Prepared by Margaret Smith,
Director, Internal Audit
Employees are encouraged to disclose improper governmental action
and have their rights protected.
Reporting Improper Action:
Retaliatory Action Defined:
-
Denied adequate staff or staff changes.
-
Undesirable office location.
-
Refusal to assign meaningful work.
-
Unwarranted/unsubstantiated letter of reprimand.
-
Demotion, suspension, dismissal.
-
Encourage coworkers' hostility.
Examples of Recent Whistleblowers:
Responsibility for ethical violation rests with the state employee
or the supervisor who authorized the employee action. State officers
and employees never lose their identity as a state employee, even
when they are not working.
Student employees are state employees and are subject to restrictions
while employed. University visitors and employee family members (including
children) are not authorized to use university information technology
resources.
Substantive Rule:
-
Personal outside business use of email is prohibited.
-
Occasional and limited personal (non-business) use is acceptable,
if it does not interfere with the performance of state duties.
-
Personal use of email distribution lists is prohibited.
-
Visiting chat rooms, downloading and forwarding jokes and listening
to the radio is prohibited.
-
Personal outside business use of the Internet is prohibited.
-
Occasional, infrequent and de minimis personal use is permitted
with supervisory approval.
Phone Calls/Fax/Voice Mail/Cell Phones/Copy Machine:
Consumable Supplies, Maintenance Materials, Scrap and Garbage:
-
Personal use of paper, envelopes, tablets, and other office,
shop, maintenance, custodial, and motor vehicle supplies (paint,
nails, wood, metal, sand, gravel, etc) is a violation of the Ethics
Law.
-
Taking materials, supplies and garbage for private use is a violation
of the Ethics Law.
-
Obsolete or unneeded materials should be transferred to surplus,
recycle, or disposed through university channels.
-
Personal or personal business use of equipment and tools is a
violation of the Ethics Law.
-
Taking equipment and tools from campus for private use is a violation
of the Ethics Law.
-
Bringing personal projects to campus for maintenance or repair
is a violation of the Ethics Law.
Internal controls are the practices performed by departments to provide
management with reasonable assurance that assets are safeguarded,
operations are effective and efficient, financial reports are reliable,
and transactions are authorized, valid, complete and accurate.
Line management, more than any other function, is directly responsible
for all Central Washington University activities, including its internal
control system. The responsibilities of the control system are to
safeguard assets and use resources wisely.
Benefits of Internal Controls:
-
Prevents errors and irregularities from occurring. If errors
or irregularities do occur, they will be detected in a timely manner.
-
Encourages adherence to prescribed policies and procedures.
-
Protects employees:
-
By clearly outlining tasks and responsibilities:
-
By providing checks and balances: and,
-
From being accused of misappropriations, errors or irregularities
Separation of Duties:
No person should have control over a transaction from beginning to
end. Ideally, no person should be able to record, authorize and reconcile
a transaction.
Authorization:
Transactions should be authorized and executed by persons acting
within the range of their authority.
-
Individuals should understand what they are approving. Supervisors
should have first hand knowledge of transactions being approved,
or they should review supporting information to verify the propriety
and validity of transactions.
-
Adjustment documents including leave and payroll documents should
proceed directly for processing after approval by a supervisor and
not return to the employee where they can be falsified. Many frauds
(i.e. unauthorized overtime adjustments) occur after approval.
-
Supervisors should not sign blank forms, including timesheets,
leave request forms, or journal vouchers.
-
Authorization for leave, overtime, and change of work schedule
should be obtained in advance and in writing.
Documentation:
Transactions should be clearly and thoroughly documented and available
for review.
Reconciliation:
Reconciliation is the process of comparing the entries in the general
ledger to supporting documentation and resolving any discrepancies
or differences. The time and leave records should be reconciled to
the payroll system reports.
The State Administrative and Accounting Manual, issued by the Office
of Financial Management, defines internal control, basic internal
control requirements, and agency responsibilities for assessing and
minimizing risk through internal control assessment.
The requirements include participation by all levels of the organization
in an annual risk assessment. The process of assessing risk is an
opportunity for review of operations, determination of the areas of
significant risk, and evaluation of what actions can be taken to minimize
the risk and enhance internal controls.
