Mail opened, checks stamped FDO Community Foundation,
totals logged & verified Administrative Assistant &
mail verifier
Written log & electronic log compared & verified;
gifts other than cash & check added to bottom of
log for total receipts Finance Assistant
Cash log reviewed at weekly staff meeting
Finance Assistant Bank deposits
prepared & delivered to bank as necessary
Finance Assistant
Cash receipts entered in FIMS & compared to
log Finance Assistant Gift acknowledgments verified Associate Director Gift acknowledgments approved & signed Executive Director
Gift acknowledgments mailed to donors & filed
electronically
Administrative Assistant
Gifts & journal entries posted in FIMS Finance Assistant Deposits verified & approved prior to
delivery to bank
Associate Director
Start
Cash log, gift edit, journal entries reviewed & approved before posting
Associate Director
Cash/checks recorded individually by check # on electronic cash receipts log with
notation of donation purpose & locked in secure location
Executive Assistant
Gift acknowledgments prepared & printed
Administrative Assistant 4 1 8 2 3 3 3 7 3
1. Two people independent of accounting staff open mail (verifier rotates) & log receipts in total daily. C,R
2. Cash receipts logged in detail by position independent of accounting staff & mail openers & locked in secure location. C,R 3. Deposit slips verified & approved by associate director prior to delivery to bank.C,V,A
4. Logs compared & verified by position independent of mail openers. C,A,R
5. Cash receipts entered into FIMS verified against cash receipts
6. Cash receipts verified & approved by associate director before posting. C,A,V,R
7. Access to post gifts to system restricted to finance assistant and associate director. S
8. Gift acknowledgements verified to cash receipt log by position independent of letter processing.A
9. Gift acknowledgements approved & signed by executive director.V
Control Points
5 6Cash Receipts
Internal Controls
If gift is cash/check If gift is stock If gift is credit card 9PRC approved grant & scholarship distribution forms forwarded to finance
assistant weekly
Payment request form & payment documentation
approved (2 way match)
Associate Director
Grants, scholarships & operating invoices
are posted Finance Assistant
Pre-numbered checks cut & posted to system based on approved payment request form
Finance Assistant Bank transfers approved Associate Director Checks countersigned
Associate Director & Executive Director
Checks verified for 2 signatures Executive Assistant
Departments mail checks & file distribution forms Operating invoices
entered into FIMS Finance Assistant
Each check compared to the check register & documented on check
register
Associate Director
Payment request form prepared for the
weekly check run Finance Assistant
5
6
1. Purchase orders required for all purchases over $100. A,V,R
2. Payment request form and payment documentation approved. C,A,V,R 3. Access to post disbursements restricted to finance assistant & associate director. S 4. Access to generate checks limited to finance assistant & associate director. Check stock has security measures embedded. S
5. Bank transfers approved by associate director. C,A,V,R
See grant & scholarship disbursement
controls Operating invoices
stamped for approval, coded for general ledger
account & matched to PO Finance Assistant PO generated & approved 1 4
6. Board of directors annually authorizes check signers. Authorized signers are board president, board treasurer, executive director & associate director. All checks must be dual signed. Payments are reviewed for fictitious vendors & verified against check register. A,V,R
7. Check register is uploaded to bank’s positive pay by finance assistant with approval by associate director or executive director. C,A,V,R
8. Checks are verified for appropriate number of signatures & that signatures are from appropriate personnel on checks & corresponding payment authorization documents. V
Control Points
Cash
Disbursement
Internal Controls
2 See EFT Payments Check register is uploaded to bank forpositive pay Finance Assistant
7
Check register is approved for positive
pay Associate Director 7 See Approval Authority 6 3 8 2
Payroll worksheet approved & timecards
reviewed
Associate Director
Payroll submitted via internet to TPV Finance Assistant Payroll reviewed upon delivery Finance Assistant Payroll entered in FIMS Finance Assistant Direct deposit receipts disbursed to staff mailboxes Finance Assistant Hourly staff timecards
approved & submitted to finance
Supervisors
Payroll reviewed & approved
Associate Director & Executive Director
All employees are encouraged to participate in
payroll direct deposit 2
4 5
Control Points
1. Hourly time cards approved by supervisors. C,A,R,V
2. Payroll submittal worksheet & time cards reviewed by associate director. C,A,V,R
3. Access to payroll system limited to finance assistant & associate director. S
4. Payroll reviewed by finance assistant.C,A,R
5. Payroll reviewed & approved by associate director & executive director. C,A,R
Payroll worksheet prepared (includes hours, paid
time off & any adjustments necessary) Finance Assistant Payroll approval form prepared Finance Assistant
Payroll Internal
Controls
For employees that participate in the CF IRA plan, it is suggested that telephone redemptions be removed from their plan to limit
access Payroll posted in FIMS Finance Assistant Timecards signed & submitted by employees ALL
Annual salary
adjustment process
Staff salary adjustment approved based on performance assessment
ratings in matrix Board President
New salary entered into payroll system Finance Assistant Increases submitted to
finance assistant for payroll adjustments Executive Director Review of salary amounts on payroll register Associate Director 4 6
Control Points
1. Performance Assessment process
takes place for ratings & is applied to
compensation matrix.
C,A,V
2. Compensation matrix is reviewed
annually by Personnel committee.
C,A,V
3. Governance committee reviews &
approves pool for annual merit
increases & bonus pool.
V
4. Board president approves salary
adjustments.
C,A,V
5. Payroll adjustments package
forwarded to finance assistant. Signed
off by executive director and board
president.
C,A,V,R
6. Salaries on payroll register verified
each pay period by associate director.
