The Iowa Auditor’s Office, which serves the citizens of Iowa as the Taxpayer’s Watchdog” and helps ensure that public institutions are open and accountable to the citizens, released a report on the University of Iowa last week that found a few problems with the school’s finances and its data-protection systems.
The audit offered potential solutions for these issues, and the university’s planned response to each problem, though the Office of the Auditor did not accept all of the university’s responses. Although the university has hastened to heed recommendations from previous reports, the university still needs to do more in order to fully address the concerns raised in this year’s report.
According to the report, the university incorrectly made 309 payroll overpayments totaling $805,095 during the fiscal year that ended June 30, 2012. This was an increase of $159,354 over fiscal 2011. Overpayments usually occur when electronic forms reflecting changes in employment status are not filed in a timely manner.
The report suggested that the university work with employing departments to ensure the proper electronic forms are submitted on a timely basis to help monitor the correct payment of salaries and wages and reduce overpayments.
The university responded to the audit by stating that most of its overpayments are “promptly collected” and that the report’s recommendations for fiscal 2010 — the first report in which overpayments came up as an issue — were received too late for the university to implement corrective measures that could have affected fiscal 2011. The university reports that overpayments have been reduced by 60 percent since fiscal 2011.
Major initiatives such as the creation of an Overpayment Task Force Committee to develop and vet a list of possible action items have been undertaken by the university to reduce the number of overpayments.
The audit also found that not all of the school’s accounts were reviewed according to university policy, which requires monthly review of all transactions. Additionally, not all journal entries made by Accounting and Financial Reporting during the financial-reporting process were sufficiently reviewed by an independent person.
The report suggested that the university should ensure transactions are reviewed in accordance with university policy. The university responded to this recommendation saying that the Controller’s Office regularly communicates with college and departmental staff and emphasizes the importance of reconciling and reviewing transactions in a timely manner.
According to the university, budget officers are reminded in person and via email throughout the year to work with their department administrators, account owners, and account reviewers to reconcile their accounts. Training courses are also offered by central administration to reinforce the importance of reconciling accounts.
The State Auditor’s Office accepted the university’s responses to both of the above issues. However, the office did not accept the response to the final recommendation for stronger data encryption, which helps to protect sensitive information by making data unintelligible to unauthorized users.
According to the report, encryption software has not been installed on all laptop computers and portable storage devices that could store sensitive information. The university has had policies since 2006 requiring encryption on of high sensitivity data, but the report strongly suggests that the university policies be strengthened to ensure all portable devices are encrypted rather than rely on individual users to protect their information.
The university should take the appropriate steps to remedy the few problems identified in the audit.