• Noncompliance with federal and state laws and regulations
• Noncompliance with Regents and University policies and procedures
• Personal responsibility for contracts
• Processes completed inefficiently or incorrectly
• Misappropriation of funds

WSU policies and procedures provide a framework for decision-making and are based on the laws and regulations of the State of Kansas, federal laws and regulations, and Kansas Board of Regents policies and procedures.  All staff should know how to access the WSU Policies and Procedures Manual and be familiar with its contents.
 

University contracts must be in writing and in the name of Wichita State University.  Colleges, individual schools, divisions and departments cannot legally enter into contracts.  The President, the Provost, and the Vice President for Administration and Finance are the only individuals authorized by Section 1.04 to contractually bind the University by the execution of a contract.  The President, the Provost, and the Vice President for Administration and Finance may delegate the authority to execute contracts on behalf of the University. 

More information about contracts can be found in our Audit Update newsletter - "Contract Fundamentals"
 

Written procedures define areas of responsibility, provide direction, aid in training personnel and provide continuity of operations.  The more important or complex the activity, the more important it is to have written procedures to ensure complexities have been adequately addressed and communicated, with management's expectations quantified.  It is equally important that written procedures are consistent with University procedures and are kept up-to-date.  Written procedures should be updated when University policies or departmental processes change and as new topics are identified for inclusion. 

Example: The Fairmount College of Liberal Arts and Sciences Dean’s Office would frequently receive the same types of questions and encounter the same types of problems over and over when working with departmental staff throughout the college.  In response, the Dean’s Office prepared and distributed a handbook titled “Essential Information for Working with the Dean’s Office and LAS Advising Center.” 

Example: The chair of a department retired after a very long tenure.  The new chair of the department found that most of the “how-to” information for running the department was in the former chair’s head.  The new chair and the department’s administrative specialist began working together to develop a procedures manual for the department.  The manual has been particularly helpful for bringing new faculty up-to-speed in regard to departmental processes.
 

The use of signature stamps or the practice of signing another person's name, with or without initialing, are discouraged.  Department heads are responsible for expenditures charged to accounts under their control. 
 

• No budgetary control
• Unauthorized transactions
• Undetected errors
• Misappropriation of funds

It is important that financial reports be reviewed and verified to ensure they accurately include all of the department's authorized transactions for both revenues and expenditures.  The verification should also ensure that transactions related to other departments, or that are unauthorized, do not appear in your department's records.  Finally, the process of verifying financial reports should include identification of transactions initiated by the department, but not yet recorded in the accounting system (i.e., transactions in the processing pipeline) so as to monitor the availability of department funds.  We suggest reviewing transactions weekly. 

TIP - Most departments can simplify their process for tracking total OOE expenditures by thinking of Banner as the department's "online bank account."  Record the department's expenditures on a declining-balance spreadsheet just as you would record items in the transaction register you keep with your personal checkbook.  By maintaining a transaction register and making periodic comparisons to the department's remaining balance in Banner, it's easier to identify and/or verify:

• Whether transactions have been processed
• That transaction amounts are correct
• That the funding is correct
• That all transactions have been accounted for
• That transactions from other departments have not been posted in error
• The remaining funds available
  

One person should not have duties related to both approving and reviewing transactions.  To ensure those persons with approval authority are adequately monitored, department heads should satisfy themselves that transactions appearing on financial reports have been properly authorized and are related to departmental objectives.
 

When preparing the initial budget for the year, do not simply repeat the previous year's budget allocations.  Funds should be allocated to the account codes based on past experience and what is expected for the upcoming year.  The usefulness of financial reports as a monitoring tool is enhanced when the budget is the department head's best estimate of how funds will be expended.
 

Budgets define the funds available to achieve departmental goals.  Actual expenditures should be periodically compared to the budget to ensure funds are not misused.  Significant variances from budgeted amounts should be investigated and the reason for the variance identified.
 

