Self-Assessment Questionnaire of the Internal Audit Department, University of Virginia

Mailing Address:

P.O. Box 400190
Charlottesville, VA
22904-4190

Physical Address:

1001 N. Emmet St.
Carruthers Hall, 2nd Floor
Charlottesville, VA 22906

434-924-4110
434-924-4114
Email Us
See Map

Self-Assessment Questionnaire

The following list of internal control questions is organized by functional areas (such as Cash Receipts, Revenue, & Petty Cash or Payroll & Personnel). Key internal control practices are identified for each area. Answer each question to assess your own department's controls. At the end of each functional area, review your answers for practices or controls which are not in effect. These represent internal control weaknesses. For each weakness, determine the risk it represents to your operations, whether there are mitigating controls, and what action, if any, needs to be taken.

Cash Receipts, Revenue, and Petty Cash

Procurements and Disbursements

Payroll and Personnel

Cost Monitoring

Capital Equipment and Physical Safety/Security

Information Systems

Sponsored Program Review

Government Monitored Research

Tax Matters

Cash Receipts, Revenue, and Petty Cash

Segregation of Duties

Are the following responsibilities distributed among personnel so one person is not responsible for all aspects?:

Opening mail?

Endorsing checks?

Preparing Deposits?

Reconciling to budget statements

Are billing and collection duties distributed among personnel?

Safeguarding of Cash/Receipts

Are checks endorsed immediately upon receipt?

Are receipts kept in a secure location until deposit (e.g., safe, locked drawer, etc.)?

Is access to credit card terminals and cash registers restricted to authorized personnel?

Cash Receipt Processing

Are deposits made daily and/or in compliance with Bursar guidelines?

Are daily cash register readings recorded on the daily cash reports and reconciled to daily deposits?

Are processed credit card charges/credits handled properly and timely?

Are sales forms and invoices pre-numbered and accounted for to ensure all sales are billed and recorded?

Is an open receivable aging report generated and reconciled to open invoices and reviewed monthly?

Are accounts receivables reconciled to CUFS monthly?

Gift Receipts

Are receipts properly classified as gifts?

Are gift transmittals prepared timely?

Employee Reimbursements

Are receipts properly classified as employee reimbursements?

Are the receipts processed timely?

Nature and Source of Revenues

Are revenue sources properly classified?

Are potential sponsored program revenues channeled through the Office of Research and Sponsored Projects ORSP?

Petty Cash/Imprest Fund

Is access to the petty cash fund restricted to the petty cash custodian?

Are petty cash disbursements made upon presentation of approved petty cash payout forms with supporting documentation (e.g., receipts)?

Is the petty cash fund replenished frequently enough to ensure sufficient funds are available and expenses are charged to the proper fiscal year?

Is the petty cash fund in agreement with the general ledger (CUFS)?

Procurements and Disbursements

Segregation of Duties

Are the following responsibilities distributed among personnel so no one individual performs all aspects?:

Requisitioning of goods or services?

Approving expenditures?

Receiving of goods or services?

Reconciling disbursements to budget statements?

Is all appropriate supporting paperwork (requisition, etc.) retained with hard copy of PD?

Is A. 1-5 above followed, when applicable, for University Stores Program?

Proper Processing of Disbursements

Are blank purchase requisition (PR) forms kept secure?

Are records of numeric sequences kept for blank PR forms, so that missing forms will be detected?

Are disbursements appropriate to University purpose?

Is sales tax deducted before disbursements are made?

Are disbursements posted to appropriate objects of expense?

For purchases over $25,000, is the Single Source Justification form completed to document competitive bidding or selection of a single vendor?

Are individuals prohibited from using a University account to purchase items for personal use and subsequently reimburse the University?

Are payments made to independent contractors and/or consultants supported by a Consultant Services Form?

Are University guidelines followed when engaging and paying individuals, domestic and foreign?

Are staff and faculty in your department aware that all purchases of office, computer and lab supplies and equipment should be made through the Electronic Procurement and Payment System (EPPS), not through personal funds and reimbursement?

Does the department maintain a checking account, credit card or house account? If so, have they been canceled?

Are purchases processed in a timely manner(90-Day Rule)?

EPPS Approval Levels

Are approval levels proper according to the existing structure?

Are open encumbrances and suspense items cleared regularly?

Travel and Entertainment Expenses

Do Travel Expense (T&E) Reports:

Indicate the business purpose of the trip?

