Monitoring Plan for Segregation of Duties and Review of Financial Activity

Purpose/Scope

To establish the monitoring plan for internal controls to ensure that funds are expended and recorded appropriately within PeopleSoft, in order to ensure an accurate and complete UTSA Annual Financial Report.

Authority

UTS142

University Guidelines

Table of Contents
  1. Responsibilities
  2. Monitoring of Key Financial Business Processes
    1. Segregation of Duties
    2. Transaction Approval
    3. Receipt of Goods and Services
    4. Reconciliations and Reviews
    5. Cash Handling and Security
  3. Fiscal Management Sub-Certification
  4. Quality Assurance Reviews

A. Responsibilities

Certifications: The chief administrative officer (the UTSA president), chief financial officer (the UTSA senior vice president for Business Affairs) and financial reporting officer are required to complete certifications in accordance with UTS142; they will certify to UT System Administration that UTSA's financial statements are presented fairly and are materially accurate, and that any significant deficiencies and material weaknesses in the internal controls and all known frauds have been reported and addressed. The chief financial officer also certifies compliance with University of Texas (UT) System UTS 134 — Code of Ethics for Financial Officers and Employees, including knowledge of any violations. The chief audit executive annually certifies that this Monitoring Plan for Segregation of Duties and Review of Financial Activity (Monitoring Plan) has been reviewed and that known frauds have been reported and addressed.

Financial Reporting Officer: The financial reporting officer is responsible to the chief administrative officer for the integrity of UTSA's Annual Financial Report (AFR), including the establishment of efficient and effective internal controls over the preparation of the AFR.

The financial reporting officer is also responsible for developing, implementing and updating this Monitoring Plan. The Monitoring Plan should be risk-based but also include random samples of low-risk departments each fiscal year.

Department Managers: Department managers are expected to demonstrate fiduciary responsibility and to act in the best interests of UTSA (see also Fiscal Management Sub-Certification). For more information, see Financial Guideline — Fiscal Accountability and Stewardship of University Resources. Department managers should ensure that account reconciliations comply with Department Financial Review timeframes and oversee the monthly reconciliation process.

Institutional Compliance Officer: UTSA’s institutional compliance officer oversees Quality Assurance Review (QAR) processes. In addition, the compliance manager reviews and approves final results of the QAR process.

Chief Audit Executive: UTSA's chief audit executive performs an annual risk assessment of this Monitoring Plan, which includes validating the annual performance of QARs and confirming that Fiscal Management Sub-Certification responses are considered in sampling for QARs.

B. Monitoring of Key Financial Business Processes

The financial reporting officer reviews annual Fiscal Management Sub-Certification responses in order to monitor reconciliation processes and segregations of financial duties and to identify any potential issues.

The following systems and business processes are monitored and controlled to manage risk to an acceptable level.

1. Segregation of Duties

Certain duties should be performed by separate individuals to reduce the risk of fraud or concealment of errors, and no one individual should have responsibility for all aspects of a transaction.

In general, the following transaction-related duties are considered incompatible and should be performed by separate individuals:

  • Initiating
  • Approving
  • Record keeping
  • Custody of an asset
  • Reconciling the related accounting records

EXAMPLE: An individual should not initiate an order for equipment and also approve the payment; an individual depositing cash should not also perform the related bank account reconciliation.

Managers should be aware of duties that are potentially incompatible and arrange assignments so that no employee has incompatible duties. Managers of smaller departments where segregation of some duties may not be feasible must implement compensating controls such as detailed management review of reconciliations.

The chart below provides some examples of transactions with guidance for segregation of duties.

Type of Transaction Initiates Approves Records Reconciles Custody
Purchase of Goods/Services

Purchase request

Person A

Approves payment

Person B

Accounting records


Accounting Svcs

Monthly financial activity

Person C

Receives goods

Person D
Cash/Check Receipts

Opens mail (with a second employee to provide assurance that all cash/checks received by mail are properly logged and deposited), logs receipts and endorses checks


Person A

Makes deposit

Person B

Accounting records


Accounting Svcs

Monthly financial activity

Person C

Instructs bank


UTSA
2. Transaction Approval

Financial transactions require a minimum of one initiator, one department approver and at least one approver in the back office. For purchases and payments, the department approver should be someone who has the operational knowledge to know whether the transaction has a legitimate business purpose. Journal entries are entered by the initiator but not posted in PeopleSoft until reviewed and approved by a manager to help ensure proper segregation of duties. Financial transactions and journal entries are processed through workflow controls in PeopleSoft.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Department supervisors
  • Financial reporting officer
  • Associate vice president for People Excellence
  • Purchasing department
  • University Technology Solutions
3. Receipt of Goods and Services

Purchases require receipt documents or work completion documentation. Departments complete receiving documents in Rowdy Exchange when goods are received. Departments are required to document the completion of requested services. These documents are matched with corresponding purchase orders and invoices within PeopleSoft. If there are discrepancies between documents, or if one of the documents is missing, PeopleSoft system controls will prevent payment. All missing documents and discrepancies between the documents are to be investigated timely and appropriate action taken.