• Lost or stolen cash and checks
• Budget shortfall
• Noncompliance with state tax regulations
• Tax liabilities and penalties
• Noncompliance with Payment Card Industry Data Security Standards (PCI DSS)
  

All textbook requisitions for classes taught through Wichita State University must be processed through the University Bookstore.  To minimize cash handling in departments and to ensure sales tax is collected, other class materials (such as course packs or study guides) are best sold through the University Bookstore. 
 

Cash receipts records should be sufficient to provide an audit trail of the cash received and to provide evidence of what was received in case of a later dispute.  Do not keep copies of checks and credit card receipts.  The retention of banking data in departments actually increases risk to the University should the data be lost or stolen.  If these items are needed  later, the University cashiers will have the necessary copies or the cashiers can obtain them from the University's bank.

To help prevent their diversion or unauthorized cashing, checks should be restrictively endorsed upon receipt.
 

Cash receipts are vulnerable to theft or loss.  Cash receipts should be locked up in a secure location with limited access when the person responsible for them is not present.
 

To minimize the risk of loss due to theft, cash receipts should be deposited promptly (within two business days) using a locking deposit bag provided by the Office of Financial Operations and Business Technology.  In periods of limited activity, deposits should be made at least weekly or whenever $100 or more has accumulated.
 

State statutes require that most all cash receipts be deposited with the state treasury.  This is accomplished by making deposits into a University account through the Office of Financial Operations and Business Technology.
 

Cash receipts should be deposited intact with nothing held back for making change or to pay small expenses.  Change funds are authorized only through the Accounts Receivable Department in the Office of Financial Operations and Business Technology.  Change funds are never to be used for petty cash or employee check cashing or loans.
 

Financial reports are more useful when revenues are properly classified and accompanied by an apt description.  For example, checks received from the WSU Foundation are best deposited to account code R80073, Gifts-WSU Foundation, rather than R80154, Miscellaneous Income, R80176, Salary Income from Other Entities, or R80194, Recovery of Expenditures.

As a public educational institution, the University is generally exempt from sales tax on its purchases.  However, the University is required to collect and remit sales tax on taxable sales.  Sales made to students, the general public, businesses or not-for-profit organizations are generally subject to sales tax, even if the sales price is established on a cost-recovery basis and no profit is earned.
 

Depositing sales tax in account R80121, State Sales Tax, will ensure that the Office of Financial Operations and Business Technology will report and remit the tax collected to the state.

More information about sales tax can be found in our Audit Update newsletter - "Sales Tax Fundamentals"

1. All transactions that involve the transfer of credit card data must be performed on systems provided or approved by the University for this purpose. 
2. No credit card numbers or any documentation containing credit card numbers or cardholder data shall be transmitted or stored in any personal computer or email account used by the department. 
3. No paper documents, including but not limited to, paper receipts and handwritten notes, containing credit card numbers or cardholder data shall be stored by the department.

• All course pack materials are to be reproduced in compliance with Section 3.36 of the WSU Policies and Procedures Manual, and the University’s Copyright Guidelines (Supplement to WSU Policy Section 3.36).
• All course pack materials are to be reproduced by Duplication Station in compliance with Section 15.03 of the WSU Policies and Procedures Manual, or by using the department’s copier.  
• Material may be copied (at either Duplication Station or in the department) only where copying the material can reasonably be considered fair use or where there is a University license to copy the material or where there is permission to copy, which should be clearly set forth on the material to be copied.  
• The Office of the General Counsel is available for consultation regarding the application of federal copyright law to specific factual scenarios.
• All reproduction costs are to be borne by the department.
• The University Bookstore is the preferred avenue for the sale of course packs.
• If course packs are sold out of the department, sales proceeds are to be deposited no less than weekly into the department’s RU account and state sales tax must be accounted for.  
• Under no circumstances should course packs be reproduced off campus.
• Under no circumstances should an instructor retain the proceeds from course pack sales.

