of the Development Services Department. The Division collects revenues not only for its own services but for
More informationINTERNAL CONTROLS FOR NONPROFITS
INTERNAL S FOR NONPROFITS Best Practice Principles, Policies, and Procedures 1 INTERNAL S FOR NONPROFITS GUIDE BACK NEXT PAGE S WITH INTERNAL S FOR NONPROFITS: Best Practice Principles, Policies, and Procedures
More informationInternal Controls: Need Them, Have Them, Love Them
Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial
More informationReview of Payment Controls
Review of Payment Controls June 12, 2009 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing Office of
More informationThe School Board of Broward County, Florida Treasurer s Office 7720 West Oakland Park Blvd. Suite 319 Sunrise, FL
Signatures on file The School Board of Broward County, Florida Treasurer s Office 7720 West Oakland Park Blvd. Suite 319 Sunrise, FL 33351 July 15, 2005 TO: FROM: VIA: SUBJECT: Principals Nell Johnson,
More informationInternal Audit Report Accounts Payable September 2017
Internal Audit Report 17-03 September 2017 City of Sioux Falls Internal Audit Department Carnegie Town Hall 235 W. 10 th Street Sioux Falls, SD 57117-7402 www.siouxfalls.org/council/internal-audit September
More informationCITY OF VAUGHAN EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 19, 2013
CITY OF VAUGHAN EXTRACT FROM COUNCIL MEETING MINUTES OF FEBRUARY 19, 2013 Item 1, Report No. 3, of the Finance and Administration Committee, which was adopted without amendment by the Council of the City
More informationJuly 2013 SANTA BARBARA COMMUNITY COLLEGE DISTRICT CLASS TITLE: THEATRE OPERATIONS SUPERVISOR BASIC FUNCTION:
July 2013 SANTA BARBARA COMMUNITY COLLEGE DISTRICT CLASS TITLE: THEATRE OPERATIONS SUPERVISOR BASIC FUNCTION: Under the direction of a Dean, plan, organize, coordinate and implement the fiscal and marketing
More informationBank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point. Office of Internal Audit
Bank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point Office of Internal Audit Report Control #2018-34 February 28, 2018 TABLE OF CONTENTS OPINION... 1 OBJECTIVES, SCOPE,
More informationUnderstanding Internal Controls Office of Internal Audit
Understanding Internal Controls Office of Internal Audit July 2015 Objectives for this manual Provide guidance to help management understand their responsibility to ensure that internal controls are established,
More informationHow to Prevent Financial Fraud at Your Church VONNA LAUE
How to Prevent Financial Fraud at Your Church VONNA LAUE Agenda Why churches fall victim to fraud Financial control best practices Recognize and respond to financial fraud Why Churches Fall Victim to Fraud
More informationWhether you take in a lot of money. or you collect pennies
Whether you take in a lot of money or you collect pennies ..it is important to maintain good cash handling procedures: Segregation of Duties Security Reconciliation Management Review Documentation It s
More informationLOYOLA MARYMOUNT UNIVERSITY POLICIES AND PROCEDURES
LOYOLA MARYMOUNT UNIVERSITY POLICIES AND PROCEDURES DEPARTMENT: CONTROLLER S OFFICE SUBJECT: UNIVERSITY CASH HANDLING POLICY Policy Number: BF021.01 Effective Date: June 1, 2013 Approvals: Business & Finance
More informationFRAUD DETERRENCE AND DETECTION
FRAUD DETERRENCE AND DETECTION Segregation of Duties Corruption Scheme Red Flags Unchecked authority to approve No formal documented procedures Circumventing normal policies and procedures Employees receiving
More informationAnticipated Completion: January 31, 2018.
