Latest information on operational modifications for fall 2021 Roadrunner Roadmap

Monitoring Plan for Segregation of Duties and Review of Financial Activity

Effective: 03/26/09 Approved By: Sr. Associate Vice President for Financial Affairs and Deputy CFO
Revised: 09/10/21
For Assistance Contact: Sr. Associate Vice President for Financial Affairs and Deputy CFO

Purpose/Scope

To establish the monitoring plan for internal controls to ensure that funds are expended and recorded appropriately within PeopleSoft, in order to ensure an accurate and complete UTSA Annual Financial Report.

Authority

UTS142.01

University Guidelines

Table of Contents
  1. Responsibilities
  2. Monitoring of Key Financial Business Processes
    1. Segregation of Duties
    2. Transaction Approval
    3. Receipt of Goods and Services
    4. Reconciliations and Reviews
    5. Cash Handling and Security
  3. Fiscal Management Sub-Certification
  4. Quality Assurance Reviews

A. Responsibilities

Certifications: The chief administrative officer (the UTSA president), chief financial officer (the UTSA senior vice president for Business Affairs) and financial reporting officer are required to complete certifications in accordance with University of Texas (UT) System UTS 142.1 — Policy on the Annual Financial Report; they will certify to UT System Administration that UTSA's financial statements are presented fairly and are materially accurate, and that any significant deficiencies and material weaknesses in the internal controls and all known frauds have been reported and addressed. The chief financial officer will also certify compliance with University of Texas (UT) System UTS 134 — Code of Ethics for Financial Officers and Employees, including knowledge of any violations. The chief audit executive annually certifies that this Monitoring Plan for Segregation of Duties and Review of Financial Activity (Monitoring Plan) has been reviewed and that known frauds have been reported and addressed.

Financial Reporting Officer: The financial reporting officer is responsible to the chief administrative officer for the integrity of UTSA's Annual Financial Report (AFR), including the establishment of efficient and effective internal controls over the preparation of the AFR.

The financial reporting officer is also responsible for developing, implementing and updating this Monitoring Plan. The Monitoring Plan should be risk-based but also include random samples of low-risk departments each fiscal year.

Department Managers: Department managers are expected to demonstrate fiduciary responsibility and to act in the best interests of UTSA. See also Fiscal Management Sub-Certification. For more information, see Financial Guideline — Fiscal Accountability and Stewardship of University Resources.

Institutional Compliance Officer: UTSA’s institutional compliance officer oversees Quality Assurance Review (QAR) processes. In addition, the compliance manager reviews and approves final results of the QAR process.

Chief Audit Executive: UTSA's chief audit executive performs an annual risk assessment of this Monitoring Plan, which includes validating the annual performance of QARs and confirming that Fiscal Management Sub-Certification responses are considered in sampling for QARs.

B. Monitoring of Key Financial Business Processes

The financial reporting officer reviews annual Fiscal Management Sub-Certification responses in order to monitor reconciliation processes and segregations of financial duties and to identify any potential issues.

The following systems and business processes are monitored and controlled to manage risk to an acceptable level.

1. Segregation of Duties

Certain duties should be performed by separate individuals to reduce the risk of fraud or concealment of errors, and no one individual should have responsibility for all aspects of a transaction.

In general, the following transaction-related duties are considered incompatible and should be performed by separate individuals:

  • Initiating
  • Approving
  • Record keeping
  • Custody of an asset
  • Reconciling the related accounting records

EXAMPLE: An individual should not initiate an order for equipment and also approve the payment; an individual depositing cash should not also perform the related bank account reconciliation.

Managers should be aware of duties that are potentially incompatible and arrange assignments so that no employee has incompatible duties. Managers of smaller departments where segregation of some duties may not be feasible must implement compensating controls such as detailed management review of reconciliations.

The chart below identifies some examples of transactions with guidelines for segregation of duties.

Type of Transaction Initiates Approves Records Reconciles Custody
Purchase of Goods/Services

Purchase Request

Person A

Approves Payment

Person B

Accounting Records


Accounting Svcs

Monthly Financial Activity

Person C

Receives Goods

Person A
Cash/Check Receipts

Opens mail (with a second employee to provide assurance that all cash/checks received by mail are properly logged and deposited), logs receipts, and endorses checks


Person A

Makes deposit

Person B

Accounting Records


Accounting Svcs

Monthly Financial Activity

Person C

Instructs Bank


UTSA
2. Transaction Approval

Financial transactions require a minimum of one initiator, one approver at the departmental level and at least one approver in the back office. Journal entries are entered by the initiator but not posted in PeopleSoft until reviewed and approved by a manager to help ensure proper segregation of duties. Financial transactions and journal entries are processed through workflow controls in PeopleSoft.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Department supervisors
  • Assistant vice president for Financial Affairs and controller (AVPFA/controller)
  • Associate vice president for People Excellence
  • Purchasing Department
  • University Technology Solutions
3. Receipt of Goods and Services

Certain types of purchases require receipt documentation. Departments complete receiving documents in Rowdy Exchange/Jaggaer when goods are received. These documents are matched with corresponding purchase orders and invoices within PeopleSoft. If there are discrepancies between documents, or if one of the documents is missing, PeopleSoft system controls will prevent payment. All missing documents and discrepancies between the documents are to be investigated timely and appropriate action taken.

