Audit Survival Guide
Audits at Florida Atlantic University are performed to ensure compliance with generally accepted accounting principles and with FAU and Florida’s Division of Colleges & Universities policies and State Statutes. These audits may be conducted by federal, state, internal or external auditors.
Questions relating to types of audits and the audit process should be directed to the Office of Inspector General.
This booklet is to be used as a general guideline for how your area may best prepare itself for an audit. The topics are those that have been frequently covered in past audits. The subject of prior recommendations may have been directed to a particular department, but are applicable to most departments. Please review this document with your management team, particularly those involved with operational procedures or financial operations.
Florida Atlantic University must comply with a variety of Federal and state regulations and statutes, as well as internal policies and procedures. A department, whether academic or administrative, should be familiar with compliance issues pertaining to its operations. Many departmental websites make reference or have links to regulatory and compliance resources applicable to their operations. All employees should be familiar with their regulatory environment and if a formal institutional compliance program does not exist, a periodic internal evaluation of the level of compliance should be performed.
One of the first requests from auditors will be to review the department's written policies and procedures in order to determine compliance. This documentation should be at two levels, one being the department's general operating policies and the other, more detailed procedures, often referred to as desktop procedures.
It is especially important to document procedures used in handling fiscal matters. Flowcharts are useful, and current, detailed job descriptions should be a part of the entire package. If there are no procedures or if they are vague and/or out of date, it may result in an audit criticism.
It is suggested that policies and procedures be written if none exist. If they do exist, they should be periodically reviewed and updated as needed. Past memos outlining policies can often be used as a basis for developing a manual. The manual should be available to all employees, and ideally they should sign an acknowledgment form that they have read and understand the procedures.Return to the top of the page or the Table of Contents
The term "money" refers not only to actual cash, but also to checks and credit cards, and may also be referred to as "funds." If your department is involved in collecting funds, make sure written procedures are up-to-date and expect this function to be scrutinized by the auditors.
Prior to involvement in accepting funds, the department should contact the Controller's Office for approval and the correct procedures to be used. If billing by invoice is a part of a department's routine, consult with the Controller's Office to determine if this should be handled through the Accounts Receivable system.
Audit concerns will include the proper use of pre-numbered departmental cash receipts, immediate and restrictive endorsement of checks, use of mail logs, security of funds, use of transfer forms, timely deposits and written procedures.
Any unusual transactions or exceptions to the norm must be documented and should be approved in writing if possible. If there are any questions about these items, contact either the Controller's Office for detail procedures or the Inspector General's Office for general information.
Another area of money handling is petty cash accounts. The operation of a petty cash fund needs to have the Controller's Office approval. The cash must be secured and safeguarded from misuse or theft. It must not be used to cash personal checks or IOUs. Be certain the petty cash custodians are aware of the proper procedures to be used for petty cash. In addition, expect periodic visits by the internal audit staff to verify accuracy of the fund.Return to the top of the page or the Table of Contents
Assets are any items of value and include equipment, cash, financial records, and the physical structures. Confidential information, such as student records must also be safeguarded from misuse, unauthorized changes or theft. Evaluate the physical security of the offices and limit distribution of keys to authorized personnel. If certain areas should be restricted to employees only, at a minimum this restriction should be posted. Review the security of computer equipment, software programs, computer files, and the proper use of password procedures. Also review the security of other equipment, materials and supplies that may be of value to someone.
Assets that cost $1,000 or more (plus certain other items) are tagged and accounted for as fixed assets. State law requires a physical inventory be conducted annually and the department's cooperation is a necessary part of this process. Property Management conducts the annual fixed asset inventory, including verification of off-campus items. Departments can facilitate accountability for fixed assets by completing forms as property is moved or taken off campus, when grants are closed, or when the "accountable officer" changes. Accounting for fixed assets is within the scope of each state operational audit and lack of proper controls can result in adverse audit findings and publicity. Contact Property Management for additional information and to learn of the department's responsibility in this area.
|| AUTHORIZATION || CUSTODY || RECORD-KEEPING ||
This is a basic internal control and deterrent to fraud, yet it is frequently overlooked and can be difficult to achieve in smaller operations. Ideally, authorization of transactions, custody of assets, and record-keeping should be the responsibility of different individuals. One overall consideration when designing the best control system is that, generally, the more negotiable the asset, the greater the need for separation of duties, as well as the need for increased physical security.
Duties are considered incompatible if someone can carry out and conceal an error or irregularity in the course of day-to-day activities. If adequate separation of duties is not possible due to lack of sufficient staff, then there should be increased oversight by management.
Auditors will always want to see documentation that will support decisions, exceptions, transactions, end results, etc. Documentation is important in fiscal matters or for any action that is a deviation from the norm or the established policy.
Auditors are also concerned about documented supervisory reviews or approvals. Anytime an employee's work is reviewed, such review or approval should be notated by the reviewer's initials and the date.
Logs are a form of documentation, but to be effective they need to be used properly and consistently and should evidence supervisory review. Logs for checks received by mail, combination safe control listings, etc. are examples of logs which should have documented reviews.
Documented, periodic sampling by management is a form of review to ascertain that policies are being followed. This provides a good internal practice, not just something good to show the auditors.Return to the top of the page or the Table of Contents
The Division of Research should be contacted regarding questions on originating and accounting for contracts and grants.
In accepting the grant, Florida Atlantic University is acting as a fiduciary. Grant funds must be expended only for the purpose of fulfilling the objective of the grant. However, since the University is also in a fiduciary role in expending State funds, it is just as important that all appropriate grant related costs be charged to the grant.
It should be emphasized to the principal investigators that not only is fulfilling the grant's purpose their responsibility, but proper use of funds and the review of these expenditures is also their responsibility. Contracts should be carefully read to determine the technical and financial requirements and conditions. The granting agency will often audit the records of their grants and there is an annual audit of Federal Financial Assistance Programs by the State of Florida Auditor General’s Office.
The University utilizes a signature system that is maintained by the Controller's Office. Updates by the departments, including changes resulting from terminations and employee transfers, are necessary to maintain integrity of the system.
State telephones should be used only to conduct official state business. However, recognizing that there may be occasions when most people eventually find it necessary to make a personal toll call, the University has established a policy to cover these situations.
Personal toll calls and faxes should be logged by the individual making them, which can be as simple as a note on their calendar. The monthly phone bills should be distributed to employees for their review of toll calls made from their extension. Any personal calls must be reimbursed on a timely basis to the University. The exact procedure to be followed has been established in each department. This is a privilege that must not be abused or misused.
In addition, the most economical means of calling (800 numbers, etc.) should be used whenever possible.
Contact Telecommunications for additional information.Return to the top of the page or the Table of Contents
Refer to released reports on the Florida Auditor General’s website for various types of audit criticisms, paying close attention to the operational audits. Also, you may contact the Office of Inspector General for copies of internal audit reports for additional information.
All the above suggestions are very important, however internal control procedures and the suggestions made for compliance, should be subjected to a cost/benefit/risk analysis. The risks involved of non-compliance should be analyzed and benefits gained must outweigh the costs involved; management must determine if they are willing to accept the risks of non-compliance. If you have any questions in this area contact the Inspector General's Office.
Management is responsible for the internal control procedures and for the operating policies of their area and management sets the tone for all employees. Taken seriously, management’s awareness of audit concerns will help to minimize audit criticisms and will also result in a better operating environment.
The Audit Survival Guide was initially issued as a booklet in 1994 by Dianne Parkerson for use by Financial Affairs personnel. It has been revised by Morley Barnett, Inspector General, and formatted into a Web document by Dianne Parkerson.