Indicate the dates traveling and the names of attendees?

Contain corroborating support such as conference brochures?

Contain receipts for all expenses greater than $25?

Include signature of traveler which certifies that expenses reflect bona fide business expenses?

Reflect approval by the employee's immediate supervisor?

Reflect timely submittal of charges subsequent to the trip?

Is a T & E completed, page 1 and 2, for all entertainment?

Are non-travel expense reports completed for all reimbursements that are not travel or entertainment related?

Are T & E forms reviewed for non-allowable charges per Univ. Travel Policy?

Are exception forms completed for justified departures from guidelines?

Are food expenses submitted for reimbursement supported by a T & E?

Are visitors provided with the Payment Packet & Forms for Non-resident Aliens when they need to request reimbursement for expenses?

Is the UNIV. Travel Agency used?

Are the UNIV. Entertainment Guidelines followed?

Payroll and Personnel

Segregation of Duties

Are payroll processing and reconciliation duties distributed among employees so that no single individual has control over:

All aspects of processing?

Custody of payroll checks?

Reconciliation of the Payroll Expense Distribution Report to the budget statements?

Is access to payroll records, personnel files, and other confidential information restricted to authorized personnel?

Does the supervisor maintain possession of time records after supervisory approval but before submission to Payroll for processing?

Are detailed job descriptions maintained for all positions?

Time Records

Does the immediate supervisor review employee time records for accuracy and completeness and sign them prior to processing?

In regards to overtime:

Does proper authorization exist for overtime incurred?

Is there a proper reason overtime is being incurred?

Are the correct hourly wage rates in effect?

Are temporary employee hours and work-study employee earnings monitored to ensure respective limits are not exceeded?

Monitoring Time Off

Are records maintained to monitor and verify exempt vacation, sick, and personal days taken and available? For non-exempt employees?

Do supervisors review these records annually before a report is sent to Human Resources for annual vacation and sick time accrual?

Human Resources Procedures

Is the Department of Human Resources notified of a new employee prior to his/her date of hire?

Is documentation prepared in support of a good faith search when positions are filled?

Are procedures in place for new hire orientation?

Are exit interviews held with terminated employees to recover UNIV. property (e.g., keys, equipment, etc.)?

Are signature authorities, passwords, and authorization codes canceled timely for terminated employees?

Is Risk Management notified of visiting scholars?

Does the department hire temporary employees? If so, are the necessary employment posters clearly displayed for all employees to see?

Are performance evaluations documented in writing and discussed with the employee? Does the employee's pay raise correlate to the ratings on the evaluation?

Are conflict of interest forms completed on an annual basis for exempt and nonexempt employees?

Does the department evaluate themselves? Do they set performance measurements?

Does the department maintain updated job descriptions for all positions?

Is your department aware of UNIV. policies and procedures related to such things as:

Cash Handling?

Conflict of Interest (for faculty, staff, & researchers)?

Copying and Use of Computer Software?

Equipment Control Disposal?

Security and Confidentiality of Data Files?

Human Resource Handbook and other guidelines?

Sponsored Project management?

Smoking in UNIV. buildings?

Purchasing?

Safety?

Travel?

Sexual Harassment?

Drugs and Alcohol?

Entertainment?

Does the department ensure that all employees are aware of the above policies and procedures?

Cost Monitoring

Are document files maintained to allow easy review and reconciliation of budget statements (e.g., filed by ORG and fiscal year; open items separate from closed items; date of reconciliation noted on document)?

Are all transactions (including IVs) on the budget statements reconciled to their supporting documentation? Are variances investigated and resolved?

Are notations made on the budget statements to indicate if each transaction was reconciled?

Are open encumbrances reviewed for validity and closed as needed?

If a shadow system is used:

Are input/output controls in place, formulas tested, and programs documented?

Is it reconciled to CUFS and corrections made as needed?

Are the duties of initiating transactions and performing budget reconciliations distributed among different individuals within the department?

Are long distance phone calls reviewed for propriety to ensure reimbursement to UNIV.?

Are telephone charges reimbursed timely?

Capital Equipment & Physical Safety/Security

Disposed Equipment Reporting

Are Equipment Request Forms prepared, approved by the department head, and sent to the Property Specialist when capital equipment is disposed of or sold?

Does the department maintain its own property listing for equipment valued below $5,000?

Does the department utilize the Property Surplus program?