• Procurement fraud
  
• Jeopardized relationships with vendors
• Excessive processing costs
• Inappropriate payment of sales tax
• Lawsuits

Procedures that allow one person to control all aspects of a transaction increase the likelihood that unintentional errors will remain undetected and increase the opportunity for irregularities.  Separating the responsibility for reviewing financial reports from the responsibility for approving transactions provides a crosscheck for items posted to the department's accounts.  This separation is known as "segregation of duties" and it also serves as a deterrent to fraud.
 

Approvers of University business transactions should not approve their own transactions or those payable to their immediate supervisor, the supervisor's business or the supervisor's immediate family.  Transactions should be reviewed and authorized by an independent person at an appropriate level of authority to ensure approval without undue influence and to avoid the appearance of a conflict of interest.
 

If the answer to the question is no, skip the remaining questions in this section and resume with the next section (Timekeeping and Payroll).
 

Only the person whose name is on the business procurement card should use that card, i.e. the card is not a departmental credit card.
 

A tax exemption statement and statute number is printed on the back of the card.  If the retailer requires a tax exempt form, contact the Office of Purchasing.
 

The department card coordinator should reconcile the transaction log to the monthly statement received from UMB Bank Kansas within five working days of receipt.
 

• Fraud
• Overpayments
• Retroactive transactions
• Personal and employer tax liabilities and penalties
• Lawsuits

Each employee’s exception report (completed and signed in ink by the employee and the employee’s immediate supervisor) for every pay period in which sick leave or vacation leave is used should be kept for five years in compliance with the University's Records Retention Policy.
 

Each employee’s exception report (completed and signed in ink by the employee and the employee’s immediate supervisor) should be kept for five years in compliance with the University's Records Retention Policy.
 

Each employee’s positive time report for every pay period worked (completed and signed in ink by the employee and the employee’s immediate supervisor) should be kept for five years in compliance with the University's Records Retention Policy.  This document may be referred to if an employee should question the amount of his or her paycheck.
 

Exception reports and positive time reports should be completed and signed in ink by the employee and reviewed and signed in ink by supervisory personnel with direct knowledge that the work was actually performed before timekeeping data is entered into Banner.  Accurate records are important to document compliance with the Fair Labor Standards Act and to account for benefit time.
 

All time worked must be accounted for through the University’s timekeeping system.  "Desk drawer" time (compensatory time worked, but tracked outside the timekeeping system) is not permitted.  Accurate records are important to document compliance with the Fair Labor Standards Act.

Occasionally we encounter an employee or a department with the misconception that time off  during the holiday closedown period is bonus or extra time off provided by the University for which the employee does not need to take leave.  This is incorrect.  All time off must be accounted for in accordance with the University leave policy applicable to each employee.
 

¹ “Extract time” is to make ready the department’s timekeeping data via the PHATIME form in Banner, and to “re-extract time” is to repeat the process with the PHATIME form. 

Timekeepers are asked to extract time at the beginning of each pay period.  If this step is not completed early in the pay period, staff in Human Resources will be unable to assist should the timekeeper be unable to complete the payroll sign-off due to an unexpected absence, possibly resulting in incorrect pay for some employees.  Time should also be re-extracted prior to the timekeeping completion deadline in the event a new employee has recently been assigned to the department.  If an employee has been incorrectly assigned to a department, the timekeeper is to notify Human Resources via email at timekeeping@wichita.edu immediately.
 

Generally, the employee’s and the supervisor’s signatures on the report indicate that the hours reported are correct.  However, the timekeeper (the person responsible for collecting the reports from employees and entering timekeeping data into Banner) should review the reports for possible reporting errors.
 

The HRPAY Report recaps the timekeeping data entry for the pay period (the report is usually available through Reporting Services on the Friday after the Monday timekeeping sign-off).  Good segregation of duties requires that the person who audits the HRPAY Report be someone other than the person who entered the timekeeping data for the pay period covered by the report.  This audit procedure provides confirmation that the department's timekeeping data entry was correct.

The HRPAY Report should be printed so the person auditing the report can document their work with check marks, notes or other markings.  To complete the department's timekeeping records, the audited HRPAY Report should be initialed and dated and retained with the exception and positive time reports for the pay period.  Any discrepancies identified are to be reported immediately to the Office of Human Resources.
 

