POLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT

Similar documents
Internal Audit Policy and Procedures Internal Audit Charter

Internal Control Program

Transparency in the Workforce System Establishing Firewalls & Internal Controls

Guide to Internal Controls

Internal Control at OSU COSO & Enterprise Risk Management. Oregon State University Board of Trustees Executive & Audit Committee Educational Session

PART 6 - INTERNAL CONTROL

Annual Financial Sub-certification

Internal Controls for Deans, Directors and Chairs

Internal Controls: COSO, the Uniform Guidance, and More!

Internal Control Questionnaire and Assessment

The University of Iowa

Strengthening Business Practices:

Internal Control in Higher Education

Internal Control Questionnaire and Assessment

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

THE FLORIDA INTERNATIONAL UNIVERSITY BOARD OF TRUSTEES AUDIT AND COMPLIANCE COMMITTEE CHARTER

e. inadequacy or ineffectiveness of the internal audit program and other monitoring activities;

Company LOGO C B T. An Educational Computer Based Training Program

Department of Biology

College of Engineering and Computer Science Dean's Office

PT Mandom Indonesia Tbk GCG

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

POLICY. I. INTRODUCTION (Purpose and Intent):

Internal Audit. Lecture # 09 By: Kanchan Damithendra

Corporate Governance Update. SOX 404 and Internal Controls

Florida A&M University Division of Audit and Compliance

Understanding Internal Controls Office of Internal Audit

CORPORATE GOVERNANCE GUIDELINES

AUDITING. Auditing PAGE 1

PROJECT SUMMARY. Summary of Significant Results

Internal Controls. June-20-17

Agency Risk Management and Internal Control Standards

The most commonly applied model for designing and auditing internal

Policy Analysis: Internal Controls #1.11 1/2009

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives

RULES OF UNIVERSITY OF FLORIDA. 6C University of Florida; Disclosure and Regulation of Outside Activities and

August 14, Dear Ms. Gula:

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 3 STATE OF IOWA OCTOBER 24-25, 2012 INTERNAL AUDIT REPORTS ISSUED

BOARD INTERNAL ORGANIZATION. Audit Committee

BCE INC. BOARD OF DIRECTORS CHARTER (INCLUDING BOARD CHAIR POSITION DESCRIPTION)

Internal Controls. They Are Everyone s Business. Valdosta State University Office of Internal Audits June 2016

Internal Audit Mandate

REVIEWER GUIDE. Getting Started Reviewing Disclosures Post-Review Actions. Monitoring Compliance

Internal Audit Charter. PT Astra International Tbk

Internal Audit Charter

OPERATIONAL RISK EXAMINATION TECHNIQUES

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

GOODWILL INDUSTRIES OF COLORADO SPRINGS

UNIVERSITY OF CALIFORNIA, SAN FRANCISCO AUDIT AND ADVISORY SERVICES. School of Dentistry Health Sciences Compensation Plan Project #16-013

Internal Controls and the Internal Auditor. Presented By: Richard Kudlik, CPA

identifying areas for improvement with respect to the Institute s research administration internal control structure.

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 2 STATE OF IOWA February 7, 2012 INTERNAL AUDIT REPORTS ISSUED

Finance System Users are Employees or Affiliate Fiscal Staff with access to the Finance System.

Protecting Fixed Assets: Internal Controls for Non Profits

The definition of a deficiency is also set forth in the attached Appendix I.

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

Cancer Prevention and Research Institute of Texas

Office of Internal Auditing

REPORT 2016/033 INTERNAL AUDIT DIVISION

Financial Services Job Summaries

University Internal Audit

Kentucky State University Office of Internal Audit

Final Report. Project (b)

Internal Control Systems

INTERNAL CONTROLS MANUAL DICKSON COUNTY SCHOOLS DANNY L. WEEKS, ED.D. DIRECTOR OF SCHOOLS LINDA FRAZIER BUSINESS MANAGER JUNE 2016

INTERNAL CONTROLS AUDITOR JOHN BYRD, SENIOR AUDITOR TONYA CARRIGAN, SENIOR AUDITOR

CAPE FEAR COMMUNITY COLLEGE VICE PRESIDENT OF BUSINESS SERVICES

EFFICIENT USE OF AUDIT COMMITTEES

Policies, Procedures and Guidelines

HHS & NSF Audits of FDP Payroll Certification Pilots

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

METROPOLITAN TRANSPORTATION AUTHORITY

USM Bylaws, Policies and Procedures of the Board of Regents

Internal Controls Overview

University System of Maryland University of Maryland, College Park

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 2 STATE OF IOWA FEBRUARY 4-5, 2015 INTERNAL AUDIT REPORTS ISSUED

Texas A&M University Kingsville: Review of University Facilities PROJECT SUMMARY. Summary of Significant Results

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Testing Services - D0046 Baseline Standards FY 2017

Maryland School for the Deaf

ADMINISTRATIVE RESPONSIBILITIES FOR UNIVERSITY AND COLLEGE ADMINISTRATORS, DEPARTMENT HEADS, AND DIRECTORS

Financial Resources: Control of finances The institution exercises appropriate control over all its financial resources.

