Quaestor Volume 17, Issue 2

Controller's Office Training and Resources Updates

Contributed by: Rachel Guy, Assistant Controller, Accounting and Financial Management Services, Controller's Office

The CTO is refreshing our training and knowledge resources to provide you with the tools you need for success!  From enhancing RIT Service Center (RSC) processes to bringing back Accounting Open Lab sessions, we want to support RIT’s workforce in the most efficient and convenient ways possible.

1. Streamlined Oracle Responsibilities requests:

     Changes you will notice:

  • No more forms to attach – required information is filled out right inside RSC request
  • No more signatures to acquire – by hitting the submit button your request will route to the appropriate approver(s)
  • Supervisors will approve requests via an email notification   

     The following catalog items are now available in the RSC

     Oracle Responsibilities

     *Embedded in this request is an instructional video: watch it for tips on completing the form.

     KRONOS Timekeeping

*read-only access is granted immediately to supervisors; complete the training within 2 weeks through Talent RoadMap

The CTO does not require training to receive a responsibility (with the exception of full KRONOS Supervisor access)However, users should reference the tools and job aides available on CTOs website, Talent Roadmap, and RSC for a deeper understanding of critical processes and procedures.  

2. Training Refresh:

     Visit the Talent Roadmap for access to these courses:

          Introduction to Accounting (web-based)

          Purchasing Processes and Procedures (web-based)

          Running and Using Oracle Reports (web-based)

          Oracle Accounts Receivable New User Training (web-based)

          Kronos Supervisor Training (web-based)

          Internal Controls & Fraud in the Workplace (instructor-led)

          Accounting for Gifts, Endowment Earnings, and Other Projects (instructor-led)

          Year-End Accounting Workshop (web-based)

          Introduction to Sponsored Programs Accounting for Grants and Contracts (web-based)

          Other Direct Costs (web-based)

     Coming soon:

          Procurement Card Processes (web-based)

          Oracle Requisitions (web-based)

          Research/GRA Payments (video tutorial)

          Online IPF (video tutorial)

          SPA Refresher/All Topics (instructor–led – Winter ’23)

          SPA Summer Salary (instructor-led - Spring’23)

3. Journal Entry (JE) Training:  If you are interested in JE training please sign up here. Once we have enough interest an instructor-led session will be held. This will be an on-going sign up and sessions will be held throughout the year. Additional resources on the JEs including job aids and step by step instructions can be found on the CTO Training page.

4. Open Lab Sessions: Accounting Open Lab Sessions are back!

These labs are presented in a "pop-in" informal learning atmosphere to answer your specific questions (submit them in advance through the Qualtrics Survey link in the Special Training Opportunities section of the CTO Training page). There will be no formal presentations during these Zoom sessions.  Stay for the entire session or just to get answers to your questions. 

Upcoming sessions will be advertised on the CTO Training page.

We are invested in creating additional, relevant content: if there is training on other accounting functional areas that would benefit you and your colleagues, please reach out to Rachel Guy Assistant Controller, rcgspa@rit.edu .

Job Scams - What You Need To Know

Contributed by: Erin Healy, RIT Student Employee reporting to Ben Woelk, Governance, Awareness and Training Manager, Information Security Office 

Given the variety of work opportunities available today, job scams have become more prevalent than ever. Attackers will impersonate recruiters or other hiring personnel offering high salaries, better hours, and other workplace benefits; however, these cyber criminals are really just trying to trick you into revealing your personally identifiable information (PII) and/or sending them money.

What are job scams?

Given the variety of work opportunities available today, job scams have become more prevalent than ever. Attackers impersonating recruiters or employers of companies typically ask for your personal and financial information while offering high salaries, better hours, and other workplace benefits. We see these attacks from both external and sometimes a compromised internal RIT email address. The initial request asks for you to respond with contact information including a non-RIT email address. Although these scams are designed to look as if they were a legitimate offer, they are used to steal people’s money and private information. Attackers also use ads, social media and job sites to perpetrate job scans. It’s important for the RIT community to be aware of and vigilant for scams.

What should I look out for?

Job scams share similar red flags (indicators) that will help you identify them.

            Example Job Scam Email

Email job scams

Emails associated with a job scam offer few details about the specific job, rarely giving a description or even a job title. The email may only include a sentence or two. Most seem to be “too good to be true”, offering “quick money” while only having you “work at home”. These emails tend to have multiple grammar and punctuation issues along with inconsistent capitalization. Many of the scam emails that RIT staff and students have received ask for an alternate or personal email address, “e.g., Gmail, Yahoo, Hotmail, etc.”. The email is typically sent from an external account, although the sender name may appear to be a valid RIT sender. Some emails may have generic or no recipient addresses as well.

