Other Responsibilities & Good Practices
In this section, in addition to suggestions for generally good business practices, you'll find several administrative practices for which you may not know
you're responsible! When we conduct audits, we look for many or all of these practices to ensure that each department (auditee) is keeping up with
administrative policies and procedures as prescribed by the University. No, this list does not cover everything important or everything we review!
But, it is an important place to start-you and your department should be aware of the following good practices and responsibilities, and if you are keeping
up with them, you will already be a step closer to a smooth audit!
Follow the links to learn more about each of the following:
Thanks to Harvard University and Columbia University for portions of these texts.
- Tracking Vacation and Sick Time
- Protecting Cash Receipts
- Petty Cash Controls
- Travel Accounting and Object Codes
- Tracking Expenses
- Accounting for Equipment
- Disaster Recovery/Business Resumption Planning
- Information Systems
- Reference Checks
- Telephone Reimbursement
TRACKING VACATION AND SICK LEAVE ACCRUAL AND USAGE:
Departments are responsible for tracking the benefit time accrued and used by all exempt-level staff. The University system currently tracks
only non-exempt personnel, and the responsibility rests with the department for tracking the accrual and usage by exempt staff.
Each department should:
- Assign a member to track sick and vacation accrual and usage (a good candidate is the department administrator)
- Review the accrual rates based on the Personnel Handbook
- Maintain correspondence with staff to ensure accurate vacation and sick time records
Keeping accurate records of employee vacation and sick time is a good business practice: It ensures that employees do not receive benefits to
which they are not entitled and, conversely, that all employees are able to use the correct amount of benefit time that they earn.
Furthermore, cash and cash equivalents are so liquid and transferable, the risk of misappropriation is greater than for any other asset.
Additionally, when managed according to best practices, it can generate additional revenues important to the organization. Hence, controls for
handling cash, and cash equivalents, are necessary to ensure timely deposit and prevent misappropriation of this valuable asset. Best practices are as follows:
- Do not send cash through interdepartmental or regular mail.
- If your department has a weekend or evening event and you will be accepting cash, arrangements may be made for a night or weekend deposit.
Contact the Cashier's Office at least 30 days in advance of the event.
- Cash that is lost or stolen must be reported to the Boston University Police at 353-2110.
- To record a shortage of cash: debit your unit-department using object code 0999.
- To record an overage of cash: credit your unit-department using object code 0999.
- Checks submitted for deposit must have a duplicate adding machine tape.
- Checks drawn on foreign bank that do not contain an ABA routing number should be sent to the Cashier's Office on a separate CCV-Cash Credit Voucher.
- A department stamp is required for deposit of checks. The stamp must include: "Trustees of Boston University", your department name, unit and
- Use a separate Cash Credit Voucher for credit card deposits and do not combine with any check or cash totals.
- There is a ten credit card maximum per CCV.
- If your department does not currently accept credit cards as payments, and you believe that there is a need to accept credit cards, contact the
Cashier's Office 30 days prior to the event.
- Where good business practices allow, there should be a segregation of receiving and depositing cash and checks from posting transactions to the
- A log should be maintained of cash and checks received and a receipt provided to the payer, whenever possible.
- Checks should be immediately restrictively endorsed upon receipt.
- Deposits should be made daily or, if there the funds can be kept in secure location, deposited when the funds are over a pre-defined dollar amount.
- Detailed listings should be reviewed and reconciled on a monthly basis to ensure proper recording.
- Do not use the petty cash fund for personal advances, cashing checks of any kind, paying salaries and wages, personal entertainment, travel,
contributions of any kind, loans of any kind, supplies or services that are normally secured through the Procurement Department.
- A "Received of Petty Cash" slip needs to be completed by the custodian for each disbursement.
- The total of the "Received of Petty cash" slips and cash on hand must at all times equal the total amount of the fund.
- Petty Cash must be replenished at least once a month.
- The cash and expenditure documents must be kept in a locked cash box at all times.