The following parties are involved in ensuring internal controls are in place:

  • Central Receiving
  • Department supervisors
  • Department staff
  • Disbursements and Travel Services
4. Reconciliations and Reviews

Department Reconciliations

Department managers are required to review actual revenue and expenditures against budget on a regular basis to help ensure fiscal accountability and solvency. Before the department manager reviews the monthly financial activity, a different employee completes the reconciliation of transactions in SAHARA (an automated reconciliation tool contained within PeopleSoft). For timeframes and more information, see Financial Guideline — Department Financial Reviews. The department reconciler should complete reconciliations by the end of the month following the month being reconciled. The department manager should ensure the reconciliation is completed and approved by six weeks after month-end. The QAR process will include review of the timeliness of reconciliations and approvals.

Monitoring of Department Reconciliations and Reviews

The Office of Institutional Compliance and Risk Services will use the data within SAHARA in its annual risk assessment for Quality Assurance Reviews (QARs). Departments that have not reconciled or documented reviews of activity on a timely basis are more likely to be selected in the QAR process. See Quality Assurance Reviews for more information.

Back Office Reconciliations

Accounting Services performs monthly bank reconciliations to verify the accuracy of accounting records and bank statements. Discrepancies are investigated and appropriate action is taken to correct accounting records or bank records.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Reconciliation preparers
  • Financial reporting officer
  • University bursar

For more information, see the Accounting Services website.

5. Cash Handling and Security

Departments must follow all requirements listed in Financial Guideline — Cash Handling and Management (Cash, Checks, Credit Cards) and Financial Guideline — Processing Cash Payments. These requirements include departmental cash security policies, segregation of duties and timely reconciliations.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Department supervisors
  • Department staff
  • University bursar

Cash Handling 101 training is available on demand.

C. Fiscal Management Sub-Certification

Department managers are required to complete the Fiscal Management Sub-Certification in PeopleSoft annually for their Cost Centers/Project IDs. The annual sub-certification cannot be delegated. Department managers certify, among other items, that segregation of duties is maintained, internal controls are established, timely reconciliations are completed and any suspected fraud is reported.

For more information, see Financial Guideline— Fiscal Management Sub-Certification.

Department managers failing to submit a completed Fiscal Management Sub-Certification for their Cost Centers/Project IDs will be reported to their respective vice president, the senior vice president for Business Affairs, the chief audit executive and the financial reporting officer.

Certification responses are included in the criteria used to select the department managers who will undergo a Quality Assurance Review. Additionally, the assistant vice president of Financial Affairs and controller will review certification responses to identify any potential issues with reconciliations and/or segregation of duties.

D. Quality Assurance Reviews

QARs are performed by Institutional Compliance & Risk Services and are intended to provide management with assurance that departmental internal controls are in place and are operating effectively.

QARs also verify the integrity of responses to the annual Fiscal Management Sub-Certification and help ensure that responses are in accordance with UT System financial accountability requirements.

A sample of department managers from each vice president’s area is selected annually to undergo a QAR. This sampling means 20% of active department managers are selected annually for a QAR, with a goal of every department manager receiving a QAR at least once every five years. Department managers are selected based on a risk assessment including several criteria:

  • Budget and expense amounts
  • Audit review/concern
  • Organizational change/turnover
  • QAR history
  • Fiscal Management Sub-Certification responses
  • Requests by vice presidents

All department managers identified as highest risk based on the risk assessment are selected for a QAR that year.

Areas included in QARs are

  • Timeliness of monthly reconciliations and reviews
  • Quality of reconciliation process as guided by the requirements (see Financial Guideline — Department Financial Reviews)
  • Department manager's review process
  • Fiscal management of purchasing
  • Fiscal management of cash handling
  • Fiscal management of gifts
  • Receiving of goods and services
  • Capital asset management
  • Information security
  • Conflict(s) of interest

QAR results are provided to the department manager and immediate supervisor. Vice presidents are provided a final summary of the results from all QARs performed in their areas.

Institutional Compliance and Risk Services performs on-site follow ups for QARs with a significant overall risk level 90 days after the respective vice president is notified. Institutional Compliance and Risk Services contacts the Office of Auditing and Consulting Services for further action if issues of concern are not corrected.

Reports of all significant findings and related follow-up activities are given to the relevant vice president (or delegate), the institutional fraud officer (the senior vice president for Business Affairs) and the financial reporting officer.

Related Forms

None at this time.

Revision History

Date Description
08/07/23 Updated department manager responsibilities (section A); added department reconciliation timeframes (B.4). Updated QAR and risk assessment processes (D).
06/27/22 Updated the segregation of duties guidance in section B.1; specified in section B.2. that approvers should have operational knowledge about the business purpose of transactions; updated the lists of parties who are involved in ensuring internal controls. Other minor updates throughout to clarify processes.
09/10/21 Slight updates to clarify cash handling training and QAR selection processes. Editorial updates including new position titles.
10/09/20 Significant updates to reflect new processes. Guideline renamed from “Monitoring Plan for Segregation of Duties and Reconciliation of Accounts” to “Monitoring Plan for Segregation of Duties and Review of Financial Activity”.