Education and Training
The Office of Internal Audit and Management Advisory Services offers educational and training opportunities to support University personnel. Staff members are available upon request to conduct presentations on internal control and fraud.
Some of the most common tips that we offer to management are…
Segregation of Duties
- Assign duties to different individuals
- Never let a single individual control a transaction or process from start to finish
- Separate incompatible duties, such as authorizing the purchase of an asset and then maintaining custody of that asset; or requesting access to a system or data, and actually controlling access to the system/data.
Security of Assets
- Physically control access to your department’s valuable assets – computers, iPads, iPods, mobile devices, cameras, other equipment
- Maintain a departmental inventory, and periodically review to ensure all assets are on hand
Protection of Sensitive Data
- Do not store sensitive data (such as student, patient, personnel, credit card data, SSNs, etc.) on local computers or portable media such as external hard drives or thumb drives. Use the University’s central storage platforms for such data.
- Control access to your department’s servers and central data storage locations. Periodically review the users who have access to your data (at least twice annually).
- Encrypt and physically secure any media that contain University data.
- Enable automatic, passphrase-protected screen savers on your computers, laptops, and other devices.
- If your department collects payments, comply with the University Cash Management Plan.
- Issue a pre-numbered receipt for all payments received, and retain a carbon copy of all receipts. Receipts should be used in numerical order.
- Ensure that a person who is not involved in the collection process reconciles the collection records with the Banner deposit information.
- Physically safeguard cash, checks, and credit card information. Change the combinations to any safes or other storage areas immediately upon the termination or transfer of personnel with knowledge of the combinations.
Transaction Review and Approval
- Periodically review the department’s expenses to ensure their validity and appropriateness (and to track whether or not you are operating within budget).
- Ensure that the people assigned to review and approve transactions are in a position to know whether or not they are related to a legitimate University business.
- Ensure that people assigned to review and approve transactions have the authority to disapprove or question specific expenses.