Existence of Capital Equipment

Is the UNIV. Property Listing for the department verified periodically by comparison with actual equipment on hand?

Are all capital assets (with a cost of $5,000 or more) tagged with an UNIV. property tag?

Are stocked items inventoried on a periodic basis? Is access to inventories restricted to authorized personnel only? III. Safeguarding of Capital Equipment

Safeguarding of Capital Equipment

Are anti-theft devices used?

Are other measures used to safeguard highly portable capital equipment?

Physical Security

Are offices and work areas locked when unattended or access restricted to safeguard assets?

Are keys monitored and safe-guarded?

In regards to the latest inspection report issued by the Office of Research Safety is:

The department in compliance with safety regulations?

For any safety concerns/incidents cited in the report, has any corrective action been taken?

In regards to the latest report issued by Safety and Loss Prevention; has the building safety concerns been addressed?

Information Systems

Computing/Networking Policies & Procedures

Are passwords required to access critical data files? Are passwords (PC, network, or mainframe) kept confidential and changed regularly?

Are passwords disabled immediately when employees terminate? Are all appropriate security and system administrators notified when employees terminate or transfer?

Is screen blanking used for PCs in public areas where confidential data could be seen by unauthorized personnel or visitors?

Are critical software disks kept in a secure place (locked file, etc.)? Are critical hardware components secured by antitheft devices or through other security measures (locked office, etc.)?

Are critical computer files backed up frequently enough to ensure that minimal data, if any, is lost if original data is destroyed?

Are back-ups stored in a location physically separate from the original data?

Have back-up and recovery procedures been documented and tested? Has the system configuration been documented (hardware and software)?

Are all copies of software installed on computers supported by documentation of ownership?

Does the department have a record retention policy? for documents? computer files?

Are the records stored at a secured location?

Government Monitored Research

Under Construction

Tax Matters

Sales Tax Reporting

Are sales taxes collected on applicable sales and remitted to the State of Illinois as required by law?

Unrelated Business Income Tax (UBIT)

Are revenue generating activities reviewed for potential UBIT liability?

Are these activities reported to Accounting Services and Legal Counsel?

Employee versus Independent Contractor

Are revenue generating activities reviewed for potential UBIT liability?

Are these activities reported to Accounting Services and Legal Counsel?