C,A,V,R
Semi-annual Performance Assessment Management Team Executive Director recommend salary increasepool for annual budget Governance Committee
Payroll Internal
Controls
5 1 Compensation matrix is reviewed annually Personnel Committee 2 3 4Cash reconciled monthly in FIMS Finance Assistant
Trial balance & financial statement
reviewed monthly Associate Director
Cash reconciliation, trial balance & financial statement reviewed
monthly Executive Director
Annual audit performed Independent Auditor
Annual audit reviewed Audit Committee &
Board of Directors 1
7
Control Points
1. Accounts reconciled monthly. Access
to reconcile accounts & posting restricted
to finance assistant and associate
director. C,A,V,R,S
2. Cash reconciliations reviewed prior to
posting.
C,A,R
3. Trial balance & financial statements
reviewed monthly by associate director.
C,A,V,R
4. Cash reconciliation, trial balance &
financial statements reviewed monthly by
executive director. C,A,V,R
Financial
Close
Internal
Controls
Cash reconciliations reviewed before posting
in FIMS Associate Director
Financial statements reviewed quarterly Audit Committee & Board of Directors Cash logs compared to
bank statements Associate Director 2 Fund statements distributed to donors quarterly
Cleared checks on check register are compared for amount & check number sequence; voided checks
are investigated Associate Director Transfers between accounts verified Associate Director 3 4
5. Financial statements reviewed
quarterly by audit committee & board of
directors to assess: areas of risk,
significant changes in numbers, & any
new areas requiring monitoring. C,A,V,R
6. Statements distributed quarterly to
donor, if discrepancy donor will
communicate to Community Foundation.
A,R
7. Annual audit reviewed by audit
committee & board of directors. C,A,V,R
6
Server located in locked room
Backup schedule 2
Control Points
1. Building security: Alarm
system, property management
company is first response to
alarm calls. All staff of CF &
cleaning crew have key fob
access with individual, unique
security codes to enter building.
Physical Security
2. Server located in locked
mechanical room.
Physical
Security
3. Server screen is set to lock.
Administrative password is only
known by IT support & limited
staff. S
4. Server is protected by battery
backup to allow for shut down
without data loss.
Server protected by Cisco
Firewall, Trend Micro virus
protector & Mailprotector. S
IT – Security/
Backup/Recovery
Internal
Controls
Server locked Building Security 3 Server Protection 5 4 15. A backup schedule is
maintained in Storage Craft for
M-F full & incremental backups.
Daily backup reports are sent to
3 staff & IT support.
Tapes drives are rotated off site
daily & one offsite monthly to
bank lock box.
Tape drives are tested quarterly
for recovery when maintenance
is performed by IT support. S
6. Items checked with the
quarterly maintenance:
*Memory & Utilization Statistics
*Exchange 2003
*Antivirus Software
*Tape Backup Software includes
test restore
*Battery Backup Test
*Firewall logs checked for attack
*Errors in Event Viewer
* Random Verification of
software update process on PCs
S
DWD Qtrly Maintenance
6
New employee checklist
Annual review of all access tables Executive Director
Control Points
1. Exiting employee checklist includes
removing user from system by authorized
IT staff. S
2. New employee checklist includes
adding user with appropriate access by
authorized IT staff. User access must be
approved by supervisor. S
3 Computer security: Each employee is
assigned an individual user ID &
password. Mandatory network password
changes are system forced every 180
days. S
4. Security levels for all applications:
Network, Network accounting drive,
FIMS, Payroll, banking, & etc. S
5. Remote access my be set up as
determined by organizational needs with
supervisor approval. S
6. Executive director reviews all rights.
V
IT – User Access
Internal
Controls
Security levels for all applications Exiting employee
checklist Computer security
Remote users
1 2 3
4 5
Applications
Control Points
7. Limited staff allowed to create and
make changes. S
8. Program staff create & finance post.
S
9. Finance create & post.
S
10. Finance create & changes.
S
11. Finance create & post. S
12. User access & upgrades initiated by
associate director & reviewed by
executive director. S
IT – User Access
Internal
Controls:
Applications
Grant/Scholarship moduleChange management Funds module
Profile module Gift/Pledges module
Accounts Payable, General Ledger, and
FACTS modules 7 8 9 10 11 Applications 12 FIMS database 8
System Administrator Access Associate Director, Executive Assistant &
Director of Programs
Control Point
13. Network system
administrator access
limited to associate
director, executive
assistant, & director of
programs. S
IT – User Access
Internal
Controls:
Applications cont’d
Network 13 Online Banking access restricted to read only Finance Assistant Online Banking transfers restricted to corporate accounts Associate Director &Executive Director
Control Points
14. Access limited to read
only for finance assistant.
S
15. Access to online
banking execution of
transactions limited to
associate director &
executive director. Access
Control Point
16. Access to payroll
system limited to finance
assistant & associate
director. S
14 15 Payroll 16 Applications cont’dCopier Academic Works
17
Control Point
17. Copier vendor gives
hard drive out of copier
for us to destroy.
Confidential Shredding
Services is the vendor
used for shredding. S
Control Point
18. Academic Works
security controls are
operated by Amazon
Web Services (AWS). S
19. Access to system
limited to Scholarship
Manager( Administrator)
& Committee members.
System Administrator Access Scholarship Manager, Director of Programs &
Committee members 19 18 Credit Card donations 12
Control Point
12. Credit card portal
has secured access for
finance assistant &
associate director. PCI
compliance is
maintained thru
Authorize. net. No
credit card information
(card numbers, etc.)
Wells Fargo Merchant Account Authorize.net gateway Trustwave PCI compliance
