Common Audit Findings
• Lack of Approval or Supervisory Review Transactions (e.g., purchases, timesheets, refunds, travel expenditures, etc.) should be approved. Also, a proper segregation of duties should be established. For instance, an employee should not be allowed to approved his or her own work. In addition, review/approval should be evidenced in writing.
• Inadequate Verification of Information Entered into Systems After transactions are entered into information systems, transaction reports should be generated and agreed to supporting documentation by an employee not responsible for entering data.
• Lack of Reconciliation Procedures Critical reports/records (Financial Information System budget reports, accounts receivable records, inventory records, etc.) should be periodically reconciled to supporting documentation. Again, it is essential that segregation of duties be established and performance of the procedures be documented.
• Inappropriate Information Security Access and Lack of Password Management Access to critical or sensitive information should be appropriately restricted based on job duties. Also, passwords should be utilized and maintained in accordance with JMU Password Management Procedures.
• Lack of Written Departmental Procedures - All aspects of the department's operations should be clearly documented in an up-to-date procedures manual. The procedures should also include procedures for maintaining information systems.
• Absence of Supporting Documentation Transactions should be supported by documentation. For example, student time reported to the Payroll Office should be supported by detailed time records, signed by the student and approved by a supervisor.
• Noncompliance with State, University, or Departmental Policies and Procedures Departmental employees should be familiar with applicable policies, procedures, laws, etc.
Return to Audit and Management Services home page.