Hole in roof hero

General policy

On This Page:

“The concept of accountability for use of public resources and government authority is key to our nation’s governing processes. Management and officials entrusted with public resources are responsible for carrying out public functions and providing service to the public effectively, efficiently, economically, ethically, and equitably within the context of the statutory boundaries of the specific government program.”(Government Auditing Standards 1.01)
 

The EOSS Oversight and Compliance team provides independent, objective assurance, and consulting services that add value and improve EOSS operations.This team performs financial, operational, compliance and IT audits according to internal EOSS assessments and annual plans. 

The audit plan is based on several factors, including the department’s schedule, evaluated risk and effectiveness of control activities, and planned University internal audit schedules. Internal audit helps accomplish its objectives with a systematic approach to evaluate and improve the effectiveness of business, risk management, control and governance process.

The Oversight and Compliance team also provides dedicated resources to promote effective and continuous improvement of internal financial controls of EOSS.
 

Role of the EOSS Fiscal and Business Services in auditing financial and personnel records.

The EOSS Fiscal and Business Services supports the University Financial Services area, ensuring all transactions meet or exceed university and state rules and regulations pertaining to financial and payroll/personnel transactions.

1

Confirming proper segregation of duties

2

Ensuring systems for approvals are in place for all transactions

3

Reviewing University Best Practices to ensure compliance

4

Improving documentation for transactions

5

Providing an independent review of transactions through timely reconciliations of accounts, including personnel, payroll, p-card, and revenue, expenditure and transfer transactions

6

Providing University Financial Services with workpapers and documentation for transactions that have been requested for internal and external audits

7

Understanding and ensuring compliance with the Standards of Internal Controls issued by ASU Financial Services

Standards of Internal Control

A preventive control helps to stop an adverse action from occurring; a detective control can catch an adverse action or violation after it has happened. Remember, at least two sets of eyes should be involved in every action that impacts the financial standing or reporting of the university.

Segregation of duties


Preventive Control:
No one person should be able to initiate, approve and record a transaction, reconcile the account affected, handle the assets from that transaction, and review reports that would capture information.

Lower risk of:
Cash misappropriation, financial reporting misstatement, personal purchases, theft, falsification of time and financial records, funds diversion, timing difference across accounting periods.

Approval/Authorization/Verification


Preventive Control:
Preventive control: Generally, transactions that obligate the university, are over a certain dollar amount or that impact someone’s employment status must be approved by the appropriate level of management

Lower risk of:
Unauthorized transactions, obligating the university to an unwanted financial or performance commitment, financial reporting misstatement, funds diversion, personal purchases

Security/Safeguarding


Preventive Control:
University assets, information, citizens and property should be protected from harm, damage, theft and destruction through locks, passwords, vigilance, monitoring, common sense and communication

Lower risk of:
Theft, damage, injury, death, financial loss, negative publicity, adverse legal action, compromise of confidential and/or research information

Information Technology Controls


Preventive Control:
General controls cover data center operation, software licensing, security access and system maintenance. Application controls cover edit checks and matching/batch processing to help ensure accuracy of information, authorization and validity of transactions

Lower risk of:
Violation of licensing agreements, fines and penalties, compromise of confidential and/or research information, financial reporting misstatement, adverse legal action, loss of public trust

Regular Reconciliations


Preventive Control:
In a timely manner, verifies subsidiary information to the official book of record (the university’s financial system is the official record for all financial transactions) and helps identify variations from budget

Lower risk of:
Financial reporting misstatement, making decisions based on erroneous information, personal or prohibited purchases (p-card statement reviews), incorrect payments, account deficits

Other Controls


Preventive Control:
Cross-training, job/task rotations, vacations, surprise audits, requesting reviews from independent parties (like the Dean’s Office or Financial Controls) or peer groups, asking employees what is working or not working, being involved, following the rules and taking appropriate action when rules/policies are not followed

Lower risk of:
Low employee morale, losing sleep, being stressed, doing things inefficiently or ineffectively, lagging behind, violating policy, disciplinary action, department turnover and time/money spent posting, hiring and training.

NOTE: Particular attention should be paid to management override of controls. Repeated policy exceptions or overrides may indicate potential fraudulent activity or a need to reassess current policies procedures. Any unusual conditions that are identified should be investigated by the appropriate party and include corrective action if necessary. Exceptions to university policy can only be approved by the custodian of the relevant policy (e.g. Financial Services, Purchasing, Human Resources, etc. – not each individual department, Dean’s Office or VP area).

Credit card processing

1

Payment card data is highly sensitive information. All staff who have access to this data or credit card machine must complete annual PCI Compliance Training.

2

Staff must also complete Online Cash Handling Training.

3

In the event of a breach or suspected breach of security, the individual who or merchant department that suspects a security breach must immediately notify ASU’s information security officer and Payment Card Services.

4

Never store any credit card information.

FIN 301–04: Deposits—Payment Card Processing

ASU Logo
Educational Outreach & Student Services: Fiscal and Business Services
Human Resources
Overview Benefits Payroll Working at ASU Leaving ASU EDGE Conversation Professional Development
Budget and Finance
Overview Adaptive Planning Facilities and Asset Management
Operations
Overview Travel and Transportation Purchasing Cash Internal Services
Compliance
Compliance and Contract Management General Policy Compliance and Audit Contracts
External Funding
Overview
Maps and Locations Jobs Directory Contact ASU My ASU
Repeatedly ranked #1 in innovation (ASU ahead of MIT and Stanford), sustainability (ASU ahead of Stanford and UC Berkeley), and global impact (ASU ahead of MIT and Penn State)
Copyright and Trademark Accessibility Privacy Terms of Use Emergency