ALL DEPARTMENT HEADS/BUDGET SIGNATURE AUTHORITY SHOULD TAKE THIS SELF-ASSESSMENT,
YEARLY. IF YOU HAVE ANY QUESTIONS PLEASE CONTACT THE OFFICE OF INTERNAL AUDIT AT 601.266.6111
Please use the checklist as you complete the below assessment and retain it for your
files. You DO NOT need to submit the assessment checklist to Internal Audit. It may
be requested from you at a later date.
These basic internal controls are NOT all-inclusive.
BASIC INTERNAL CONTROL ASSESSMENT
An organizational chart pictorially represents all the team players within a department.
The chart shows the various working relationships between staff and supervisors. It
also provides management information that may be used as a baseline for planning,
budgeting and work force modeling.
A mission statement guides the actions of the department, spells out its overall goal,
provides a sense of direction, and guides decision making for all levels of management.
It also serves as an indicator of the objective of the department within the overall
mission of the university.
Departmental policies and procedures manual as well as individual desk-top manuals
will allow employees to understand their roles and responsibilities within the department.
Policies and procedures allow management to guide operations without constant intervention.
Policies and procedures are the strategic link between the university's mission and
its day-to-day operation.
A website can be a valuable tool to promote/communicate to the campus community and
the general public the services the department provides and how to request such services.
Websites should be maintained and updated on a periodic basis to provide the most
current information to its users.
RECONCILIATION OF ACCOUNTS
When you reconcile an account, you are proving that the transactions comprising the
account balance are correct. A spreadsheet reconciliation should be maintained for
each departmental budget. The purpose of the reconciliation is to track transactions
as they occur and match them to transactions recorded on the monthly detail reports.
This will enable the department to quickly identify any questionable transactions
posted to their budget and take corrective action to ensure accurate financial condition
of the department. Authorization, recording and reconciling of transactions should
be segregated duties. Reconciler and signature authority should sign/initial final
MDR reconciliation to keep on file. Proper documentation is vital, because it provides
supporting evidence that departmental budget reconciliation has been reviewed for
appropriateness and compliance.<>
Documentation (hard copy/electronic file) exists to support that cash receipts/deposits
are reconciled to the monthly detail report (MDR).
Proper documentation is vital, because it provides supporting evidence that deposits
and departmental budget reconciliation have been reviewed for accuracy.
Cash is the most liquid asset and the most susceptible to loss if not properly controlled.
All departments responsible for collecting cash, checks and credit card payments should
ensure timely deposits, safeguarding of funds prior to deposit, proper segregation
of duties in the handling process and regular reconciliation to ensure all funds have
been deposited accurately. Critical internal controls such as segregation of duties,
limited access, and regular reconciliation are important in handling funds (cash and
checks). The number of individuals authorized to receive and handle funds should be
limited, but no one person should be permitted to handle a transaction from beginning
to end. The individual who receives funds should prepare a daily log of all incoming
checks and cash. A supervisor should compare the record of initial receipts of cash
and check from the daily logs and cash receipt book to the amount deposited.
Placing a restrictive endorsement, “For Deposit Only, The University of Southern Mississippi”
on a check or money order immediately upon receipt is crucial to reducing the risk
A university approved, pre-numbered receipt should be issued for every cash transaction.
After each event, receipts should be compared with funds collected to ensure all funds
are accounted for and deposited in a timely manner.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements
designed to ensure that ALL companies that process, store or transmit credit card
information maintain a secure environment. PCI applies to ALL organizations or merchants,
regardless of size or number of transactions, that accepts, transmits or stores any
cardholder data. Said another way, if any customer of that organization ever pays
the merchant directly using a credit card or debit card, then the PCI DSS requirements
Cash and checks should be stored in a secured location with access to the location
limited to a few individuals. Deposits to the Business Office should be made on a
It is important to safeguard university assets, which includes the safety of our employees.
Petty cash funds may be established at the discretion of the Director of Procurement
and Contract Services for certain departments. These funds are available to purchase
minor items when it would be otherwise impractical to procure these items through
the usual purchasing method.
Revenues generated or, funds received by an university department should be deposited
into their budget account through the Business Office.
Any time a university department has an event or sell goods on campus, sales tax must
be collected and submitted to the MS State Tax Commission.
Helpful Guide - Visit Tax Compliance OR contact the University's Senior Tax Compliance Officer @ 601.266.4102
The Red Flags Rule, Section 114 of the Fair and Accurate Credit Transactions Act (FACTA)
of 2003 issued by the Federal Trade Commission (FTC), requires financial institutions
and creditors that hold accounts covered under the regulation to develop and implement
an identity theft prevention program for new and existing accounts.
The inventory database, AssetWorks should be used by each department to update and
maintain their inventory details regularly. Departments should conduct inventory of
university property for which they are responsible 2-3 times annually. This reduces
the risk of missing items. Should the department discover items are missing, they
must be reported to the proper authorities immediately. The department should make
every effort to locate the items.
Segregations of duties reduces the risk of fraud waste or abuse of university assets.