Other attack types

Some of the previous red flags such as little to no information about the job also pertain to other attack types, including phone calls. If you speak with a potential employer and are asked to buy any equipment or pay fees, this is a red flag. Job applications will most commonly ask for your name, previous work experience, address and contact information. However, they should not ask for a social security number, passport number, or other private information. Another red flag is if the employer is vague about the job, and won’t provide more detailed information. Look for inconsistencies such as answering certain questions or giving unclear answers.

Determining if this is a real job

  • Performing an online search of the job title or other information you have can show you if the opportunity has been posted.
    • Researching terms such as the name of the employer, recruiter, or company will provide additional information too.
  • Adding the word “scam” after a term like job title or employer in a search can tell you if others have reported this scam.
  • If the employer is asking for payment, this may indicate it is a scam.
    • For example, an employer offering to send a check in return for gift cards or partial money back indicates it is a fake check scam.
  • It is always good to talk to someone you trust about a job offer and get their opinions or feedback on it regardless if you suspect it is a job scam.

Reporting a Job Scam

If you encounter a suspected job scam it is best to send an email to spam@rit.edu with the email attached. You can also check out https://www.rit.edu/security/rit-phish-bowl for more information on the latest phishing attempts that have been reported at RIT along with specific examples of job scam emails that have been sent to RIT staff and students.

Additional Resources

“Job Opportunity Scams.” FightCyberCrime, Cybercrime Support Network, 2022, https://fightcybercrime.org/scams/imposter/job-scams/?gclid=CjwKCAjw-rO…

“Job Scams.” Federal Trade Commission Consumer Advice, FTC, Dec. 2020, https://consumer.ftc.gov/articles/job-scams

Vasel, Kathryn. “Job Scams Are on the Rise. Watch out for These Red Flags.” CNN Business, Cable News Network, 8 June 2022, https://www.cnn.com/2022/06/08/success/job-scams/index.html

Internal Audit Professional Standards – Quality Assurance Review (QAR)

Contributed by: Nancy Nasca, Associate Director, Institute Audit, Compliance and Advisement

IACA recently completed a quality assurance review to assess whether our department’s policies and procedures conform with Internal Audit Professional standards.  Similar to the Middle States Accreditation process, IACA utilized a self-assessment with independent external validation which involved the use of a qualified, independent external assessor to conduct an independent validation of its internal self-assessment.

Internal Audit Professional Standards

The International Professional Practices Framework (IPPF)1 for Internal Auditing is the conceptual framework that organizes authoritative guidance promulgated by the Institute of Internal Auditors (IIA).  A global, guidance-setting body, the IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as mandatory guidance and recommended guidance.  The mandatory guidance includes:

  • Core Principles for the Professional Practice of Internal Auditing
  • The definition of Internal Auditing
  • Code of Ethics
  • International Standards for the Professional Practice of Internal Auditing (The Standards)

Core Principles for the Professional Practice of Internal Auditing

The core principles for the professional practice of internal auditing set the following expectations for both individual internal auditors and internal audit departments:

  • Demonstrates integrity
  • Demonstrates competence and due professional care
  • Is objective and free from undue influence (independent)
  • Aligns with the strategies, objectives, and risks of the organization
  • Is appropriately positioned and adequately resourced
  • Demonstrates quality and continuous improvement
  • Communicates effectively
  • Provides risk-based assurance
  • Is insightful, proactive, and future-focused
  • Promotes organizational improvement

The Definition of Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organizations operations.  It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Code of Ethics

The purpose of the IIA’s Code of Ethics is to promote an ethical culture in the profession of internal auditing.  Internal auditors are expected to apply and uphold the following principles:

  • Integrity – Establishes trust and provides the basis for reliance on their judgement
  • Objectivity – Makes a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or others in forming judgements
  • Confidentiality – Respects the value and ownership of information and does not disclose information without appropriate authorization
  • Competency – Applies the knowledge, skills, and experience needed in the performance of internal audit services

The Standards

The Standards are principle-focused and provide a framework for performing and promoting internal auditing. The Standards are categorized into two main categories, Attribute and Performance Standards.  Attribute Standards address the key characteristics required for a quality internal audit function such as authority, independence, objectivity, competence, professional development, and quality assurance and improvement.  Performance Standards provide quality criteria against which the performance of internal audit services can be measured such as engagement planning, objectives, scope, documentation, and reporting.

Conformance with the Standards

Attribute Standard 1312 – External Assessments, requires an appraisal be conducted at least once every five years by an outside independent assessor or assessment team to evaluate an internal audit activity’s conformance with The IIA’s Definition of Internal Auditing, Code of Ethics, and Standards.  This external assessment can be in the form of a full external assessment, or a self-assessment with independent external validation. 

Performance Standard 2430 – Use of “Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing,” only allows internal audit departments to indicate that their engagements conform with the IIA Standards if this is supported by the results of their quality assurance and improvement program, including an external assessment/validation.

