Payment Collection and Internal Controls 1 Why

Payment Collection and Internal Controls 1

Why Are We Here? ¡ To enhance our business practices ¡ To provide a safety net for individuals, departments, and the university ¡ To establish internal controls related to accepting payments at the university 2

What Will We Learn? ¡ The role of internal controls and designations of accountability ¡ How to apply appropriate segregation of duties criteria ¡ The roles, responsibilities, procedures, and constraints associated with each step 3

Why Are You Here? ¡ Your department/unit/office has been identified as an official payment collection area ¡ Certification is required in order to process payments 4

To Achieve Certification ¡ Participate in training ¡ Pass payment collection certification test 5

Agenda ¡ ¡ ¡ Accountability & Internal Controls Segregation of Duties l Record Keeping l Authorization l Custody l Reconciliation Good Business Practices 6

What are the different forms of payment accepted at the university? ¡ ¡ ¡ Currency and coin Checks Credit cards Money orders Travelers checks Electronic funds 7

Agenda ¡ ¡ ¡ Accountability & Internal Controls Segregation of Duties l Record Keeping l Authorization l Custody l Reconciliation Good Business Practices 8

Accountability – What is it? ¡ Delegation of authority to qualified persons to: l ¡ Initiate, approve, process and review business transactions Holding these persons responsible for: l The validity, correctness and appropriateness of their actions 9

Accountability ¡ Everyone is accountable for their actions ¡ Of all the individuals involved in the receipt, recording and balancing of funds, the person of ultimate responsibility is the custodian ¡ Payment processors are accountable for l l l Recording payments accurately Observing all of the USF internal controls Protecting the cardholders information 10

Accountability ¡ Supervisors are accountable for l l ¡ Others are accountable for l ¡ Proper allocations of payments Assignment of duties that comply with separation of duties guidelines Proper transfer of custody of payments Accountable officers are ultimately responsible for payment transactions. 11

Internal Controls ¡ ¡ Truth Myth l Internal controls ensure the right are essentially things happen the negative, a list of first time, & every “thou shalt nots. ” time. Tone at the Top, Issue 20 11/03 Institute of Internal Auditors 12

Internal Controls ¡ Protect the staff ¡ Protect the payments ¡ Help define what you do as a payment processor 13

Examples of Internal Controls ¡ Generally, access to credit card terminals and POS systems must be limited to a primary and a secondary custodian ¡ Physical safety of the information and equipment must be ensured at point of collection and when stored overnight 14

Examples of Internal Controls ¡ All adjustments must be documented and approved by a supervisor (authorizer) 15

Examples of Internal Controls ¡ The payments must balance to the system where the payments were recorded ¡ Deposits must be reconciled to the general ledger 16

A Real Life Example ¡ ¡ ¡ You drive to a local store to purchase ten pieces of sod to repair a spot in you lawn The following actions occur How many internal controls can you identify? 17

A Real Life Example ¡ ¡ ¡ You walk up to a cashier to buy a product Cashier scans a bar code in a brochure You pay for the sod and are given a receipt l ¡ ¡ ¡ With instructions to go outside to see an attendant Outside the store you present the receipt and learn you were charged the wrong amount You go back in the store; a supervisor is called to void the receipt and ring up the new sale Then you go outside to pick up what you bought 18

What Internal Controls Were Observed? ¡ ¡ ¡ Bar codes were used for inventory and pricing control You paid a cashier; no one else could accept payment You were given a receipt An attendant had to deliver the product to you (prevents theft and errors and confirms you were charged correctly) A supervisor had to make the corrections; they acted as an authorizer The attendant initialed the receipt to acknowledge you received what you paid for 19

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 20

Segregation Of Duties “Segregation of duties provides the assurance that no one individual has the physical and system access to control all phases of a business process or transaction: from authorization to custody to record keeping. ” Diane Mc. Kiernan, Logical Apps (a certified Oracle partner) 21

Four Functions of Segregation of Duties ¡ ¡ ¡ The four functions are Record Keeping, Authorization, Custody and Reconciliation The ideal is that any one person performs only one function; four people are needed for the four functions If one person performs two functions l l l Risk exists that presents the opportunity for something to go wrong A compensating control is needed to reduce the risk The compensating control might be an extra layer of review 22

When Segregation Is Not Possible ¡ ¡ ¡ Provide mitigating or compensating controls Design additional procedures to reduce risk Design data system security roles to restrict access 23

Example of a Compensating Control ¡ ¡ When a cashier receives a payment, they also record the payment The cashier is acting as a custodian and a record keeper This creates risk As a compensating control, after the cashier balances at end-of-day, a supervisor reviews the balancing and signs off 24

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 25

Record Keeping - Definition ¡ Record keeping is the process of creating and maintaining departmental records ¡ Record keeping may occur manually or through an automated data system 26

