Cashiering Internal Control Questionnaire

1. Are Batch Totals Reports approved by Office Supervisor?2. Is cash kept hidden from customers?3. Are cash related file cabinets and safes closed when not in use?4. Are rear/side doors locked to prevent uninvited access?5. Are supply items properly safeguarded?6. Do cashiers periodically remove excess cash from cash drawers (skim)?7. If skimming is performed:

o Do cashiers maintain a copy of the bank deposit slip in their cash drawers to evidence the "skim"?

o Does cash in the drawer approximate the change fund after a skim?o Are "skimmed" funds placed in the safe for later deposit?

8. Are all checks restrictively endorsed?9. For cashing of checks:

o Are employee personal checks approved by Office Supervisor?o Are employees prohibited from cashing their own personal checks through their

own cash drawer?o Is cashing of employee personal checks limited to $100?o Is use of 2nd party (except Social Security) and 3rd party checks for bill payment

or cash prohibited?o Are government checks (Social Security) cashed only for payment of the electric

bill?o Are account and drivers license numbers included on the checks?

10.Do cashiers use disposable bank bags and individually lockable cash drawers and cash boxes?

11.Do cashiers maintain sole control over their own bank bag, cash drawer and cash box keys?

12.Are monies and paid stamps locked up during cashiers' breaks?13.Is balancing performed in an area outside of public view?14.Is cash balancing performed as late as possible to ensure the maximum number of

transactions are processed by the system and maximum cash is deposited?15.Do cashiers use counterfeit detection pens on all $50's and $100's and, as time permits,

$20's?16.Are cash boxes and bank bags locked in the safe at night?17.Does Office Supervisor perform periodic cash counts of cashiers' cash drawers at least

every 6 months which are logged?18.Are cashiers with unexplained cumulative cash shortages within the last 12 months

disciplined?:19.Do only current regular employees know the safe and/or drop box combination and have

access to keys?20.Do business office personnel verify picture ID and courier (armored car service)

signature?21.Are Receipts for cashiers' change funds properly signed and approved?22.Are cash deposits made on a timely basis?

23.Does someone at the office compare validated deposit slips to Batch Totals Reports for correct amount, date, and bank?

24.Are employees prohibited from processing transactions against their own accounts?25.Are all deletes on cashier journal tapes approved by the office supervisor?26.Does the Office Supervisor track overages / shortages by cashier?27.Does the Supervisor or designee verify the following daily:

o That the Associate/Assistant has listed the bank bag number and the amount of deposit (in ink) on the deposit bag and the deposit bag tear off strip?

o That the Associate/Assistant has listed the deposit amount (in ink)on the bank bag log or manifest?

28.Does the supervisor require a background check for all new employees (casual, part-time and full-time employees)?

29.Does the supervisor require each employee to read, sign and date the Security of Customer Records Acknowledgment Statement and Information Services USERID Authorization Request?

30.Does the supervisor or designee verify that all security cameras are operational and are properly positioned (if applicable)?

31.Does the supervisor or designee change the VCR tapes weekly and utilize the VCR Security Log (if applicable)?

32.Does only the supervisor maintain control of building keys and spare set of cash drawer keys?

33.Are employees (supervisor, designee or cashier) prohibited from processing payments or any other CSS transaction on their personal, family’s or friends’ account without approval?

34.During regular operating hours,o Are all exterior doors (with the exception of the front lobby doors) kept locked at

all times?o Are doors to the cashiering area kept locked at all times?o Are unknown persons admitted to the cashiering area only with proper picture ID?

35.Has the supervisor scheduled yearly information meetings by Security to update personnel on safety issues?

36.Are Collection Reports properly prepared and verified by store personnel?37.Are Collection Reports mailed separate from stubs and receipts?38.Are all documents validated/stamped by the collector?39.Are Agent Collectors providing validated deposit slips for collections where deposit are

made directly to company accounts?

Application System Internal Control Questionnaire

1. Are there written instructions or online help available for processing all transactions for this application?

2. When transactions are initiated through program logic, are listings or reports sent to the user department?

3. Are the procedures for controlling input the same when applied to correcting entries?4. Are there controls or procedures which effectively prevent persons outside the

company from accessing, via terminals, the files of this application?5. Are the installation's standard sign-on and sign-off procedures used on this application?6. Does the system record which users processed transactions that altered the contents of

the file?7. In the event that unauthorized access is attempted, what procedures prevent additional

attempts?8. Is a computer generated log entry created for:

o Each message?o Each sign-on?o Each sign-off?o All transactions?o Other:

9. Are the computer generated logs reviewed and summarized for:o Unusual activity?o Error rates by user?

10.Are record counts and control totals generated through the online input process and used to validate the completeness of data entry?

