Common Audit Findings
Note: Some links go to external websites.
During engagements, we compare a department's transactions and processes to:
- Federal and state regulations
- UNCW policies
- Grant requirements
- Best practices as defined by professional organizations, industry standards, and other relevant sources.
These benchmarks allow us to evaluate operations in terms of compliance, effectiveness, and efficiency. In doing so, we have noted there are areas which departments frequently need to strengthen controls. Some examples are listed below.
Areas in which internal controls can often be strengthened include:
Approval of Transactions
Transactions should be approved by someone who:
- Is listed as the budget authority on the fund
- Has been delegated signatory authority (for items such as contracts)
- Is required to sign based on UNCW policy, the instructions on the form, or other guidance
Segregation of Duties
Does one person complete a process from beginning to end? If so, is there oversight? For instance, if one person is purchasing supplies is a different person reconciling the transactions? If not, is someone else reviewing the process or reconciliation?
Are reconciliations occurring regularly? Are they documented?
Physical and Logical Security
- Are hard copies of documents containing sensitive or personally identifiable information (PII) adequately secured?
- Do all users of systems have unique login information? (No shared usernames or passwords)
- Have all administrative usernames and passwords been changed from the default? (No user named "administrator")
We regularly review departmental operations for compliance with federal regulations, compliance with North Carolina General Statutes and the rules of the North Carolina Office of State Budget and Management and the North Carolina Office of State Personnel. Our operations are also subject to the policies of the University of North Carolina system as well as internal UNCW Policies.
How can I comply?
There are countless Federal regulations that apply to different aspects of our operations, and relevant ones are incorporated into our review. Things that impact many departments include:
- Is a form I-9 completed for each employee no later than the 3rd working day following the first day of work? Does the form contain all necessary information including the expiration dates of verification documents?
- If the department has revenue generating activities, have they been discussed with UNCW's tax manager for potential income tax matters?
- Does the department provide any potentially taxable fringe benefits to employees such as free tickets to events, reimbursement or payment of moving expenses, or the use of a courtesy car?
Like Federal regulations, there are numerous North Carolina regulations and policies that apply to our operations. We find departments are often not aware of all of these rules, which include things such as:
- For departments that collect or receive funds (cash, check, or credit card), deposits must be made at least weekly and deposits must be made daily any time $250.00 or more is collected
The Board of Governors of the UNC system has adopted policies which impact all of our operations.
UNCW's policies are intended to govern our daily operations and provide guidance. Often departments do not realize:
- Departments must complete a physical inventory of fixed assets at least annually and changes to the assets list, including transfers to other departments, must be communicated to the Fixed Asset department.
- University equipment including software that is no longer needed must be sent to surplus. It cannot be thrown away or discarded.
- Departments must maintain an accurate listing of all computer assets that includes the items' serial numbers and locations. This list should be reconciled to the centrally managed inventory list maintained by ITS.
Other topics that often come up during reviews include:
- Are revenues and expenditures recorded appropriately?
- Are funds being used for the intended purpose?
- Do trust funds have the most appropriate program code?
- Are employees cross-trained?
- Are there written desktop procedures for major functions?
- Does the department have a formal continuity of operations (COOP) plan?
We are happy to assist your department in improving your operations to strengthen controls in these areas. Please contact us if we can be of help.