Services Auditing Tools Frequently Asked Questions University Code of Ethics Staff Home Mailing Address: P.O. Box 400190 Charlottesville, VA 22904-4190 Physical Address: 1001 N. Emmet St. Carruthers Hall, 2nd Floor Charlottesville, VA 22906 434-924-4110 434-924-4114 Email Us See Map		Self-Assessment Questionnaire The following list of internal control questions is organized by functional areas (such as Cash Receipts, Revenue, & Petty Cash or Payroll & Personnel). Key internal control practices are identified for each area. Answer each question to assess your own department's controls. At the end of each functional area, review your answers for practices or controls which are not in effect. These represent internal control weaknesses. For each weakness, determine the risk it represents to your operations, whether there are mitigating controls, and what action, if any, needs to be taken. Cash Receipts, Revenue, and Petty Cash Procurements and Disbursements Payroll and Personnel Cost Monitoring Capital Equipment and Physical Safety/Security Information Systems Sponsored Program Review Government Monitored Research Tax Matters Cash Receipts, Revenue, and Petty Cash Segregation of Duties Are the following responsibilities distributed among personnel so one person is not responsible for all aspects?: Opening mail? Endorsing checks? Preparing Deposits? Reconciling to budget statements Are billing and collection duties distributed among personnel? Safeguarding of Cash/Receipts Are checks endorsed immediately upon receipt? Are receipts kept in a secure location until deposit (e.g., safe, locked drawer, etc.)? Is access to credit card terminals and cash registers restricted to authorized personnel? Cash Receipt Processing Are deposits made daily and/or in compliance with Bursar guidelines? Are daily cash register readings recorded on the daily cash reports and reconciled to daily deposits? Are processed credit card charges/credits handled properly and timely? Are sales forms and invoices pre-numbered and accounted for to ensure all sales are billed and recorded? Is an open receivable aging report generated and reconciled to open invoices and reviewed monthly? Are accounts receivables reconciled to CUFS monthly? Gift Receipts Are receipts properly classified as gifts? Are gift transmittals prepared timely? Employee Reimbursements Are receipts properly classified as employee reimbursements? Are the receipts processed timely? Nature and Source of Revenues Are revenue sources properly classified? Are potential sponsored program revenues channeled through the Office of Research and Sponsored Projects ORSP? Petty Cash/Imprest Fund Is access to the petty cash fund restricted to the petty cash custodian? Are petty cash disbursements made upon presentation of approved petty cash payout forms with supporting documentation (e.g., receipts)? Is the petty cash fund replenished frequently enough to ensure sufficient funds are available and expenses are charged to the proper fiscal year? Is the petty cash fund in agreement with the general ledger (CUFS)? Procurements and Disbursements Segregation of Duties Are the following responsibilities distributed among personnel so no one individual performs all aspects?: Requisitioning of goods or services? Approving expenditures? Receiving of goods or services? Reconciling disbursements to budget statements? Is all appropriate supporting paperwork (requisition, etc.) retained with hard copy of PD? Is A. 1-5 above followed, when applicable, for University Stores Program? Proper Processing of Disbursements Are blank purchase requisition (PR) forms kept secure? Are records of numeric sequences kept for blank PR forms, so that missing forms will be detected? Are disbursements appropriate to University purpose? Is sales tax deducted before disbursements are made? Are disbursements posted to appropriate objects of expense? For purchases over $25,000, is the Single Source Justification form completed to document competitive bidding or selection of a single vendor? Are individuals prohibited from using a University account to purchase items for personal use and subsequently reimburse the University? Are payments made to independent contractors and/or consultants supported by a Consultant Services Form? Are University guidelines followed when engaging and paying individuals, domestic and foreign? Are staff and faculty in your department aware that all purchases of office, computer and lab supplies and equipment should be made through the Electronic Procurement and Payment System (EPPS), not through personal funds and reimbursement? Does the department maintain a checking account, credit card or house account? If so, have they been canceled? Are purchases processed in a timely manner(90-Day Rule)? EPPS Approval Levels Are approval levels proper according to the existing structure? Are open encumbrances and suspense items cleared regularly? Travel and Entertainment Expenses Do Travel Expense (T&E) Reports: Indicate the business purpose of the trip? Indicate the dates traveling and the names of attendees? Contain corroborating support such as conference brochures? Contain receipts for all expenses greater than $25? Include signature of traveler which certifies that expenses reflect bona fide business expenses? Reflect approval by the employee's immediate supervisor? Reflect timely submittal of charges subsequent to the trip? Is a T & E completed, page 1 and 2, for all entertainment? Are non-travel expense reports completed for all reimbursements that are not travel or entertainment related? Are T & E forms reviewed for non-allowable charges per Univ. Travel Policy? Are exception forms completed for justified departures from guidelines? Are food expenses submitted for reimbursement supported by a T & E? Are visitors provided with the Payment Packet & Forms for Non-resident Aliens when they need to request reimbursement for expenses? Is the UNIV. Travel Agency used? Are the UNIV. Entertainment Guidelines followed? Payroll and Personnel Segregation of Duties Are payroll processing and reconciliation duties distributed among employees so that no single individual has control over: All aspects of processing? Custody of payroll checks? Reconciliation of the Payroll Expense Distribution Report to the budget statements? Is access to payroll records, personnel files, and other confidential information restricted to authorized personnel? Does the supervisor maintain possession of time records after supervisory approval but before submission to Payroll for processing? Are detailed job descriptions maintained for all positions? Time Records Does the immediate supervisor review employee time records for accuracy and completeness and sign them prior to processing? In regards to overtime: Does proper authorization exist for overtime incurred? Is there a proper reason overtime is being incurred? Are the correct hourly wage rates in effect? Are temporary employee hours and work-study employee earnings monitored to ensure respective limits are not exceeded? Monitoring Time Off Are records maintained to monitor and verify exempt vacation, sick, and personal days taken and available? For non-exempt employees? Do supervisors review these records annually before a report is sent to Human Resources for annual vacation and sick time accrual? Human Resources Procedures Is the Department of Human Resources notified of a new employee prior to his/her date of hire? Is documentation prepared in support of a good faith search when positions are filled? Are procedures in place for new hire orientation? Are exit interviews held with terminated employees to recover UNIV. property (e.g., keys, equipment, etc.)