Monitoring Plan for Segregation of Duties and Review of Financial Activity
| Effective: | 03/26/09 | Approved By: Senior Associate Vice President for Financial Affairs and Chief Financial Officer | |
| Revised: | 08/07/23 |
For Assistance Contact: Senior Associate Vice President for Financial Affairs & Chief Financial Officer
|
|
Purpose/Scope
To establish the monitoring plan for internal controls to ensure that funds are expended and recorded appropriately within PeopleSoft, in order to ensure an accurate and complete UTSA Annual Financial Report.
Authority
UTS142
University Guidelines
Table of Contents
- Responsibilities
- Monitoring of Key Financial Business Processes
- Fiscal Management Sub-Certification
- Quality Assurance Reviews
A. Responsibilities
Certifications: The chief administrative officer (the UTSA president), chief financial officer (the UTSA senior vice president for Business Affairs) and financial reporting officer are required to complete certifications in accordance with UTS142; they will certify to UT System Administration that UTSA's financial statements are presented fairly and are materially accurate, and that any significant deficiencies and material weaknesses in the internal controls and all known frauds have been reported and addressed. The chief financial officer also certifies compliance with University of Texas (UT) System UTS 134 — Code of Ethics for Financial Officers and Employees, including knowledge of any violations. The chief audit executive annually certifies that this Monitoring Plan for Segregation of Duties and Review of Financial Activity (Monitoring Plan) has been reviewed and that known frauds have been reported and addressed.
Financial Reporting Officer: The financial reporting officer is responsible to the chief administrative officer for the integrity of UTSA's Annual Financial Report (AFR), including the establishment of efficient and effective internal controls over the preparation of the AFR.
The financial reporting officer is also responsible for developing, implementing and updating this Monitoring Plan. The Monitoring Plan should be risk-based but also include random samples of low-risk departments each fiscal year.
Department Managers: Department managers are expected to demonstrate fiduciary responsibility and to act in the best interests of UTSA (see also Fiscal Management Sub-Certification). For more information, see Financial Guideline — Fiscal Accountability and Stewardship of University Resources. Department managers should ensure that account reconciliations comply with Department Financial Review timeframes and oversee the monthly reconciliation process.
Institutional Compliance Officer: UTSA’s institutional compliance officer oversees Quality Assurance Review (QAR) processes. In addition, the compliance manager reviews and approves final results of the QAR process.
Chief Audit Executive: UTSA's chief audit executive performs an annual risk assessment of this Monitoring Plan, which includes validating the annual performance of QARs and confirming that Fiscal Management Sub-Certification responses are considered in sampling for QARs.
B. Monitoring of Key Financial Business Processes
The financial reporting officer reviews annual Fiscal Management Sub-Certification responses in order to monitor reconciliation processes and segregations of financial duties and to identify any potential issues.
The following systems and business processes are monitored and controlled to manage risk to an acceptable level.
1. Segregation of Duties
Certain duties should be performed by separate individuals to reduce the risk of fraud or concealment of errors, and no one individual should have responsibility for all aspects of a transaction.
In general, the following transaction-related duties are considered incompatible and should be performed by separate individuals:
- Initiating
- Approving
- Record keeping
- Custody of an asset
- Reconciling the related accounting records
EXAMPLE: An individual should not initiate an order for equipment and also approve the payment; an individual depositing cash should not also perform the related bank account reconciliation.
Managers should be aware of duties that are potentially incompatible and arrange assignments so that no employee has incompatible duties. Managers of smaller departments where segregation of some duties may not be feasible must implement compensating controls such as detailed management review of reconciliations.
The chart below provides some examples of transactions with guidance for segregation of duties.
| Type of Transaction | Initiates | Approves | Records | Reconciles | Custody |
|---|---|---|---|---|---|
| Purchase of Goods/Services |
Purchase request Person A |
Approves payment Person B |
Accounting records Accounting Svcs |
Monthly financial activity Person C |
Receives goods Person D |
| Cash/Check Receipts |
Opens mail (with a second employee to provide assurance that all cash/checks received by mail are properly logged and deposited), logs receipts and endorses checks |
Makes deposit Person B |
Accounting records Accounting Svcs |
Monthly financial activity Person C |
Instructs bank UTSA |
2. Transaction Approval
Financial transactions require a minimum of one initiator, one department approver and at least one approver in the back office. For purchases and payments, the department approver should be someone who has the operational knowledge to know whether the transaction has a legitimate business purpose. Journal entries are entered by the initiator but not posted in PeopleSoft until reviewed and approved by a manager to help ensure proper segregation of duties. Financial transactions and journal entries are processed through workflow controls in PeopleSoft.
The following parties are involved in ensuring internal controls are in place:
- Department managers
- Department supervisors
- Financial reporting officer
- Associate vice president for People Excellence
- Purchasing department
- University Technology Solutions
3. Receipt of Goods and Services
Purchases require receipt documents or work completion documentation. Departments complete receiving documents in Rowdy Exchange when goods are received. Departments are required to document the completion of requested services. These documents are matched with corresponding purchase orders and invoices within PeopleSoft. If there are discrepancies between documents, or if one of the documents is missing, PeopleSoft system controls will prevent payment. All missing documents and discrepancies between the documents are to be investigated timely and appropriate action taken.
