untitled.bmp

Best Practices

 

Efficiency and Effectiveness                            Policies and Procedures
Segregation of Duties                                        Reporting
Compensating Controls                                    Timeliness
Safeguarding Assets                                         Accounting
Review and Approval

 

 

Efficiency and Effectiveness

 

Efficient performance accomplishes goals and objectives in an accurate and timely manner using minimal resources.  Inefficiencies in operations occur when processes are performed that provide no additional benefit or value.  Operations are considered effective when they are functioning as intended.  If two individuals are both responsible for executing the same function within a process, a duplication of efforts would exist.  This is an inefficient and ineffective use of time and resources.

 

Inefficiency and ineffectiveness may result in a lack of resource availability and may cause a department to be unable to meet its objectives.  Generally this results in added operational costs to the University.   These costs could be measured in additional overtime wages needed to accomplish goals and objectives, unmet targets, lost productivity, or the inability to accept additional responsibility. 

 

Best Practices:

 

  1. Analyze business processes and identify and eliminate duplicated efforts.
  2. Streamline processes by reducing an non-value added procedures
  3. Identify any processes that have been done merely because "that's the way we've always done it".  Determine if those processes are still needed.  If they are, identify methods that would allow steps to be completed either more timely or effectively.
  4. Strive to process documents and transactions in a minimum required time to increase the efficiency and effectiveness of the department.
  5. Employ a cost-benefit methodology when analyzing and developing new processes.  If the costs outweigh the benefits, then consider eliminating the procedures or reduce the number of steps needed to complete the process.
  6. Think "outside of the box".  Look for more innovative ways to accomplish goals and objectives.
  7. Automate where possible.

 

Policies and Procedures

 

Written policies and procedures codify management's criteria for executing an organization's operations.  Developing and documenting policies and procedures is the responsibility of management.  Management should document business processes, personnel responsibilities, departmental operations, and promote uniformity in executing and recording transactions.  Thorough policies and procedures serve as effective training tools for staff and faculty.

If written policies and procedures do not exists, are inaccurate, incomplete, or not current, the following could result:

 

  • Inaccurate and unreliable financial records due to inappropriate recording of transactions
  • Inconsistent practices among employees and/or departments
  • Processing errors due to a lack of knowledge
  • Inability to enforce employee accountability

 

Best Practices:

 

  1. Document all significant all significant business practices, processes, and policies.
  2. Make the policies and procedures available to all personnel.
  3. Ensure they are accurate, complete and current at all times.
  4. Revise policies and procedures for changes in business processes and policies.  This is important when new systems are developed and implemented or other organizational changes occur.
  5. Communicate significant changes to all affected personnel to ensure they are aware of any revisions to their daily duties and responsibilities.
  6. Policies and procedures are only effective if people are aware and understand them.

 

Segregation of Duties

 

Duties within the department or function should be separated so that one person does not perform processing from the beginning to the end of a process.  Duties that should be separated include:

  • Authorization
  • Custody of Assets
  • Recording of Transactions

 

If an adequate separation of duties does not exist, the following could occur:

  • Misappropriation of Assets
  • Misstated financial statements
  • Inaccurate financial documentation
  • Improper use of funds or modification of data could go undetected

 

Best Practices:

 

  1. Design a system of checks and balances to decrease the likelihood of errors and irregularities.
  2. The person who prepares documentation should not be the same person to authorize and execute the transactions. Example: One person should not be able to accept cash, record deposits, make the deposit and reconcile the account.

 

 

 

Compensating Controls

 

Compensating Controls are less desirable then separation of duties because they generally occur after the transaction is complete (post audit). Relying completely on compensating controls is less desirable than separation of duties because it takes more resources to investigate and correct errors, and recover losses, than it does to prevent them. However, in some circumstances, departments do not have the staff resources to establish adequate separation of duties, so they have no choice in the matter. In these instances it is important for management to implement controls that compensate for the increased risk. Following is a list of the types of compensating controls a department can implement to address not having adequate separation of duties. This can be a valuable reference as well as a potential cost savings in the audit process when a control is more expensive to implement and test that it's compensating control counterpart.   

 

  1. Review Reports of Detail Transactions Charged to the Department - At a minimum, managers who have a staff member who can perform all the key activities of a transaction with no segregation of duties should be reviewing the reports of detail transactions for their department on a monthly basis to identify, investigate, and correct improper charges. An adequate review would consider the transaction date, vendor, description, dollar amount, and offset account, if any. Keep in mind that this review cannot be delegated to staff who can perform all the key activities of a transaction, as it would defeat the effectiveness of this compensating control!!
  2. Review Reports of Detail Transactions Initiated by the Person who Can Perform All the Key Activities of a Transaction -  A manager can periodically pull and review a report that identifies all the transactions created by staff who can perform all the key activities of a transaction. An adequate review would look at purchase dates, vendor name, description of transaction, ship to location, and the departments charged, to identify, investigate and correct improper transactions.
  3. Pull Sample of Transactions -  A manager can periodically pull and review the supporting documents for a sample selected from transactions charged to his/her department. An adequate review would address the same data as are covered under 'Review Reports of Detail Transactions'.
  4. Take Periodic Asset Counts and Compare to Accounting Records - If a department purchases a significant amount of equipment or other tangible assets, it may be effective to conduct periodic counts and compare to inventory records to ensure equipment and supplies are on-hand.
  5. Prepare Budget Analysis and Cost Trends: Investigate Discrepancies -  A less effective compensating control is the preparation and/or review of budget and trend analysis of expenditures. While this does not provide the specific detailed review, it can be a way to identify problem areas where further detailed review needs to take place.

