Applies to: All Departments and Units of the University
This policy provides a summary of the key fiscal responsibilities required by the University. Each employee is responsible for financial controls relevant to his/her role at the University. This document outlines basic guiding principles and required departmental controls, including responsibilities at different organizational levels.
II. Guiding Principles for Financial Controls
A. An optimal control environment sets the tone for the organization and calls for clearly defined roles and responsibilities, policies based on principles rather than procedures, and minimal exceptions to those policies.
B. Risk assessment is the identification and analysis of relevant threats and exposures, related consequences, and may include both internal and external factors.
C. Control activities include appropriate policies and procedures to ensure objectives are achieved and risks are mitigated.
D. Information and Communication ensure the appropriate information is identified, captured, and communicated in a timely manner to allow employees to carry out their duties.
E. Monitoring provides oversight by assessing the effectiveness of internal controls over time through ongoing activities such as trend/variance analyses and separate evaluations such as internal audits.
The Office of Internal Controls coordinates the annual Unit Certification of Financial Results and Internal Controls. Given the decentralized nature of administrative operations, the certification process, which is aimed toward Deans, Vice Presidents, and Directors, is designed to help develop a broader understanding and accountability of unit financial results and internal controls. The Office of Internal Controls reports summarized certification results to the Regent’s Finance, Audit, and Investment (FAI) Committee on an annual basis.
III. Essential Department Level Requirements for Financial Controls
Four main elements should exist in all University units that manage their own finances. The University requires these elements for all units (and at all levels) that control their own finances. If a unit has a unique DeptID, this policy is applicable. Major operating units, sponsoring agencies, donors, and other internal or external agencies may impose additional requirements. The minimum requirements are:
• Preparation of a budget plan (including anticipated revenues and expenditures)
• Processing and Approving Financial Transactions
• Financial Review
• Internal Controls and Management Responsibilities
These elements are similar to the guiding principles described earlier. The difference is that these essential Department-level requirements provide additional guidance to assist units in implementing the guiding principles within their unit. The complexity of organizational structures and the various funding sources within the University may require additional layers or levels of review beyond what is described here but the four main elements (detailed below) represent the minimum requirements.
A. Preparation of a Budget Plan (including anticipated revenues and expenditures)
1. Budgets should reflect the unit’s operational plans for a period of at least one year and ideally represent those plans over several years.
Operating budgets are typically adopted and approved on an annual basis and are administered from an annual budget perspective. The budget plan should include all operating funds available to the unit.
2. Review, approval, and endorsement of the budget requires an understanding of the major budget components by unit heads.
Since budgets include numerous details, responsibility for the budget details are typically delegated to faculty and staff who have operational decision-making authority. Preparation of a budget requires involvement by unit heads and their financial management staff (e.g. department administrator who typically report directly to the unit head).
B. Processing and Approving Financial Transactions
1. Employees with responsibility for processing any financial transaction must ensure proper approvals have been obtained from other employees who have the delegated budgetary authority to support the expenditure of University funds.
Appropriate written documentation of these approvals should be kept on file when not maintained electronically. Individuals with responsibilities for processing financial transactions may have the full range of responsibilities or have duties associated with specific activities (e.g. faculty and staff appointments; timecards and gross pay registers; purchasing). The approval process can vary dramatically by unit so individuals should check with their department head for unit policies and procedures.
2. Approvals must be obtained from an individual with budgetary authority and adequate knowledge of the transaction.
a. Individuals designated with approval responsibilities are in a position to determine that the financial activity is accurate and appropriate. Accuracy refers to the quality or statement of being correct. Approvers must ensure that financial transactions, including amounts and chartfields, are accurate. Appropriateness refers to two factors:
i. Management Review –Is the expenditure considered within the intended use of the budget or if the expenditure is not planned for, is it considered a good use of unit resources?
ii. Compliance Review –Is the expenditure consistent with relevant policies of the University, donor intent, or sponsor guidelines? It is important to note that University policy must be met at a minimum even if the donor intent or sponsor guidelines (e.g., OMB Uniform Guidance [formerly Circular A-21]) allow a more lenient approach. Specifically, policies are the presiding determinant over all other guidance unless donor or sponsor policies are stricter.
b. Individuals who authorize commitments must be aware of the relevant policies, including donor intent and sponsor guidelines that guide expenditure decisions.
c. In organizational structures where one individual may not be in a position to review both aspects of appropriateness as defined above, a two-step approval process may be necessary. In such cases, the roles of each approver should be clearly defined and documented. No financial activities should occur that cannot successfully pass both management and compliance review. Individuals should not approve their own expenses or expenses of a person to whom they functionally or administratively report.
d. No one individual should control a financial transaction from start to finish. This point is discussed in more detail in Section IV of this SPG.
C. Financial Review
Individuals with delegated budgetary responsibility should regularly review budget versus actual activity and be aware that any budget variances need to be adequately explained. Financial reviews should include the identification of budget variances, fund balances, and the review of financial activity to ensure all financial activity is appropriate and correct.
This process begins with reconciling the financial statements of activity (SOA) and includes verifying that required approvals were obtained and confirming adequate documentation exists to support each financial transaction. This task is performed on an exception basis by the Shared Service Center for in-scope units for certain types of transactions. The financial review process also includes review of standard management reports that focus on activity levels and unusual trends. Management reports should be reviewed with unit leadership on a regular basis. See Appendix for more details regarding departmental responsibilities for financial review.
Although individual units may use supplemental systems to monitor selected unit trends and activities, financial review is necessary to validate that the University’s centrally maintained financial data is complete and accurate. The integrity of the financial data maintained in the University’s central enterprise-wide M-Pathways system, including the accuracy of revenue and expenditure functional classification, is critical for University-wide reporting, including consolidated financial reporting and state and federal regulatory filings. Departments should not duplicate data in M-Pathways, (which is the system of record) and centrally provided management reports (which are a representation of the system of record). It is critical to fully reconcile any supplemental system financial data maintained by departments to the financial data in the central M-Pathways system.
D. Internal Controls and Management Responsibilities
1. All managers, from the unit level to the President of the University, should use internal controls to help assure that units operate according to a plan.
Most internal controls can be classified as preventive or detective. Preventive controls, which are generally more efficient, are designed to discourage errors or irregularities (e.g., requiring supervisory sign-off before an item is purchased). Detective controls are designed to identify errors or irregularities after they have occurred (e.g., reconciling financial statements of activity to ensure charges are appropriate and correct). The existence of detective controls can also serve to prevent irregularities. For example, an individual tempted to inappropriately use departmental funds may be deterred by the knowledge that financial statements and management reports are regularly reviewed. Through careful design and documentation, the system of internal controls can help units operate more efficiently and effectively as well as provide a reasonable level of assurance that the processes and products for which managers are responsible are adequately protected.
2. All managers are responsible for ensuring that internal controls are established, documented, and functioning to achieve the mission and objectives of their units. Adequate internal controls allow managers to delegate responsibilities with reasonable assurance that their expectations are met.
3. Management responsibilities include consideration of effectiveness and efficiency, compliance with laws and regulations and accuracy in reporting. Effectiveness measures if a unit achieves its objectives. Efficiency measures how well managers make use of available resources in achieving these objectives. While achieving the unit’s objectives, managers must also comply with applicable policies, regulations, and laws.
4. In order to make sound decisions and comply with oversight requirements, managers must receive accurate information and reports. Internal controls are a coordinated set of policies and procedures used by managers to ensure that units operate efficiently and effectively in conformance with applicable policies, regulations, and laws.
5. University Audits includes fiscal responsibility reviews in the annual Internal Audit Plan. Each year, several units are selected for comprehensive audits of internal controls related to fiscal processes. This includes but is not limited to payroll, purchasing, cash handling, and grant management. During a fiscal responsibility audit, the auditor identifies control weaknesses the unit should have identified during its preparation of the annual gap analysis, if applicable. Audits are designed to point out where management should focus resources to improve the control environment and reduce the risk of something going wrong. University Audits is available to give advice; however, the decision for appropriate oversight and control is the responsibility of management.
IV. Financial Oversight Responsibilities by Level
Fiscal responsibilities are distributed throughout the University, which has a large and highly decentralized environment. The organization structure, in particular the administrative structure, establishes many of the roles and responsibilities for financial management. Financial controls are strengthened when separation of duties exists. Financial controls are weakened when one person handles a financial transaction from start to finish. The adequate separation of duties requirement is essential in order to maintain an appropriate system of checks and balances.
The administrative capacity of a unit to manage its financial activities (e.g., budgeting, transaction processing, financial review, and internal controls) needs to be assessed primarily by the major operating division of which they are a part. For example, as fiscal responsibilities emerge in Principal Investigators’ (PI) roles, a PI’s department should determine how the financial aspects of the work associated with his/her projects will be done (e.g., which duties are the responsibility of project staff vs. departmental staff). Departments must ensure that adequate separation of duties exists. The PI is responsible for sufficiently reviewing the work of others, including oversight of financial matters, in order to provide a reasonable level of assurance that the work is being performed properly and on a timely basis.
Levels for financial management responsibilities are codified within the University’s administrative (M- Pathways) systems. A coding scheme is utilized that defines the administrative structure for purposes of management oversight and control. Existing code names, with some examples of organizations within each level in brackets, are shown below:
A. University Level [Appointing Department Group VP Area]
1. Executive Officers
B. Major Operating Unit Level [Appointing Department Group]
2. Auxiliary Units
3. Administrative Units
C. Department Level [Appointing Department ID]
1. Academic Departments
2. Functional Departments
D. Project Director/Principal Investigator Level (does not apply to co-PIs)
E. Individual Level (Faculty and Staff)
Review of management reports to identify outliers and trends is an important part of the internal control process. Many management reports are available through the data warehouse and M-Reports for unit management to use in monitoring financial trends. These reports are important to not only identify and correct specific transactions, but also to address the root cause. A list of reports that should be reviewed, at a minimum, for each business process for various levels of financial oversight is available at the following website: http://www.mais.umich.edu/reporting/download/fin_top_reports.xls
V. Role of Individual Faculty and Staff with Financial Responsibilities
As indicated in Section IV, fiscal responsibilities are distributed throughout the University, which is large and decentralized. The organization structure, in particular the administrative structure, establishes many of the roles and responsibilities for financial management. While an individual’s responsibilities are partially determined based on the level in the organization in which he/she works, certain roles exist at all levels. These roles include:
• Executive Management
• Financial Management
• Faculty and Staff with Delegated Financial Authority (including Project Directors and Principal Investigators)
A. Executive Management
Individuals who hold executive management positions (including deans, directors, vice presidents, the provost, and the president) inherently come with the responsibility for the financial activity occurring in each of their units. These individuals are typically charged with much broader responsibilities and utilize budgeting and financial management to plan and monitor activities for their areas. Since members of executive management are ultimately responsible for the fiscal integrity of their organizations, this role must provide leadership, oversight, and management philosophy to ensure that all funds are spent and managed according to the goals, objectives, and mission of their organization.
B. Financial Management
Individuals who hold positions with an oversight role for financial activity typically report to the head of the unit. These individuals (including Department Administrative Managers, Business Managers, and Budget Administrative Group Managers) provide oversight on how funds are spent and managed, including ensuring that funds are budgeted. Duties include:
1. Ensuring funds are handled in accordance with relevant fiscal policies (e.g., that funds are spent appropriately in compliance with University policy, as well as the sponsor, donor, or federal guidelines)
2. Verifying that chartfields are consistently and accurately utilized to record financial transactions and ensure appropriate approvers are in place
3. Developing and documenting processes and ensuring that internal controls are in place
4. Confirming that financial activity has been reconciled to the central M-Pathways system on a regular basis
Expenditures should be managed in conformity with the original budget or, where new circumstances require the use of resources that differ from the original plan, the deviation should be clearly explained and a plan developed to financially support these changes. Since rebudgeting processes and budget variance explanation requirements can differ by unit and type of fund, units should clearly define this aspect of their financial operations.
The consistent and accurate use of chartfield values is critical to the University’s financial reporting at all levels, ranging from the overall University perspective to a project grant. Chartfields represent a series of individual values, which, in a sequence, describe a specific activity. Chartfields include values for fund, department ID, program, project/grant, class (function – e.g. instruction, research, academic support), and account (object – e.g. salaries, benefits, equipment). Reference the related sections in the Appendix to this SPG for additional information.
C. Faculty and Staff with Delegated Financial Authority (including Project Directors and Principal Investigators)
Individuals who are assigned responsibility for any financial activity (including Project Directors, Principal Investigators, Unit Liaisons, and Administrative Associates) should clearly understand the financial authority that accompanies this responsibility (e.g., budget, level of authority to make expenditure decisions, etc.). In most cases, this financial authority is granted to an individual who is assigned one of the following two roles: 1) the role of a Project Director (which is assigned to every project/grant within the University) or 2) the role of Department Manager (which is typically assigned to all chartfield combinations without a project/grant or a project director) or an appropriate delegate.
The sponsored project environment deserves special mention since this environment places the responsibility for financial management in the hands of many faculty who are not heads of units or in executive management positions. A Principal Investigator (PI) role is typically associated with grants and contracts awarded to the University by external sponsors (e.g., the federal government). While a sponsored project may have several co-investigators, there is only one investigator assigned the PI role and the University designates that individual as the Project Director. The PI is the individual with the ultimate responsibility for the administrative and programmatic aspects of the project including ensuring funds are spent in accordance with University and sponsor guidelines. PIs should partner with Research Administrators to ensure financial activity is reviewed for appropriateness and accuracy in a timely manner to assess spending levels to date, accuracy of personnel appointments and impact of future projections.
As all sponsored agreements are formally awarded to the Regents of the University, PIs are always acting as an agent of the University. They may not, however, enter into any agreement themselves. The Office of Contract Administration has the delegated authority to sign sponsored agreements on behalf of the University and does so after approval by the Office of Research and Sponsored Projects (ORSP). ORSP, in turn, works with deans and department chairs or unit directors, who collectively represent the university’s interests to approve the project,
Role of the Shared Services Center
The Shared Services Center is responsible for reconciling exception-based transactions in a timely manner for in-scope units and partnering with departments and other central offices to ensure these exception transactions are accurate and that the existing documentation is available. See Appendix for more details.