Internal Audit has provided several procedures as a quick reference for departments. They represent University policies and procedures, or best practices, that Internal Audit believes will contribute to good internal controls.
This is not an all-inclusive list of all University procedures and at any time these procedures may change. Current policies and procedures can be found at Procedures, Records, and Forms.
The following information is provided in alphabetical order by subject:
Budget/Financial Monitoring Responsibility
Every administrator is responsible for budgets within his/her area. Budgets should be monitored and reconciled to actual activity and supporting documentation on a regular basis, ideally within two weeks from the month-end close dates. It is important that the accounts be reconciled to ensure they accurately include authorized transactions. Each transaction should be supported by documentation. Allocations and recurring charges should be reviewed for reasonableness. Reconciling the department’s accounts provides for a good internal control.
- EP 1 – Policy on Budget Responsibility
- BPPM 30.07 – Workday Reports
- BPPM 30.06 – Tracking Departmental Expenditures
- BPPM 30.02 – Accounting for WSU Monies
If a department requires or uses a change fund, see General Receipting section below for more information.
Computer Security and Integrity
A significant amount of money is spent each year on computer equipment. Departments rely heavily on information created, processed and stored on computers. Consequently, departments should implement good computer, security and password controls.
To provide adequate safeguarding of critical information, critical computer files should be backed up on a periodic basis. The importance of the information and the amount of time needed to recreate the information should be considered when determining how often to backup computer files. The backup disks or tapes should be stored off-site. We recommend that departments refer to Information Technology Services website to determine the latest software options used on campus for automatic backup.
New computer viruses are being created at an alarming rate. Computers using WSU networks are required to have adequate protection against viruses that may be harmful to the continued integrity of the network and infrastructure; this includes the requirement for antivirus software and regular updates.
Use of the WSU network is for business purposes only. Employee use of computers, network and digital devices is to carry out the functions of their official duties; for students, the purpose is for education and research. University employees have a responsibility to safeguard state resources. This includes the database systems, and confidential or sensitive information they may use to carry out the functions of their jobs. The best ways for employees to adequately safeguard these resources is to ensure software (antivirus) is updated and protects from malicious intrusion.
Also, employees should ensure computers and files are protected with passwords that are known only to them and properly safeguarded. It is recommended passwords be changed regularly. Never walk away from a computer for any period of time without logging out or locking it up to prevent unauthorized access. Laptops and other portable digital devices should be physically safeguarded; do not leave in extreme weather or unattended. Limit the amount of confidential or sensitive data on portable devices; this type of data should be on office models that are not as mobile and susceptible to theft and subsequent data breach.
- Information Technology Services
- EP 4 – Electronic Communication Policy
- EP 16 – University Network Policies
- EP 8 – WSU System Data Policies
- EP 37 – WSU Information Security Policy
Most purchased software programs used at the University are copyrighted and/or patented. These copyrights and patents prohibit the University or its employees from making duplicates of the software and may also restrict the use of the software program to a particular machine. As users and/or purchasers of software packages, departments have the responsibility to be aware of the various agreements pertaining to each software package. Making illegal copies of licensed software may result in an individual and/or the University being held liable.
A good rule of thumb regarding software purchased is to assume the software:
- is not to be copied except for making a backup
- is designated for use with only one PC/laptop at a time and is not to be used by multiple users on a local area network
- is not normally maintained and updated by the vendor unless departments have paid an annual maintenance/support fee or paid for an updated version
If you do copy software for a backup, the manufacturer’s copyright notice should be placed on all copies or portions of the software reproduced.
Departments should maintain an inventory of software licenses and users to ensure proper future transfer and accountability for licensing.
- BPPM 35.30 – Duplicating and Using Software
Departments are responsible for maintaining accurate records of property and inventory purchased, proper safeguard of assets in its control, and the proper disposition of equipment. Capitalized equipment purchases (all tangible, non-expendable property, having a useful life of more than one year and a value of $5,000 or more, plus laptops, weapons, and other property with exception) are posted to a central inventory system upon purchase. Purchases of equipment that do not meet capitalization criteria, or is inventory for the purpose of resale (merchandise) or consumption in the unit, may have tracking requirements. Consumption inventory (such as non-resale publications, office supplies, etc.) with inventory values over $25,000 must be periodically inventoried.
