The purpose of the control self-assessment is to provide you with a tool to assess your unit’s financial, operational, compliance, and reporting risks and related controls and to identify where your department has a potentially higher risk of loss through errors, theft or noncompliance with University policies and applicable rules, laws, and regulations as a result of a recent employee separation from University employment.
The internal control questions in this document have been separated into two categories:
1. Employees Separating from University Employment
2. Process Modifications
Employees Separating from University Employment
|1. The Department has documented current department-specific policies and procedures addressing daily operating activities of the employee separating from University employment.|
|2. Access to Banner forms in all Banner instances (ie Test, Prod, etc.) is appropriately removed for employees separating from University employment that have view and maintenance access|
|3. If the employee separating from University employment is in possession of a University P-Card, the department verifies that the card has been returned/cancelled and that all reconciliations have been completed, reviewed, and approved.|
|4. Employee reimbursements are properly authorized and sufficiently documented.|
|5. Are future travel/business expenditures related to employees separating from University employment properly managed? For example, if trip insurance was obtained for any non-refundable expenses, a claim has been filed on behalf of the University.|
|6. The department ensures that when an employee separates from University employment, access to the University administrative computer systems, as was authorized through the department, is properly cancelled. Determine who (if anyone) and for how long needs to have access to employee’s emails and documents.
· Have University affiliated social media accounts/ credentials managed by the employee separating from University employment, been transitioned to another University employee?
|7. University technology equipment (e.g. iPads/tablets, laptops, iPhones, etc.) and software are recovered from employees separating from University employment.|
|8. Retrieve the following items:
· Office, Building, and Desk Keys
· University ID Card
|1. The unit has updated current department-specific policies and procedures to address the modified daily operating activities of employees and systems impacted from employee(s) separating from University employment.|
|2. The unit has a business continuation plan and has been updated to reflect processes and procedures related to employees who have recently separated from University employment.|
|3. Have appropriate segregation of duties (i.e. checks and balances) been considered as processes and procedures are modified to address personnel changes? For example, have the manual and / or automated process controls been modified to potentially allow for incompatible duties surrounding custody of assets, recording, review, and approval/authorization. If so, have appropriate monitoring controls been considered to mitigate the risk?|
|4. Adequate event planning procedures are in place when a department is hosting a conference, workshop, or similar program. The department assures that revenues and expenditures are handled in compliance with applicable University policies and that there are appropriate segregation of duties and / or monitoring controls as noted above.|
|5. Documented policies and procedures exist on how data is entered, modified, and maintained in Banner. Banner access is regularly reviewed and modified to appropriately align with the applicable employee roles and responsibilities.|
|6. Employees who now have access to sensitive data have reviewed and understand policies that relate to that data (e.g. Employees with access to student data should comply by FERPA standards).|
|7. Modified employee roles and responsibilities have been appropriately updated in their position description.|
|8. Personnel, where applicable, have been instructed to become familiar with Saint Joseph’s University Conflict of Interest Disclosure Statement and sign and disclose if required.|
|9. Personnel are familiar with Saint Joseph’s University Whistleblower Policy.|
|10. Personnel assuming management responsibilities are familiar with the Policy Prohibiting Discrimination, Harassment, and Retaliation and the Sexual Misconduct Policy.||
|11. Personnel, where applicable, are familiar with the policy on Confidential Information.|
|12. Administrators responsible for federally sponsored grants/contracts follow the University’s administrative directives that conform to governmental cost principles and administrative standards.|
|13. The department ensures that the appropriate Financial Status Report information is sent to the responsible office so that the report can be prepared and submitted within the time prescribed by the awarding agency.|
|14. Time sheets for all hourly employees and leave reports for all salaries employees are reviewed and approved by each employee’s respective supervisor and that there are appropriate segregation of duties between recording, review, and approval.
A yes answer indicates the supervisor:
(1) Is in a position to verify the hours submitted are correct.
(2) Ensures the employee approves the time sheet.
|15. When an employee transfers to another University department or separates from University employment, your department verifies that payroll for this employee is no longer charged to your accounts.|
|16. If the use of an independent contractor for professional services is used to perform the roles and responsibilities related to an employee separating from University employment, the relationship complies with University policy and the IRS Code.|
|17. Employee reimbursements are properly authorized and sufficiently documented. There are appropriate segregation of duties between processing, recording, approval/authorization.|
|CASH AND CASH MANAGEMENT||Yes||No||N/A|
|18. The department’s petty cash funds continue to be necessary and there are procedures for control, reconciliation, and that there are appropriate segregation of duties.|
|19. Petty cash/change funds are kept locked in a secure location except when being used to accept funds or transact business (i.e., a locked drawer out of public view during business hours).|
|20. The department has implemented procedures to comply with Payment Card Industry (PCI) Data Security Standards (DSS) and new employee(s) that are involved with payment card processes are properly trained in PCI-DSS.|
|21. The department has segregated the duties for the custody of cash, authorizing or approving related transactions affecting those monies, recording or reporting of monies, and reconciling of the cash.|
|22. The department does not have unauthorized bank accounts or charge accounts.|
|23. Employees responsible for cash handling and deposit preparation are familiar with SJU policies.|
|24. Deposits are made on a daily basis (i.e., in a timely manner) where practical to OFA.|
|25. Determine who (if anyone) and for how long needs to have access to SJU email account of employee that is separating from University employment.|