Skip to Search Skip to Navigation Skip to Content

Section 1: Internal Control

Monitoring Plan for Segregation of Duties and Reconciliation of Accounts

Effective Date:

03/26/09

Approved By:

Kerry L. Kennedy, Vice President, Business Affairs

Last Revised On:

03/0614

For Assistance Contact:

Associate Vice President for Financial Affairs

Assistant Vice President, Financial Affairs and Controller

PURPOSE/SCOPE

To establish the monitoring plans for internal controls to ensure that funds are expended and recorded appropriately on the UTSA Annual Financial Report (AFR).

AUTHORITY

Required by UT System policy - UTS142.1- Policy on the Annual Financial Report.


UNIVERSITY GUIDELINES

Table of Contents

A. Responsibilities

Chief Administrative Officer: The Vice President for Business Affairs is the Chief Administrative Officer, and is responsible for certifying to the UT System Administration that The University of Texas at San Antonio’s financial statements are presented fairly, are materially accurate, and that any significant internal control deficiencies, material weaknesses and all known frauds have been reported and addressed.

Financial Reporting Officer: The Associate Vice President for Financial Affairs is the Financial Reporting Officer and is responsible for the development and update of a Monitoring Plan for Segregation of Duties and Reconciliation of Accounts (the Monitoring Plan). The Monitoring Plan should be risk-based but also include random monitoring of low-risk departments for the fiscal year. The Financial Reporting Officer, after consultation with the Institutional Audit Director, will provide the Monitoring Plan and any updates to the UT System Financial Reporting Officer by February 28 each year. The Financial Reporting Officer will certify annually that the Monitoring Plan was completed as approved. For more information on segregation of duties and reconciliation of accounts see UTSA Financial Management Operation Guidelines (FMOGs) Internal Control Overview, Statement of Accounts (SOA) Reconciliation Process, and Reconciliation of Student Financial Data.

University Controller: The University Controller is responsible for certifying to the Financial Reporting Officer that the financial statements have been prepared accurately and that any significant internal control deficiencies, material weaknesses and all known frauds have been reported and addressed. The University Controller is also responsible for implementation of the Monitoring Plan and reviews the Fiscal Management Sub-Certification responses to identify any potential issues with account reconciliations and/or segregation of duties.

Account Administrators: See section C, Management Certification and Fiscal Management Sub-Certification. For more information, see FMOG Fiscal Accountability and Stewardship of University Resources.

Institutional Audit Director: The Executive Director for Audit, Compliance, and Risk Services is the Institutional Audit Director. The Institutional Audit Director validates that the QARs occur annually and confirms that the Fiscal Management Sub-Certification responses are a factor in determining those selected for QARs.

B. Monitoring of Key Financial Business Processes

The following systems and business processes are monitored and controlled to manage risk to an acceptable level:

1. Segregation of Duties

Certain duties should be performed by separate individuals to reduce the risk of fraud or concealment of errors, and no one individual should have responsibility for all aspects of a transaction.

In general, the following transaction-related duties are considered incompatible and should be performed by separate individuals:

  • Initiating

  • Approving

  • Record keeping

  • Custody of an asset

  • Reconciling the related accounts

EXAMPLE: An individual should not initiate an order for equipment and also approve the payment; or an individual depositing cash should not also perform the related bank account reconciliation.

Managers should be aware of duties that are potentially incompatible and arrange assignments so that no employee has incompatible duties. Managers of smaller departments where segregation of some duties may not be feasible must implement compensating controls such as detailed management review of reconciliations.

The chart below identifies some examples of transactions with guidelines for segregation of duties.

Type of Transaction

Initiates

Approves

Records

Reconciles

Custody

Purchase of Goods/Services

Purchase Request

 

 

 

Person A

Approves Payment for Request

 

Person B

Accounting Records

 

Accounting Services

Statement of Account

 

 

Person C

Receives Goods

 

 

Person A

Cash/Check Receipts

Opens mail (with a second employee to provide assurance that all cash/checks received by mail are properly logged and deposited), logs receipts, and endorses checks

 

Person A

Makes deposit

 

 

 

 

 

 

 

Person B

Accounting Records

 

 

 

 

 

 

Accounting Services

Statement of Account

 

 

 

 

 

 

 

Person C

Instructs Bank

 

 

 

 

 

 

 

UTSA

 
2. Security Access to Administrative Systems for Transaction Approval

Various financial transactions require a minimum of one reviewer and one approver at the departmental level and at least one approver at the central office. This requirement is hardcoded in the current administrative system (DEFINE) and facilitated through workflow routing to ensure proper segregation of duties.

The following parties are involved in assuring internal controls are in place:

  • Account Administrators

  • Department Supervisors

  • Assistant Vice President Financial Affairs/University Controller (Assistant VP/Controller)

  • Purchasing Department

  • DEFINE Administrative Services

3. Receipt of Goods and Services

Goods received are matched on-line or manually with purchase order details and/or invoices; outstanding goods, receipt notes, purchase orders and/or invoices are investigated timely and accrued as appropriate; documents are canceled once matched or upon payment of the invoice to prevent reuse. Services must be noted by the department as provided, as required, prior to the payment of invoices.

On-the-job training is provided to all newly hired staff or position changes for purchasing and inventory. The Purchasing Office offers an online Purchasing Training course. Ad hoc training is also provided as issues arise. For more information on the Purchasing Training Course, see the Purchasing Office website.

The following parties are involved in assuring internal controls are in place:

  • Central Receiving

  • Department Supervisors

  • Department Staff

4. Review of Budget and Expenditures

Management is required to review actual expenditures compared to budget on a regular basis to help ensure fiscal accountability and solvency. Management is also expected to demonstrate fiduciary responsibility and to act in the best interest of UTSA.

