Accountability, Internal Control and Audit Procedure

Purpose

These procedures describe the forms of accountability, some comments on basic internal controls, and introduces the internal audit function.

Accountability requirements exist at several levels within the University (internal accountability) and between the University and external parties (external accountability). External parties include the Government, students and the public.

Content

Accountability

External accountability

The current empowering legislation for the University is the Education Act 1989 as amended by the Education Amendment Act 1990 and the Education (Tertiary Reform) Amendment Act 2002.

Sections 184–191 set out the requirements for a charter to be produced after consultation with interested parties and submitted to the Minister of Education for approval. Section 203 states that Part V of the Public Finance Act (1989) shall apply which relates to Reporting by Crown Agencies. The two key reports are:

• Statement of Objectives
• Annual Financial Statement

The Statement of Objectives, which forms a part of the annual University Profile, specifies the outputs to be produced by the University and the financial performance to be achieved during the year.

The provisions relating to the annual report include:

Preparation of annual financial statements in accordance with generally accepted accounting standards which are defined in the Financial Reporting Act 1993.

The financial statements are to include:

• Statement of financial position
• Statement of financial performance
• Statement of cash flows
• Statement of service performance reporting outputs produced against targets established in the statement of objectives
• Statement of accounting policies, commitments and contingent liabilities
• A management statement including a statement of management's responsibility for establishing and maintaining a system of internal control designed to provide reasonable assurance as to the integrity and reliability of financial reporting
• An audit report
• The financial statements must be audited and tabled in Parliament within 4 months of the end of the academic year.

The Charter, the Profile (including the Statement of Objectives), and the Annual Report form the basis for the University's accountability to external parties. All three documents are available to the public and section 221 of the Education Amendment Act requires that the annual report is made available for inspection at the Registry, to any person, without charge.

Internal accountability

The University is governed by Council, the constitution of which is set by statute. Members of the Council are appointed by various interested parties. Section 180 of the Education Act sets out the functions of Councils of tertiary institutions. Subsection (e) states that one of the functions is:

To determine the policies of the institution in relation to the implementation of its charter, the carrying out of the statements of objectives and, subject to the State Sector Act 1988, the management of its affairs.

Section 181 of the Act sets out the duties of Councils. These include (at subsection (e)):

To ensure that systems are established for the co-ordination of, and accountability for, activities within the institution to ensure the responsible use of public resources.

The Vice-Chancellor of the University manages the academic and administrative affairs (S 196) and is given the power to delegate, by writing, any functions or powers given under the Education Act (refer to Chapter 4 – Delegations). The Vice-Chancellor is accountable for the performance of the University to the Council. The staff employed by the Vice-Chancellor are in turn accountable to the Vice-Chancellor for their efforts towards producing the desired outputs and ultimately the outcomes specified in the University Charter and Statement of Objectives.

An internal system of financial accountability is hierarchical and follows the organizational structure. The budget provides targets for financial performance for which managers at all levels of the organization are accountable. The monthly financial reporting system allows comparison of actual results achieved with the budget. Any variances from planned performance are analysed in a financial report from the Director of Financial Services Division to the Vice Chancellor and to Council. This report is based on Divisional (both academic and service) financial reports prepared by Divisional Office staff and the Financial Analysts. In preparing the Divisional reports input from the cost centres and departments is required explaining and summarising the key variances for the month.

It is recommended that cost centres and departments establish formal reporting systems to enable budget variances to be analysed and explained when required. The same hierarchical reporting should occur with Activity Centre managers reporting to Cost Centre managers.

Recommended Cost Centre Reports

Each month a report is presented to Council by the Director of Financial Services Division analysing the financial results for the month. The report also includes information on non-financial performance indicators. Each Division is required to prepare a monthly report which forms the basis for this report to Council. To assist the Divisions prepare this report it is recommended that each Cost Centre prepare a monthly report. A template is available, which if followed, will provide information in a format that will meet the needs of the Division in preparing the Divisional Report.

For more information on analysing monthly financial reports refer to the Financial Monitoring and Carry Forwards Procedures.

Internal control

Definition

Internal Control is defined by the NZ Institute of Chartered Accountants as:

“all the policies and procedures adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.”

Basic principles of internal control

Internal controls are put in place to manage risk and hence to help ensure that the University resources are used efficiently and effectively. Risks should be continually assessed and controls put in place which ensure that the risks are minimised. Internal controls will not eliminate all risks – to do so would create inefficiency – but the controls should reduce the risk to an acceptable level.

The system of internal control must include:

1. Training and supervision of personnel and definition of responsibilities
   It is essential that personnel are given clearly defined lines of responsibility and authority. It is also essential that personnel are trained and supervised in the tasks that they are asked to perform.
2. Adequate segregation of duties
   The ability to adequately segregate duties depends upon the staffing levels and circumstances of each cost centre. However, as a guide to best practice the following may apply:
   • Separation of financial functions
   • Separation of the authorisation of transactions from custody of the related assets
   • Separation of operating duties from financial record-keeping
   • Separation of custody of the assets from maintenance of the related accounting records
3. Existence of adequate documentation and records
   Compliance with the policies and procedures for the procurement of goods and services and the payment of accounts will help ensure that documentation is maintained to a suitable standard.
4. Adequate authorisation procedures
   As contained in the Financial Delegations Policy.