- The cash box should be kept in a locked area overnight and on the weekends.
- Petty cash funds that are lost or stolen must be reported to the Boston University Police at 353-2110 immediately.
- A copy of the police report along with a memo detailing the theft is sent to the Assistant Director/Cashiers, and the Office of Internal Audit
within seven business days of the theft.
- The Petty Cash Custodian must close the petty cash fund, prior to transferring, terminating, or going on a leave of absence.
TRAVEL AND REIMBURSEMENT:
Travel is an essential part of meeting the objectives of the University and is also a business expense that must be managed to reasonable limits. First
and foremost, the University should be paying for travel costs that are in support of performing University business. Additionally, the costs should not
be excessive and should be in accordance with established policies and procedures. It is also important that the policies are applied consistently
to all travelers. Finally, the traveler should be reimbursed for their costs on a timely and accurate basis. To accomplish these goals, the following
good practices should be in place:
Review the University Travel Guidelines and other pertinent information at the Travel website-
- Optimally, travelers should attend Travel training and understand the policies and procedures. All travelers should at least be informed of their
responsibilities for tracking expenditures and maintaining receipts prior to their departure.
- Appropriate supervisory level individuals should have approver responsibilities. Approvers must perform reviews to ensure:
- Timely submission of expenses for review and approval
- Adequate documentation to support business purpose and nature of the expenditure.
- Receipts are adequately maintained for all reimbursable expenditures
- Accuracy and reasonableness of the travel expense report including accurate coding of transactions
- Compliance with policies and procedures
- Timely settlement of any advances
- Administrators should review and reconcile detailed listings on a monthly basis
- Always keep in mind the additional travel requirements and restrictions for all sponsored projects
- Be aware of the differences between unallowable and allowable expenses. You can review these requirements in the Object Code Manual, to which
a link is provided below.
Review the University Object Code Guidelines for travel and other expenses by downloading the Object Code Manual in .pdf format
or view the Object Code Manual on-line at:
Individual University departments are responsible for tracking and verifying all expenditures, for both restricted and unrestricted accounts. We find
frequently that fraud against the University goes undetected due to a lack of appropriate review. In order to accomplish this effectively:
Budget Status Reports and Current Restricted Fund Reports should be reviewed on a monthly basis.
We also recommend that all departments maintain a "shadow" accounting system and copies of all expenditure documentation (eg. CRV's, Invoice Transmittals,
TER's, etc.). This will allow you to predict your budget needs and expenditures as well as quickly recognize discrepancies between your and the University's
We highly recommend obtaining access to the Business Link (www.bu.edu/link), where department financial information is available in a user-friendly web format.
As always, departmental administrators and supervisors should ensure-
- The Department does not permit personal employee purchases through the University.
- Personal reimbursements are properly authorized and sufficiently documented.
- Any unallowable expenses are charged to correct sub codes.
- Charges for services within a department and to other departments are sufficiently documented.
- Expenditures are in accordance with policy guidelines.
- The Department complies with special terms and conditions of federal grants and contracts.
ACCOUNTING FOR EQUIPMENT:
- All moveable equipment purchased with University funds, that has a useful life greater than or equal to 1 year and a cost greater than or equal
to $5,000 which does not become a permanent part of the building should be coded to object code 930.
- All non-moveable capital equipment that is permanently attached to a building and has a total cost greater than or equal to $5,000 and useful life
greater than or equal to 1 year should be coded to object code 954.
- All fabricated equipment that is assembled or manufactured by a Boston University Department that has a total cost greater than or equal to $5,000 and
a useful life greater than or equal to 1 year should be coded to object code 955.
- All minor equipment that has a total cost between $1,000 and $4,999.99 or total cost of $5,000 or more but useful life less than 1 year should be coded
to object code 953.
- All office consumables, instructional, and laboratory supplies costing less than $1,000 should be coded to object code 910.
- Information about each capital equipment purchase is recorded in the University's Property Management System, which acts as the University's
subsidiary ledger for equipment.
- All capital equipment is required to be tagged.