The following parties are involved in ensuring internal controls are in place:
- Central Receiving
- Department supervisors
- Department staff
- Disbursements and Travel Services
4. Reconciliations and Reviews
Department Reconciliations
Department managers are required to review actual revenue and expenditures against budget on a regular basis to help ensure fiscal accountability and solvency. Before the department manager reviews the monthly financial activity, a different employee completes the reconciliation of transactions in SAHARA (an automated reconciliation tool contained within PeopleSoft). For timeframes and more information, see Financial Guideline — Department Financial Reviews. The department reconciler should complete reconciliations by the end of the month following the month being reconciled. The department manager should ensure the reconciliation is completed and approved by six weeks after month-end. The QAR process will include review of the timeliness of reconciliations and approvals.
Monitoring of Department Reconciliations and Reviews
The Office of Institutional Compliance and Risk Services will use the data within SAHARA in its annual risk assessment for Quality Assurance Reviews (QARs). Departments that have not reconciled or documented reviews of activity on a timely basis are more likely to be selected in the QAR process. See Quality Assurance Reviews for more information.
Back Office Reconciliations
Accounting Services performs monthly bank reconciliations to verify the accuracy of accounting records and bank statements. Discrepancies are investigated and appropriate action is taken to correct accounting records or bank records.
The following parties are involved in ensuring internal controls are in place:
- Department managers
- Reconciliation preparers
- Financial reporting officer
- University bursar
For more information, see the Accounting Services website.
5. Cash Handling and Security
Departments must follow all requirements listed in Financial Guideline — Cash Handling and Management (Cash, Checks, Credit Cards) and Financial Guideline — Processing Cash Payments. These requirements include departmental cash security policies, segregation of duties and timely reconciliations.
The following parties are involved in ensuring internal controls are in place:
- Department managers
- Department supervisors
- Department staff
- University bursar
Cash Handling 101 training is available on demand.
C. Fiscal Management Sub-Certification
Department managers are required to complete the Fiscal Management Sub-Certification in PeopleSoft annually for their Cost Centers/Project IDs. The annual sub-certification cannot be delegated. Department managers certify, among other items, that segregation of duties is maintained, internal controls are established, timely reconciliations are completed and any suspected fraud is reported.
For more information, see Financial Guideline— Fiscal Management Sub-Certification.
Department managers failing to submit a completed Fiscal Management Sub-Certification for their Cost Centers/Project IDs will be reported to their respective vice president, the senior vice president for Business Affairs, the chief audit executive and the financial reporting officer.
Certification responses are included in the criteria used to select the department managers who will undergo a Quality Assurance Review. Additionally, the assistant vice president of Financial Affairs and controller will review certification responses to identify any potential issues with reconciliations and/or segregation of duties.
D. Quality Assurance Reviews
QARs are performed by Institutional Compliance & Risk Services and are intended to provide management with assurance that departmental internal controls are in place and are operating effectively.
QARs also verify the integrity of responses to the annual Fiscal Management Sub-Certification and help ensure that responses are in accordance with UT System financial accountability requirements.
A sample of department managers from each vice president’s area is selected annually to undergo a QAR. This sampling means 20% of active department managers are selected annually for a QAR, with a goal of every department manager receiving a QAR at least once every five years. Department managers are selected based on a risk assessment including several criteria:
- Budget and expense amounts
- Audit review/concern
- Organizational change/turnover
- QAR history
- Fiscal Management Sub-Certification responses
- Requests by vice presidents
All department managers identified as highest risk based on the risk assessment are selected for a QAR that year.
Areas included in QARs are
- Timeliness of monthly reconciliations and reviews
- Quality of reconciliation process as guided by the requirements (see Financial Guideline — Department Financial Reviews)
- Department manager's review process
- Fiscal management of purchasing
- Fiscal management of cash handling
- Fiscal management of gifts
- Receiving of goods and services
- Capital asset management
- Information security
- Conflict(s) of interest
QAR results are provided to the department manager and immediate supervisor. Vice presidents are provided a final summary of the results from all QARs performed in their areas.
Institutional Compliance and Risk Services performs on-site follow ups for QARs with a significant overall risk level 90 days after the respective vice president is notified. Institutional Compliance and Risk Services contacts the Office of Auditing and Consulting Services for further action if issues of concern are not corrected.
Reports of all significant findings and related follow-up activities are given to the relevant vice president (or delegate), the institutional fraud officer (the senior vice president for Business Affairs) and the financial reporting officer.
Related Forms
None at this time.
| Date | Description |
|---|---|
| 08/07/23 | Updated department manager responsibilities (section A); added department reconciliation timeframes (B.4). Updated QAR and risk assessment processes (D). |
| 06/27/22 | Updated the segregation of duties guidance in section B.1; specified in section B.2. that approvers should have operational knowledge about the business purpose of transactions; updated the lists of parties who are involved in ensuring internal controls. Other minor updates throughout to clarify processes. |
| 09/10/21 | Slight updates to clarify cash handling training and QAR selection processes. Editorial updates including new position titles. |
| 10/09/20 | Significant updates to reflect new processes. Guideline renamed from “Monitoring Plan for Segregation of Duties and Reconciliation of Accounts” to “Monitoring Plan for Segregation of Duties and Review of Financial Activity”. |