? Are signature authorities, passwords, and authorization codes canceled timely for terminated employees? Is Risk Management notified of visiting scholars? Does the department hire temporary employees? If so, are the necessary employment posters clearly displayed for all employees to see? Are performance evaluations documented in writing and discussed with the employee? Does the employee's pay raise correlate to the ratings on the evaluation? Are conflict of interest forms completed on an annual basis for exempt and nonexempt employees? Does the department evaluate themselves? Do they set performance measurements? Does the department maintain updated job descriptions for all positions? Is your department aware of UNIV. policies and procedures related to such things as: Cash Handling? Conflict of Interest (for faculty, staff, & researchers)? Copying and Use of Computer Software? Equipment Control Disposal? Security and Confidentiality of Data Files? Human Resource Handbook and other guidelines? Sponsored Project management? Smoking in UNIV. buildings? Purchasing? Safety? Travel? Sexual Harassment? Drugs and Alcohol? Entertainment? Does the department ensure that all employees are aware of the above policies and procedures? Cost Monitoring Are document files maintained to allow easy review and reconciliation of budget statements (e.g., filed by ORG and fiscal year; open items separate from closed items; date of reconciliation noted on document)? Are all transactions (including IVs) on the budget statements reconciled to their supporting documentation? Are variances investigated and resolved? Are notations made on the budget statements to indicate if each transaction was reconciled? Are open encumbrances reviewed for validity and closed as needed? If a shadow system is used: Are input/output controls in place, formulas tested, and programs documented? Is it reconciled to CUFS and corrections made as needed? Are the duties of initiating transactions and performing budget reconciliations distributed among different individuals within the department? Are long distance phone calls reviewed for propriety to ensure reimbursement to UNIV.? Are telephone charges reimbursed timely? Capital Equipment & Physical Safety/Security Disposed Equipment Reporting Are Equipment Request Forms prepared, approved by the department head, and sent to the Property Specialist when capital equipment is disposed of or sold? Does the department maintain its own property listing for equipment valued below $5,000? Does the department utilize the Property Surplus program? Existence of Capital Equipment Is the UNIV. Property Listing for the department verified periodically by comparison with actual equipment on hand? Are all capital assets (with a cost of $5,000 or more) tagged with an UNIV. property tag? Are stocked items inventoried on a periodic basis? Is access to inventories restricted to authorized personnel only? III. Safeguarding of Capital Equipment Safeguarding of Capital Equipment Are anti-theft devices used? Are other measures used to safeguard highly portable capital equipment? Physical Security Are offices and work areas locked when unattended or access restricted to safeguard assets? Are keys monitored and safe-guarded? In regards to the latest inspection report issued by the Office of Research Safety is: The department in compliance with safety regulations? For any safety concerns/incidents cited in the report, has any corrective action been taken? In regards to the latest report issued by Safety and Loss Prevention; has the building safety concerns been addressed? Information Systems Computing/Networking Policies & Procedures Are passwords required to access critical data files? Are passwords (PC, network, or mainframe) kept confidential and changed regularly? Are passwords disabled immediately when employees terminate? Are all appropriate security and system administrators notified when employees terminate or transfer? Is screen blanking used for PCs in public areas where confidential data could be seen by unauthorized personnel or visitors? Are critical software disks kept in a secure place (locked file, etc.)? Are critical hardware components secured by antitheft devices or through other security measures (locked office, etc.)? Are critical computer files backed up frequently enough to ensure that minimal data, if any, is lost if original data is destroyed? Are back-ups stored in a location physically separate from the original data? Have back-up and recovery procedures been documented and tested? Has the system configuration been documented (hardware and software)? Are all copies of software installed on computers supported by documentation of ownership? Does the department have a record retention policy? for documents? computer files? Are the records stored at a secured location? Sponsored Program Review Are all contracts reviewed by ORSP and/or Legal Counsel, when applicable? Are restricted, sponsored program, and designated funds monitored to ensure they are used for their intended purposes? Is documentation available to support administrative and specific project costs for restricted accounts? Are recharge centers identified are properly handled? Is effort reporting done timely and accurately? Are transactions processed within the required 90-day time frame? Are the PARs signed by the research? Government Monitored Research Under Construction Tax Matters Sales Tax Reporting Are sales taxes collected on applicable sales and remitted to the State of Illinois as required by law? Unrelated Business Income Tax (UBIT) Are revenue generating activities reviewed for potential UBIT liability? Are these activities reported to Accounting Services and Legal Counsel? Employee versus Independent Contractor Are revenue generating activities reviewed for potential UBIT liability? Are these activities reported to Accounting Services and Legal Counsel?