Self Assessment Questions

Op3.12-14 Attachment 1 Self Assessment Questions

The following questions may be helpful in assessing your own department’s internal controls.

I. Tone at the top

Area or Topic	Yes or No	Describe Key Controls in Place
Does my department communicate and demonstrate integrity and ethical values consistent with the university's mission of Modeling Ethical and Effective Behavior?
Do employees in the department know what to do if they encounter unethical behavior?
Are roles and responsibilities clearly defined?

II. Business planning and policies

Area or Topic	Yes or No	Describe Key Controls in Place
Is departmental budget and financial goals (revenue and expense) well communicated and supported?
Are new policies communicated (university-wide and departmental) to employees? Is policy training adequate?

III. Segregation of duties

Area or Topic	Yes or No	Describe Key Controls in Place
In my department, are there adequate separation of duties (i.e., more than one person is responsible for preparing, reviewing, and approving transactions) in areas such as the following? Describe how:
Purchasing
Cash Receipts (class projects, events, etc.)
Cash Deposits
P-Card Use
Hiring
Travel and Reimbursement
Budget Transfers
Gifts Received
Scholarship Processing/Award
Contracting (consultants, others)
Grants Expenditures and Approvals
Assets on Site
Payroll

IV. Spending cycle - purchasing and contracting

Area or Topic	Yes or No	Describe Key Controls in Place
Are P-Cards monitored and approved for compliance with policy?
Are the number of cardholders and credit limits within the department appropriate?
Are contracts with third parties approved by an authorized approver? If yes, who is the authorized approver?
Are reconciliations being done of expenditures against the general ledger and errors identified timely?
Does the person reconciling the general ledger have access to copies of receipts and other documentation to support the reconciliation?
Are all petty cash funds, change funds, etc. properly maintained by one assigned custodian? Minimally the custodian should report to the supervisor on a monthly basis any shorts or overages.
Are contracts reviewed for consistency with the Legal Department's "Contracting Guidelines/checklist" (see Internal Audit and Risk Management Website)

V. Employee administration, travel, and payroll

Area or Topic	Yes or No	Describe Key Controls in Place
Do we complete evaluations completed and delivered timely?
Are payroll records and protected information secured and restricted to authorized personnel?
Are all necessary payroll records maintained and processed/approved within Banner?
Are payroll transactions reconciled to the GL?
Is paid time approved and monitored?
Are employees aware of requirements in reporting any conflict of interest and what represents a conflict of interest?
Are employees aware of the university's gift policy and reporting process? The university's Fiscal Responsibility Policy and Travel Expense Reporting Policy?
Are supervisors and employees trained in proper recruiting and hiring practices, and prohibition of discrimination and sexual harassment?
Are expense reports compliant with policy and approved? How are noncompliant items handled?
Are employees aware of the university's grievance procedure and faculty/staff handbook, and aware of the university's Ethics Hotline?
Are contract employees and temporary employees properly monitored?
Is International travel compliant with university policy and approvals?
Are education abroad trips properly budgeted and reported and approved compliant with university policy?
Are all required liability waiver forms and applications/payments received prior to any allowed departure by a participant?

VI. Grants and sponsored agreements

Area or Topic	Yes or No	Describe Key Controls in Place
Are proposals submitted for pre-award review and approved timely?
Has required compliance training (if any) been defined and completed?
Are budgets prepared compliant with OMB Circular A-21, and all expenditures compliant with the terms of the grant or agreement?
Are PI and other grant funded employees' time commitments reviewed to identify any potential overcommitment of time?
Are PI's fully engaged in award compliance, including review of spending, timely effort and sponsor reporting, etc?
Are cost sharing agreements fully documented for tracking?
Is equipment purchased tagged and recorded in inventory records?
Are budget to actual reports prepared and reviewed monthly?
Is 'Time and Effort Reporting' done on a timely basis.

VII. Information systems and assets and security/safety

Area or Topic	Yes or No	Describe Key Controls in Place
Are computers and laptops secured from theft?
Is there a current inventory of hardware and software?
Is there an inventory of databases and are they properly secured?
Are there procedures in place to ensure that confidential or protected information (such as FERPA, HIPAA, etc.) is not stored on laptops?
Is confidential and protected information encrypted?
Are appropriate employees aware of the university's surplused equipment policy?
Are records containing sensitive information (such as social security numbers,) National Security data, or other data protected under law (such as medical / HIPAA, educational / FERPA) physically protected within the office and locked in cabinets (versus on desks)? Is all sensitive and protected data identified and protected on appropriate server (versus desktop, flash drive, etc.?)

VIII. Risk assessment and management

Area or Topic	Yes or No	Describe Key Controls in Place
What in summary are the more significant risks within your department, and how are you working to identify and manage risks?
Are there any immediate areas of increased support your department requires from central administration in assisting your department in achieving its goals?