1 The Cash Room was staffed with only one person several times during the day. 1. Cash Room staff swipe their badges each time they enter the Cash Room, even when entering with another staff member. The
More informationKua O Ka La s Financial/Accounting Policies & Procedures
Kua O Ka La New Century Public Charter School 14-5322 Kaimu-Kapoho Rd. Pahoa, HI 96778 Campus Site Telephone: (808) 965-2193 Fax: (808) 965-9618 E-mail: pualaa@ilhawaii.net Kua O Ka La s Financial/Accounting
More informationControl Self Assessment Questionnaire
Control Self Assessment Questionnaire (31 Questions) 1. The department documents the monthly reconciliation of its Lynx finance accounts and reports. A yes answer indicates that the department has written
More informationCONVENT OF THE SACRED HEART SCHOOL FOUNDATION FINANCIAL REGULATIONS
CONVENT OF THE SACRED HEART SCHOOL FOUNDATION FINANCIAL REGULATIONS Approved by Convent of the Sacred Heart School Foundation, Board of Governors on 9 th October 2008 Policy Statement So that all officers
More informationAudit Follow-Up. As of March 31, Summary
Audit Follow-Up As of March 31, 2016 T. Bert Fletcher, CPA, CGMA City Auditor Audit of Parks, Recreation and Neighborhood Affairs Trousdell Aquatics Center and Gymnastics Center Revenues (Report #1606,
More informationSheena Tran, CPA May 19, 2014
Internal Controls Review 2012/13 Sheena Tran, CPA May 19, 2014 TO: ACCCA BOARD OF DIRECTORS This is considered to be a financial review and recommendations for the Association of California Community College
More information6. Will the system be able to provide historical invoice data? Yes, the system will provide an archive of paid invoices.
CHI Connect Financial Systems and Accounts Payable Q&A 1. How will departments access their financial data each month? Departments will have online access to a variety of useful reports detailing their
More informationAudit Follow Up. Citywide Disbursements (Report #0410, Issued April 15, 2004) As of September 30, Summary
Audit Follow Up As of September 30, 2004 Sam M. McCall, CPA, CGFM, CIA, CGAP City Auditor Citywide Disbursements - 2003 (Report #0410, Issued April 15, 2004) Report #0521 March 28, 2005 Summary City departments
More informationAN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES
1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org PRELIMINARY STAFF VIEWS AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL
More informationUNFPA. This policy applies to all UNFPA personnel, particularly those involved in the purchasing and payment of goods and services.
Policy Title Previous title (if any) Policy objective Target audience Risk Matrix Policy and Procedures for Accounts Payable n/a The Policy and Procedures for Accounts Payable policy establishes the procedures
More informationProcurement Management Internal Audit
INTERNAL AUDIT REPORT Procurement Management Internal Audit R-17-11 October 9, 2017 Executive Summary Introduction Internal Audit (IA) has been directed by the Board to perform an internal audit on the
More informationMecklenburg County Department of Internal Audit
Mecklenburg County Department of Internal Audit Department of Social Services Mecklenburg Transportation System Time Reporting Investigation Report 1288 July 18, 2012 Internal Audit s Mission Internal
More informationTable of Contents. QuickBooks 2018 Chapter 2: Working with Customers 21. QuickBooks 2018 Chapter 1: Introducing QuickBooks Pro 1
Table of Contents Preface UNIT 1: ESSENTIAL SKILLS QuickBooks 2018 Chapter 1: Introducing QuickBooks Pro 1 Presenting QuickBooks Pro 2 Editions of QuickBooks 2 Determining the Edition 2 Types of Tasks
More informationInternal Control Program
DFA Conversations Office of the University Controller Internal Control Program November 20, 2017 Introduction Bill Sibert, University Controller Erica Jessup, Senior Financial Analyst Phil Turke, Payroll
More informationThe definition of a deficiency is also set forth in the attached Appendix I.