No one person should be permitted to handle a transaction from beginning to end.
Each cardholder is responsible to manage his/her card and to secure it when not in
use. Keeping the card in a wallet or purse increases the risk that the card maybe
stolen or, accidentally used for non-business purpose by the cardholder.
Timeliness is imperative to ensure all documentation and approvals are processed so
that all expenditures are accounted for in the month that they were incurred. Segregation
of duties do also apply to purchases made with a procurement card.
By utilizing a control sheet the department is able to keep a track of Who, When and
What the card was used for.
The department head and card holders should review the procurement card policies and
University Employee Handbook Policy states that all faculty and staff employees are
required to complete a Monthly Attendance and Leave Record reflecting Personal and
Medical leave used during the month. Monthly/Exempt employees leave taken is recorded
in the SOAR system. A supervisor is assigned in the SOAR system to each monthly employee
for reviewing and approving of leave taken. Human Resources sends reminder emails
to all employees and supervisors to have their prior month’s time entered and approved
on a timely basis each month. If an employee entered leave taken and their supervisor
did not mark approval in the SOAR system, the leave will not be processed and the
employee’s leave balance is not updated. Therefore, the employee’s leave balance is
not accurate. To ensure personal leave and sick leave is accurately reflected in the
system, it is important that leave and sick leave be reported in a timely manner.
Leave for each month should be entered and approved within 10 days of month end.
Time sheets are maintained by the department for all non-exempt employees.
Time sheets record actual hours worked, leave time and compensatory time (non-exempt
Time sheets are signed and dated by employee after the time period being reported
To ensure accountability and accuracy, time sheets should be completed and signed
by the employee and approved by the supervisor. These should be kept on file in the
department for reconciliation purposes and for future reference. Management should
refer to the university policies and procedures retrieval number 2206 and the Fair
Labors Standards Act (FLSA) for guidance.
Documentation exists to support proper approval of overtime pay (non-exempt employees).
Non-exempt employees who work more than 40 hours in a week should be compensated at
one and one-half (1 ½) times their base hourly rate. Management should refer to the
university policies and procedures retrieval number 2205 and the Fair Labors Standards
Act (FLSA) for guidance.
Compensatory time can be awarded in lieu of monetary overtime compensation and is
calculated at one and one-half (1½) hours for every one hour of overtime worked. Management
should refer to the university policies and procedures retrieval number 2205 and the
Fair Labors Standards Act (FLSA) for guidance.
Payroll distribution reports (PDR) should be generated, reviewed and reconciled to
the time & attendance reports and MDRs on a monthly basis to verify the accuracy of
the payroll charges. Training is required to obtain access to PDRs.
The Faculty and Staff Clearance Record must be completed and submitted to Human Resources
by any out-processing employee before they receive their final paycheck from the University.
It is Human Resources (HR) policy that supervisors perform full-time employee evaluations
annually. It is beneficial to both the employee and their supervisor to review and
discuss the job performance of the employee. Management should refer to the university
policies and procedures retrieval number 1018 for guidance.
This policy is required for the effective communication of university policy regarding
the acceptable use of computer equipment at Southern Miss.
Passwords are an important aspect of computer security. They are the front line of
protection for user accounts. A poorly chosen password may result in the compromise
of Southern Miss's entire network.
Monitoring long distance charges reduces the risk of an unauthorized individual using
long distance codes assigned to departmental personnel, resulting in erroneous long
distance charges to the department’s budget. The long distance report should be reviewed
by the department's signature authority. Documentation (hard or electronic copy) should
exist to support that long distance charges have been reviewed . Any personal calls
made using a departmental charge code MUST be repaid to the university. Best practice
is to refrain from using a departmental charge code for personal calls. Charges for
all other technology services such as - Guest Access, Multimedia Services, Cellular
Services, Internet, Television Programming, ETC., should be reviewed on a monthly
basis to ensure the charges are accurate.
Helpful Guide - The IT Billing Services report may be found @ IT Billing Services. If the department does not have access to this report, contact the Help Desk at
MINORS ON CAMPUS
The University of Southern Mississippi is dedicated to the welfare and safety of all
Minors who visit our campuses to participate in University-related programs or activities
or any other event involving minors on the University campuses. To that end, in January
of 2015, the University adopted a Minors on Campus policy. The objective of this policy
is to promote a safe environment for minors by fostering a University culture that
is committed to preventing, recognizing, reporting, and addressing child and child
It is University policy for all full-time faculty, research scientists and librarians
to complete a FCOI form annually - FINANCIAL CONFLICTS OF INTEREST POLICYThis reduces risks such as violation of sponsor policies, compromised scientific integrity,
improper use of sponsored funds, and misuse of university facilities.
It is important for departments to understand IP policies and procedures and ensure
faculty (or other employees) are aware of opportunities to apply for protection (i.e.
copyright, patent) of their work through USM. Various forms are required to be completed
depending on the type, licensing, and use of IP.
Use of external support is considered high risk due to the necessity of the University
to comply with federal, state, university, and sponsor regulations and policies. Departments
must understand their roles and responsibilities with regard to external support and