 

 

Safeguarding Assets

 

Assets are the economic resources the University owns that are expected to be of benefit in the future.  Examples are cash, office supplies, merchandise, furniture, equipment, land, buildings and sensitive or confidential data. Protective measures must be taken to ensure that assets are maintained in a properly controlled and secured environment.  The most important type of protective measure for safeguarding assets is the use of physical precautions.  If physical precautions are not in place the following could occur:

 

  • Theft
  • Items may be lost or misplaced
  • Fraud may be committed using the unauthorized data
  • Unauthorized transactions or processing could occur if data is not adequately safeguarded
  • The University could incur added expenses and loss of revenue

 

Best Practices:

 

  1. Store assets in a secure, locked area.
  2. Cash should be stored preferably in a fire-proof safe.
  3. Restrict access to data and other assets to a limited number of individuals within the department.
  4. Ensure proper access controls are in place in systems.  User ID’s are unique and passwords are forced to be changed frequently by the system.

 

 

Review and Approval

 

When a process is performed within a department, there should always be another level of review and approval performed by a knowledgeable individual independent of the process.  The approval should be documented to verify that a review was performed.  Review and approval are controls to help management gauge whether operational and personnel goals and objectives are being met.

 

The lack of or inadequate review and approval could result in the following:

 

  • Errors may be overlooked resulting in misstatements that could affect financial, as well as, operational decisions.
  • Inaccurate or incomplete information in accounts and reports
  • The inability to detect irregularities

 

Best Practices:

 

  1. A thorough review of processes, transactions, and reports should be performed for accuracy, completeness, and timeliness.
  2. The reviewer should be someone who is knowledgeable about the items or areas being performed such that they are able to identify errors or omissions.
  3. The reviewer should preferably be someone who has the authority, who is able to authorize, provide direction, and make decisions about the items under review.
  4. The reviewer should be someone who does not perform the process.
  5. Evidence of the review and approval should be documented; signed and dated by the reviewer.

 

Timeliness

 

Timeliness means meeting the prescribed deadlines.

 

When deadlines are not met, the following could occur:

  • Inefficiencies could result
  • Fines or penalties could be imposed
  • Prospective projects or customers could be lost
  • Other operational processes could be negatively impacted

 

As the University continues to push to do more with less and create increased operational efficiencies, timeliness has become more important to the overall success of the University.  Timeliness is one area where all employees can analyze their workflows and identify ways to work smarter and save time.

 

Best Practices:

 

  1. Obtain an understanding of all the required deadlines particularly those that are “not negotiable” such as regulatory due dates.
  2. Build in adequate lead times to ensure the work product or report is complete, accurate, and has been reviewed before it is submitted. 
  3. Prioritize activities when critical deadlines are imminent.
  4. Ensure adequate resources are available, trained, and able to complete the tasks in order to meet the deadlines.
  5. If deadlines cannot be met, notify the appropriate parties in advance.  Determine if the deadline is negotiable.  Commit to the new date and be willing to do whatever it takes to meet it.
  6. Create a synergy within the department that embraces a philosophy that continuous process improvement means that a product is quality if it’s great and on time.

 

 

 

Reporting

 

Reporting is defined as disclosing facts about an entity.  These facts cold be financial, regulatory, or statistical in nature.  Decision makers use these facts to make assumptions about an entity.

 

Inaccurate or incomplete reporting could result in the following:

  • The loss of research funding and state appropriations
  • Difficulty obtaining debt financing
  • Reduced creditability

 

Best Practices:

 

Since decision makers rely on the facts provided in the reports, it is imperative that the information be:

  1. Accurate, complete, and current
  2. Fully disclosed
  3. Concise
  4. Objective
  5. Timely

 

 

Accounting

 

Accounting is a system that measures business activities, processes that information into reports, and communicates these findings to decision makers.  Two major controls of an accounting system are accurate posting of transactions and adequate account review and reconciliation.

 

Inadequate controls over an organizations’ accounting system could result in:

  • Misstated financial reports
  • Inaccurate and unreliable financial records

 

Best Practices:

 

To help ensure strong accounting controls exist, management should ensure:

 

  1. Employees are properly trained on performing accounting functions.
  2. Only authorized personnel can establish or modify accounting ledger attributes.
  3. Transactions, adjusting journal entries, and reports are reviewed for accuracy, completeness, and timeliness of processing before they are authorized.
  4. Accounts are reconciled monthly.
  5. Individual performing account reconciliations are independent of the cash receipts and disbursements process.
  6. Reconciling items, errors and omissions are identified and corrected on a timely basis.
  7. Account reconciliations are documented.
  8. Automated accounting systems are properly developed by knowledgeable accounting and computing staff.
  9. Automated accounting systems have the proper level of input and processing controls to ensure the integrity of the financial data being reported.
  10. A proper segregation of duties exists within the accounting function.