Top 10 things that you can do to keep you and your employees out of trouble:
Employees should make sure to set passwords which aren’t easy to guess and are changed regularly. For example, ITS recommends that passwords be at least 6 characters long, not be a word that’s in a dictionary or a proper name, are a mixture of lowercase, uppercase, digits and punctuations, and not have more than 2 characters repeated in a row. Of particular importance is to make sure you don’t post these passwords, and especially don’t share them with anyone, including your boss.
9. Long distance calls
Make sure any long distance phone calls relate only to University business. Even if an employee makes a personal call and reimburses it, this causes a lot of extra work for the University in the fact that we have to collect the money, work up the deposit, make the deposit, record it in the Integrated System, and make sure everything reconciled. Those three 20 minute phone calls that were just made and reimbursed to the University at a cost of $3 ended up costing us quite a bit more to process. Not only is using the University’s phone system for personal calls against policy, it could put the University’s tax exempt status for long distance calls in jeopardy by using it for personal reasons.
8. Proper Use of University Assets
7. Segregation of duties
Don’t have one person handle all aspects of a transaction – recording, accounting, and reconciling. Have at least two, with a preference for three, people involved in transaction processing.
6. Safeguarding of Assets
Make sure assets – including data! – that are stored in your area are properly safeguarded. Cash should be properly secured at all times in a locked location accessible by as few people as possible. Paper records containing student, employee, or patient-related information should be properly secured and shouldn’t be left in an open area unattended. Make sure documents containing such information are properly disposed of by shredding it. Of course, may sure that you do this in accordance with record retention policies. Logical data should be properly stored and safeguarded through use of firewalls and properly backed up servers. This data should not be downloaded to a personal computer, but especially never a laptop. (Refer to recent incident at the Veterans Administration.)
5. Review of Reconciliations and Expenditures
If you have responsibilities related to the monthly project reconciliations, make sure you meet the deadlines, include the proper support, and obtain the necessary reviews and signatures. Your oversight responsibility isn’t limited to just the monthly project review, but even goes a step deeper to encompass your review of timesheets, travel vouchers, petty cash expenditures, and P-Card expenditures. Make sure you pay attention to what you are signing.
4. Know the policies of the University
If you aren’t sure of the answer then call the policy owner and ask for an interpretation, or even call the Audit Department. “We’re here to help you!”
3. Document, document, document
If you are having problems with an employee, make sure you keep good records. If someone is switching their time around with your permission, keep a record or document it in an e-mail. If something is a little unusual or different about a transaction, add a note to it if it will explain it better. If someone questions things several years down the road and a note is available to help explain the circumstance, your life will be much easier.
2. Pay attention to what your employees are doing
MBWA without hovering (ex: timesheets at ABC where the supervisor was having the employees record the exact time they were coming in each morning, leaving and coming back from lunch, and leaving for the day. However, the supervisor never left her office to observe her employees and see if the times being recorded were accurate. One of the best internal controls you can have is your observation of the activities going on around you.
1. Tone at the top
Your behavior sends a message to your employees. One of your best management tools is to set a good example. If the boss or supervisor doesn’t care or doesn’t do the right things, then the employees won’t care or do the right things.
We would like for you to use the Audit Department as a resource if you have questions or if you have noticed something that just doesn’t look right to you. We can help you look at your processes and make suggestions that will help you not only improve your controls but also assist in making your processes more efficient and effective.
There are a few things that we would like to draw your attention if you suspect wrongdoing either in your area or elsewhere at the University: