Security Review to the Rescue! By Kristie Newby, MBA, CFE
A
s internal auditors in higher education, our work focuses on a variety of organizational functions. In academics, we examine areas such as financial aid, scholarships and bursar operations. In research, we scrutinize things such as grant compliance, radiation safety and legal issues with animal and human interaction. In athletics, we inspect issues related to NCAA compliance, tickets, scholarships and camps. However, in auditing these areas, we may not be performing all due diligence in regard to the entirety of risks faced by these functions. Staff can overlook or fail to implement the key internal controls necessary to address security concerns, particularly in areas experiencing turnover. A security review is a proactive tool that examines current internal control structure in areas where cash is present and evaluates security concerns related to institution assets and employees.
So what can we do to ensure these controls are in place and operating appropriately, and providing the right kind of coverage to mitigate these risks? A security review is a proactive tool that examines current internal control structure in areas where cash is present and evaluates security concerns related to institution assets and employees. A security review can be performed in any department or auxiliary that receives payments, such as the bursar, food court, athletics ticket office or university veterinary clinic business office. What are the key components of a security review? A complete security review will involve examination of the following areas:
• Current policies and procedures • Vault • Key security • Alarm systems • Closed Circuit Television (CCTV) systems • Cash drawers • Over/Short policies and procedures • Robbery preparations • Segregation of duties • General operations
ABOUT THE AUTHOR
Kristie Newby, MBA, CFE, has more than 21 years of experience in financial accounting, senior level auditing in banking and higher education and federal government financial management. She may be contacted at kristie.newby@okstate. edu.
CURRENT POLICIES AND PROCEDURES When reviewing current policies and procedures, you should first ask management for a copy of its manual – management should be able to provide access to these policies and procedures, and if the department lacks these materials, it should understand the associated risks. After familiarizing yourself with the official departmental policies and procedures, evaluate the policies and procedures for common sense and consistency. Make notes during your reading for further questions during interviews and list any risks that are created by existing policies and procedures or risks that are not adequately addressed. KEY PERSONNEL INTERVIEWS After reading the policies and procedures manual, it is time to perform interviews. Be sure that key personnel are interviewed separately. By doing so, this will encourage these individuals to provide information more easily, as the presence of management can affect an individual’s willingness to speak freely. Key personnel to be interviewed include the department head,
25 COLLEGE & UNIVERSITY AUDITOR