Prepared by Margaret Smith, Director, Internal Audit

State Whistleblower Protection

Employees are encouraged to disclose improper governmental action and have their rights protected.

Reporting Improper Action:

• Must be within 1 year of occurrence.
• Whistleblower (employee reporting allegation) remains confidential

Retaliatory Action Defined:

• Denied adequate staff or staff changes
• Undesirable office location
• Refusal to assign meaningful work
• Unwarranted/unsubstantiated letter of reprimand
• Demotion, suspension, dismissal
• Encourage coworkers' hostility

Examples of Recent Whistleblowers:

• Agency paid employee while they were on unpaid leave
• Employee claimed hours worked when they were not at their designated workstation

Key Ethical Concepts and the Use of State Resources

Responsibility for ethical violation rests with the state employee or the supervisor who authorized the employee action. State officers and employees never lose their identity as a state employee, even when they are not working.

Student employees are state employees and are subject to restrictions while employed. University visitors and employee family members (including children) are not authorized to use university information technology resources.

Substantive Rule:

• State employees are obligated to conserve and protect state resources for the benefit of the public interest.
• State employees may not use state resources for private gain.

Use of Email:

• Personal outside business use of email is prohibited
• Occasional and limited personal (non-business) use is acceptable, if it does not interfere with the performance of state duties,
• Personal use of email distribution lists is prohibited

Use of the Internet:

• Visiting chat rooms, downloading and forwarding jokes and listening to the radio is prohibited
• Personal outside business use of the Internet is prohibited
• Occasional, infrequent and deminimis personal use is permitted with supervisory approval

 Phone calls/Fax/Voice Mail/Cell Phones/Copy Machine:

• Personal or personal business use of phones and copy machines is a violation of the Ethics Law, even if reimbursed

Consumable Supplies, Maintenance Materials, Scrap and Gargbage:

• Personal use of paper, envelopes, tablets, and other office, shop, maintenance, custodial, and motor vehicle supplies (paint, nails, wood, metal, sand, gravel, etc.) is a violation of the Ethics Law
• Taking materials, supplies and garbage for private use is a violation of the Ethics Law
• Obsolete or unneeded materials should be transferred to surplus, recycle, or disposed through university channels.

Equipment

• Personal or personal business use of equipment and tools is a violation of the Ethics Law
• Taking equipment and tools from campus for private use is a violation of the Ethics Law
• Bringing personal project to campus for maintenance or repair is a violation of the Ethics Law

Internal Control

Internal controls are the practices performed by department to provide management with reasonable assurance that assets are safeguarded, operations are effective and efficient, financial reports are reliable, and transactions are authorized, valid, complete and accurate.

Line management, more than other function, is directly responsible for all Central Washington University activities, including its internal control system. The responsibilities of the control system are to safeguard assets and use resources wisely.

Benefits of Internal Controls:

• Prevents errors and irregularities from occurring. If errors or irregularities do occur, they will be detected in a timely manner
• Encourage adherence to prescribed policies and procedures
• Protects employees:

1. By clearly outlining tasks and responsibilities:
2. By providing checks and balances: and,
3. From being accused of misappropriations, errors or irregularities

Separation of Duties:

No person should have control over a transaction from beginning to end. Ideally, no person should be able to record, authorize and reconcile a transaction.

Authorization

Transactions should be authorized and executed by persons acting within the range of their authority.

• Individuals should understand what they are approving. Supervisors should have first hand knowledge of transactions being approved, or they should review supporting information to verify the propriety and validity of transactions.
• Adjustment documents including leave and payroll documents should proceed directly for processing after approval by a supervisor and not return to the employee where they can be falsified. Many frauds (i.e. unauthorized overtime adjustments) occur after approval.
• Supervisors should not sign blank forms, including timesheets, leave request forms, or journal vouchers.
• Authorization for leave, overtime, and change of work schedule should be obtained in advance and in writing.

Documentation:

Transactions should be clearly and thoroughly documented and available for review.

Reconciliation:

Reconciliation is the process of comparing the entries in the general ledger to supporting documentation and resolving any discrepancies or differences. The time and leave records should be reconciled to the payroll system reports.

Risk Assessment

The State Administrative and Accounting Manual, issued  by the Office if Financial Management, defines internal control, basic internal control requirements, and agency responsibilities for assessing and minimizing risk through internal control assessment.

The requirements include participation by all levels of the organization in an annual risk assessment. The process of assessment risk is an opportunity for review of operations, determination of the areas of significant risk, and evaluation of what actions can be taken to minimize the risk and enhance internal controls.

The annual risk assessment questionnaire provide by the Office of Internal Audit is a tool for documenting and quantifying risk. Determination of an effective means of managing the risks, determined the likelihood of occurrence, minimizing the risks, and providing compensating controls is management's responsibility.

