Latest information on vaccines and campus operations Roadrunner Roadmap

Monitoring Plan for Segregation of Duties and Review of Financial Activity

Effective: 03/26/09 Approved By: Sr. Associate Vice President for Financial Affairs and Deputy CFO
Revised: 10/09/20
For Assistance Contact: Sr. Associate Vice President for Financial Affairs and Deputy CFO

Purpose/Scope

To establish the monitoring plan for internal controls to ensure that funds are expended and recorded appropriately within PeopleSoft, in order to ensure an accurate and complete University of Texas at San Antonio (UTSA) Annual Financial Report.

Authority

UTS142.01

 

University Guidelines

Table of Contents
  1. Responsibilities
  2. Monitoring of Key Financial Business Processes
    1. Segregation of Duties
    2. Transaction Approval
    3. Receipt of Goods and Services
    4. Reconciliations and Reviews
    5. Cash Handling and Security
  3. Fiscal Management Sub-Certification
  4. Quality Assurance Reviews

A. Responsibilities

Certifications: The Chief Administrative Officer (the UTSA President), Chief Financial Officer  (the UTSA Vice President for Business Affairs), and Financial Reporting Officer are required to complete certifications in accordance with University of Texas (UT) System UTS 142.1 — Policy on the Annual Financial Report ; they will certify to UT System Administration that UTSA's financial statements are presented fairly, are materially accurate, and that any significant deficiencies and material weaknesses in the internal controls and all known frauds have been reported and addressed (see Financial Statement Certification Letter). The Chief Financial Officer will also certify compliance with University of Texas (UT) System UTS 134 — Code of Ethics for Financial Officers and Employees, including knowledge of any violations (see Financial Code of Ethics Certification). The Chief Audit Executive annually certifies that this Monitoring Plan for Segregation of Duties and Review of Financial Activity (the Monitoring Plan) has been reviewed and that known frauds have been reported and addressed.

Financial Reporting Officer: The Financial Reporting Officer is responsible to the Chief Administrative Officer for the integrity of UTSA's Annual Financial Report (AFR), including the establishment of efficient and effective internal controls over the preparation of the AFR.

The Financial Reporting Officer is also responsible for developing, implementing and updating this Monitoring Plan. The Monitoring Plan should be risk-based but also include random samples of low-risk departments each fiscal year.

Department Managers: Department Managers are expected to demonstrate fiduciary responsibility and to act in the best interests of UTSA. See also section C. Fiscal Management Sub-Certification. For more information, see Financial Guideline — Fiscal Accountability and Stewardship of University Resources.

Institutional Compliance Officer: UTSA’s Institutional Compliance Officer oversees Quality Assurance Reviews (QARs) processes. In addition, the Compliance Manager reviews and approves final results of the QAR process.

Chief Audit Executive: UTSA's Chief Audit Executive performs an annual risk assessment of this Monitoring Plan, which includes validating the annual performance of QARs and confirming that Fiscal Management Sub-Certification responses are a determining factor in sampling for QARs.

B. Monitoring of Key Financial Business Processes

The Financial Reporting Officer reviews annual Fiscal Management Sub-Certification survey responses in order to monitor reconciliation processes and segregations of financial duties, and to identify any potential issues.

The following systems and business processes are monitored and controlled to manage risk to an acceptable level:

1. Segregation of Duties

Certain duties should be performed by separate individuals to reduce the risk of fraud or concealment of errors, and no one individual should have responsibility for all aspects of a transaction.

In general, the following transaction-related duties are considered incompatible and should be performed by separate individuals:

  • Initiating
  • Approving
  • Record keeping
  • Custody of an asset
  • Reconciling the related accounting records

EXAMPLE: An individual should not initiate an order for equipment and also approve the payment; an individual depositing cash should not also perform the related bank account reconciliation.

Managers should be aware of duties that are potentially incompatible and arrange assignments so that no employee has incompatible duties. Managers of smaller departments where segregation of some duties may not be feasible must implement compensating controls such as detailed management review of reconciliations.

The chart below identifies some examples of transactions with guidelines for segregation of duties.

Type of Transaction Initiates Approves Records Reconciles Custody
Purchase of Goods/Services

Purchase Request
 

Person A

Approves Payment
 

Person B

Accounting Records

Accounting Svcs

Monthly Financial Activity

Person C

Receives Goods

Person A
Cash/Check Receipts Opens mail (with a second employee to provide assurance that all cash/checks received by mail are properly logged and deposited), logs receipts, and endorses checks
Person A

Makes deposit
 

Person B

Accounting Records

Accounting Svcs

Monthly Financial Activity

Person C

Instructs Bank

UTSA
2. Transaction Approval

Financial transactions require a minimum of one initiator, one approver at the departmental level and at least one approver in the back office. Journal entries are entered by the initiator but not posted in UTShare/PeopleSoft until reviewed and approved by a manager to help ensure proper segregation of duties. Financial transactions and journal entries are processed through workflow controls in UTShare/PeopleSoft.

The following parties are involved in ensuring internal controls are in place:

  • Department Managers
  • Department Supervisors
  • Associate Vice President for Financial Affairs and Controller (AVPFA)
  • Associate Vice President for People Excellence
  • Purchasing Department
  • University Technology Solutions
3. Receipt of Goods and Services

Certain types of purchases require receipt documentation. Departments complete receiving documents in Rowdy Exchange/Jaggaer when goods are received. These documents are matched with corresponding purchase orders and invoices within UTShare/PeopleSoft. If there are discrepancies between documents, or if one of the documents is missing, UTShare/PeopleSoft system controls will prevent payment. All missing documents and discrepancies between the documents are to be investigated timely and appropriate action taken.

