370 likes | 482 Views
MSO Forum. September 13, 2004. Outline of Presentation. Context: Internal Controls – Shared Responsibility DaFIS Passwords & Security General Ledger Review Tools Purchasing & Business Contracts Business Process Improvement Initiative Travel & Entertainment Expense Reporting
E N D
MSO Forum September 13, 2004
Outline of Presentation • Context: Internal Controls – Shared Responsibility • DaFIS Passwords & Security • General Ledger Review Tools • Purchasing & Business Contracts • Business Process Improvement Initiative • Travel & Entertainment Expense Reporting • Research Compliance • Update Risks • Emerging Issues • Open Forum
Overview of Control Responsibilities The Control Environment: All academic and administrative employees are responsible for controls when conducting University business. Although specific responsibilities between groups may vary, all work toward the same goal of ensuring an effective and efficient control environment. Academic and Administrative Management: Responsible for developing, implementing and maintaining controls to manage risks and achieve objectives. Controller has primary responsibility for providing campus leadership to establish effective internal control and accountability practices. The Control Environment Academic and Administrative Management (Includes Controller) Faculty and Staff Audit and Advisory Services: Assists management in their oversight and operating responsibilities through independent audits and consultations designed to evaluate and promote the system of internal controls. Audit and Advisory Services Faculty and Staff: Responsible for applying University values, policies, procedures and regulatory requirements to ensure consistent operations. What is Internal Control? Internal control is an integral part of the University's operations. Internal control is broadly defined as a process, effected by our Board of Regents, faculty, and academic and administrative staff, designed to provide reasonable assurance regarding the achievement of instruction, research, patient care, and community service objectives, including: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations.
Five Components of Internal Control • Control Environment • Tone at the top, integrity, ethics, competence. • Risk Assessment • Evaluating risks to achieving objectives. • Control Activities • Mitigate risks and achieve objectives. • Information and Communication • Relevant, timely and accurate information to stakeholders. • Monitoring • Assessing the quality of the internal control system over time.
DaFIS TP Passwords do not expire Same passwords since implementation Does not use Kerberos Oracle limitation Password sharing? DaFIS DS Passwords do not expire Same passwords since implementation Can use Kerberos But not required DaFIS Passwords
DaFIS Security • What can we do to improve security? • Begin password expiration for DaFIS TP • Expire every 6 months • Implement Kerberos only for DS • Monitor logins to identify unusual sessions • Help Desk to contact users • Eliminate password sharing • Change TP login…
Accountability and DaFIS • Role of DaFIS Account Manager • Approximately 470 unique Account Managers on active accounts • Over 130 different job titles • From “__” Assistant I to University Librarian • ~ 170 MSO’s • What training have they had? • Should training be required? • How much training can be web based?
Accountability and DaFIS • Training for Account Managers • Complete online training module • Overview of FIS • Roles & Responsibilities • Appropriate Use • Accountability & Business Rules • Access would be granted/revoked based upon classes taken • Within defined time frame – 45 days • Who is reviewing the ledgers?
Purchasing/Business Contracts BPI • Business Process Improvement (BPI) • Began in the Fall of 2003 as OOA Initiative • Detailed analysis of Purchasing/BC Processes • Included departmental processes • Focus group input • OOA Users • Academic Dept’s
Purchasing/Business Contracts BPI • Recommendations • People • Organizational structure • Staffing • Roles (ESS) • Communications • Systems • RFI/RFP • Contract Management
Purchasing/Business Contracts BPI • Recommendations • DaFIS TP • Documents returned for correction • Commodity codes • Equipment management processes • VI Document • Receiving • Training • Internal • External
Purchasing/Business Contracts BPI • Status • Implemented new organizational structure • Transition DaFIS Help Desk support for Purchasing/BC • Issue RFP for new RFX/Contract Management System • Developing communications protocols • Internal: Accounts Payable, Purchasing, BC, ESS • External users • DaFIS enhancements • Analysis/Requirements Definition • Financial support from Provost and VCA in place to fund strategic investments
T & E Expense Reporting • Current Approach • Dual processes • DaFIS Document (TEV, EEV) • 42,000 TEV’s • 19,000 EEV’s • Paper document • Approvals, supporting doc’s • Factors to Consider • Build or Buy? • TP2 • Concur • Ability to adapt to new processes? • T&E Ranked 3rd on IT Projects Priority List
T & E Expense Reporting • Gaps in the current system • Process delays due to lack of electronic routing of paper forms • Weak controls around approvals • Valid signatures? • No formal process for pre-travel authorization • No management data • Business rules are not integrated in the process • Inability to leverage US Bank Travel Card Program
T & E Expense Reporting • Is Concur the solution? • Approval/review routed via email • Web based • Can complete reports off-line • Integration of business rules • System supports the process • Pre-travel authorization process • Integrated document management solution • Import US Bank Travel Card transactions directly into expense reports • Approach is different – is that a problem?