Record Keeping – Examples at USF ¡ ¡ ¡ ¡ Mail log - paper or electronic Customer cash receipts l Official USF pre-numbered cash receipts l System generated cash receipts Deposit slips Credit card receipts Electronic funds transfer (EFT) payment documentation Cashier balancing reports System sales reports 27

Record Keeping - Retention o Observe record retention requirements o Records serve multiple needs o o Satisfy audit needs Helpful in researching a question 28

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 29

Authorization ¡ Authorization is the process of granting formal approval to perform a specific function ¡ For example, someone must be authorized in order to perform one of the following functions: l l l Verify cash collections Review daily balancing reports Approve discounts, voids, or refunds 30

Authorization ¡ The person who originally created a transaction should not be the one who reviews and approves a correction, creates a void, or issues a refund l The best practice is to have a supervisor review and approve the correction using an ID of their own 31

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 32

Custody ¡ Having access to or control over any physical asset ¡ Examples of custodians: l l Collector of funds Deposit preparer Anyone with access to safes, lock boxes, & file cabinets where funds are kept Custodians of petty cash funds or change funds 33

Custody – System Passwords ¡ ¡ ¡ ¡ Your cash register or Point Of Sale system should be password protected to assign accountability and fix responsibility Every person must have their own password Passwords must never be shared Don’t write your password down If you need to leave the work area, sign off your password; log back on when you return Passwords should be changed periodically Passwords should be inactivated whenever a custodian vacates the position 34

Custody – Register Keys If your cash register or point-of-sale system uses key access: l l Only essential staff should possess the keys An inventory of the keys should be kept Keys should never be shared Keys must be collected whenever a custodian vacates the position 35

Custody – Storage of Funds The safe or lock box combination should be changed: l l l Any time an employee with knowledge of the combination or access to the key terminates or is reassigned Periodically Funds should never be stored in a desk, even if it is locked 36

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 37

Reconciliation & Balancing ¡ Cashier Balancing ¡ Check Log Balancing 38

How Would You Define Reconciliation ? ¡ ¡ A reconciliation is simply a comparison of two sets of information as of the same point in time Identify the differences between what actually did post in Finance Mart vs. what you expected to post in Finance Mart 39

Why Reconcile? ¡ ¡ Good internal controls and sound business practices necessitate the reconciliation of funds by business staff USF needs assurance that all assets are safeguarded and used to the best benefit of the university 40

What Do We Reconcile? ¡ ¡ ¡ Point of sale transactions ( POS ) Check logs Transaction reconciliation Budget review and reconciliation Credit cards 41

Point Of Sale Transactions ¡ The POS system should l l l ¡ Record sales and cash collections Produce a daily detailed sales report Produce a pre-numbered customer receipt Reconciliations to perform l l l Balance the cash drawer Balance the day’s sales to actual collections Reconcile daily balancing sheet to deposit 42

Transaction Reconciliation ¡ Reconcile l l l Deposits to accounts receivable postings Deposits to general ledger postings Inventory to sales 43

Non-inventory Reconciliation ¡ ¡ Some sales may not involve tangible inventory To ensure that all billings have been completed, review l l Room usage logs Equipment or lab usage logs Participant lists or class rolls Order forms or contracts for services 44

Credit Card Reconciliation ¡ When credit cards are used with a POS l l l POS system should produce a report of credit card transactions Compare the POS report to the daily settlement report Supervisor reviews this 45

Reconciliation - Guidelines ¡ ¡ ¡ Reconciliation must be performed by a person with no cash handling responsibilities The reconciliation form must be dated and signed or initialed The prescribed procedure should be followed 46

Agenda ¡ ¡ Accountability & Internal Controls Segregation of Duties l l ¡ Record Keeping Authorization Custody Reconciliation Good Business Practices 47

Oversight & Monitoring of Accounts Receivable (AR) ¡ Outstanding AR is reviewed at least monthly ¡ Someone other than the person who maintains AR conducts the review 48

Are You Ready For The Test? ¡ Accountability l ¡ Payment processors are accountable for ¡ Recording payments correctly ¡ Observing USF internal controls Internal controls exist l l To protect the staff To protect the cash 49

Are You Ready For The Test? ¡ Custody l ¡ Having access to or control over any physical asset Record Keeping l l The process of creating and maintaining departmental documents A supervisor should always review your balancing report; then initial and date the form 50

Are You Ready For The Test? ¡ Authorization l l ¡ The person who receives a payment should never make a correction, issue a refund, or void a transaction The authorizer performs these actions Balancing l Your department should have a standard balancing report 51

Time to take the test ¡ Navigate to the UCO web site ¡ The address is www. usf. edu/ucotraining ¡ Click payments collections training ¡ Obtain the payments collections quiz from your supervisor 52

Resources ¡ Office of University Audit & Compliance l http: //usfweb 2. usf. edu/uac ¡ COMPASS (for USF procedures) l http: //www. usf. edu/compass ¡ University Controller web site l http: //www. usf. edu/controller 53

Contacts ¡ Janet Hicks, Associate Controller l 974. 6063 l jahicks@usf. edu 54