The following parties are involved in ensuring internal controls are in place:

  • Central Receiving
  • Department Supervisors
  • Department Staff
4. Reconciliations and Reviews

Department Reconciliations

Department Managers are required to review actual revenue and expenditures compared to budget on a regular basis to help ensure fiscal accountability and solvency. Before the Department Manager reviews the monthly financial activity, a different employee completes the reconciliation of transactions in SAHARA (an automated reconciliation tool contained within UTShare/PeopleSoft). For more information, see Financial Guideline — Department Financial Reviews.

Monitoring of Department Reconciliations and Reviews

The Office of Institutional Compliance and Risk Services will use the data within SAHARA in its annual risk assessment for Quality Assurance Reviews (QARs).  Departments that have not reconciled or documented reviews of activity on a timely basis are at higher risk for being selected in the QAR process. See Quality Assurance Reviews for more information.

Back Office Reconciliations

The Accounting Services Department performs monthly bank reconciliations to verify the accuracy of accounting records and bank statements. Discrepancies are investigated and appropriate action is taken to correct accounting records or bank records.

The following parties are involved in ensuring internal controls are in place:

  • Department Managers
  • Reconciliation Preparers
  • Financial Reporting Officer

For more information see the Accounting Services website.

5. Cash Handling and Security

Departments must follow all requirements listed in Financial Guideline — Cash Handling and Management (Cash, Checks, Credit Cards) and Financial Guideline — Processing Cash Payments. This includes departmental cash security policies, segregation of duties and timely reconciliations.

The following parties are involved in ensuring internal controls are in place:

  • Department Manager
  • Department Supervisors
  • Department Staff

Cash handling training (AM 560) is offered every other month, and in-person ad hoc training is also provided as needed.

C. Fiscal Management Sub-Certification

Department Managers are required to complete the Fiscal Management Sub-Certification in UTShare/PeopleSoft annually for their Cost Centers/Project IDs. The annual sub-certification cannot be delegated. Department Managers certify, among other items, that segregation of duties is maintained, timely reconciliations are completed, and that any suspected fraud is reported.

For more information, see Financial Guideline— Fiscal Management Sub-Certification Work Plan.

Department Managers failing to submit a completed Fiscal Management Sub-Certification for their Cost Centers/Project IDs will be reported to their respective Vice President (VP), the Senior Vice President of Business Affairs, the Chief Audit Executive, and the Financial Reporting Officer.

Responses in these certifications are included in the criteria used to select the Department Managers who will undergo a Quality Assurance Review. Additionally, the AVPFA/Controller will review the certification responses to identify any potential issues with reconciliations and/or segregation of duties.

D. Quality Assurance Reviews

QARs are performed by Institutional Compliance & Risk Services, and are intended to provide management with assurance that departmental internal controls are in place and are operating effectively.

QARs also verify the integrity of responses to the annual Fiscal Management Sub-Certification and help ensure that responses are in accordance with UT System financial accountability requirements.

A sample of Department Managers from each Vice President (VP) area is selected annually to undergo a QAR. This sampling means 20% of active Department Managers are selected annually for a QAR, with a goal of every Department Manager receiving a QAR at least once every five years. Department Managers are selected based on a risk assessment including several criteria:

  • Level of expenditures and revenues
  • Whether cost centers/project IDs are reconciled and reviewed on a timely basis
  • Audit and QAR history
  • Organization change/turnover
  • Fiscal Management Sub-Certification responses
  • Requests by VPs

All Department Managers identified as "high risk" based on the risk assessment are selected for a QAR that year.

Areas included in QARs are:

  • Timeliness of monthly reconciliations and reviews
  • Quality of reconciliation process as guided by the requirements, see Financial Guideline — Department Financial Reviews
  • Department Manager's review process
  • Fiscal Management - Purchasing
  • Fiscal Management - Cash Handling
  • Fiscal Management - Gifts
  • Capital Asset Management
  • Information Security

QAR results are provided to the Department Manager and immediate supervisor. Vice Presidents are provided a final summary of the results from all QARs performed in their areas.

Institutional Compliance and Risk Services performs on-site follow-ups for QARs with a significant overall risk level 90 days after the respective VP is notified. Institutional Compliance and Risk Services contacts the Office of Auditing and Consulting Services for further action if issues of concern are not corrected.

Reports of all significant findings and related follow-up activities are given to the Vice President for Business Affairs and the Financial Reporting Officer.

Related Forms

None at this time.

Revision History

Date Description
10/09/20 Significant updates to reflect new processes. Guideline renamed from “Monitoring Plan for Segregation of Duties and Reconciliation of Accounts” to “Monitoring Plan for Segregation of Duties and Review of Financial Activity”.
05/21/19 Updates to section A based on UTS 142.1; updates to header section; and editorial changes throughout.
02/28/17
  • Section A. Responsibilities - removed sentence regarding the Financial Officer requirement to provide Monitoring Plan to UT System Financial Reporting Officer by February 28.
  • References/Links - updated the Management Assessment tool link.
  • Section D. – provided more information and facts regarding the QAR assessment.
02/11/16 Updating References/Links section. Updated Sections A Responsibilities and B Monitoring of Key Financial Business Processes