Skip navigation

Office of Internal Audit

Basic Internal Control Assessment



Please use the checklist as you complete the below assessment and retain it for your files. You DO NOT need to submit the assessment checklist to Internal Audit. It may be requested from you at a later date.

Basic Internal Control Self-Assessment FY2021

These basic internal controls are NOT all-inclusive.




An organizational chart pictorially represents all the team players within a department. The chart shows the various working relationships between staff and supervisors. It also provides management information that may be used as a baseline for planning, budgeting and work force modeling.

A mission statement guides the actions of the department, spells out its overall goal, provides a sense of direction, and guides decision making for all levels of management. It also serves as an indicator of the objective of the department within the overall mission of the university.
Departmental policies and procedures manual as well as individual desk-top manuals will allow employees to understand their roles and responsibilities within the department. Policies and procedures allow management to guide operations without constant intervention. Policies and procedures are the strategic link between the university's mission and its day-to-day operation.
A website can be a valuable tool to promote/communicate to the campus community and the general public the services the department provides and how to request such services. Websites should be maintained and updated on a periodic basis to provide the most current information to its users.


When you reconcile an account, you are proving that the transactions comprising the account balance are correct. A spreadsheet reconciliation should be maintained for each departmental budget. The purpose of the reconciliation is to track transactions as they occur and match them to transactions recorded on the monthly detail reports. This will enable the department to quickly identify any questionable transactions posted to their budget and take corrective action to ensure accurate financial condition of the department. Authorization, recording and reconciling of transactions should be segregated duties. Reconciler and signature authority should sign/initial final MDR reconciliation to keep on file. Proper documentation is vital, because it provides supporting evidence that departmental budget reconciliation has been reviewed for appropriateness and compliance.

Helpful Guide - Monthly Detail Reports (MDR)


*** USM Cash Handling Policy ***

Documentation (hard copy/electronic file) exists to support that cash receipts/deposits are reconciled to the monthly detail report (MDR).

Proper documentation is vital, because it provides supporting evidence that deposits and departmental budget reconciliation have been reviewed for accuracy.
Cash is the most liquid asset and the most susceptible to loss if not properly controlled. All departments responsible for collecting cash, checks and credit card payments should ensure timely deposits, safeguarding of funds prior to deposit, proper segregation of duties in the handling process and regular reconciliation to ensure all funds have been deposited accurately. Critical internal controls such as segregation of duties, limited access, and regular reconciliation are important in handling funds (cash and checks). The number of individuals authorized to receive and handle funds should be limited, but no one person should be permitted to handle a transaction from beginning to end. The individual who receives funds should prepare a daily log of all incoming checks and cash. A supervisor should compare the record of initial receipts of cash and check from the daily logs and cash receipt book to the amount deposited.
Placing a restrictive endorsement, “For Deposit Only, The University of Southern Mississippi” on a check or money order immediately upon receipt is crucial to reducing the risk of fraud.
A university approved, pre-numbered receipt should be issued for every cash transaction. After each event, receipts should be compared with funds collected to ensure all funds are accounted for and deposited in a timely manner.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

Helpful Guide - USM Cash Handling Policy

Cash and checks should be stored in a secured location with access to the location limited to a few individuals. Deposits to the Business Office should be made on a daily basis.
It is important to safeguard university assets, which includes the safety of our employees.
Petty cash funds may be established at the discretion of the Director of Procurement and Contract Services for certain departments. These funds are available to purchase minor items when it would be otherwise impractical to procure these items through the usual purchasing method.

Helpful Guide - Petty Cash Policy and Procedures (ADMA-PUR-016)*

Revenues generated or, funds received by a university department should be deposited into their budget account through the Business Office.
Any time a university department has an event or sell goods on campus, sales tax must be collected and submitted to the MS State Tax Commission.

Helpful Guide - Visit Tax Compliance OR send an email to salestaxFREEMississippi

The Red Flags Rule, Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003 issued by the Federal Trade Commission (FTC), requires financial institutions and creditors that hold accounts covered under the regulation to develop and implement an identity theft prevention program for new and existing accounts.