Fraud and Asset Misappropriation Awareness

Vulnerable Areas:

• Payroll
• Petty Cash
• Cash Receipts
• Long Distance Phone Calls
• Travel Vouchers

Consistent Patterns:

• "Blind Trust"
• Lack of Separation of Duties
• Progressive
• Simple Methods
• Repeat Offenders
• Seldom Takes Leave
• No One Performs Duties When Absent
• Works Evenings and Weekends

Payroll Fraud and Misappropriation Methods:

• Overtime Abused
• Leave Inaccurately Reported
• Supervisor Allow Employee to Manipulate Hours
• Supervisor Pre-signed Blank Timesheets
• Accepted Faxed Timesheets Without the Original

Prevention of Payroll Irregularities:

• Properly approved documents are reconciled to FMS, labor distribution and budget records
• Overtime is pre-approved in writing with reason and estimated hours
• Approved documents are controlled
• Line through or cross out blank lines on timesheet
• Supervisor approval is timely
• Process only original documents
• Do not pre-sign blank or incomplete documents
• Do not supervise or control a relative's employment

Grants

The following are real life incidents in which grant recipients did not work within the boundaries established by the grant provisions, rules from the granting agency, or institutional policies. Generally speaking, any institution determined by the granting organization to be out of the compliance with any requirements can be assessed double the amount of the grant money involved.

• Several administrators colluded to double bill various grants under which they received funding. The auditors never went back to the beginning of the frauds, but the amounts they calculated exceededd d$6 million. They were convicted and served time in state prison.
• A Principle Investigator (PI) submitted airline tickets for reimbursement by grant funds for travel that auditors determined was for his son. This audit was triggered by an employee complaint. The PI was convicted and served time for this fraud.

Other Concerns

• Volunteers should sign an agreement and hours should be reported to payroll for Labor and Industries reporting purposes.
• Scan Authorization Numbers and long distance access on phones should be protected
• Pets are not allowed at work
• Child Care in the Workplace is not appropriate
• Banking 15-Minute Breaks (to extend lunch hours, adjust arrival or departure times) is not appropriate. Rest periods not taken at appropriate times are lost.
• Skipping Lunches (to adjust arrival or departure time) is not appropriate. The Fair Labor Standards Act requires a lunch break.
• Supervisor approved flexible work schedules are appropriate for wellness hour and one-half

Managing an Audit

These are suggestions when interacting with auditors, both internal and external, to expedite the audit process while minimizing disruptions to day-to-day departmental operations. It is important to both the auditors and the departments to have accurate and objective audit results.

• Designate an audit liaison person. (Department manager)
• Clarify the audit objective and scope (areas to be tested and period covered by the audit).
• Determine auditor needs (records, workspace, and resources).
• Consider giving the auditor a general tour of your facilities.

• Ensure original documents do not leave department premises without prior approval.
• If a request is ambiguous, ask the auditor for the purpose of reviewing the document. Be prepared to recommend alternate documents that would achieve the auditor's purpose.
• Unless absolutely necessary, do not allow full access to your file drawers, storerooms, etc. Auditors are expected to obtain permission and state their objective for accessing these areas.
• Have documents available upon their arrival. Maintain a list of records provided to the auditor.
• Review records you are providing to anticipate questions. If records will hurt University's interest, notify department management and the University Director of Internal Audit (for external audits) of the issue.

• Keep informed of issues throughout the audit.
• Ensure an exit interview is held. Use it to verify facts and respond to the audit. Ask a representative from Internal Audit and/or Financial Services Office to attend if there are questioned or disputed findings.
• Ask for time to review findings, and then re-verify calculations and source data.
• Concede valid findings, but do not speculate on whether they apply to other areas on campus.
• Discuss with the auditor the dispositions of audit issues, i.e. verbal comment, exit item, management summary or report item.
• If necessary, appeal the auditor's conclusion with their supervisors. For external audits, this action should be coordinated with Internal Audit and the Office of Financial Services.

• RCW 42.40 State Employee Whistleblower Protection
• RCW 42.52 Ethics in Public Service
• WAC 292-110 Agency Substantive Rules
• WAC 292-120 Executive Ethics Board
• http://ethics.wa.gov
• http://www.cwu.edu/resources-reports
• CWU Policies Part 2, 2-2.7 Code of Ethics
• CWU Policies Part 2, 2-2.38 Use of Resources
• CWU Policies, Part 7, 7-2.2.1.2 Entertainment and Hosting (see pg 25)
• CWU Policies, Part 7, 7-2.2.1.2.6 Meals and Light Refreshments (see pg 26)