“The concept of accountability for use of public resources and government authority is key to our nation’s governing processes. Management and officials entrusted with public resources are responsible for carrying out public functions and providing service to the public effectively, efficiently, economically, ethically, and equitably within the context of the statutory boundaries of the specific government program.”(Government Auditing Standards 1.01)
The EOSS Oversight and Compliance team provides independent, objective assurance, and consulting services that add value and improve EOSS operations.This team performs financial, operational, compliance and IT audits according to internal EOSS assessments and annual plans.
The audit plan is based on several factors, including the department’s schedule, evaluated risk and effectiveness of control activities, and planned University internal audit schedules. Internal audit helps accomplish its objectives with a systematic approach to evaluate and improve the effectiveness of business, risk management, control and governance process.
The Oversight and Compliance team also provides dedicated resources to promote effective and continuous improvement of internal financial controls of EOSS.
Role of the EOSS Fiscal and Business Services in auditing financial and personnel records.
The EOSS Fiscal and Business Services supports the University Financial Services area, ensuring all transactions meet or exceed university and state rules and regulations pertaining to financial and payroll/personnel transactions.
1
Confirming proper segregation of duties
2
Ensuring systems for approvals are in place for all transactions
3
Reviewing University Best Practices to ensure compliance
4
Improving documentation for transactions
5
Providing an independent review of transactions through timely reconciliations of accounts, including personnel, payroll, p-card, and revenue, expenditure and transfer transactions
6
Providing University Financial Services with workpapers and documentation for transactions that have been requested for internal and external audits
Standards of Internal Control
A preventive control helps to stop an adverse action from occurring; a detective control can catch an adverse action or violation after it has happened. Remember, at least two sets of eyes should be involved in every action that impacts the financial standing or reporting of the university.
NOTE: Particular attention should be paid to management override of controls. Repeated policy exceptions or overrides may indicate potential fraudulent activity or a need to reassess current policies procedures. Any unusual conditions that are identified should be investigated by the appropriate party and include corrective action if necessary. Exceptions to university policy can only be approved by the custodian of the relevant policy (e.g. Financial Services, Purchasing, Human Resources, etc. – not each individual department, Dean’s Office or VP area).
Credit card processing
1
Payment card data is highly sensitive information. All staff who have access to this data or credit card machine must complete annual PCI Compliance Training.
2
Staff must also complete Online Cash Handling Training.
3
In the event of a breach or suspected breach of security, the individual who or merchant department that suspects a security breach must immediately notify ASU’s information security officer and Payment Card Services.
4
Never store any credit card information.
FIN 301–04: Deposits—Payment Card Processing