Helpful Guide - Identity Theft Prevention Policy


The inventory database, AssetWorks should be used by each department to update and maintain their inventory details regularly. Departments should conduct inventory of university property for which they are responsible 2-3 times annually. This reduces the risk of missing items. Should the department discover items are missing, they must be reported to the proper authorities immediately. The department should make every effort to locate the items.

Helpful Guide - Property Accounting

Any employee assigned laptops, cameras, cell phones, etc., will be required to complete an inventory ‘loan receipt’.

Helpful Guide - Electronic Loan Receipts may be completed in SOAR or a physical one may be downloaded from Forms and Instructions

The department should understand and adhere to the University Fleet Management Manual.

Helpful Guide - Fleet Management Manual


Helpful Guide - Purchasing Basics

Segregations of duties reduces the risk of fraud waste or abuse of university assets. No one person should be permitted to handle a transaction from beginning to end.

Each cardholder is responsible to manage his/her card and to secure it when not in use. Keeping the card in a wallet or purse increases the risk that the card maybe stolen or, accidentally used for non-business purpose by the cardholder.
Timeliness is imperative to ensure all documentation and approvals are processed so that all expenditures are accounted for in the month that they were incurred. Segregation of duties do also apply to purchases made with a procurement card.
By utilizing a control sheet the department is able to keep a track of Who, When and What the card was used for.
The department head and card holders should review the procurement card policies and procedures.

Helpful Guide - Procurement Card

These documents provide the necessary information for reconciliation and should be readily available to Internal Audit.
Permission to travel must be approved prior to departure. Travelers must submit original receipts for reimbursement.

Helpful Guide - Travel Policies (ADMA-PUR-005)*

Helpful Guide - Hospitality Policy - Allowable (ADMA-PUR-002)*, Prohibited (ADMA-PUR-003)* 

The department head and all signature authorities should review the Technology Purchase policies and procedures.

Helpful Guide - iTech Technology Services, Technology Purchases (ADMA-IT-024)*,  MS Department of Information Technology Services


University Employee Handbook Policy states that all faculty and staff employees are required to complete a Monthly Attendance and Leave Record reflecting Personal and Medical leave used during the month. Monthly/Exempt employees leave taken is recorded in the SOAR system. A supervisor is assigned in the SOAR system to each monthly employee for reviewing and approving of leave taken. Human Resources sends reminder emails to all employees and supervisors to have their prior month’s time entered and approved on a timely basis each month. If an employee entered leave taken and their supervisor did not mark approval in the SOAR system, the leave will not be processed and the employee’s leave balance is not updated. Therefore, the employee’s leave balance is not accurate. To ensure personal leave and sick leave is accurately reflected in the system, it is important that leave and sick leave be reported in a timely manner. Leave for each month should be entered and approved within 10 days of month end.

Time sheets are maintained by the department for all non-exempt employees.

Time sheets record actual hours worked, leave time and compensatory time (non-exempt employees).

Time sheets are signed and dated by employee after the time period being reported (non-exempt employees).

To ensure accountability and accuracy, time sheets should be completed and signed by the employee and approved by the supervisor. These should be kept on file in the department for reconciliation purposes and for future reference. Management should refer to the university policies and procedures retrieval number 2206 and the Fair Labors Standards Act (FLSA) for guidance.

Documentation exists to support proper approval of overtime pay (non-exempt employees).