The University of Texas at Tyler. Contract Administration Audit

INTERNAL CONTROLS 101

Evaluating Internal Controls

County of Sutter. Management Letter. June 30, 2012

RREGULATION ON INTERNAL CONTROLS AND INTERNAL AUDIT FUNCTION IN MICROFINANCE INSTITUTIONS. Article 1 Scope and Purpose

LeiningerCPA, Ltd. INTERNAL CONTROL PROCEDURE STATEMENT

How to Pass an ALGA Yellow Book Peer Review Training by the Association of Local Government Auditors (ALGA) Tampa, Florida September 20, 2013

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Support Services Review Template

CORRECTIVE ACTION MATRIX

Committee for Senior Business Administrators. Segregation of Duties

Internal Control Concepts and Applications for Business Operations at the University of Illinois

Internal Controls and Risk Management Report

INTERNAL AUDIT AND ASSURANCE MANDATE

GBAS Business Administrator Institute: Presenter: Brian Mikell, Chief Audit Executive Office of Audit and Compliance Review

Transcription:

1 2 3 USF System USF USFSP USFSM POLICY 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 Number: 0-023 Title: Internal Control Responsible Office: USF System Audit Date of Origin: Date Last Amended: Date Last Reviewed: I. PURPOSE AND INTENT The purpose of this Policy is to communicate the University of South Florida System s (USF System or University) internal control objectives as set forth by the USF Board of Trustees. This Policy establishes standards in the design and implementation of the system of internal controls for the USF System. These internal controls are put in place in order to reduce USF System s exposure to financial, operational, strategic, compliance, and reputational risks. This system of internal controls is designed to promote effectiveness and efficiency in operations, minimize risk of asset loss, help ensure the reliability of financial and operational information, and support compliance with applicable laws, rules, and regulations. Internal controls provide reasonable assurance for mitigating risk; however, no system of control can provide absolute assurance. USF System has adopted the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Control Framework which outlines the key components of Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring activities. All five components must be in place and operating for the system of internal controls to be effective. II. APPLICABILITY This Policy applies to all USF System Employees, USF System Institutions, and direct service organizations in the USF System. III. AUTHORITY AND RESPONSIBILITY A. The USF Board of Trustees is responsible for setting the institutional expectations for internal controls and ensuring executive leadership is aware of these expectations. 1

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 IV. B. University Leadership, as defined below, is responsible for the application of this Policy and for the design, development, implementation, and maintenance of an effective system of internal controls within their respective areas of responsibility. This includes prompt corrective action on all internal control findings and recommendations made by internal and external auditors. C. University Leadership has the responsibility to ensure that those who report to them have adequate knowledge, skills, and abilities to function within, and contribute to, an effective internal Control Environment. This includes, but is not limited to, providing access to appropriate training on topics relevant to their job responsibilities. D. USF System Compliance & Ethics Program is responsible for assisting management, upon request or at the direction of the Board of Trustees or the President, in the design and implementation of internal controls, particularly for cross-jurisdictional compliance risks, e.g., regulatory risks affecting more than one University Leadership area or more than one USF System Institution. E. USF System Audit is responsible for reviewing the adequacy of departmental and USF System Institution s internal controls and for reporting any weaknesses to appropriate management and the Board of Trustees. All levels of internal control are subject to examination by internal and external auditors. DEFINITIONS OF TERMS A. Business Function - A generic term broadly used in this Policy to refer collectively to programs, departments, colleges, units, museums, theatres, centers, institutes, etc. Business, in this instance, is not intended to be limited to traditional administrative functions, but rather to also refer to functions carried out in the academic and patientcentered areas where fiscal and budgetary responsibility rests. B. Control Activities - Processes and procedures put in place by the USF System Institutions, Board of Trustees, University Leadership, management, and other personnel, designed to provide reasonable assurance of effectiveness and efficiency of operations; safeguarding of assets; reliability of financial and operational reporting; and compliance with USF System policies and procedures, applicable laws, and regulations. Controls can be classified into two types: Preventative Controls and Detective Controls. A system of effective internal controls helps identify and manage risks. Internal control systems vary depending upon the operating environment, including the size of the Business Function, its diversity of operations, and the degree of centralization of financial and administrative management. C. Control Environment - Core to any university is its people, and the internal Control Environmental tone is set by its leaders. Their individual attributes (integrity, ethical values, and competence) and the environment in which they operate set the tone for the organization and determine the sincerity with which the institution embraces the Control Environment. This is also known as tone at the top. 2