1. Employee's signature (attesting to hours worked and/or leave used) 
2. Supervisor's signature (confirming hours worked and/or leave used)
   
3. Timekeeper's initials and date (indicating time has been reviewed and entered)
4. Auditor's initials and date (indicating that the employee's time has been verified to the HRPAY Department Time Report by someone other than the timekeeper)
5. Budget Officer's signature (when authorizing extra hours paid)

“It will be the responsibility of each faculty member to report sick leave utilized to his or her departmental office on a biweekly basis.  Sick leave should not be reported in increments of less than one-half day.”  

• Unauthorized access to computers
• Computer viruses
• Destruction of critical data
• Violation of software licensee agreements and possible fines
• Loss of educational discounts on software
• Lawsuits

Generally, software is licensed to the individual or organization that purchased it and is authorized to be used only at one computer.  Software purchased by the University is authorized for installation only on University computers.  These general statements do not apply to network software or site license agreements.  It is important to read each software package's copyright statement as there are various types of licenses available.  It may be helpful for the department to maintain and keep current a list of computer software purchased or donated and record the computer on which the software is installed.
 

You should periodically back up important files that are stored on your computer.  This will allow easier recovery from a hard disk crash or a disaster that may destroy the computer.  If data is being saved to a server maintained by University Computing, the servers are backed up each evening.  If data is typically saved to your computer’s hard disk, the data should be backed up to another storage medium.  In the event of a localized disaster such as fire or smoke in the office, the back-up medium should be stored at another location so it is not destroyed with the computer that has the original files.
 

A password creates a barrier against potential information theft or corruption.  Without password protection, an unauthorized user can be navigating from the desktop in a matter of seconds and potentially viewing or destroying important files, either intentionally or accidentally.  Passwords should be at least six to eight characters with a combination of letters, numbers and special characters and should be kept confidential and not written in plain view on an employee’s desk.
 

It is a good practice to check all incoming sources for computer viruses.  A virus may destroy data or the hard disk immediately, or it may lie dormant before causing damage, in which case the virus can contaminate back-up systems before it is discovered.  The best protection is to check all incoming sources with up-to-date anti-virus software.
 

WSU Policies and Procedures Manual Section 13.12, Disposal of Surplus Property, and Section 19.10, Retirement of Computing and Information Technology Resources, provide relevant guidance regarding the disposal of obsolete and surplus computer equipment.  In particular:

1. University property, regardless of cost, can be disposed of only after approval is obtained from the Office of Financial Operations and Business Technology, Property Control (Section 13.12, Item 3).
   
2. All disposals of property must be documented on a Transfer of Property Form (Section 13.12, Item 4).
   
3. No University computing and information technology resources may be forwarded to the Physical Plant Warehouse for salvage, sale or redistribution until and unless the University Computing and Telecommunications Services Department or departmental technical personnel has determined that all data, information and/or software has been permanently deleted (Section 19.10, Item 1).
   
4. All University computing and information technology resources forwarded to the University Physical Plant Warehouse for salvage, sale or redistribution shall be accompanied by a written statement that all data, information, and/or software has been permanently deleted (Section 19.10, Item 2).

Devices with electronic data can be lost, stolen, or misplaced, which could result in unauthorized access to confidential information.  Disclosure of student education records and confidential personal information could be particularly damaging to the University and our students.  Possible precautions include:

1. Avoid storing and/or transporting confidential information on portable devices to the extent possible.  
2. Encrypt data stored on portable devices.
   
3. Never leave portable devices unattended, even for a few minutes.
   
4. Laptop computers left in a vehicle should not be visible.  If possible, the laptop should be stored in a locked trunk.
5. The loss or theft of portable devices containing confidential or sensitive information should be reported to the University's Chief Information Officer and the University's General Counsel as soon as the loss or theft is discovered (as well as the department chair and/or college dean and the University Police Department).