A UTSA High Risk
Ex-employee admits defrauding Columbia University of $180K – March 31, 2009◦ “A former Columbia University science department manager has admitted bilking
the school of more than $180,000 to pay for his Poconos wedding and other personal expenses.” Prosecutors say the manager “signed off on payments for medical studies that were never done. Prosecutors say he also bamboozled Columbia into reimbursing $25,000 in expenses for his wedding at the Skytop Lodge in Skytop, Pa.”
Penn State - Charges filed in fraud cases – March 18, 2009◦ “the three employees are alleged to be responsible for defrauding the University out
of more than $65,000 through unauthorized use of purchasing cards, filing false expense reports, appropriating University property and other means.”
Georgia System - Administrator steals $350,000 on P-card – January 25, 2008◦ “a Tech administrator had charged as much as $350,000 to Tech in national grant
funds over a six-year period.”◦ Examination ordered by the USG chancellor found the “P-card program had little
oversight. Missing receipts, poor documentation and the oversight problems were found to be the norm in many organizations.”
Reputation
Required for assurance of sub-certifications
Reliability of financial statements
Monetary loss
Identify Risks (completed)
Management Plans (completed)
Inspections/QARs (completed)
Report to ECC
Not safeguarding departments assets
Cash receipts are misappropriated
Department funds used for personal purposes
Business related transactions that are inappropriate
Provides management with assurance that internal controls in a department are in place and are operating effectively
Validates the responses to the management certifications
Validates the responses in the financial sub-certification
Segregation of duties and cash handling
Purchasing
Capital assets management
Gifts
Human Resources
Emergency Preparedness
Information Security
Account administrators are selected based on a risk assessment of several criteria: ◦ Level of expenditures and revenues◦ Audit and QAR history◦ Organizational change/turnover◦ Receipt of cash or checks◦ Fiscal Management Sub-certification
responses◦ Management Certification concerns◦ Requested by VP
QAR results are provided to the account administrator and their immediate supervisor
The VP is also provided a final overall summary report of all QARs completed in their area
QARs that contain a significant overall risk level are scheduled an on-site follow-up in 90 days
Reports of all significant findings are given to the Institutional Fraud Officer (VPBA) and the Financial Reporting Officer
What do the Dots mean?◦ Significant departure from university policy,
procedures and/or best practices
◦ Moderate departure from university policy, procedures and/or best practices
◦ Compliant with or non-significant departure from university policy, procedures and/or best practices
◦ ! Important Information