1 / 32

Fiscal Compliance for Department Heads & Directors

Learn about fiscal misconduct risks, controls, and compliance policies for department heads and directors in higher education institutions. Understand the importance of internal control assessments and reporting suspected legal and policy violations.

moreno
Download Presentation

Fiscal Compliance for Department Heads & Directors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fiscal Compliance for Department Heads & Directors Daniel Adams Audit Services

  2. Overview • Introduction and background • Compliance hotline and related policies • Fiscal misconduct risks and controls

  3. Audit Services’ Mission … to provide independent, objective assurance and advisory services designed to add value and improve the operations of Montana State University. Source: http://www.montana.edu/audit/iaas_charter.html

  4. About Audit Services • Evaluate (internal) control processes • Monitor: • Compliance with policies, procedures, laws and regulations • Means of safeguarding assets • Risk management processes • Quality and continuous improvement in operations • Investigate suspected fiscal misconduct Source: http://www.montana.edu/audit/iaas_charter.html

  5. Characteristics of Higher Education • Large organizations • Offices with functional (e.g., finance, HR) expertise • Decentralized • Partially taxpayer funded • Highly regulated • Less hierarchical relationship between supervisors and personnel in some units

  6. Control DefinitionInternational Organization for Standardization (ISO) Administrative, managerial, technical or legal methods for managing risk, including policies, procedures, guidelines, practices or organizational structures Source: ISO 27000 Information security management systems.

  7. Risk Definition (ISO) Combination of the probability (likelihood) of an event and its consequence (impact) Source: ISO 27000 Information security management systems.

  8. Who is responsible for internal control at MSU?

  9. GAO on Internal Control Management is responsiblefor an effective internal control system. However, personnelthroughout an entity play important rolesin implementing and operating an effective internal control system. Source: Standards for Internal Control in the Federal Government. GAO. September 2014.

  10. Guidance on Internal Control Internal Control Assessments These questionnaires were designed to make it easy for staff members to determine if their units have implemented many of the control activities that are commonly needed at MSU and are based on MSU and State of Montana policies and procedures and sound administrative practices. http://www.montana.edu/audit/guidance.html

  11. 3 Lines of Defense for Risk Management(Institute of Internal Auditors Position Paper, January 2013)

  12. www.msucompliancehotline.ethicspoint.com

  13. Reporting Suspected Legal, Regulatory and Policy Violations Montana State University encourages all faculty, staff, students, and volunteers, acting in good faith, to report suspected legal, regulatory or policy violations. The university is committed to protecting individuals from retaliation for making a good faith report. http://www.montana.edu/policy/reporting-violations/

  14. Reporting Suspected Legal, Regulatory and Policy Violations False allegation. Any employee or volunteer who knowingly or with reckless disregard for the truth gives false information or knowingly makes a false report of wrongful conduct or a subsequent false report of retaliation may be subject to disciplinary action, up to and including termination. http://www.montana.edu/policy/reporting-violations/

  15. Fiscal Misconduct Policy Any employee or student associated with the University who knows of or suspects fiscal misconduct should promptly notify one of the following: the director of Institutional Audit & Advisory Services, Legal Counsel, or director of University Police. http://www.montana.edu/policy/fiscal_misconduct/audit100.html

  16. Fiscal Misconduct Definition Examples include: • embezzlement; • misappropriation of goods, services, or resources; • diversion of assets; • conflict of interest situations, • violation of state or University fiscal policies and procedures and • use of University facilities and equipment for personal gain; and • any activity related to intentional wrongdoing and improper behavior related to state financial matters. http://www.montana.edu/policy/fiscal_misconduct/audit100.html

  17. Montana Code Annotated (MCA) 5-13-309. Information from state agencies. (3) The head of each state agency shall immediately notify both the attorney general and the legislative auditor in writing upon the discovery of any theft, actual or suspected, involving state money or property under that agency's control or for which the agency is responsible. http://leg.mt.gov/bills/mca/5/13/5-13-309.htm

  18. BOR Policy 930.1 – Internal Audit Reports An internal audit report for a campus of the Montana University System shall be provided to the Commissioner's Office when the report contains a conclusion that there has been or may have been a violation of institutional or system policy or of state or federal law.  http://www.mus.edu/borpol/bor900/9301.htm

  19. Fiscal Misconduct Process • Receive report and discuss with fiscal misconduct committee • Gather background data, records and process information • Conduct interviews • Issue reports • Review report • Control report

  20. Likelihood of Fiscal Misconduct Issues(Impact is somewhat negatively correlated to likelihood)

  21. Risk: Misappropriation of equipment • Controls: • Property Management Office is contacted for compliant disposition of property • Maintain listing of minor and sensitive equipment • Physical inventories of this listing are conducted every two years

  22. Risk: Personal use of equipment or supplies • Controls: • Supervisory communication of expectations and oversight of activities

  23. Risk: Use of purchasing card for personal (or other unallowable) expenses • Controls: • Unit-level review of purchasing card reports • Staff member could review most transactions • Supervisor could review transactions conducted by report preparer • Purchasing card only used by cardholder

  24. Risk: Costs charged to sponsored programs are unallowable • Controls: • PIs are knowledgeable of grant rules • Grant accountants are empowered to question allowability of costs

  25. Source: Grants Allowable – University of Washington and NSF. UW Internal Audit. August 5, 2014.

  26. Source: Grants Allowable – University of Washington and NSF. UW Internal Audit. August 5, 2014.

  27. Risk: Revenue collections are misappropriated • Controls: • Duties are segregated or compensating controls are implemented • Segregate collection from daily balancing/depositing • Records of initial receipt must be retained

  28. Departmental Revenue Collection Procedures Model This document should be used by departments as a guide for the development or enhancement of their revenue collection procedures and should be tailored to each department’s specific situation. Developing and following good procedures for revenue collection is important to protect the university’s assets but also to protect staff collecting revenue in the event that significant shortages or reductions in annual revenue occur. http://www.montana.edu/audit/guidance.html

  29. Risk: Private interest negatively impacts an employee’s university activities • Controls: • Conflicts of interest are disclosed • Conflict management plans are developed and followed http://www.montana.edu/policy/conflict_of_interest/

  30. Risk: Falsification of payroll records • Controls: • Employees submit time worked themselves • Supervisor with knowledge of employee’s activities reviews time submitted

  31. MSU Policies and Procedures • http://www.montana.edu/policy/ • http://www.montana.edu/policy/personnel/ • http://www.montana.edu/policy/business_manual/ • http://www.montana.edu/policy/purchasing/ • http://www.montana.edu/policy/property/manual.html • http://www.montana.edu/research/osp/piguide/index.html

  32. Thanks!

More Related