Deloitte & Touche LLP 361 South Marine Corps Drive Tamuning, GU 96913-3911 USA September 22, 2015 Tel: (671)646-3884 Fax: (671)649-4932 www.deloitte.com Mr. David Paul General Manager Marshalls Energy
More informationNewark Central School District Review of Payroll Processing, Reconciliation and Approval Procedures
Review of Payroll Processing, Reconciliation and Approval Procedures June 7, 2017 Trust earned. II FreedMaxick June 7, 2017 Audit Committee 1 00 East Miller Street Newark, New York 14513 We have performed
More information2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda
Segregation of Duties/ Internal Controls 2017 WASBO Accounting Conference David Maccoux, Shareholder Objectives Discuss failures of internal controls to detect or prevent fraud and learn how to implement
More informationTreasury Division Check Pick-Up Audit. June 17, Report #671
Treasury Division Check Pick-Up Audit June 17, 2009 Report #671 Released on: September 22, 2009 EXECUTIVE SUMMARY AUDIT REPORT #671 INTRODUCTION...- 1 - STATEMENT OF OBJECTIVE...- 1 - STATEMENT OF SCOPE
More informationTwo-Person Segregation. Post accounts Post G/L. Complete check register. Authorize check requests Mail checks. Sign employee contracts
Two-Person Segregation Bookkeeper Business Administrator (Accounting and Authorization) (Access and Authorization) PETTY CASH: Disburse petty cash RECEIPTS: Open mail/count offering*/make listing PETTY
More informationINTERNAL CONTROLS FOR NONPROFITS
INTERNAL S FOR NONPROFITS Best Practice Principles, Policies, and Procedures INTRO 1 INTERNAL S FOR NONPROFITS GUIDE BACK NEXT PAGE INTERNAL S FOR NONPROFITS: Best Practice Principles, Policies, and Procedures
More informationSeattle Public Schools The Office of Internal Audit
Seattle Public Schools The Office of Internal Audit Internal Audit Report September 1, 2014 through Current Issue Date: June 21, 2016 Executive Summary Background Information The function is centralized
More informationCLERK OF THE CIRCUIT COURT
Collier County Clerk of the Circuit Court Internal Audit Department Audit Report 2003 8 Water & Sewer Revenue Audit Collier County CLERK OF THE CIRCUIT COURT Collier County Clerk of the Circuit Court
More informationWire Transfer Audit. Craig Hametner, CPA, CIA, CMA, CFE City Auditor. Prepared By: Jed Johnson Senior Audit Analyst. Michelle Taylor Audit Analyst
Wire Transfer Audit Craig Hametner, CPA, CIA, CMA, CFE City Auditor Prepared By: Jed Johnson Senior Audit Analyst Michelle Taylor Audit Analyst INTERNAL AUDIT DEPARTMENT March 1, 2010 Report 0902 Table
More informationINFORMATION TECHNOLOGY Administrative Policies and Procedures Last Updated 2/7/2013
2/7/2013 INFORMATION TECHNOLOGY Administrative Policies and Procedures Last Updated 2/7/2013 I. Cash Receipts Cash should never be accepted. When checks are received, they should be endorsed For Deposit
More informationCost Control Systems. Conclusion. Is the District Using the Cost Control Systems Best Practices? Internal Auditing. Financial Auditing
12 Cost Control Systems The district generally has effective cost control systems, but has room to improve. Improvements could be made in internal auditing, asset management, financial management, purchasing,
More informationInternal Controls and the Internal Auditor. Presented By: Richard Kudlik, CPA
Internal Controls and the Internal Auditor Presented By: Richard Kudlik, CPA Interrelated Components Control Environment Risk Assessment Control Activities Information and Communication Monitoring What
More informationBOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems
BOM/BSD 2/November 1994 BANK OF MAURITIUS Guideline on Maintenance of Accounting and other Records and Internal Control Systems November 1994 Revised November 2013 Revised December 2017 TABLE OF CONTENTS