Internal audit requirements

The University's Internal Auditor considers that the major financial controls that cost centre managers should be concerned with are in the areas of receipting, order/invoice authorisation and the control of fixed assets and stock.

The recommendations of best practice, which were approved by the Assistant Vice Chancellors, are:

1. Receipting
   • All funds should be receipted and the receipt numbers recorded on the banking summary sent to the cashiers
   • Cash boxes should be securely locked with access limited to two or three staff
   • Banking should be performed at least fortnightly, or when cash exceeds $500, whichever is the sooner
2. Order/invoice authorisation
   • Departments should comply with the “Financial Delegation” Policy and advise Financial Services Division of all staff who have authority to sign purchase orders and invoices
   • Orders should be completed for ALL purchases, both internally and externally
   • All orders should be signed as authorised
   • Orders should be filed sequentially with internal and external separated
   • Invoices should be authorised for payment only after being referenced to the original order and ensuring that the goods/services have been received.
   • The widespread practice of photocopying invoices for the departmental file should be discontinued as being an unnecessary waste of resources.
   • Departments should review their order authorisation and invoice authorisation to ensure that they are segregated and not done by the same staff member.
3. Control of fixed assets and stock
   • Fixed assets are those items with a useful life in excess of one year, with the exception of computers,cost in excess of $2,000. Departments should ensure these are listed in the University's asset register with an adequate description and the serial number.
   • All attractive assets should be engraved with the University's name.
   • Departments should regularly check the asset register listing (available from Financial Services) against the assets in their departments.
   • Departments could consider keeping a full list of all assets with a cost under $2,000 and which are recorded in the University's asset register. (consideration needs to be given to the resources required to do this) and to periodically check it off against actual assets in the department.

For further information or explanations relating to internal control refer to the Internal Auditor.

Embezzlement, fraud and theft

University policies, procedures and systems ensure that the University is publicly accountable for its assets. University assets are its buildings and property; equipment including motor vehicles and computing hardware and software; services and utilities, computing and telephone networks; consumables; and all income received by the University, whether in cash or in kind.

It is the responsibility of all University staff to ensure that University assets are used only for approved University purposes and that private or improper use of any University asset does not occur. Embezzlement, theft or fraudulent or improper use of any asset constitutes serious misconduct and may result in dismissal and criminal proceedings.

Assistance is available, particularly from the Internal Auditor, if problems arise in this area. Any suspicions of misuse, deliberate or otherwise, of University assets must be promptly referred to the cost centre head or, if circumstances dictate otherwise, to the Internal Auditor or Director of Financial Services Division.

Internal audit

Role

The University management is responsible for ensuring that satisfactory systems of internal control are in place to ensure that the financial information produced is reliable, that University assets are safeguarded and that the University resources are used efficiently and effectively in achieving the desired outcomes of the University.

One of the mechanisms for ensuring that these objectives are achieved is the establishment of an independent internal audit function. The Internal Auditor reviews accounting records, management information systems and other administrative policies and practices throughout the University. The role includes the identification and recommendation of measures to achieve greater effectiveness, efficiency and economy and to remedy practices that expose the University to undue risk and vulnerability.

The Auditor identifies practices that do not comply with University policy, or with the requirements of external regulatory bodies. The Internal Audit Unit contributes to measures to prevent fraud and corruption.

Independence

To ensure that the functions can be carried out effectively it is necessary to ensure that the independence of the Internal Auditor is maintained. For this reason the Internal Auditor reports directly to the Vice-Chancellor. The internal auditor also reports to a separate committee of the Council, the Audit Committee. This Committee has the power to recommend certain courses of action to the Vice-Chancellor.

Program of work

The program of work is set in consultation with the Audit Committee and the Vice-Chancellor. Staff can request special reviews which may be added to the program.

Access issues

In order to carry out its duties effectively the Internal Audit Unit must have unrestricted access to University records. In obtaining such access the unit will endeavour to provide sufficient notice of its requirements. Assistance may be requested from departmental personnel, who should respond promptly to such enquiries.

Unless circumstances dictate otherwise, the Internal Audit Unit shall inform the cost centre head and/or appropriate management when an audit or review is to be conducted and provide details of its intended scope. Generally, at completion, the observations, findings and recommendations will be discussed with the cost centre head and/or appropriate management and opportunity provided for any comments to be included in the text of any report before it is issued.

Staff with possible audit concerns

Staff who have any audit concerns should seek to have the matter addressed by their cost centre and/or appropriate management. These officers have their own continuing local responsibilities for ensuring effectiveness, efficiency and economy and for ensuring adherence to University policy and the requirements of external regulatory bodies.

However, direct enquiries regarding matters of possible audit concern can be made, in confidence, to the Internal Auditor.

Contacting the internal audit unit

The Audit Unit is located in the Clocktower Building.

Related policies, procedures and forms

• Fraud Policy
• Financial Delegations Policy

Contact for further information

For further information, contact:

Financial Controller
Tel +64 3 470 4638
Email financial.controller@otago.ac.nz