Non-exempt employees who work more than 40 hours in a week should be compensated at one and one-half (1 ½) times their base hourly rate. Management should refer to the university policies and procedures retrieval number 2205 and the Fair Labors Standards Act (FLSA) for guidance.
Compensatory time can be awarded in lieu of monetary overtime compensation and is calculated at one and one-half (1½) hours for every one hour of overtime worked. Management should refer to the university policies and procedures retrieval number 2205 and the Fair Labors Standards Act (FLSA) for guidance.
Payroll distribution reports (PDR) should be generated, reviewed and reconciled to the time & attendance reports and MDRs on a monthly basis to verify the accuracy of the payroll charges. Training is required to obtain access to PDRs.
The Faculty and Staff Clearance Record must be completed and submitted to Human Resources by any out-processing employee before they receive their final paycheck from the University.
It is Human Resources (HR) policy that supervisors perform full-time employee evaluations annually. It is beneficial to both the employee and their supervisor to review and discuss the job performance of the employee. Management should refer to the university policies and procedures retrieval number 1018 for guidance.
These forms can be found on the HR webpage Forms A to Z for Employees.


This policy is required for the effective communication of university policy regarding the acceptable use of computer equipment at Southern Miss.

Helpful Guide - Acceptable Use Policy (ADMA-IT-001)*

Employees are expected to follow the prescribed process when decommissioning and re-commissioning devices.

Helpful Guide - Redistribution of University Computer Equipment (ADMA-IT-025)*

Recent case law, as well as appropriate business practice, makes it necessary for the university to create and maintain parameters regarding employee use of email for official business.

Helpful Guide - Email Policy (ADMA-IT-002)*

Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in the compromise of Southern Miss's entire network.

Helpful Guide - Password Policy (ADMA-IT-015)*


Monitoring long distance charges reduces the risk of an unauthorized individual using long distance codes assigned to departmental personnel, resulting in erroneous long distance charges to the department’s budget. The long distance report should be reviewed by the department's signature authority. Documentation (hard or electronic copy) should exist to support that long distance charges have been reviewed. Any personal calls made using a departmental charge code MUST be repaid to the university. Best practice is to refrain from using a departmental charge code for personal calls. Charges for all other technology services such as - Guest Access, Multimedia Services, Cellular Services, Internet, Television Programming, ETC., should be reviewed on a monthly basis to ensure the charges are accurate.

Helpful Guide - The IT Billing Services report may be found at IT Billing Services.  If the department does not have access to this report, contact the Help Desk at 266-4357.



The University of Southern Mississippi is dedicated to the welfare and safety of all Minors who visit our campuses to participate in University-related programs or activities or any other event involving minors on the University campuses. To that end, in January of 2015, the University adopted a Minors on Campus policy. The objective of this policy is to promote a safe environment for minors by fostering a University culture that is committed to preventing, recognizing, reporting, and addressing child and child sexual abuse.



It is University policy for all full-time faculty, research scientists and librarians to complete a FCOI form annually - Financial Conflict of Interest Form. This reduces risks such as violation of sponsor policies, compromised scientific integrity, improper use of sponsored funds, and misuse of university facilities.

Helpful Guide - Financial Conflict of Interest (RSCH-VP-003)*

Helpful Guide - Institutional Review Board

Export controls are a high risk area that, if violated, could result in harsh consequences for the University and the Principle Investigator (PI).

Helpful Guide - Export Controls

It is important for departments to understand IP policies and procedures and ensure faculty (or other employees) are aware of opportunities to apply for protection (i.e. copyright, patent) of their work through USM. Various forms are required to be completed depending on the type, licensing, and use of IP.

Helpful Guide - IP Policies and Procedures -- Office of Technology Development Forms -- Office of Technology Development

Helpful Guide - MURA

Use of external support is considered high risk due to the necessity of the University to comply with federal, state, university, and sponsor regulations and policies. Departments must understand their roles and responsibilities with regard to external support and compliance.

Helpful Guide - University Policy Governing External Support (RSCH-SPA-007)*

Helpful Guide - Post-Award Administration Policy (RSCH-SPA-005)*

Helpful Guide - Post-Award Administration

If the principal investigator (PI) has not sent technical reports to ORA, it is the responsibility of the PI to retain a copy of technical reports for the duration of the project retention period.

Helpful Guide - Research Policies and Compliance


*These policies can be found via Institutional Policies

Contact Us

Office of Internal Audit
317 McLemore Hall
118 College Drive #5212
Hattiesburg, MS 39406

Hattiesburg Campus

Campus Map