The University of Memphis
Preventing Fraud, Waste, or Abuse of University Resources
University officers, members of management, and all other employees have a responsibility to help prevent fraud, waste, or abuse of University resources. In particular, management at all levels is responsible for designing and implementing internal controls for the purpose of preventing irregularities of all kinds, including fraud, waste, or abuse. University officers, managers, employees, contractors, vendors, students, and others are responsible for behaving in an ethical and honest manner. University officers and members of management are also responsible for maintaining a work environment that generally promotes ethical and honest behavior.
| ||To describe the role of officers, managers, and all other employees in helping to prevent fraud, waste, or abuse of University resources.|
Fraud– An intentional deception that violates a law or the public trust for personal benefit or the benefit of others.
Waste – Behavior involving the extravagant, careless, or needless use of government funds, property, and/or personnel.
Abuse – Behavior involving the use of government funds or property that a prudent person would not consider reasonable and necessary business practice given the facts and circumstances.
Definitions are from the Office of the Tennessee Comptroller of the Treasury.
Processes carried out by an entity’s management and other personnel designed to provide reasonable assurance that:
In accordance with the Tennessee Financial Integrity Act, University management is responsible for establishing adequate internal controls within the organization. (TCA-9-8-101-102-103
|Creating Effective Internal Controls||
The steps in creating effective internal controls are:
1) Review the operational processes of the office, function, department, or division under consideration.
2) Ascertain the potential risk of fraud, waste, or abuse inherent in each process.
3) Make a list of actions included in the process (or actions that could be included) for the purpose of decreasing the inherent risk – these are the actual or potential internal controls.
4) Assess whether there are internal controls that need to be improved or added to the process under consideration.
5) Implement controls (or improvements to existing controls) that are judged to be most efficient and effective for decreasing the risk of fraud, waste, or abuse.
Most managers will find that their processes already contain a number of internal controls, but these controls should be reviewed for adequacy and effectiveness on a regular basis and improved as needed.
Some typical internal controls include, but are not limited to:
Some examples include,
The examples above and the information within the links contain many typical internal controls.
|Maintaining an Ethical Work Environment||
Management is responsible for maintaining a work environment that promotes ethical and honest behavior on the part of all employees, contractors, vendors, students, and others. To do so, management at all levels must behave ethically and communicate to employees and others that they are expected to behave ethically. Management must demonstrate through words and actions that unethical behavior will not be tolerated.
Management can further encourage and promote ethical behavior by taking steps to ensure a generally positive work environment. There are a variety of practices that should be considered, though not all are applicable to every situation. Some common examples include:
|The Role of Internal Audit||
University management has the primary responsibility for internal controls under the Tennessee Financial Integrity Act and the COSO Internal Controls Framework (Committee of Sponsoring Organizations of the Treadway Commission -2013 Internal Control-Integrated Framework). This “Framework” is also the basis used by the external auditors for evaluating internal controls for the University’s annual financial statement audit.
Internal Audit is responsible for assessing the adequacy and effectiveness of internal controls that are implemented by management and other personnel. Internal Audit will often recommend control improvements as a result of this assessment. However, it is important that managers not wait for an Internal Audit before they take steps to review their internal controls.
Internal Audit will also, during an audit of a department or process, perform tests designed to detect fraud, waste, or abuse that may have already occurred. However, the primary responsibility for prompt detection, as well as prevention, belongs to management. Therefore, management should not rely solely on Internal Audits as a means of either preventing or detecting fraud, waste, or abuse.
Finally, Internal Audit serves in a consulting role. University officials, managers, or other employees who need additional guidance on identifying risks and implementing appropriate controls should contact Internal Audit at (901) 678-2125 or email@example.com
Other parties who take a strong interest in the University’s internal control system and actions to reduce the risk of fraud, waste, or abuse include the Tennessee Comptroller’s Office, Division of State Audit and federal, state and other entities that fund sponsored research. the Tennessee Board of Regents (TBR). The Division of State Audit within the Tennessee Comptroller’s Office performs an annual financial audit, part of the purpose of which is to determine the adequacy of the University’s internal controls under Generally Accepted Auditing Standards (GAAS) and Generally Accepted Government Auditing Standards (GAGAS). In addition, the University is included in the state-wide “Uniform Guidance” audit (aka “The Single Audit” and “The A-133 Audit”) by the State Auditors which reviews internal controls over federally funded programs and research. TBR does not perform audits but maintains an oversight role directly related to internal controls and audits. Finally, various University programs may be subject to audits or reviews by outside agencies or others based on the type of program, function, or funding.
|As a manager, why should I spend time implementing and maintaining good internal controls?||
Though it takes time to ensure you have the right controls, once in place, good internal controls should operate smoothly and not greatly increase the amount of time spent accomplishing basic tasks. Additionally, having proper controls in place ultimately saves time by preventing irregularities that, if they occurred, would have to be researched and, in a worst-case scenario, could require an investigation, court proceedings, and interaction with the media. Finally, as a manager, the University requires you to view the implementation, maintenance, and review of internal controls as an important part of your job.
|Won’t my employees think I don’t trust them if I go around talking about fraud and implementing new controls?||
Not if you present these topics in an appropriate way. Most employees understand that any organization must have standard operating procedures in place to protect its assets. In addition, good internal controls are a key part of a positive work environment and, if presented in the right way, will increase morale. Remember that the occurrence of fraud, waste, or abuse of assets is an extremely negative event that can adversely affect all employees – good internal controls help to keep this from occurring, and they demonstrate that you are concerned about what happens in your department.
|Whom can I contact for more information?||
The Chief Audit Executive at (901) 678-2125 or firstname.lastname@example.org.
|Links for additional information on internal controls|
| ||UM1642 -- revised July 7, 2016
UM1642 -- issued January 7, 2011
|Academic||Finance||General||Human Resources||Information Technology||Research||Student Affairs|
| || || || || || |