Effective for the fiscal 2019 year- end financial close and future years, responsibilities for accrual transaction processing have changed. New accrual processes are in place to maximize the efficiency of the year-end close process while maintaining accurate financial information.
Accrual based accounting is recognizing an economic event at the time the transaction occurs, rather than when cash is exchanged. The RIT financial statements are prepared on the accrual basis of accounting.
Highlights of the FY19 Changes
Departments are now responsible for preparing their own accrual journal entries through the cutoff of final close, regardless of the dollar amount of the transaction.
Departments are responsible for marking the invoice payment form (IPF) or invoice with applicable notations to indicate whether the item has been accrued in the ledger for the respective fiscal year.
When departments submit invoices for payment in proximity to year-end close, Accounts Payable will verify if accrual entries have been posted for invoices ≥ $5,000. If the invoice has not been accrued, and it should be, Accounts Payable will prepare an accrual for the transaction for year-end close.
See the diagram below for Responsibility for Accrual Transaction Processing table. Additional information can also be found on the Controller’s Office website under “Year-End Closing Processes and Procedures.” The year-end close workshop is now an online course offered through RIT’s Center for Professional Development at the following link:
Clearly mark invoice or IPF “accrued FY X1” and include journal entry batch number
Submit completed invoice or IPF to Accounts Pay able to process accordingly
Receives department invoices
Invoice not marked “accrued FY X1”
Invoices ≥ $5,000 – verify invoice and accrue if department did not
Invoices < $5,000 – will not verify invoice, will not accrue invoice
Processes invoice or IPF accordingly
Invoice marked “accrued FY X1”
Processes completed invoice or IPF accordingly
Committee of Sponsoring Organizations of the Treadway Commission (COSO) Corner
Contributed by: Nancy A. Nasca, Assistant Director, Institute Audit, Compliance & Advisement, email@example.com
As explained in previous editions of the Quaestor Quarterly, the COSO Framework (an internationally recognized standard with which the adequacy and effectiveness of an organization’s internal controls are evaluated) was updated in May 2013 to further define the principles underlying the five components of internal control (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring).
According to the Framework, these principles are fundamental concepts that must be present and functioning in order to achieve an effective system of internal control. In addition, the Framework includes points of focus or characteristics that are examples of behaviors or processes that would be expected to be in place to demonstrate that the related principle is in fact present and functioning. This edition of the COSO Corner will summarize the seventeenth and final COSO principle, which is the last principle related to the Monitoring Activities component of the COSO Framework, as well as the related points of focus.
Principle 17 – The university evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action including senior management and the board of trustees, as appropriate. Important characteristics relating to this principle include:
Assessing Results – While conducting monitoring activities, management may identify internal control deficiencies which have the potential to adversely affect the ability of the university to achieve its objectives. Deficiencies may surface from on-going evaluations, including managerial activities and everyday supervision of employees; and/or separate evaluations such as those performed by IACA or external parties such as regulators.
Communicating Deficiencies – Communicating internal control deficiencies to the parties that have the knowledge and authority to take corrective action is critical for the university to achieve its objectives. Deficiencies may be reported to senior management and the board of trustees depending on the reporting criteria as established by regulators, standard-setting bodies, or the university. In considering what needs to be communicated, it is necessary to look at the implications of findings and the university’s reporting directives. Alternative communications channels should exist for reporting sensitive information such as illegal or improper acts (i.e., RIT’s Ethics and Compliance Hotline).
Monitoring Corrective Actions – After internal control deficiencies are evaluated and communicated to those parties responsible for taking corrective action, management is responsible to track whether remediation efforts are conducted on a timely basis. Those responsible for taking corrective actions are usually different from those conducting the monitoring activities. For example, IACA provides the Audit Committee of the RIT Board of Trustees with periodic updates on the status of management action plans implemented to mitigate the control deficiencies identified within the course of our engagements.
Committee of Sponsoring Organizations of the Treadway Commission (May 2013). “Internal Control – Integrated Framework”
Training Opportunities Provided by IACA
Internal Controls and Fraud in the Workplace
During the 2.5 hour Internal Controls and Fraud in the Workplace class, the importance of, components of, and the responsibility for establishing and maintaining effective internal controls are discussed. Various examples of what can happen when controls are non-existent or break down (i.e., fraud) are shared throughout the class. The session is required in order to receive the RIT Accounting Practices, Procedures and Protocol Certificate of Completion. However, anyone interested in learning about internal controls and fraud prevention is welcome to attend.
To learn more about these important topics, sign up for a session at the CPD website.
The next upcoming training session of Internal Controls & Fraud in the Workplace is: Tuesday, October 8, 2019 1:30-4:00 p.m. Louise Slaughter Hall, Rm 2140
Unit-Level Risk Assessment—How to Advance Your Organization’s Agility
The first step towards successfully managing risk is to implement an effective risk assessment methodology. Risk assessment is a systematic process for identifying and evaluating both external and internal events (risks) that could affect the achievement of objectives, positively or negatively. During this 2.5 hour class, we will discuss the key components of an effective risk assessment process and how to integrate it into the business process to provide timely and relevant risk information to management. To learn more about this offering, see the corresponding CPD website.
The next upcoming training session of Unit-Level Risk Assessment is: Wednesday, September 25, 2019 9:00 to 11:30 a.m. Louise Slaughter Hall, Rm 2140
Additional Information by IACA
Pop Quiz Challenge
Correctly answer the question below and you will be entered in a drawing to win a prize valued at $15. The winner is chosen randomly: The winner will be notified by email. https://www.rit.edu/fa/iaca/content/quiz
Congrats to Jane McGowan, the winner from our last issue!
Effective for the FY 2019 year-end financial close, departments are now responsible for preparing their own accrual journal entries through the cut off at final close:
For transactions greater than or equal to $5,000
Regardless of the dollar amount of the transaction
For transactions less than $5,000
For transactions greater than or equal to $10,000
Watch IACA’s Monday Minute video series here!
Our video series focuses on opportunities for improving internal controls and increasing awareness of various university processes, policies, and protocols. If you have questions, feel free to contact anyone in the IACA office using information on our web-page.
Just to name a few, past topics include: Travel Policy changes, FERPA Regulations, RIT’s Ethics & Compliance Hotline, Records Management Policy, Risk Assessment, and many others.