11.Does management take strong corrective action when security violations are noted?12.Is ACF2 password protection used?13.Are all security violations logged?14.Is adequate documentation maintained on security procedures?15.Can each transaction be associated with a USERID number?16.Is a non-printing feature used when the operator keys in a password?17.Does each user of the application have a unique LOGONID?18.Are users instructed on how to keep their passwords secure?19.Are passwords changed at least every 90 days?

PROCESSING CONTROLS

20.Are on-line data validation and editing performed as early as possible in the transaction processing cycle to ensure that errors are detected and corrected quickly?

21.Are use of overriding or bypassing data validation and editing routines restricted to designated personnel?

22.Are all uses of the override/bypass feature logged and analyzed for appropriateness and correctness?

23.Does the application include edit routines to check each transaction for:o Completeness?o Consistency within the transaction?o Transaction validity?o Proper processing period?o Proper cross-footing?

24.Does the application include edit routines to check each applicable field in the transaction types for:

o Missing date?o Limit checks?o Range checks?o Check digit validity?o Valid Codes?o Proper sequence?o Proper format?

25.Does the application include edit routines to check each character in a transaction, where applicable, for:

o Numerics?o Alphabetic?o Special characters?o Sign?o Blanks?

26.Are there written instructions or online help available for correcting all errors detected?27.Are resubmitted transactions processed identically to those submitted for a first time?28.For on-line real-time processing, are all transactions automatically logged, stamped and

dated to provide a complete audit trail?29.Can messages and data be traced back to the terminal and user or origin?30.For applications that update files, does the system protect against concurrent file

updates?31.Are all changes to the application thoroughly tested and approved by the user before

being placed into production?32.Have users received sufficient training on use of the application?33.Can users correct errors before they are transmitted?34.Have adequate user manuals been prepared and distributed to the users?35.Are operators in IT prohibited from:

o Initiating any transactions?o Processing an unusual program without an approved written request?o Duplicating a file without an approved written request?

36.When processing transactions against a master file:o Does the program prevent duplicate master records from being established?o Are listings printed for all master changes showing:

The master record before change? The master records after change? The nature of the change?

37.Does the program check for illogical results prior to changing the master record?38.Are all transactions not processed:

o Reported with reason?o Placed in a suspense file?

39.Are master files periodically reviewed by a program which reads the entire file and:o Counts all records?o Totals all fields used to control the file?o Crossfoots records where applicable?

40.Are master files periodically purged of obsolete records?41.Does the application include routines to check the results of calculations for

reasonableness?42.Is the application processed according to a predefined schedule?43.Are IT's standard library procedures followed for this application?44.Are programmers prohibited from using live data files from this application for testing?

OUTPUT

45.Is all output from computer operations reviewed for reasonableness, accuracy, and legibility before distribution?

46.Are totals on output reconciled to predetermined totals?47.Does Data Control have written procedures which include:

o Frequency or due dates?o Number of copies to be sent?o Persons authorized to receive output?

48.Does the control group maintain a control schedule?49.Is all output sent directly to the user groups from the control group?

Contract Internal Control Questionnaire

1. If the contract involves an expenditure or revenue of more than $100,000, and is on other than the standard contract form, or includes any unusual terms or conditions, was it reviewed by appropriate legal, tax or insurance personnel prior to execution?

2. Does the contract contain a standard audit clause?3. If not, was the contract reviewed by Audit Services?4. Does the Procurement Requisition and Authorization Form contain a complete

description of services to be rendered?5. Is it properly approved?6. Were bids received sufficient to assure competition?7. Does the contract file have adequate documentation supporting the selection of the

contractor including both technical and commercial evaluations?8. If the contract was not bid, is there adequate justification?9. Was the contract signed by the proper authority?10.Was it properly approved?

Fuel Oil Inventory Internal Control Questionnaire

Fuel Receiving Procedures

Fuel Received By Barge

1. Does your plant use a public gauger for deliveries received from vendors?2. Does the public gauger take tank level and temperature readings before and after

unloading?3. Do your plant personnel receive a Fuel Transaction Report (FTR) with each shipment?4. Do your plant personnel read gauges or tape tanks before and after deliveries of FPC

owned fuel?

Fuel Received By Truck

5. Do your plant personnel make sure that the driver has the proper paperwork which should include the FTR and meter ticket?

6. If trailer compartments have been sealed with the seal numbers noted on the FTR, do your plant personnel check to insure that the seal numbers correspond and the seals have not been broken?

7. Do your plant personnel compare Fuel Transaction Report (FTR) quantity with meter ticket? If the plant does not have a meter, do plant personnel compare the truck's gallon markers to the truck meter ticket for reasonableness?

8. Do your plant personnel check each trailer compartment before unloading to insure that it is filled to the proper benchmark?

9. Do your plant personnel visually check each trailer compartment after unloading to insure that it is completely empty?

10.Are all valving operations, other than valves on the truck, performed by your plant personnel?

