All University employees are responsible for performing their duties in accordance with proper Internal Controls as established by management. Segregation of duties is one of the key elements of Internal Control. Reason for PolicySegregation of duties is critical because it ensures separation of different functions and defines authority and responsibility over transactions. Segregation of duties is also a key Internal Control; it reduces the risk of errors and inappropriate actions. Senior administration and all individuals responsible for assignment and supervision of employees that carry out fiscal activities, budget, and implementation of Internal Controls must ensure there is adequate segregation of duties within their areas of responsibility. An individual should not be in a position to initiate, approve, and review the same action. The recording/Verification function and the asset (e.g., money, inventory) custody function should be separated among employees. Policy StatementIn an ideal environment, a different employee should perform each of the following major duties or functions:
No one person should have responsibility to complete two or more of these major functions. There is a greater need for proper segregation of duties for assets that are more negotiable (i.e. cash funds, negotiable checks and inventories). If a person performs more than one of these major functions, mitigating controls should be put in place. Without additional Mitigating Controls in place, there is the potential to carry out and conceal errors and/or irregularities in the course of performing day-to-day activities. Federal, state and other sponsor regulations impose additional requirements for the Authorization, review and documentation of sponsored activity that necessitate additional controls. Authorization, Verification and Managerial Review should not be performed by the same person. However, although it is less than optimal, the Principal Investigator (PI) may be allowed to perform all three functions when adequate Mitigating or Compensating Controls are in place. The departmental office is responsible for maintaining accurate documentation of Authorizations and retaining documentation of the delegation of authority in a reproducible form, in accordance with records retention requirements (see the Records Retention Guides). The major functions presented above are discussed as follows: Authorization
Note: Many transactions feed to General Ledger (GL) via a Feeder System. Some Feeder Systems allow both departmental users and the Feeder System Owner to input transactions to the Feeder System. Documentation of authorization must be maintained by the department entering the transaction for a feeder. Recording Verification A PI, when size limitations apply may be permitted to verify all transactions for their respective sponsored activity; however, Internal Controls are significantly enhanced when someone other than the PI performs this function. Custody of Assets Managerial Review Minimal Acceptable Degrees of Segregation
1 O X O M 2 X X O M 3 X O O M 4 X X X M To maximize the opportunity to identify errors in the ordinary course of business, it is recommended that the process of recording and Verification be performed by two different individuals such as in examples 1 and 2. In examples 3 and 4, there must be a significant reliance on the Managerial Review to operate on a much more detailed and frequent basis to identify errors and irregularities Timely. In instances where duties cannot be fully segregated, based on the matrix presented above, Mitigating or Compensating Controls must be established. For instance, if the record keeper also performs a Verification process, a frequent detailed review could be performed and documented by a supervisor to provide additional control over the assignment of incompatible functions. Mitigating Controls
DefinitionsAllocable - costs incurred specifically for the sponsored program, or incurred for several activities and can be distributed between them in reasonable proportion to benefits received, and are clearly necessary to the program. Allowable - costs or revenues directly related to the performance of an award and permitted under the terms of an award and Office of Management and Budget (OMB) Uniform Guidance. These transaction amounts must be reasonable and Allocable to the award and given consistent treatment through generally accepted accounting principles appropriate for the circumstance. Authorization - process of giving someone permission to initiate a financial transaction, known as approval, indicating agreement that a transaction meets certain accounting and compliance requirements as defined by the University. Feeder System - database and/or dedicated system/module that controls information that will be transmitted to the General Ledger. Feeder System Owner - University department responsible for the Feeder System. Internal Control - process established by management, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Managerial Review - process providing assurance that appropriate individuals are authorizing, recording, and verifying accounting transaction information. Mitigating or Compensating Control - additional procedure designed to reduce the risk of errors or irregularities in those instances where duties cannot be fully segregated. Timely – within two accounting periods (two months) after the end of the accounting period in which the original transaction posted. When errors and omissions are not discovered in a Timely manner, additional approvals may be required. Verification - process that confirms accuracy of accounting transactions, such as appropriate use of ChartFields and that the transaction was recorded in the appropriate accounting period. |