Please use the checklist as you complete the below assessment and retain it for your files. You DO NOT need to submit the assessment checklist to Internal Audit. It may be requested from you at a later date.







These basic internal controls are NOT all-inclusive.



The department has an organizational chart.

An organizational chart pictorially represents all the team players within a department. The chart shows the various working relationships between staff and supervisors. It also provides management information that may be used as a baseline for planning, budgeting and work force modeling.

The department has a statement of mission and objective.
A mission statement guides the actions of the department, spells out its overall goal, provides a sense of direction, and guides decision making for all levels of management. It also serves as an indicator of the objective of the department within the overall mission of the university.
The department has current departmental policies and procedures, and employee desktop manuals.
Departmental policies and procedures manual as well as individual desk-top manuals will allow employees to understand their roles and responsibilities within the department. Policies and procedures allow management to guide operations without constant intervention. Policies and procedures are the strategic link between the university's mission and its day-to-day operation.
Department has a current website on the university website.
A website can be a valuable tool to promote/communicate to the campus community and the general public the services the department provides and how to request such services. Websites should be maintained and updated on a periodic basis to provide the most current information to its users.


Documentation (hard copy/electronic file) exists to support timely reconciliation of departmental accounts on a consistent basis. Documentation also exists to support that reconciliations are reviewed in a timely manner by the appropriate department head and/or signature authority.
When you reconcile an account, you are proving that the transactions comprising the account balance are correct. A spreadsheet reconciliation should be maintained for each departmental budget. The purpose of the reconciliation is to track transactions as they occur and match them to transactions recorded on the monthly detail reports. This will enable the department to quickly identify any questionable transactions posted to their budget and take corrective action to ensure accurate financial condition of the department. Authorization, recording and reconciling of transactions should be segregated duties. Reconciler and signature authority should sign/initial final MDR reconciliation to keep on file. Proper documentation is vital, because it provides supporting evidence that departmental budget reconciliation has been reviewed for appropriateness and compliance.<>

Helpful Guide - Monthly Detail Reports (MDR)


*** USM Cash Handling Policy ***

Documentation (hard copy/electronic file) exists to support that cash receipts/deposits are reconciled to the monthly detail report (MDR).

Proper documentation is vital, because it provides supporting evidence that deposits and departmental budget reconciliation have been reviewed for accuracy.
Duties related to receipting, depositing and reconciliation of funds are adequately separated.
Cash is the most liquid asset and the most susceptible to loss if not properly controlled. All departments responsible for collecting cash, checks and credit card payments should ensure timely deposits, safeguarding of funds prior to deposit, proper segregation of duties in the handling process and regular reconciliation to ensure all funds have been deposited accurately. Critical internal controls such as segregation of duties, limited access, and regular reconciliation are important in handling funds (cash and checks). The number of individuals authorized to receive and handle funds should be limited, but no one person should be permitted to handle a transaction from beginning to end. The individual who receives funds should prepare a daily log of all incoming checks and cash. A supervisor should compare the record of initial receipts of cash and check from the daily logs and cash receipt book to the amount deposited.
Checks are restrictively endorsed upon receipt.
Placing a restrictive endorsement, “For Deposit Only, The University of Southern Mississippi” on a check or money order immediately upon receipt is crucial to reducing the risk of fraud.
A pre-numbered receipt, cash log or register tape is used to document cash received.
A university approved, pre-numbered receipt should be issued for every cash transaction. After each event, receipts should be compared with funds collected to ensure all funds are accounted for and deposited in a timely manner.
The department receives payment by credit cards and is PCI Compliant! What's PCI ?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

Helpful Guide - Payment Card Security Policy

Funds are adequately safeguarded until deposited at the Business Office.
Cash and checks should be stored in a secured location with access to the location limited to a few individuals. Deposits to the Business Office should be made on a daily basis.
University police escort is used for deposits over $1000.
It is important to safeguard university assets, which includes the safety of our employees.
Petty cash funds (if used by the department) are properly established.
Petty cash funds may be established at the discretion of the Director of Procurement and Contract Services for certain departments. These funds are available to purchase minor items when it would be otherwise impractical to procure these items through the usual purchasing method.

Helpful Guide - Petty Cash Policy and Procedures

The department does NOT have an external bank account!
Revenues generated or, funds received by an university department should be deposited into their budget account through the Business Office.
Proper procedures are in place to ensure sales tax is collected and reported accurately and timely for taxable events/goods.
Any time a university department has an event or sell goods on campus, sales tax must be collected and submitted to the MS State Tax Commission.

Helpful Guide - Visit Tax Compliance OR contact the University's Senior Tax Compliance Officer @ 601.266.4102

Does the department retain payers’ credit card information or other personal data on any university system, PC or other electronic storage media?
The Red Flags Rule, Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003 issued by the Federal Trade Commission (FTC), requires financial institutions and creditors that hold accounts covered under the regulation to develop and implement an identity theft prevention program for new and existing accounts.