Fuel Received By Pipeline

11.Do your plant personnel have a pipeline representative or public gauger present when oil is received? If so, is the temperature of the oil in the tank checked with a dip thermometer before any oil is pumped into the tank?

12.Do your plant personnel take a tank level reading before and after unloading?13.Do your plant personnel record on a tank log the amount of oil received as calculated by

the before and after tank readings?14.Do your plant personnel compare the amount calculated as received to the FTR which is

received later? If so, do they record any differences on a "variance" log?

Fuel Received By Railroad Tank Car

15.Do your plant personnel check to insure that the seals on the cars are unbroken and that the seal numbers agree with those on the FTR?

16.Do your plant personnel open the top hatch on each car and check oil level against the benchmark?

17.Do your plant personnel receive a Fuel Transaction Report (FTR) with each tank car?18.Do your plant personnel put a meter ticket into the unloading meter for the first

unloading of the day?19.Do your plant personnel compare the FTR quantity with the meter tickets?20.Do your plant personnel visually inspect each car after unloading to assure that the car

is empty?21.Do your plant personnel list the car number and type of fuel unloaded each day on a

log?

Tank Level Measurement

22.Do your plant personnel take daily level measurements as close to midnight as possible by reading the automatic side gauges? If not, at the same time every day?

23.Do your plant personnel tape the tanks on the last day of each month?24.If so, do they adjust the side gauge as appropriate and take gauge readings as close to

midnight as possible?25.With respect to water found in tank:

On a monthy basis:

Is the inventory reported gross (inclusive of water)?

Is the amount of water measured reported to Fuel Accounting either in the fuel inventory tracking system, on the adjustment explanation report or by memo?

At year-end:

Is an adjustment to ending inventory reported in fuel inventory tracking system if the amount of water measured is +/- 1% of inventory or more?

Tank Temperature Measurement

26.Do your plant personnel take temperature readings daily at the same time level measurements are made?

27.Are temperature readings for tanks which have multiple thermometers averaged by your plant personnel including only those known to be immersed in the oil?

28.Do your plant personnel check the oil temperature measurement devices for accuracy at least semiannually, or more often if they appear to have become inaccurate for any reason?

Calibration Procedures

29.Do your plant personnel calibrate the side gauges when variance exceeds 1"?30.Do your plant personnel calibrate the temperature measuring devices at least semi-

annually?

Fuel Transaction Report (FTR)

31.Do your plant personnel use FTR's in sequential order?32.Do your plant personnel mark those FTR's which cannot be used as "Void" and forward

all copies to System Operations?33.Do your plant personnel round the fuel amounts shown on the FTR's to the nearest

whole barrel?

Fuel Inventory Procedures

Daily Tank Inventories

34.Do your plant personnel record the inventory values in their local log book for sending related information to input clerks at System Fuel Operations?

Materials and Supplies Inventory Internal Control Questionnaire

1. Based upon observation and discussion with storeroom personnel, is there an absence of:

o Overstock situations?o Understock situations?o Obsolete items?o Damaged items?

2. If damaged items are observed, what was the cause (storage method, shipping, handling or other reason)?

3. Do crews properly notify storeroom personnel of items they remove from or return to the storeroom or yard?

4. Is all material located within the fenced yard or storeroom area included in inventory?5. Are shelving, bins and aisles adequately marked and maintained to promote efficient

and safe storage and handling and good housekeeping?6. Are receipts accepted only after stores personnel have inspected them and verified

order and quantity?7. Are personnel and inventory safe from hazards, such as fire and weak shelves?

Working Fund Internal Control Questionnaire

1. Do personnel responsible for approving transactions have sufficient data to make informed decisions?

Petty Cash

2. Does the fund custodian have a lockable cash box & key?3. Are blank WF checks inaccessible to any person besides the fund custodian or supervisor

during the day & locked up at night?4. Does the Department Supervisor or Manager have duplicate keys to the facilities that

protect petty cash?5. Are the keys secured?

WF Reimbursement Requests

6. Are WF disbursements for business purposes only?7. Are large or recurring bills submitted to Accounts Payable versus paying through the

WF?8. Are employee advances made through the WF monitored for timely repayment?9. Are WF disbursements supported by paid invoices, Expense Reports or Working Fund

Receipts?10.Do supporting papers for WF disbursements contain accounting information, business

purpose & approval by the appropriate supervisor?11.Are WF Reimbursement Requests approved?

WF Checks

12.Do WF checks contain a cancellation clause "Void After 60 Days"?13.Are WF checks outstanding more that 60 days cancelled?14.Are WF checks voided so that they cannot be cashed (defaced & signature block torn)?

WF Reconciliation

15.Are WF Reconciliations done monthly?16.Are WF Reconciliations performed by someone other than an authorized check signer?17.Are WF Reconciliations reviewed & approved by a supervisor?