The Property Inventory Unit of Business Services/Controller’s Office maintains a record of capitalized equipment in the AIS Property system. When purchases are made of capitalized equipment, numbered identification tags (state tags) are issued to the department for placement on the equipment; the state tag number correlates with the identification number in the Property system. This state inventory record should be physically verified on a periodic basis. We recommend annually; University policy requires equipment on state inventory lists be verified every two years.
Departments are responsible for safeguarding small and attractive assets and developing a system for managing and monitoring. Typical “small and attractive assets” include cameras, digital cameras, stereos, audio visual equipment, televisions, VCRs, DVDs, printers, computers, electronics, and digital media equipment. These items, if under $5,000, are not automatically posted to the state inventory system, so are not tagged by the University. The departments can either purchase state tags and request to add to the state inventory system in order to include in the verification process, or establish an independent inventory monitoring procedure to account for these assets.
Whenever equipment is transferred from one department to another or moved to a substantially different physical location but stays within the same department, the inventory records should be updated. This information will allow for accurate tracking of equipment locations. If equipment is taken off campus, the department should require employees to complete a sign-out sheet. This provides written support for the location of the equipment.
When equipment becomes obsolete or replaced, the inventory records should be updated as to disposition. No departments other than Surplus have authority to sell or transfer University property to non-University units, including recycling or other disposition.
- BPPM 20.50 – Property Inventory
- BPPM 20.53 – Merchandise and Consumable Inventories
- BPPM 20.76 – Surplus Property
- BPPM 20.80 – Sale or Transfer of Surplus Equipment
- BPPM 20.78 – Federal Excess Property
Though it is ideal to process revenue through the Cashier’s Office, departments occasionally receive cash and checks directly from the payee, via mail or in person. When this occurs, the following receipting policies should be considered:
- Endorse checks immediately upon receipt. A proper endorsement includes “Washington State University” and “For Deposit Only” on the back of the check.
- Money collected must be physically secured at all times. Do not leave cash or checks unattended. Store cash and checks in a secure location, such as a locked filing cabinet, lock box or safe. Keys or combinations should only be given to those employees that need them to perform their job responsibilities. Preferably, only two people (one serving as a backup) should have access to the keys or know the combinations. If an employee who has access to one of these devices leaves the employ of the department, keys should be returned and any combinations should be changed.
- Deposit all payments to WSU intact at least weekly with the Cashier’s Office in total and in the same form as received. Deposit amounts totaling $100 or more should be deposited the day of receipt.
- Cash signing machines, blank checks, and partially prepared checks should be secured. Voided checks should be mutilated to prevent unauthorized use.
- Periodically reconcile Cash Deposit Reports to the online Account Balances/Detail to ensure all revenue has been properly posted to the appropriate accounts. See Budget/Financial Monitoring Responsibility.
- The safety of employees who deliver deposits should be considered.
Only WSU-approved receipt forms or systems should be used. Receipt systems should have edit controls preventing unauthorized changes to receipt integrity. Receipt forms should be pre-numbered, preprinted, and used and retained in order to account for completeness of record, including voided receipts. Supervisory review and approval should be required for all voids, paid-outs, non-cash credits and refunds.
- BPPM 30.52 – WSU Receipts
- BPPM 30.53 – Cash Handling
- BPPM 30.59 – Cash Registers
- BPPM 30.51 – Till Cash Funds
- BPPM 30.55 – Refunds
- BPPM 30.58 – Returned Checks – Prevention and Processing
There are restrictions on gifts WSU employees may receive individually – see Ethics in Public Service. The University may receive gifts without such restriction. WSU Foundation Gift Accounting should be notified when gifts or donations are received. Policies for the proper accountability of funds in transit from donor to department to Gift Accounting have been established and should be followed.
- BPPM 30.70 – Gift Transmittals