Helpful Guide - Identity Theft Prevention Policy


The department monitors and conducts in-house audits (verification) of their property.
The inventory database, AssetWorks should be used by each department to update and maintain their inventory details regularly. Departments should conduct inventory of university property for which they are responsible 2-3 times annually. This reduces the risk of missing items. Should the department discover items are missing, they must be reported to the proper authorities immediately. The department should make every effort to locate the items.

Helpful Guide - Property Accounting

Individuals assigned equipment have completed an inventory loan receipt.
Any employee assigned laptops, cameras, cell phones, etc., will be required to complete an inventory ‘loan receipt’.

Helpful Guide - Electronic Loan Receipts may be completed in SOAR or a physical one may be downloaded from Forms and Instructions

The department has a university vehicle.
The department should understand and adhere to the University Fleet Management Manual.

Helpful Guide - Fleet Management Manual


The department has reviewed the purchasing guidelines.

Helpful Guide - Purchasing Basics

Requisition and invoice input, approval and account reconciliation functions are separated within the department.

Segregations of duties reduces the risk of fraud waste or abuse of university assets. No one person should be permitted to handle a transaction from beginning to end.

Procurement cards are stored in a secure location while not in use.
Each cardholder is responsible to manage his/her card and to secure it when not in use. Keeping the card in a wallet or purse increases the risk that the card maybe stolen or, accidentally used for non-business purpose by the cardholder.
Department uploads procurement card receipts to Resolve in a timely manner.
Timeliness is imperative to ensure all documentation and approvals are processed so that all expenditures are accounted for in the month that they were incurred. Segregation of duties do also apply to purchases made with a procurement card.
The department utilizes a control sheet when there are multiple users of a single procurement card.
By utilizing a control sheet the department is able to keep a track of Who, When and What the card was used for.
The department employees have reviewed the procurement card policies and procedures.
The department head and card holders should review the procurement card policies and procedures.

Helpful Guide - Procurement Card

The department retains adequate documentation for the use of the Conference Cards/Student ID Cards, Eagle Dining services and other services provided by Aramark.
These documents provide the necessary information for reconciliation and should be readily available to Internal Audit.
All personnel that travel on University business prepare the necessary permission to travel documents and retain original receipts for reimbursement.
Permission to travel must be approved prior to departure. Travelers must submit original receipts for reimbursement.

Helpful Guide - Travel Policies and Procedures

If the department's business requires them to incur certain entertainment expenses the departmental personnel are aware of the hospitality policies and procedures.

Helpful Guide - Hospitality - Allowable, Prohibited  

If the department's business requires them to incur technology purchases, the departmental personnel are aware of the policies and procedures pertaining to technology purchases.
The department head and all signature authorities should review the Technology Purchase policies and procedures.

Helpful Guide - iTech Technology Services - Policy ACAF-IT-024 Technology Purchases - MS Department of Information Technology Services


Leave usage is approved timely by department head/signature authority for exempt (on SOAR) and non-exempt (on time sheet) employees.
University Employee Handbook Policy states that all faculty and staff employees are required to complete a Monthly Attendance and Leave Record reflecting Personal and Medical leave used during the month. Monthly/Exempt employees leave taken is recorded in the SOAR system. A supervisor is assigned in the SOAR system to each monthly employee for reviewing and approving of leave taken. Human Resources sends reminder emails to all employees and supervisors to have their prior month’s time entered and approved on a timely basis each month. If an employee entered leave taken and their supervisor did not mark approval in the SOAR system, the leave will not be processed and the employee’s leave balance is not updated. Therefore, the employee’s leave balance is not accurate. To ensure personal leave and sick leave is accurately reflected in the system, it is important that leave and sick leave be reported in a timely manner. Leave for each month should be entered and approved within 10 days of month end.

Time sheets are maintained by the department for all non-exempt employees.

Time sheets record actual hours worked, leave time and compensatory time (non-exempt employees).

Time sheets are signed and dated by employee after the time period being reported (non-exempt employees).

Time sheets are signed and dated by supervisor after the time period being reported (non-exempt employees).
To ensure accountability and accuracy, time sheets should be completed and signed by the employee and approved by the supervisor. These should be kept on file in the department for reconciliation purposes and for future reference. Management should refer to the university policies and procedures retrieval number 2206 and the Fair Labors Standards Act (FLSA) for guidance.

Documentation exists to support proper approval of overtime pay (non-exempt employees).

