University of Pittsburgh

Common Audit Findings

Findings usually identify a problem related to non-compliance with University policies and procedures, governmental regulations, operating efficiencies or an improvement from an overall business perspective. Common audit findings include:

Improper Segregation of Duties Segregation of duties is a type of internal control created to prevent or reduce the occurence of omissive errors or fraud. No single employee should have complete control over all components of a transaction. This concept can be broken down into four categories: authorization, custody, record keeping and reconciliation. A separate individual should be in charge of each aspect of this process, eliminating exclusive control over the asset.

Inadequate Review of Procurement Card Purchases Procurement cards are issued as an effort to reduce costs on large volumes of small dollar purchases, reduce delivery time and eliminate order forms. This policy prohibits the purchase of certain items such as alcohol, gifts, hazardous materials, hotels, weapons, etc. It is essential that receipts are reconciled to statements on a monthly basis by the cardholder and the cardholder's supervisor.

Inadequate Cash Controls Because cash is a very liquid asset, strong controls are critical. Cash should never be left unsecured, and only certain qualified individuals should be granted access to registers, safes and cash boxes. Cash-on-hand should be deposited on a daily basis when receipts exceed $250 or otherwise weekly.

Unallowable Expenditures on Grants Uniform Guidance outlines expenses that are allowable and unallowable using funds from federal grants and contracts. Each expenditure must be reasonable, allowable, allocable, and consistently accounted for.

Refer to University Guidelines on Allowability of Costs

Untimely Cost Transfer for Sponsored Projects

Under University Policy, cost transfers must be processed within ninety days from the date of expenditure. If unallowable expenses exist, they must be removed from the sponsored project regardless of untimeliness.

Inadequate Security of Electronic Sensitive Data

Proper internal controls must be in place to safeguard all personally identifiable data. Unnecessary sensitive data should be properly destroyed regularly.

Cathedral Images