Each month, Account Administrators receive Statement of Accounts reports (SOAs) which include: variances, trends, and detailed account transactions for all accounts within their responsibility. This information can also be accessed electronically by logging into DEFINE or UTDirect. UTDirect download instructions are available on the Accounting website.

Reconciliation of all SOAs must be completed each month. Evidence of the reconciliation must be supported by the signature of both the preparer and Account Administrator.

The following parties are involved in assuring internal controls are in place:

Statement of Accounts and reconciliation instructions are available on the Accounting Services website and in FMOG Statement of Accounts (SOA) Reconciliation Process. A training class is also available (AM 506 - Understanding the Statement of Accounts) through Human Resources Training and Development.

5. Cash Handling and Security

Departments must follow all requirements listed in FMOGs Cash Handling and Management and Processing Cash Payments. This includes departmental cash security policies, segregation of duties and timely reconciliations.

The following parties are involved in assuring internal controls are in place:

  • Account Administrators

  • Department Supervisors

  • Department Staff

On-the-job training is provided to all newly hired staff or position changes for cash handling. Ad hoc training is also provided as issues arise.

C. Management Certification and Fiscal Management Sub-Certification

Account Administrators are required to complete the Management Certification and Fiscal Management Sub-Certification annually for their accounts with $3,000 or more of activity, to include segregation of duties and timely reconciliations.  They also certify, among other things, that all significant internal control deficiencies and material weaknesses in internal controls that have been identified have been reported and addressed;


For more information, see FMOGs Internal Control Overview and Fiscal Management Sub-Certification Work Plan.

Account Administrators failing to submit a completed Management Certification and Fiscal Management Sub-Certification Survey for their accounts with $3,000 or more of activity are reported to the respective VP, Audit Director, the Financial Reporting Officer, and the Assistant VP/Controller.

Responses in these certifications are included in the criteria used to select the Account Administrators who will undergo a Quality Assurance Review.  Additionally, the University Controller will review the certification responses to identify any potential issues with account reconciliations and/or segregation of duties.


D. Quality Assurance Reviews

Quality Assurance Reviews (QARs) are performed by Institutional Compliance and Risk Services, and are intended to provide management with assurance that departmental internal controls are in place and are operating effectively. For more information, see the FMOG Internal Control Overview.

QARs also verify the integrity of responses to the annual Management Certification and Fiscal Management Sub-Certification Survey and help ensure that responses are in accordance with UT System financial accountability mandates.

QARS will cover Fiscal Management – General (including a review of segregation of duties, account reconciliations for revenue and expense accounts

A sample of Account Administrators from each Vice President (VP) area is selected annually to undergo a QAR. Account Administrators are selected based on a risk assessment including several criteria:

  • Level of expenditures and revenues

  • Audit and QAR History

  • Organizational change/turnover

  • Fiscal Management Sub-Certification

  • Management Certification

  • Requests by VPs

Approximately 20% of active Account Administrators are selected annually for a QAR using a risk assessment based on multiple criteria.  All Account Administrators identified as “high risk” based on the risk assessment are selected for a QAR that year, with a goal of every Account Administrator receiving a QAR at least once every five years.

QAR results are provided to the Account Administrator and immediate supervisor. Vice Presidents are provided a final summary report of all QARs in their area.

Institutional Compliance will perform on-site follow-ups for QARs with a significant overall risk level 90 days after the respective VP is notified. Institutional Compliance will contact the Office of Auditing and Consulting Services for further action if deficiencies noted in the original report are not corrected.

Reports of all significant findings and related follow-up activities are given to the Institutional Fraud Officer (VP for Business Affairs) and the Financial Reporting Officer (Associate VP for Financial Affairs).

A summary report of all QARs is provided annually to the President.

E.  Procard Audits and Reviews


The Procard/Travel Card Administration Office continuously monitors and reviews purchasing card (Procard) transactions, and utilizes management reports and periodic compliance audits and reviews to monitor departmental segregation of duties, reconciliation of accounts, and compliance with Procard requirements. Compliance audit results and recommendations are communicated to appropriate levels of management.


DEFINITIONS

Term

Description

Account Administrator

An individual with fiscal responsibility and decision-making authority for UTSA resources who has approval access to commit funding using the institutional financial accounting system. This is typically the department head for non-grant accounts and the principal investigator for grant accounts.

 

REFERENCES/LINKS

RELATED FORMS/WORKSHEETS

None at this time.


REVISION HISTORY

Date

Description

03/06/14

Added section "E" to table of contents and expanded section.

01/15/14

Updated the Management Assessment Tool link and deleting two items from the QAR (Quality Assurance Reviews) list.

02/20/13

Update segregation of duties chart.  Update Section B, 4 regarding SOAs on what is being included. Updated Secion B,5 on update to cash handling and security policy. Updated Section C instruction on management certification and fiscal management sub-certification.   Update to "REFERENCES/LINKS" section with current links.

02/22/12

Revised Management Certification and Fiscal Management Sub-Certification section to include description about $3,000 threshold of activity.

06/22/11

Added subsection Segregation of Duties to section Monitoring of Key Financial Business Processes. Revised the Review of Budget and Expenditures subsection as the SOA reconciliation process must be completed monthly and added links to the Accounting Services website and Statement of Accounts (SOA) Reconciliation Process FMOG for instructions.

03/22/11

Conducted minor edits for consistency and provided links to referenced FMOGs.

01/28/11

Conducted document clean-up for consistency and removal of duplicate information found in other FMOGs.

10/18/10

Added revised copies of the Management Certification and Sub-Certification survey samples.

11/10/09

Guideline published.

 


In All We Do, We Do With Excellence - Every Person - Every Day - Every Job