Department follows university overtime guidelines (non-exempt employees).
Non-exempt employees who work more than 40 hours in a week should be compensated at one and one-half (1 ½) times their base hourly rate. Management should refer to the university policies and procedures retrieval number 2205 and the Fair Labors Standards Act (FLSA) for guidance.
Documentation (hard copy/electronic file) exists to support monitoring, reconciliation, and approval of compensatory time and usage (non-exempt employees).
Compensatory time can be awarded in lieu of monetary overtime compensation and is calculated at one and one-half (1½) hours for every one hour of overtime worked. Management should refer to the university policies and procedures retrieval number 2205 and the Fair Labors Standards Act (FLSA) for guidance.
Documentation (hard copy/electronic file) exists to support that payroll reports are reconciled to the MDR/Payroll Distribution Reports on SOAR.
Payroll distribution reports (PDR) should be generated, reviewed and reconciled to the time & attendance reports and MDRs on a monthly basis to verify the accuracy of the payroll charges. Training is required to obtain access to PDRs.
Departmental procedures are in place to help ensure that termination documents are processed, and appropriate university and departmental personnel are notified in a timely manner to stop payroll, cancel computer access and long distance codes, retrieve keys, access cards, university equipment, etc.
The Faculty and Staff Clearance Record must be completed and submitted to Human Resources by any out-processing employee before they receive their final paycheck from the University.
Annual performance evaluations are conducted for all employees and results are submitted through proper channels.
It is Human Resources (HR) policy that supervisors perform full-time employee evaluations annually. It is beneficial to both the employee and their supervisor to review and discuss the job performance of the employee. Management should refer to the university policies and procedures retrieval number 1018 for guidance.


Department staff has read and understands the acceptable use policy for computers.
This policy is required for the effective communication of university policy regarding the acceptable use of computer equipment at Southern Miss.

Helpful Guide - Acceptable Use Policy

The department is aware of the procedures to surplus old computers/devices and remove them off of the department's inventory.
Employees are expected to follow the prescribed process when decommissioning and re-commissioning devices.

Helpful Guide - Computer Decommission/Re-commissioning/Computer Exchange Program

Employees have read and understand the email use policy.
Recent case law, as well as appropriate business practice, makes it necessary for the university to create and maintain parameters regarding employee use of email for official business.

Helpful Guide - Email Policy

Department employees have read and understand the password policy.
Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Southern Miss's entire network.

Helpful Guide - Password Policy


The department signature authority or his/her designee reviews monthly long distance phone charges and other technology service charges. Best Practice - Long distance phone logs should be kept for all employees that have codes.
Monitoring long distance charges reduces the risk of an unauthorized individual using long distance codes assigned to departmental personnel, resulting in erroneous long distance charges to the department’s budget. The long distance report should be reviewed by the department's signature authority. Documentation (hard or electronic copy) should exist to support that long distance charges have been reviewed . Any personal calls made using a departmental charge code MUST be repaid to the university. Best practice is to refrain from using a departmental charge code for personal calls. Charges for all other technology services such as - Guest Access, Multimedia Services, Cellular Services, Internet, Television Programming, ETC., should be reviewed on a monthly basis to ensure the charges are accurate.

Helpful Guide - The IT Billing Services report may be found @  IT Billing Services.  If the department does not have access to this report, contact the Help Desk at 266-4357.


Does the department offers, sponsors, or approve programs or activities involving minors?
The University of Southern Mississippi is dedicated to the welfare and safety of all Minors who visit our campuses to participate in University-related programs or activities or any other event involving minors on the University campuses. To that end, in January of 2015, the University adopted a Minors on Campus policy. The objective of this policy is to promote a safe environment for minors by fostering a University culture that is committed to preventing, recognizing, reporting, and addressing child and child sexual abuse.



All faculty, research scientists, and librarians complete the Financial Conflict of Interest (FCOI) form annually.
It is University policy for all full-time faculty, research scientists and librarians to complete a FCOI form annually - FINANCIAL CONFLICTS OF INTEREST POLICYThis reduces risks such as violation of sponsor policies, compromised scientific integrity, improper use of sponsored funds, and misuse of university facilities.

Helpful Guide - Financial Conflict of Interest

Research involving human subjects has been formally approved by the Institutional Review Board (IRB).
Research involving animal subjects has been formally approved by the Institutional Animal Care and Use Committee (IACUC).
The department is familiar with the Research and Scholarly Integrity Assurance Program.
The department is familiar with export control laws.
Export controls are a high risk area that, if violated, could result in harsh consequences for the University and the Principle Investigator (PI).

Helpful Guide - Export Controls

The department is familiar with intellectual property (IP) policies and procedures and related forms/agreements.
It is important for departments to understand IP policies and procedures and ensure faculty (or other employees) are aware of opportunities to apply for protection (i.e. copyright, patent) of their work through USM. Various forms are required to be completed depending on the type, licensing, and use of IP.

Helpful Guide - IP Policies and Procedures -- Office of Technology Development Forms -- Office of Technology Development

Employees with a material financial interest in a company that contracts or licenses technology from USM have approval from the Mississippi University Research Authority (MURA).

Helpful Guide - MURA

The department is familiar with University Policies Governing External Support.
Use of external support is considered high risk due to the necessity of the University to comply with federal, state, university, and sponsor regulations and policies. Departments must understand their roles and responsibilities with regard to external support and compliance.

Helpful Guide - University Policy Governing External Support

The department is aware of its post-award administration responsibilities.
Only eligible individuals serve as a Principal Investigator (PI) or Co-PI.
Technical reports for externally funded projects are maintained per the retention period set by the funding agency.
If the principal investigator (PI) has not sent technical reports to ORA, it is the responsibility of the PI to retain a copy of technical reports for the duration of the project retention period.

Helpful Guide - Research Policies and Compliance