- Boston University is required to conduct a complete Physical Inventory of its capital equipment and government-funded property every two years.
Equipment that is tagged expedites the count.
- When equipment is sold, stolen, traded in, scrapped, donated to another institution, returned to the vendor, or otherwise made unavailable to
the University, it is the responsibility of the Department Property Administrator to notify the Property Management Office by submitting the Moveable
Capital Equipment Management Form.
- Stolen property must be immediately reported to the Boston University Police, Office of Risk Management, and the Office of Property Management.
Each department should establish a disaster recovery/business resumption plan, in the event that an unforeseen disaster occurs that precludes physical
access to the work area, offices, computers, and other critical equipment. A written plan can be a critical document and help ensure that departments
can continue to function in the event of adverse circumstances.
A business resumption/disaster recovery plan should deal with the loss of information, the loss of access and the loss of personnel. In addition, such a
The plan should be comprehensive yet simple enough to use. Information should be readily accessible without having to comb through pages of unnecessary detail.
Key personnel should have a copy of the plan at their home. After completion, the plan should be reviewed and tested with all employees. Finally, the plan
should be reviewed and updated periodically as needed.
- identify serious risks;
- prioritize the operations to be maintained and how to maintain them;
- assign the disaster team; and
- identify emergency vendor contacts for all equipment.
For help in developing Business resumption plans, we recommend contacting the following individuals:
- On the Charles River campus: the Director of Administrative Computer Services at University Information Systems
- On the Medical campus: the Project Manager at the BUMC Office of Business Affairs, who is Co-Chairperson of the Disaster Recovery/Business Resumption
The conscientious management of password practices and selection is a key element of current information security. Passwords are keys controlling system access,
and because today's distributed computing environments are increasingly interconnected (networked), password protection is in everyone's best interest.
With sophisticated password cracking programs available freely to anyone, and our data and systems available on networks, adopting and abiding by secure
password procedures has become a vital and shared computer responsibility. The compromise of any single computer system or account through the revelation
or theft of a single password can place whole communities of data in jeopardy. In order to protect critical information and system access, proper password
and data protection is imperative. Several beneficial password practices:
- Avoid obvious passwords, such as dates, names, sports teams, etc. Choose passwords with a length of eight characters and comprised of letters, numbers
and/or special characters.
- Change passwords periodically to minimize exposure of a compromised password.
Good software management practices include keeping track of your software use and documentation, and providing training and awareness to staff on software
use and copyright laws. By closely monitoring your software use and documentation, you are better able to control software costs, increase interoperability
and productivity, and monitor compliance with copyright laws. Every department is responsible for ensuring that each user has a valid license for all software.
Furthermore, effective software management practices place the University in a better position, if we were to face a software audit by any outside agency.
Suggested software management practices:
- Ensure all staff/computer users are aware of copyright laws and what their responsibility is for compliance.
- Develop and document a software compliance statement.
- Create and maintain a central file for ownership documentation.
- Create and maintain a software log.
- Perform an annual self-audit.
Any department attempting to hire a new employee is responsible for conducting reference checks on all final exempt candidates, following the interviewing
stage and before an offer of employment can be extended by Personnel. Offers of employment should not be extended under any circumstances until the academic
information has been verified and at least two job references have been contacted.
The University's Office of Personnel (Personnel) has prepared a formal Reference Checklist.
All employees/departments with a University-issued long distance phone access code are responsible to reimburse the University for any personal
long distance calls. Monthly telephone bills should be distributed to all staff members for their review and so that they may determine the appropriate
amount for reimbursement. Departmental administrators should submit the reimbursements on a monthly basis.
Charles River Campus:
Reimbursements are processed using a Cash Credit Voucher and can be made at the Cashier's Office, 881 Commonwealth Ave., 4th floor.
BACK TO TOP
Copyright @ 2008 by Trustees of Boston University. All rights reserved.
& GOOD PRACTICES
MEET OUR STAFF
THE AUDIT PROCESS