The following parties are involved in ensuring internal controls are in place:

  • Central Receiving
  • Department supervisors
  • Department staff
4. Reconciliations and Reviews

Department Reconciliations

Department managers are required to review actual revenue and expenditures compared to budget on a regular basis to help ensure fiscal accountability and solvency. Before the department manager reviews the monthly financial activity, a different employee completes the reconciliation of transactions in SAHARA (an automated reconciliation tool contained within PeopleSoft). For more information, see Financial Guideline — Department Financial Reviews.

Monitoring of Department Reconciliations and Reviews

The Office of Institutional Compliance and Risk Services will use the data within SAHARA in its annual risk assessment for Quality Assurance Reviews (QARs). Departments that have not reconciled or documented reviews of activity on a timely basis are at higher risk of being selected in the QAR process. See Quality Assurance Reviews for more information.

Back Office Reconciliations

Accounting Services performs monthly bank reconciliations to verify the accuracy of accounting records and bank statements. Discrepancies are investigated and appropriate action is taken to correct accounting records or bank records.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Reconciliation preparers
  • Financial reporting officer

For more information, see the Accounting Services website.

5. Cash Handling and Security

Departments must follow all requirements listed in Financial Guideline — Cash Handling and Management (Cash, Checks, Credit Cards) and Financial Guideline — Processing Cash Payments. These requirements include departmental cash security policies, segregation of duties and timely reconciliations.

The following parties are involved in ensuring internal controls are in place:

  • Department managers
  • Department supervisors
  • Department staff

Cash Handling 101 training is available on demand.

C. Fiscal Management Sub-Certification

Department managers are required to complete the Fiscal Management Sub-Certification in PeopleSoft annually for their Cost Centers/Project IDs. The annual sub-certification cannot be delegated. Department managers certify, among other items, that segregation of duties is maintained, timely reconciliations are completed and any suspected fraud is reported.

For more information, see Financial Guideline— Fiscal Management Sub-Certification.

Department managers failing to submit a completed Fiscal Management Sub-Certification for their Cost Centers/Project IDs will be reported to their respective vice president, the senior vice president for Business Affairs, the chief audit executive and the financial reporting officer.

Certification responses are included in the criteria used to select the department managers who will undergo a Quality Assurance Review. Additionally, the AVPFA/controller will review the certification responses to identify any potential issues with reconciliations and/or segregation of duties.

D. Quality Assurance Reviews

QARs are performed by Institutional Compliance & Risk Services and are intended to provide management with assurance that departmental internal controls are in place and are operating effectively.

QARs also verify the integrity of responses to the annual Fiscal Management Sub-Certification and help ensure that responses are in accordance with UT System financial accountability requirements.

A sample of department managers from each vice president’s area is selected annually to undergo a QAR. This sampling means 20% of active department managers are selected annually for a QAR, with a goal of every department manager receiving a QAR at least once every five years. Department managers are selected based on a risk assessment including several criteria:

  • Level of expenditures and revenues
  • Whether Cost Centers/Project IDs are reconciled and reviewed on a timely basis
  • Audit and QAR history
  • Organization change/turnover
  • Fiscal Management Sub-Certification responses
  • Requests by vice presidents

All department managers identified as "high risk" based on the risk assessment are selected for a QAR that year.

Areas included in QARs are:

  • Timeliness of monthly reconciliations and reviews
  • Quality of reconciliation process as guided by the requirements (see Financial Guideline — Department Financial Reviews)
  • Department manager's review process
  • Fiscal management - purchasing
  • Fiscal management - cash handling
  • Fiscal management - gifts
  • Capital asset management
  • Information security

QAR results are provided to the department manager and immediate supervisor. Vice presidents are provided a final summary of the results from all QARs performed in their areas.

Institutional Compliance and Risk Services performs on-site follow-ups for QARs with a significant overall risk level 90 days after the respective vice president is notified. Institutional Compliance and Risk Services contacts the Office of Auditing and Consulting Services for further action if issues of concern are not corrected.

Reports of all significant findings and related follow-up activities are given to the senior vice president for Business Affairs and the financial reporting officer.

Related Forms

None at this time.

Revision History

Date Description
09/10/21 Slight updates to clarify cash handling training and QAR selection processes. Editorial updates including new position titles.
10/09/20 Significant updates to reflect new processes. Guideline renamed from “Monitoring Plan for Segregation of Duties and Reconciliation of Accounts” to “Monitoring Plan for Segregation of Duties and Review of Financial Activity”.
05/21/19 Updates to section A based on UTS 142.1; updates to header section; and editorial changes throughout.
02/28/17
  • Section A. Responsibilities - removed sentence regarding the Financial Officer requirement to provide Monitoring Plan to UT System Financial Reporting Officer by February 28.
  • References/Links - updated the Management Assessment tool link.
  • Section D. – provided more information and facts regarding the QAR assessment.