Mitigate Risks in Your Work Area
Learn more about managing risks in your specific area at Columbia University.
- Area
- Accounts Payable and Purchasing
- Risk
- Over-spending and other inappropriate transactions
- Controls
- Know what’s being purchased
- Approvals
- Documentation and approval of travel and business expenses
- Monitoring and reconciliation of P-card purchases
- Tracking through a budget process
- Segregate Purchasing Duties - segregate purchase, receipt and invoice approval
- Area
- Accounts Receivable: Patient and Tuition Billing, IDI, and Others
- Risk
- Inaccurate or incomplete billings resulting in a loss of revenue
- Controls
- Track billing through a receivable process
- Review IDIs to ensure their accuracy on a monthly basis
- Accounts Receivable Aging Review
- Reconciliation
- Segregate Accounts Receivable Duties
- Area
- Budgeting
- Risk
- Over-spending, misuse of University assets
- Controls
- Approved budget
- Monitor and report on budget variance
- Communication of budget issues to appropriate level
- Ensure proper sub-coding for expense type
- Remember p-card purchases!
- Area
- Cash Management
- Risk
- Loss and/or misuse of assets and cash
- Controls
- Secure cash locations
- Use of lockbox
- Use of receipts books
- Logs identifying receipts and those who handle cash
- Petty cash log review/reconciliation
- Bank reconciliations performed by someone other than receiver
- Revenue source – Unrelated Business Income Tax
- Segregate Cash Management Duties - these 4 functions should be separate: record keeping, authorization, custody, reconciliation.
- Area
- Faculty: Teaching and Adjunct Staff
- Risk
- Faculty not eligible to teach the required curriculum
- Controls
- Credential documents are complete on file and current; Checklist for all required documents is used to track compilation of documents.
- Payments for ancillary services are strictly monitored; Extra teaching, honoraria abide with established University policies.
- Area
- Gifts and Endowments
- Risk
- Loss of funding due to non-compliance with donor restrictions
- Controls
- Recording of endowments
- Identification of restrictions on spending
- Proper spending of endowment funds
- Review and approve expenses according to donor’s intent
- Proper allocation of endowment income
- Log of gifts received locally
- Reconciliation of gifts submitted to log
- Provide gift acknowledgement to donor
- Area
- Grant Management
- Risk
- Loss of funding due to non-compliance with sponsor requirements budget restrictions, terms and conditions, reporting requirements
- Controls
- Processing proposal in InfoEd, timeliness of required elements IRB, IACUC, COI, Departmental Approval
- Submitting proposal to SPA and then to respective agency
- Processing award/account creation, budget creation
- Monitoring expenditures – document approval for salaries and other expenses
- Reporting - Effort, Grant Progress, ARRA
- Drawdown of funds for expenses incurred
- Grant closeout reconciliation and reporting
- Area
- Human Resources
- Risk
- Vacancies, retention, lack of qualifications, government hiring requirements
- Controls
- Approval for hiring a new employee: consider all classes of employees
- Verification of contract terms
- Contract documentation is signed and kept on file
- Hiring checklist is complete
- Timely, documented termination
- Area
- Information Security
- Risk
- Inappropriate access to systems, networks, and data
- Theft and misuse of protected health/personal identifiable information stored in University systems
- Controls
- Limit non-professional Internet surfing to safe sites
- Ensure all workstations have anti-virus and anti-spam software installed and up to date
- Employees should be made aware of good security practices
- Password strength
- Physical safeguards
- Ensure personal information remains confidential
- Reconcile data, challenge delivered reports
- Communicate your needs for critical systems for everyday use and during disasters
- Verify your application provider will maintain your service
- Student documents maintained in departmental offices should be secured
- Access to systems by departmental staff should be limited to a need to know or perform a job function
- Area
- Payroll
- Risk
- Inappropriate payments and fictitious employees
- Controls
- Timesheets for hourly employees are kept, reviewed, approved and submitted by supervisor
- Ensure hourly/casual employees do not exceed 560 hours in 12 month period
- Reconciliation of payroll reports to timesheets and ARC-GL
- Document review all changes – salary changes, hire termination dates, to payroll on a monthly basis
- Segregate Payroll Duties
- Staff who process payroll for the university should not be in a position to audit or verify payroll, or receive the payroll checks for distribution to employees. Specifically, any employee who is a fiscal officer or fiscal approver should not have access to process payroll for his/her unit.
- Area
- Reporting
- Risk
- Inaccurate, incomplete, late
- Controls
- Creation of management reports
- Reconciliation of management reports to Accounting and Reporting at Columbia (ARC) General Ledger Financial Statements
- Reporting workflow timeline
- Area
- Safeguarding of Physical Assets
- Risk
- Loss of equipment and other physical assets
- Controls
- Equipment, inventories, securities, cash and other assets should be secured physically
- Track and periodically count assets and compared with amounts shown on control records.
- Monitor use and disposal of equipment
- Computers, lab equipment
- Area
- Student Services
- Risk
- Students are inappropriately registered for courses, student information is incorrect, grades are manipulated
- Controls
- Student registration information is accurate
- Class roster matches what is in system
- Grade submission is correct
- Verification of grades entered into system
- Changes are properly authorized and verified
- Student registration information is accurate
Still have questions?
Visit our Service Center.