Contributed by: Elisa M. Cockburn, Sr. Internal Auditor
With the latest news about security breaches, where personal information such as social security and credit card numbers was exposed to unauthorized access, most of us are paying closer attention to bank account statements, credit reports and credit card statements. The possibility of inappropriate transactions hitting our accounts has suddenly become very real. But we have a tool to protect ourselves from this risk. It is called reconciliation.
Reconciliations are powerful internal control tools that can not only help us protect ourselves and our personal information, but can also help us in the workplace. Reconciliations consist of comparing our records (i.e. departmental records) with those of a different party. At RIT this other party is the Oracle General Ledger. How do we know if the general ledger accounts that we are responsible for are showing correct balances? How can we tell that the dollar amounts hitting our accounts are really our expenses or if all our revenues have been accounted for? The only way we can be completely sure that everything going through our general ledger accounts is really ours is by performing periodic reconciliations of these accounts.
For reconciliations to function as an internal control tool, segregation of duties needs to be in place. That is, no single person should have access to two or more phases of a transaction or operation. So, the functions of authorization, custody, record keeping and reconciliation should be performed by different individuals. This could be a problem in small operations. If that is the case, the lack of proper segregation of duties will have to be mitigated by increased management oversight.
Reconciliations will involve reviewing Oracle-based reports including financial information such as payroll charges, other expenses, revenues and balance sheet accounts and comparing them to departmental records. Many departments only have to deal with expenses. In order to perform reconciliations, departments need to keep records of their accounting transactions. For example, most departments keep copies of Invoice Payment Forms submitted to Accounts Payable as backup documentation, in case the originals are misplaced. These copies can be used to verify Oracle records. The reconciliation process ensures that all transactions in Oracle reports are correct and that all transactions for the month have been entered. Reconciliations should be performed on a monthly basis, after month-end closing has occurred.
A basic reconciliation of expenses would include the following steps:
Keeping records of departmental transactions throughout the month. (i.e. copies of travel expense reports, P Card statements, invoice payment forms, purchasing requests)
Printing the Department Statement report from Oracle after month-end closing. This report shows the balances of the department’s accounts on a high-level basis.
Printing the Payroll Distribution Report from Oracle. This report shows the detail of payroll transactions by person, by pay period.
Printing the Account Analysis Report and Account Analysis w/Subledger Detail Report from Oracle. These reports show the detail supporting the balances in all expense accounts.
Ensuring that totals on detail reports (Payroll Distribution and Account Analysis) match the totals on the Department Statement. (Note that the Payroll Distribution Report may differ from the amounts shown on the Department Statement due to manual journal entries processed for corrections.)
Comparing detail reports (Payroll Distribution Report and both Account Analysis Reports) with departmental records (i.e. PO’s, invoices, proof of receipt). Strive for a three-way match.
Making any necessary corrections through journal entries
Verifying that journal entries have been posted and appear correctly in the accounts
The Controller’s Office offers two classes on how to perform reconciliations: Oracle FSG & Standard Reports/Reconciling Statements, and Balance Sheet Account Reconciliations. These classes will walk you through the reconciliation process in more detail and will put you in touch with the people that can answer questions. You can find more information and register for these classes on the Center for Professional Development webpage.
The Auditors get Audited!
Contributed by: Steven Morse, Executive Director
You read that right – Institute Audit, Compliance & Advisement (IACA) has been audited. Let me explain how this came about.
IACA is required to follow the International Standards for the Professional Practice of Internal Auditing (Standards) promulgated by the Institute of Internal Auditors (IIA). These Standards are comprised of attribute and performance standards and cover such areas as independence; due professional care; quality assurance; and engagement planning, performance, and communication to name a few.
One of the Standards requires that internal audit departments have a quality assurance review once every five years. For IACA that meant planning an engagement that is called a Self-Assessment with Independent Validation. What this means is that IACA needed to perform a self-assessment of its compliance with the IIA Standards and then arrange for independent validators to review the self-assessment documentation.
So, IACA performed a self-assessment of its compliance with the IIA Standards, gathered supporting documentation, and engaged two internal audit directors from two separate universities to be the independent validators. Stephen Colicci from Syracuse University and Gary Walters from the University at Buffalo visited RIT between June 13th and June 15th, 2007 to perform the review.
During their time here at RIT, Steve and Gary functioned in a capacity independent of the University and reviewed and tested the procedures and results of the self-assessment. This included reviewing IACA procedures, working papers, and reports. In addition, Steve and Gary conducted interviews with University management, the RIT Audit Committee Chairman, the Audit Manager from the RIT external audit engagement team, and the IACA staff.
Upon completion of their review, the independent validators issued an independent validation statement. This report, which accompanies the IACA self-assessment report will be distributed to the Senior Vice President for Finance and Administration, the President, and the Audit Committee of the RIT Board of Trustees.
This exercise was very valuable to IACA. In fact, IACA implemented some new procedures as a result of preparing the self-assessment documentation for review. The independent validators did determine that IACA was in compliance with the IIA Standards and provided me with some recommendations on how to further improve our processes. It’s all about continual improvement.