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 D. Detective Controls - Controls designed to find errors or other issues after they occur so that corrective action can be taken. Examples include taking physical inventories of assets to compare to recorded assets, reconciliations of bank and accounting records, variance analysis, and periodic audits and reviews. E. Information and Communication - Pertinent information that is identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. Internal control is about people, operations, communications, and the work environment. It is not about policies and forms, though it takes shape through the implementation of relevant policies, procedures, and practices. F. Monitoring - Process that assesses the quality of internal controls over time. An effective system is able to react dynamically to changing conditions. G. Preventative Controls - Internal controls designed to catch or prevent errors and irregularities before they occur. Examples of Preventative Controls include the provision of procedure manuals and training, separation of duties in accounting processes, proper approval of transactions, the requirement of adequate documentation for transactions, and physical security measures such as locking doors and otherwise controlling assets. H. Risk Assessment - Process of identifying and analyzing risks related to the accomplishment of the USF System Institutions objectives. Risk types include financial, operational, strategic, compliance, and reputational. I. University Leadership - USF System Employees who are given fiscal, budgetary, and operational responsibility over a Business Function, as defined below. This includes those with administrative appointments serving as department chairs, deans, vice presidents, and anyone who is in a position to direct how USF System Institution s financial, capital, and human resources are utilized. J. USF System Employee - A person in one of the following position types: faculty, administration, staff, or temporary. Temporary employees include any person in an Other Personnel Services (OPS) position type. V. PROCESS STEPS/SPECIFIC PROVISIONS A. University Leadership responsible for a Business Function is expected to: 1. Set an appropriate tone at the top that reflects the USF System Institution s values and commitment to ethical conduct. 2. Establish and maintain an effective system of internal controls designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Safeguarding of assets c) Reliability of financial and operational reporting; and 3

122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 d) Compliance with USF System policies and procedures, applicable laws, and regulations. 3. Provide USF System Employees with policies and procedures that adequately communicate controls procedures in place, expectations for compliance, and consequences for non-compliance. 4. Take steps to ensure appropriate separation of duties so that one person s work routinely serves as a check on another s work and no one person has complete control over more than one key function or activity (e.g., separate authorizing, approving, certifying, disbursing, receiving, or reconciling activities). 5. Understand the system of internal controls in sufficient detail to support ongoing Monitoring of the systems effectiveness. 6. Provide for adequate supervision over those performing control functions to monitor that internal controls are operating as intended by pointing out errors, omissions, exceptions, and inconsistencies in procedures, and working with them to implement corrective and/or preventative measures. 7. Ensure departmental accounting and operational records and documents are examined and/or approved by USF System Employees who have sufficient understanding of the USF System Institution s accounting, financial, and operational systems; and verify that recorded transactions actually took place and were made in accordance with USF System policies and procedures. 8. Take steps to strengthen internal controls when significant weaknesses are detected. 9. Perform or update the annual Risk Assessment to assess the effectiveness of the internal control system in mitigating risk to an acceptable level. B. USF System Employees assigned financial and/or budgetary duties must: 1. Understand their own roles in the internal control system, how individual activities relate to the work of others, and have a means of communicating significant information to USF System Institution s Leadership. This includes disclosing any actual or potential conflicts of interest, which may result from their assigned financial role and the assigned financial role of a related person, as defined by USF System Policy 0-027, who is also a USF System Employee. 2. Certain USF System Employee types are required to annually review and confirm their internal control responsibilities as part of their annual Florida Code of Ethics (FCOE) disclosure in the edisclose system. This annual FCOE disclosure is required under USF System Policy 0-027 for the following USF System Employee position types: a. All faculty members; b. All administration employees; c. All staff employees issued a Procurement Card (PCard) or FAST role; and d. All temporary employees issued a PCard or FAST role. 4

163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 C. USF System Audit, external auditors, and/or representatives from the USF Controller s Office have the authority to review and measure the effectiveness of the controls established within the framework of this Policy as they relate to the USF System Institution s accounting, financial, and operating systems. In addition, they have the authority to make recommendations for improvements in internal controls. Upon issuance of an internal audit report, management is responsible for responding to findings and for implementing appropriate changes. *Current Responsible Office: USF System Audit *Refer to the appropriate Responsible Office website for a current name of the Vice President or other Responsible Officer. History: TBD 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback