UTD PCC Audit
-
Upload
dariel-dato-on -
Category
Technology
-
view
209 -
download
2
Transcript of UTD PCC Audit
UT Dallas
Procurement Credit Card AuditJennifer Terry • Dariel Dato-on
Audit Objective
To test for compliance with the UTD PCC polices related to transactions limits and user access.
Cardholders have a transaction limit and monthly limit.
Terminated users should no longer have access.
Scope
Because IDEA limited us to 10,000 records, we could only test a selection of the data.
Jennifer• Tested first three months
of FY-2011• 09/01/2010 – 11/31/2010
Dariel• Tested last three months
of FY-2011• 06/01/2011 – 08/31/2011
PCC Process
The UTD PCC data is handled by UTD Procurement.
The purchasing card is a MasterCard which gives cardholders the freedom and authority to make small-dollar purchases without the assistance of Procurement Management.
The department is responsible for reconciling the transactions monthly.
Audit Procedures
Cardholder Listing• List of all cardholders• Active/terminated status• Cardholders’ transaction limit• Cardholders’ monthly limit
Transactions Listing• List of all transactions• Monetary amount and
date
• Tested for transactions over the cardholders’ transaction limit• Tested for transactions over the cardholders’ monthly limit• Tested for transactions by inactive/terminated users
Combine
Observations
Observation #1: Missing Users
Condition: User performing transactions are not listed in the master cardholder listing file.
Criteria: The organization should have a comprehensive master list of all cardholders.
Cause: The cardholder file is out of date and (due to the new PeopleSoft system) the users do not know how to generate a new listing. Also, names are not always entered in a consistent manner.
Effect: The university does not know all the users that have procurement cards.
Recommendation: PeopleSoft training to obtain a comprehensive cardholder listing. Use unique identifier (e.g. NetID or numeric ID) to identify users instead of name.
?
Observation #2: Transaction Limit
Condition: 508 transactions were over the user’s transaction limit.
Criteria: As per the cardholder policy, each user should remain under their transaction limit.
Cause: Lack of proper monitoring of transaction amounts per user.
Effect: $122,504.60 was spent over the transaction limit.
Recommendation: Establish preventable control through the bank that would prevent transactions that exceed limit from being authorized without special approval.
Observation #3: Monthly Limit
Condition: Seven instances in which users exceeded their monthly limit.
Criteria: As per the cardholder policy, each user should remain under their monthly limit.
Cause: Lack of proper monitoring of monthly transactions per user.
Effect: $32,668.90 was spent over the monthly limit.
Recommendation: Implement system to warn user as they approach the monthly limit.
Observation #4: Terminated Access
Condition: Eleven active users who should have been terminated.
Criteria: Terminated users should no longer have access.
Cause: As per discussion with Ali Subhani, cardholder listing is not complete or incorrect.
Effect: Inactive user still have access to make monetary transactions.
Recommendation: Obtain a more up-to-date listing of cardholders, and ensure that all terminated users are denied access.
Problems &
Lessons Learned
Problems and Lessons
Problems Encountered
• As noted earlier, the Cardholder Listing was not up to date, which prevented complete testing of data
• Difficulty determining how to accumulate monthly transactions by account name
• Difficulty in identifying unallowable expenses
Lessons Learned
• The best way to learn a new software is through experimenting.
• We learned how to use IDEA more efficiently.
• We learned how to document the audit process.
• We gained an understanding of UTD’s purchasing card processes.
Acknowledgement
• We would like to thank Ali Subhani, IT Audit Supervisor, and Toni Messer, Director of Internal Audit, for their time and support during this project.
• We look forward to our discussions this coming week!