The annual risk assessment questionnaire provide by the Office of
Internal Audit is a tool for documenting and quantifying risk. Determination
of an effective means of managing the risks, determining the likelihood
of occurrence, minimizing the risks, and providing compensating controls
is management's responsibility.
Vulnerable Areas:
-
"Blind Trust"
-
Lack of Separation of Duties
-
Progressive
-
Simple Methods
-
Repeat Offenders
-
Seldom Takes Leave
-
No One Performs Duties When Absent
-
Works Evenings and Weekends
Payroll Fraud and Misappropriation Methods:
-
Overtime Abused
-
Leave Inaccurately Reported
-
Supervisor Allow Employee to Manipulate Hours
-
Supervisor Pre-signed Blank Timesheets
-
Accepted Faxed Timesheets Without the Original
Prevention of Payroll Irregularities:
-
Properly approved documents are reconciled to FMS, labor distribution
and budget records
-
Overtime is pre-approved in writing with reason and estimated
hours
-
Approved documents are controlled
-
Line through or cross out blank lines on timesheet
-
Supervisor approval is timely
-
Process only original documents
-
Do not pre-sign blank or incomplete documents
-
Do not supervise or control a relative's employment
The following are real life incidents in which grant recipients did
not work within the boundaries established by the grant provisions,
rules from the granting agency, or institutional policies. Generally
speaking, any institution determined by the granting organization
to be out of compliance with any requirements can be assessed double
the amount of the grant money involved.
-
Several administrators colluded to double bill various grants
under which they received funding. The auditors never went back
to the beginning of the frauds, but the amounts they calculated
exceeded $6 million. They were convicted and served time in state
prison.
-
A Principle Investigator (PI) submitted airline tickets for reimbursement
by grant funds for travel that auditors determined was for his son.
This audit was triggered by an employee complaint. The PI was convicted
and served time for this fraud.
-
Volunteers should sign an agreement and hours should be reported
to payroll for Labor and Industries reporting purposes.
-
Scan Authorization Numbers and long distance access on phones
should be protected.
-
Pets are not allowed at work.
-
Child Care in the Workplace is not appropriate.
-
Banking 15-Minute Breaks (to extend lunch hours, adjust arrival
or departure times) is not appropriate. Rest periods not taken at
appropriate times are lost.
-
Skipping Lunches (to adjust arrival or departure time) is not
appropriate. The Fair Labor Standards Act requires a lunch break.
-
Supervisor approved flexible work schedules are appropriate for
wellness hour and one-half.
These are suggestions when interacting with auditors, both internal
and external, to expedite the audit process while minimizing disruptions
to day-to-day departmental operations. It is important to both the
auditors and the departments to have accurate and objective audit
results.
-
Designate an audit liaison person. (Department manager)
-
Clarify the audit objective and scope (areas to be tested and
period covered by the audit).
-
Determine auditor needs (records, workspace, and resources).
-
Consider giving the auditor a general tour of your facilities.
Access to Records by Auditor:
-
Ensure original documents do not leave department premises without
prior approval.
-
If a request is ambiguous, ask the auditor for the purpose of
reviewing the document. Be prepared to recommend alternate documents
that would achieve the auditor's purpose.
-
Unless absolutely necessary, do not allow full access to your
file drawers, storerooms, etc. Auditors are expected to obtain permission
and state their objective for accessing these areas.
-
Have documents available upon their arrival. Maintain a list
of records provided to the auditor.
-
Review records you are providing to anticipate questions. If
records will hurt University's interest, notify department management
and the University Director of Internal Audit (for external audits)
of the issue.
Responding to Audit Findings:
-
Keep informed of issues throughout the audit.
-
Ensure an exit interview is held. Use it to verify facts and
respond to the audit. Ask a representative from Internal Audit and/or
Financial Services Office to attend if there are questioned or disputed
findings.
-
Ask for time to review findings, and then re-verify calculations
and source data.
-
Concede valid findings, but do not speculate on whether they
apply to other areas on campus.
-
Discuss with the auditor the dispositions of audit issues, i.e.
verbal comment, exit item, management summary or report item.
-
If necessary, appeal the auditor's conclusion with their supervisors.
For external audits, this action should be coordinated with Internal
Audit and the Office of Financial Services.
|