More informationINTERNAL CONTROLS MANUAL DICKSON COUNTY SCHOOLS DANNY L. WEEKS, ED.D. DIRECTOR OF SCHOOLS LINDA FRAZIER BUSINESS MANAGER JUNE 2016
1 INTERNAL CONTROLS MANUAL DICKSON COUNTY SCHOOLS DANNY L. WEEKS, ED.D. DIRECTOR OF SCHOOLS LINDA FRAZIER BUSINESS MANAGER JUNE 2016 2 Table of Contents Introduction...3 Internal Controls Questionnaire...4
More informationCollege of Engineering and Computer Science Dean's Office
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES College of Engineering and Computer Science Dean's Office Report No. 13-16 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS
More informationWhat Happens When Internal Controls Fail
What Happens When Internal Controls Fail 1 Your Presenters Brian Sanvidge Principal Baker Tilly Ellen Labita Partner Baker Tilly Danielle Callaci Manager Baker Tilly 2 Today s Agenda > What are Internal
More informationAUDIT OF SELECTED DEPARTMENTS PERFORMING ACCOUNTS RECEIVABLE FUNCTIONS
February 15, 2012 Sam M. McCall, Ph.D., CPA, CGFM, CIA, CGAP City Auditor HIGHLIGHTS Highlights of City Auditor Report #1204, a report to the City Commission and City management WHY THIS AUDIT WAS CONDUCTED
More informationUNIVERSITY OF NEVADA, RENO Lawlor Events Center Internal Audit Report July 1, 2009 through December 31, 2010
UNIVERSITY OF NEVADA, RENO Lawlor Events Center Internal Audit Report July 1, 2009 through December 31, 2010 GENERAL OVERVIEW Lawlor Events Center (LEC) is an 11,600 seat multipurpose facility that hosts
More informationTRUCKEE MEADOWS COMMUNITY COLLEGE VENDING SERVICES Internal Audit Report July 1, 2013 through March 31, 2015
TRUCKEE MEADOWS COMMUNITY COLLEGE VENDING SERVICES Internal Audit Report July 1, 2013 through March 31, 2015 GENERAL OVERVIEW Vending Services is one of several functions that falls administratively under
More informationState of Michigan Civil Service Commission Capitol Commons Center, P.O. Box Lansing, MI POSITION DESCRIPTION
CS-214 Rev 11/2013 State of Michigan Civil Service Commission Capitol Commons Center, P.O. Box 30002 Lansing, MI 48909 POSITION DESCRIPTION Position Code 1. This position description serves as the official
More informationDivision of Student Affairs General Fund Units Internal Control Questionnaire FY 2012
FY 0 Control Environment Yes No N/A Notations Are the roles and responsibilities of financial and administrative staff, including the establishment of the appropriate signature authority, in your unit
More informationDecember 28, Ms. Vita Rabinowitz Interim Chancellor City University of New York 205 East 42nd Street New York, NY 10017
December 28, 2018 Ms. Vita Rabinowitz Interim Chancellor City University of New York 205 East 42nd Street New York, NY 10017 Re: York College Time and Attendance Practices for Public Safety Staff Report
More informationCash Handling Review Kinsmen Sports Centre
Cash Handling Review Kinsmen Sports Centre May 9, 2005 Office of the City Auditor This page is intentionally blank. Office of the City Auditor Cash Handling Review Kinsmen Sports Centre 1. Introduction
More informationAmerican Contract Bridge League Accounts Payable & Check Signing Policies & Procedures April 2013
American Contract Bridge League Accounts Payable & Check Signing Policies & Procedures April 2013 ACBL strives to maintain efficient business practices and good cost control. The accounts payable function
More informationThe Episcopal Diocese of Kentucky
The Episcopal Diocese of Kentucky Internal Control Questionnaire Manual of Business Methods in Church Affairs (Spring 2012) Chapter II: Internal Controls, Section C The following Internal Control Questionnaire
More informationOffice of the City Manager
Office of the City Manager TO: FROM: Finance/Audit Committee Ruthe Holden, Internal Audit Manager SUBJECT: Final Fraud Risk Assessment Report-Phase 1 Recommendation This report is for information only.
More information