Title: OACR audit focus
Full Citation
Permanent Link: http://ufdc.ufl.edu/UF00087344/00027
 Material Information
Title: OACR audit focus
Physical Description: Serial
Language: English
Creator: Office of Audit & Compliance Review, University of Florida
Publisher: Office of Audit & Compliance Review
Place of Publication: Gainesville, Fla.
Publication Date: May 2009
 Record Information
Bibliographic ID: UF00087344
Volume ID: VID00027
Source Institution: University of Florida
Holding Location: University of Florida
Rights Management: All rights reserved by the source institution and holding location.


This item has the following downloads:

May%202009 ( PDF )

Full Text


.R Audit Focus

A quarterly newsletter from the Office of
Audit & Compliance Review

Brian Mikell, Chief Audit Executive

Access Request System for Aggc aton

Inside this issue:

We're on the \Veb at:

Does your department have an infor-
mation technology software applica-
tion used by a variety of campus
employees? Have you had trouble
finding out when those employees
have left the university or changed

UF Bridges has developed a solution
to help streamline and manage user
access requests to include legacy
and other applications, in addition
to roles requested through the
myUFL Access Request System (ARS).

Legacy and non-myUFL applications
can be added to the Access Request
System by Department Security Ad-
ministrators. Requests will be
routed to a designated approval
group that consists of one or more
individuals appointed to approve
access to the service. Once ap-
proved, the implementation options
can be manual or based on Active
Directory roles automatically popu-
lated by the ARS system.

The benefits of using ARS include an
automated and consolidated access
request process, notification of the
request itself, and documentation of
both the request and approval.

Additionally, when users are termi-
nated or change jobs within the uni-
versity, automatic notifications will
be sent to system security staff to
let them know that access in the sys-
tem should be removed. Access re-
moval or disabling the user's access
must then be manually performed
unless implemented through the Ac-
tive Directory interface. ARS will
assist with compliance to ensure
that access is limited to authorized

If you are interested in setting up
your legacy or non-myUFL applica-
tion through ARS, please contact
Warren Curry, Associate Director, UF
Bridges at whcurrv@ufl.edu or 273-


Unit Cas CletosI

O^fflJI of, Audit&

Ciompliance iReiew T
903Wet nierit
Avenue Roo 217'

Finance and Accounting Directives
and Procedures provide guidelines
for the handling of cash collections.
A recent audit of collection proce-
dures at various campus units indi-
cated that unit practices were not
always aligned with university direc-
tives. Below are some reminders for
handling and monitoring collec-

* Internal unit collection records
should be reconciled to the gen-
eral ledger using reports found
in the new departmental reports
in Enterprise Reporting, and not
just to the commitment control
reports. Reconciliations and
management review of the recon-
ciliation should be documented.
* Job duties should be properly
segregated so that no single em-
ployee has complete control over

Rest e Dt T

Restricted data is data which if dis-
closed to unauthorized users, may
have very significant adverse oper-
rational or strategic impact on an
individual, a group or institution.
Examples include, but are not lim-
ited to, social security numbers
credit card numbers, bank account
numbers, driver's license numbers,
student grades, and medical re-
cords. University of Florida IT stan-
dards require anyone with access to
restricted data to attend university
sanctioned data protection training
and to agree to comply with univer-
sity data protection requirements.

Cyber Safeguards for UF Restricted
Data, is provided twice a year by

the UF IT Security Team through
myUFL training. To accommodate in-
creased demand due to the new stan-
dards, an online version of the course
is being developed and expected to be
available by Fall 2009.

Additionally, UF's Identity Theft Pre-
vention Program requires employees
who have access to social security
numbers to complete SSN Privacy
Training which is available on the UF
Privacy office website,
www.privacv.ufl.edu. HIPAA training
for employees with access to pro-
tected health information (PHI) and
FERPA training for employees with ac-
cess to student records is also avail-
able on the Privacy website.

the collections process of receiv-
ing, recording, depositing and rec-
onciling collections.
* Collection logs should document
the date of receipt, check date,
check number, amount and payor.
Electronic check logs should be
password protected to prevent
changes by other employees in-
volved in the collections process.
* Transfers of collections between
employees should be documented.
This would include the transfer of
collections to the person deliver-
ing deposits to the Cashier's Of-

For additional information on collec-
tion procedures, please see section
1.4.11 of the Finance and Accounting
Directives and Procedures website:
handbook.asp?doc= 1.4.11

University of Florida Home Page
© 2004 - 2010 University of Florida George A. Smathers Libraries.
All rights reserved.

Acceptable Use, Copyright, and Disclaimer Statement
Last updated October 10, 2010 - - mvs