T & E Expense Reporting • What’s next? • Complete requirements gathering and gap analysis • Validate system requirements and integration to DaFIS • Test scenarios with departments • Test ROI • ~ $75 to complete current processes • (62,000 TEV & EEV transactions) • Compare cost to estimated savings • Prove at the department level, not A&FS • Timeline • End of October to complete analysis • Present proposal
Research Compliance • Is the number 1 risk to the University of California • Infrastructure must support the research enterprise • Develop and implement systems to provide support • Electronic Research Administration (ERA) • Effort Reporting System • PPS Enhancements • Cost Sharing & Tracking • Training • PI’s • Support staff
What is Effort Reporting? • Federal regulations require that the University certify effort devoted to sponsored projects including committed cost sharing effort • OMB Circular A-21 • Since 1982 the University has used a paper based Personnel Activity Reporting System (PARS) to satisfy this requirement • UCD produces ~ 4,000 paper forms each quarter • PARS has become outdated from a technology perspective • Lacks the ability to meet changing regulations and conditions
Why is Effort Reporting Important? • Volume of activity from grants and contracts for UC in FY 02-03: Federal C&G $2.37 Billion State Agencies $408 Million Private $620 Million Local Governments $131 Million TOTAL $3.53 Billion 67%
Why is Effort Reporting Important? • Risk Exposure: • Northwestern University • Audit disallowances of $5.5 Million • C&G Base of $325 Million in FY01-02 • University of South Florida • Returned $ 4.1 Million to the federal government to settle issues • UC paid a total of $2.1 Million to settle the NIH Salary Cap limitation disallowance • Period 7/1/95 - 6/30/02 • Other recent cases involve: • Harvard, Johns Hopkins
Why is Effort Reporting Important? • Importance of Good Business Practices: • Meeting fiduciary and stewardship responsibilities • Encouraging active participation by faculty and staff required to complete an Effort Report • Facilitating user convenience and responsiveness
Effort Reporting Initiative • Goal: Identify requirements for a new effort reporting system, including: • Online and fully distributed access • Web-based interface • Ability to interface with other existing enterprise systems to both gather and pass required information (e.g. Payroll, Cost Sharing, ERA) • On line editing and edit checks • Maintaining or importing campussecurity and access controls • Distributing reports and capturing certifications electronically • Providing ad hoc and management reporting capabilities • Maintaining historical information and audit trail • Web-based training/compliance component
Effort Reporting Initiative • Collaborative: • 5 Campuses and UCOP working together to develop specifications • UCB, UCD, UCLA, UCSD, UCSF • All participants have committed both time and direct financial support to the project • Task Force and Work Groups have included representatives from: Admin. Affairs; Budget and Finance; Research; Information Technology; and Campus Departments
Effort Reporting Initiative • Consultative: • Project staff and Task Force members have met with staff in departments and central units on all 5 campuses and UCOP to receive input and review draft documents • Consultation with key stakeholders including: • Council of Vice Chancellors Administration • COVC • VCs Research • Budget and Planning Officers • Controllers • IT Leadership Council
Effort Reporting Initiative • Comprehensive: • Project members have met with representatives of other institutions that are in the process of developing or implementing on line effort reporting systems • Task Force has identified both technical and cultural issues that must be addressed
Effort Reporting Initiative • Status: • Requirements document completed • January, 2004 • Technical fit and cost estimates developed • Funding in place from all 5 Campuses and UCOP • Total projected development cost $2.1 million • Does not include local implementation costs • Development team is being assembled • Target implementation - Fall 2006 • P&P and Training materials in development • Effort Reporting and Cost Sharing/Tracking
Cost Sharing • What is it? • Cost sharing represents the portion of a project’s direct or indirect costs that are not supported by the sponsor • Costs may be provided by the University or a 3rd party • When federally funded programs are involved, cost sharing represents contributions to a federal program • Recent changes to OMB Circular A-21, including Cost Accounting Standards, have created compliance risks for universities
Cost Sharing • What is it? • OMB Circular A-110 defines cost sharing as “all contributions, including cash and third party in-kind” that meet seven criteria • Types of Cost Sharing • Mandatory • Represents contributions required by the sponsor • Voluntary Committed • Specified within the proposal • Voluntary Uncommitted • Not specified within the proposal
Cost Sharing • Why do we have it? • Many PI’s volunteer it believing it makes their proposal more competitive – demonstrates institutional support for the project • Sources of actual funding are often difficult to identify • Departmental administrators and PI’s may not realize the consequences of voluntarily offering cost sharing • In most cases, sponsors do not require cost sharing • NSF 1% mandatory cost sharing on total awards • Some institutions, like MIT have adopted policies prohibiting voluntary cost sharing • UCD policies need to be updated to better address this issue • Can the PI decide or does the Dept. Head need to approve?
Cost Sharing • UCD must implement a system to track voluntary cost sharing • HHS Division of Cost Allocation (DCA) has made it very clear that our last two F&A rate proposals were not in compliance with A-21 & A-110 • DCA imputed a cost share amount based on the UC average of 5.2% or ~ $9 million for FY2002 • (excludes F&A cost) • A&FS has developed a Cost Sharing & Tracking System that utilizes DaFIS DS • Based on the system used at UCI
Emerging Issues • Sarbanes-Oxley Act of 2002 and Federal Sentencing Guidelines • UC Regents have adopted standards • UCD Directives 02-130 & 03-016 • Build up certification process for VC’s, Deans, other senior managers - Expands accountability • In support of management representation letter • University-wide Code of Ethics • Electronic Document Management System (EDMS) • Advisory Committee on Employee Systems (ACES)
Open Forum Obtain a copy of this report at... http://accounting.ucdavis.edu