A state audit of USF found that the University paid out too much money in travel expenses to employees and that there was no independent review of staffers’ cell phone bills to see if they reimbursed USF for personal calls. Also procedures for using purchasing cards – which work like University-issued credit cards – were not followed, resulting in purchases that violated USF policy.
The Feb. 8 audit, which will be discussed by the Board of Trustees’ Finance and Audit workgroup committee today, also pointed out that USF failed to abide by competitive bidding guidelines – the rules the University follows when it contracts a private company. The audit, which covered the 2006-2007 fiscal year, found the University’s handling of property could perpetuate theft, and that USF failed to check and keep on file students’ residency status, a designation that affects whether students pay in- or out-of-state tuition.
When staffers were terminated, the University often failed to pay them for unused leave, and former employees could often access USF’s network and IT information with their old, University-issued login information.
To comply with state and University guidelines, the Auditor General’s office recommended USF strengthen its procedures for handling money, contracts and IT access.
Carl Carlucci, chief financial officer and executive vice president of the University, wrote that the University would comply with all of the state’s suggestions in a Feb. 4 letter to Audit General David W. Martin.
“We will implement the recommendations identified during the audit in accordance with the enclosed schedule of responses,” Carlucci stated in the response.
Senior Vice Provost Dwayne Smith said the University had been working to address auditors’ concerns before the review ended.
“We moved immediately to correct those issues to the extent that we could,” he said.
Below is a breakdown of the operational audit’s findings and the state’s recommendations for how the University should approach its handling and management of money and property.
Finding No. 1 – imprest bank accounts:Payments made to bank accounts at the Office of Research and the Florida Mental Health Institute lacked supervision, increasing the risk of “cash being misappropriated or used for unauthorized purchases,” the audit states. The audit recommended the University make sure payments made to and from the accounts are handled by different people and that they’re approved by a supervisor.
Finding No. 2 – tangible personal property:A laptop computer and two projectors could not be found, and although the projectors were reported stolen, they were still listed as University property. A laptop was stolen off-campus, but was not authorized to be off-campus. Also, a digitized film, three computer monitors and a printer worth $33,950 were deleted from the property record and donated to a hospital without approval. The University must improve its handling of property, the audit recommends.
Finding No. 3 – auxiliary food service, vending and bookstore contracts:The University did not review the food service, soft drink vending and bookstore contractors’ financial reports, so it’s unclear whether USF is getting the correct rent. Also, an accountant working for the snack-vending contractor provided the contractor’s financial records allowing “limited assurance as to the accuracy of reported sales and commission paid to the University,” the audit states. The recommendation is that the University enact policies to make sure USF is getting paid its due commission.
Finding No. 4 – auxiliary credit union contact:It’s unclear whether the University is getting paid the proper amount of fees from the USF Federal Credit Union, which agreed to pay the University $1 for each new USF Card ATM account. Also, the Credit Union didn’t specify how much liability insurance it had. The University needs to make sure the Credit Union is paying USF enough fees and clarify insurance requirements.
Finding No. 5 – student feesFor five of 40 students the auditor sampled, the University didn’t have the paperwork indicating whether they were Florida residents. The audit said the University should make sure it had residency paperwork.
Finding No. 6 – decentralized collections:Transfer of money taking place at the Educational Research Child Care Development Office, Student Publications Office and Office of the Registrar were not approved with signed transfer documents. At the Oracle, there was “no independent verification that amounts that should have been collected based on advertisements placed in the Oracle agreed with recorded collections and deposits,” the audit stated. It also recommended the University use proper transfer documents and that receipts are accounted for independently.
Finding No. 7 – termination pay:Terminated employees in USF Health had not been paid for annual and sick leave. The audit recommended that terminated employees are paid for unused annual and sick leave in a timely manner.
Finding No. 8 – competitive procurement:The University’s rule for seeking bids is that they are sought for purchases and projects that cost more than $50,000. This exceeds the Board of Governor’s threshold of 25,000 according to the audit, which also suggested the University confirm that its amount keeps with state guidelines.
Finding No. 9 – purchasing cards:Purchasing cards of some terminated employees had not been cancelled anywhere between 17 and 220 days after they no longer worked at USF. Also, $1,679 was spent on shredders and plaques, $1,440 on autograph books for retiring employees and $61 on flowers for an employee – violating purchasing card guidelines. The University has since been reimbursed for $61, and the audit recommended USF more closely monitor purchasing card use.
Finding No. 10 – cellular telephones:There was no independent check to make sure the University was reimbursed for private cell phone calls made on USF phones. Also, USF paid telecom taxes on cell phones though it is exempt. The University must have an independent review of cell phone bills, according to the audit.
Finding No. 11 – travel expenses:USF reimbursed employees more than permitted by state law. The University should reimburse employees for travel according to state law, the audit stated.
Finding No. 12 – information technology-access controls:After employees were terminated, their sign-on accounts were not always removed, and “In the absence of timely revocation of user sign-on accounts, there is an increased risk for unauthorized access to the University’s information technology resources,” stated the audit. The University should cancel access right after an employee is terminated, according to the audit.
Finding No. 13 – information technology-application environment:The University should make sure access to some IT applications is safe, the audit recommended. The audit did not specify how some access was unsafe, and did not reveal them “to avoid the possibility of compromising University information.”