The University of Memphis | Preventing Fraud, Waste, or Abuse of University Resources | ||||||
POLICIES |
| ||||||
| Policy Statement |
| Policy Statement | University officers, members of management, and all other employees have a responsibility to help prevent fraud, waste, or abuse of University resources. In particular, management at all levels is responsible for designing and implementing internal controls for the purpose of preventing irregularities of all kinds, including fraud, waste, or abuse. University officers, managers, employees, contractors, vendors, students, and others are responsible for behaving in an ethical and honest manner. University officers and members of management are also responsible for maintaining a work environment that generally promotes ethical and honest behavior. |
| Purpose |
| To describe the role of officers, managers, and all other employees in helping to prevent fraud, waste, or abuse of University resources. |
| Definitions |
| Fraud | Obtaining money or some other personal benefit by deliberate deception to the detriment of another party or organization. Fraud may include, but is not limited to, the following:
|
| Waste | The intentional or unintentional, thoughtless or careless expenditure, consumption, mismanagement, use, or squandering of University resources to the detriment or potential detriment of the University. Waste also includes incurring unnecessary costs as a result of inefficient or ineffective practices, systems, or controls. |
| Abuse | Employing one's position or any University resource in a manner contrary to applicable laws, policies, or generally accepted practices. This includes intentional destruction, diversion, manipulation, misapplication, or misuse of assets, information, systems, relationships, or other resources. Abuse can occur in financial or non-financial settings. |
| Internal Controls | Processes carried out by an entitys management and other personnel designed to provide reasonable assurance that:
|
| Procedures |
| Creating Effective Internal Controls | The steps in creating effective internal controls are: 1) Review the operational processes of the office, function, department, or division under consideration. 2) Ascertain the potential risk of fraud, waste, or abuse inherent in each process. 3) Make a list of actions included in the process (or actions that could be included) for the purpose of decreasing the inherent risk – these are the actual or potential internal controls. 4) Assess whether there are internal controls that need to be improved or added to the process under consideration. 5) Implement controls (or improvements to existing controls) that are judged to be most efficient and effective for decreasing the risk of fraud, waste, or abuse. Most managers will find that their processes already contain a number of internal controls, but these controls should be reviewed for adequacy and effectiveness on a regular basis and improved as needed. Some typical internal controls include, but are not limited to:
For example, all offices or departments that handle cash are required to follow University Procedure 2D:01:01A Cash Receipts. This procedure contains many typical internal controls. |
| Maintaining an Ethical Work Environment | Management is responsible for maintaining a work environment that promotes ethical and honest behavior on the part of all employees, contractors, vendors, students, and others. To do so, management at all levels must behave ethically and communicate to employees and others that they are expected to behave ethically. Management must demonstrate through words and actions that unethical behavior will not be tolerated. Management can further encourage and promote ethical behavior by taking steps to ensure a generally positive work environment. There are a variety of practices that should be considered, though not all are applicable to every situation. Some common examples include:
|
| The Role of Internal Audit | Internal Audit is responsible for assessing the adequacy and effectiveness of internal controls that are implemented by management and other personnel. Internal Audit will often recommend control improvements as a result of this assessment. However, it is important that managers not wait for an internal audit before they take steps to review their internal controls. Internal Audit will also, during an audit of a department or process, perform tests designed to detect fraud, waste, or abuse that may have already occurred. However, the primary responsibility for prompt detection, as well as prevention, belongs to management. Therefore, management should not rely solely on internal audits as a means of either preventing or detecting fraud, waste, or abuse. Finally, Internal Audit serves in a consulting role. University officials, managers, or other employees who need additional guidance on identifying risks and implementing appropriate controls should contact Internal Audit at 678-2124 or uom_audit@memphis.edu. |
| External Audits | Other parties who take a strong interest in the Universitys actions to reduce the risk of fraud, waste, or abuse include the Tennessee Division of State Audit and the Tennessee Board of Regents (TBR). State Audit performs an annual audit, part of the purpose of which is to determine the adequacy of the Universitys internal controls. TBR does not perform audits but maintains an oversight role directly related to internal controls and audits. Finally, various University programs may be subject to audits or reviews by outside agencies or others based on the type of program, function, or funding. |
| FAQs |
| As a manager, why should I spend time implementing and maintaining good internal controls? | Though it takes time to ensure you have the right controls, once in place, good internal controls should operate smoothly and not greatly increase the amount of time spent accomplishing basic tasks. Additionally, having proper controls in place ultimately saves time by preventing irregularities that, if they occurred, would have to be researched and, in a worst-case scenario, could require an investigation, court proceedings, and interaction with the media. Finally, as a manager, the University requires you to view the implementation, maintenance, and review of internal controls as an important part of your job. |
| Wont my employees think I dont trust them if I go around talking about fraud and implementing new controls? | Not if you present these topics in an appropriate way. Most employees understand that any organization must have standard operating procedures in place to protect its assets and do not take it personally. In addition, good internal controls are a key part of a positive work environment and, if presented in the right way, will increase morale. Remember that the occurrence of fraud, waste, or abuse of assets is an extremely negative event that can adversely affect all employees good internal controls help to keep this from occurring, and they demonstrate that you are concerned about what happens in your department. |
| Whom can I contact for more information? | The Director of Internal Audit at 678-2124 or uom_audit@memphis.edu. |
| Links |
Management at all levels of the University review the information available from the American Institute of Certified Public Accountants (AICPA) in the document shown below. Management Antifraud Programs and Controls: Guidance to Help Prevent and Deter Fraud A more in-depth discussion of fraud and deterrence techniques sponsored by The Institute of Internal Auditors (IIA), the AICPA, and the Association of Certified Fraud Examiners (ACFE) can be found in the guide below. Managing the Business Risk of Fraud: A Practical Guide Other fraud related resources, such as articles, guides, and books are available from the AICPA and ACFE websites. The Internal Audit Department website also contains information on internal controls: |
| Revision Dates |
| UM1642 - Issued: January 7, 2011 |
| Subject Areas: |
| Academic | Finance | General | Human Resources | Information Technology | Student Services/Affairs |
|