GAP ANALYSIS &
SUB-CERTIFICATION
Annual Certification Process
Gap Analysis
1.
Identify individuals who should be performing the gap analysis (FMT members to complete
the overview spreadsheet).
2.
Complete the M-Reports online gap analysis.
3.
Document procedures / update existing procedures to include key controls noted in gap
analysis.
Department Sub-Certification
1.
Identify individuals who should be sub-certifying (both input and approval).
2.
Complete the on-line sub-certification.
Management Oversight Reporting is an important part of the
sub-Certification process.
Identify individuals who are running and reviewing the required reports.
Annual Certification Process
Should be
completed with individuals involved in the
process
(
i.e. handling cash, processing journal entries,
hiring employees
, etc.)
As of March 2013, all DSA units will be using the on-line
tools in MReports, which is explained in detail in this
document.
If you wish to look at the gap analysis tool, the instructions (quick version) below should get you there.
However, if you want detail instructions, download the
ITS online gap analysis tool with step-by-step instructions
.
1. select Wolverine Access
2. go to the Faculty and Staff tab
3. select M-Reports (under the Reporting section)
4. choose the Compliance tab
5. select Internal Controls Other Reports / Tools, then Gap Analysis
6. select your dept. ID or put your dept. ID in the search box
7. in your department's row, click on the status link / "not started" to review and/or start filling out the
questionnaire
How to get to the Gap Analysis on-line tool
http://www.finance.umich.edu/controls/certprocess
5
What is written procedure documentation?
•
Documented procedures = key control
•
Clarify roles and responsibilities
•
Ensure process is happening as intended
•
Help with employee turnover (expected/unexpected)
•
Note: The Office of Internal Controls website:
http://www.finance.umich.edu/controls provides some
guidance and sample documents to assist with
documentation.
Monitoring/oversight =
key control
Helps to highlight if operating controls are working
Identifies trends/exceptions
High level summaries (by month/year, comparing to prior years, etc.)
Concur
Employment
Cash & Credit
Card Handling
P-Card
Are proper individuals approving expenses?
Are spending levels and patterns appropriate?
Has time been entered timely and properly approved?
Are overtime, temp and retro pay reasonable?
Have proper individuals taken cash handling training?
Are credit card merchants PCI compliant?
Are P-Card holders appropriate?
Are credit limits appropriate compared to spend levels?
Management Oversight Reporting
Listed in the matrix below are the (4) areas of Internal Controls - Management Reporting which are
required ( and signed off on as part of the annual certification ) by all areas to review, and follow up, on a
periodic basis in a timely manner, preferably monthly or quarterly.
Source: Internal Control site (
http://www.finance.umich.edu/controls/resources)
Internal Controls - Management Reporting ( included in annual certification )
Addl Comments
Employment
Depa rtment Employee Compens a tion
• Thes e reports a re loca ted in MREPORTS i n the COMPLIANCE tab under the
Interna l Control s menu.
• The Depa rtment Employee Compens a tion report provides a s umma ry of compens a tion i n forma tion for a n a dmi ni s tra tive depa rtment. The report i s orga ni zed by va ri ous types of pa y (e.g., regul a r pa y, overtime pa y, other pa y ). • The Overtime Pa y, Temp Pa y a nd Retro Pa y a re trending reports a nd s how da ta for a funding depa rtment vi a gra phs a nd hi gh-l evel cha rts.
Fa cul ty Pa y • Review overtime, a ddl
pa y...and fol l ow up a ccordi ngl y. (Monthl y / Qua rterl y) Staff Pa y Overtime Pa y Temp Pa y Retro Pa y
P-Card
Tra vel & Expens e P-Ca rd Hol der & Li mi ts by DeptID, Dept Grp or Empl ID
• Report is loca ted in BUSINESS OBJECTS a t: UM-Ma i ntai ned -> Fi na nci a l s
-> FN06 Procurement
• Lis ts a ll P-Ca rd holders , limits , a nd ma x, a vera ge a nd monthly s pend a mounts. • Highlights potentia l underutilized ca rds.
• Review P-Ca rd limits ... a nd a djus t a ccordi ngl y.
Cash Handling
(Cash/Checks)
Ca s h Depos i t Control s • Report is loca ted in MREPORTS i n the COMPLIANCE tab under the Interna l Control s
menu.
• Summa rized by depos it a mount, depos it count a nd dis crepa ncy count for ea ch depos itory location.
Management Reporting
Internal Controls - Management Reporting ( included in annual certification ) - continued
Addl Comments
Cash Handling (Credit Cards)
• For unusually high refunds ($ or %) and follow up accordingly.
• Follow up on any PCI non-compliance and / or dates close to expiration.
•Review approvers are appropiate and follow up accordingly. • Follow up re: approvers training status if training was not completed or about to expire.
• Review and follow up on any unusual items noted. Credit Card Controls • Report is located in MREPORTS in the COMPLIANCE tab under the Internal Controls menu.
•Summarized by net sales amount, sales count, refund amount and PCI compliance status for each credit card merchant account.
Travel & Expense (Concur)
Travel & Expense Approver Report by EmplID, DeptID or DeptGrp
• Report is located in BUSINESS OBJECTS at: UM-Maintained -> Financials -> FN06 Procurement • Provides a listing of Concur approvers and the scope of what they have approved
• Notes approvers training completion status.
Travel & Expense Spend Report by EmplID, DeptID or DeptGrp
• Report is located in BUSINESS OBJECTS at: UM-Maintained -> Financials -> FN06 Procurement • Highlights spend (both P-Card & out-of-pocket) by Employee for a specified date range.