A self-assessment with independent external validation includes a comprehensive and fully documented self-assessment process that requires the chief audit executive (CAE) to oversee the efforts of an internal assessment team that completes planning documentation, performs assessment work programs, evaluates conformance with The IIA’s mandatory guidance, and produces a report summarizing assessment results.

The independent external assessor validates the work of the internal assessment team through review of assessment planning documentation, re-performing a sample of assessment work program steps, conducting interviews with key stakeholders (Audit Committee members, executive leadership, operating management, and internal audit staff), and assessing the conformance conclusions reported by the internal assessment team.  The external assessment team will conclude on whether or not IACA has achieved conformance with the Standards.  The Standards require IACA to report the results of the external assessment to senior management and the Audit Committee of the Board of Trustees.

A successful external validation by an outside consultant of IACA’s internal self-assessment was recently completed in September 2022.   During this assessment, IACA was found to “Generally Conform” to the Standards, which is the highest rating utilized within the IPPF.  IACA also had previous assessments in 2017, 2012, and 2007 in which IACA was also found to “Generally Conform” with the Standards which allows us to indicate that our engagements conform with the Standards. 


1Copyright © by the Institute of Internal Auditors, Inc.  All rights reserved, theiia.org

Welcome Neeraj Sama, Associate Internal Auditor

Please help us welcome Neeraj Sama, Associate Internal Auditor, to our ranks. See below for an introduction to Neeraj, including his background and the many talents that he brings to IACA and the RIT community.

My name is Neeraj Sama, and I joined IACA in June 2022 as the new Associate Internal Auditor. I received my MBA (Finance) from the University of North Texas and my Master’s in Information Systems Security from the University of the Cumberlands. I am also working on my Ph.D. in Information Technology, specializing in digital forensics, from the University of the Cumberlands. I had previously worked for Safran Electrical & Power, MTS Mobile, and Nucleus Software in the area of internal controls, compliance, corporate governance, and process improvements in different roles. Before joining RIT, I spent three years with the City of Denton (Texas) as Senior Auditor and audited government departments and functions. I am delighted to be part of RIT’s internal audit team. You can see my profile and contact information in the IACA Staff Directory and RIT Staff Directory.

Training Opportunities Provided by IACA

Internal Controls and Fraud in the Workplace

During the 2.5 hour Internal Controls and Fraud in the Workplace class, the importance of, components of, and the responsibility for establishing and maintaining effective internal controls are discussed. Various examples of what can happen when controls are non-existent or break down (i.e., fraud) are shared throughout the class. The session is required in order to receive the RIT Accounting Practices, Procedures and Protocol Certificate of Completion. However, anyone interested in learning about internal controls and fraud prevention is welcome to attend.

To learn more about these important topics, sign up for a session in the RIT Talent Roadmap.

The next training sessions of Internal Controls & Fraud in the Workplace are: Tuesday, January 24, 2023, 9:00-11:30 AM and Thursday April 13, 2023, 9:00-11:30 AM - Location: Louise Slaughter Hall, Room 2140

Unit Level Risk Assessment—How to Advance Your Organization’s Agility

The first step towards successfully managing risk is to implement an effective risk assessment methodology. Risk assessment is a systematic process for identifying and evaluating both external and internal events (risks) that could affect the achievement of objectives, positively or negatively. During this 2.5 hour class, we will discuss the key components of an effective risk assessment process and how to integrate it into the business process to provide timely and relevant risk information to management. To learn more about these important topics, sign up for a session in the RIT Talent Roadmap.

The next training sessions of Unit Level Risk Assessment are: Wednesday, March 20, 2023 from 1:30-4:00 PM and October 18, 2023 from 9:00 - 11:30 AM - Location: Louise Slaughter Hall, Room 2140

Additional Information by IACA

Pop Quiz ChallengeCongrats to Madeline Davis, Student Financial Services, our last winner!

Correctly answer the question below to be entered in a drawing to win a prize valued at $15. The winner is chosen randomly and notified by email. 

The International Standards for the Professional Practice of Internal Auditors require that an appraisal be conducted by an outside independent assessor to evaluate an internal audit activity’s conformance with the Institute of Internal Auditors Standards at least once every:

  1. Four years
  2. Two years
  3. Five years
  4. Three years

Click here to submit your answer.

Watch IACA’s Monday Minute video series here!
Our video series focuses on opportunities for improving internal controls and increasing awareness of various university processes, policies, and protocols. If you have questions, feel free to contact anyone in the IACA office using information on our webpage. Just to name a few, past topics include: Travel Policy changes, FERPA Regulations, RIT’s Ethics & Compliance Hotline, Records Management Policy, Risk Assessment and many others.

What about ethics in the workplace?
Learn about the RIT Ethics and Compliance Hotline

Learn more about your IACA team.