1104 PR.01 Signature Authority, Delegation of Approval Authority and Access for Financial Transactions

Revision Date: 
April 19, 2016

1 – Delegation of Approval Authority

Financial Transaction Approval Authority

Authority to approve expenditure documents and other financial transactions may be delegated by department business managers, if allowed, to other qualified employees within the business office to improve operational efficiency. Qualified candidates for delegation of approval authority are regular employees of the University that are:

  • adequately trained and certified in the responsibilities assigned to them and
  • competent and skilled in their respective areas of responsibility.

Delegation of authority should be limited to the minimum number of designees needed to support the operations of the department and delegated to the appropriate levels.

Segregation of Duties  

Adequate segregation of duties is critical to an effective internal control environment. Segregation of duties provides necessary checks and balances to deter fraud, detect errors and prevent concealment of irregularities.

In general, the approval function, the accounting/reconciling function, and the asset custody function should be separated among employees. When these functions cannot be separated, a detailed supervisory review of related activities is required as a compensating control activity.

Some examples of segregation of duties are:

  • The Initiator and the Approver cannot be the same individual (except in cases where self-approval limits apply).
  • The Preparer can be the same individual as the Initiator or the Approver.
  • The person who maintains and reconciles accounting reports should not be able to authorize purchases or payments.
  • When separation of duties is not possible, as in the example of self-approved SciQuest orders and Expense Reports under $200, compensating control activities are required.  In this example the Activity Review Report is used to monitor these transactions,

2 – Accountability

Overall Responsibility

All individuals – whether dean or faculty member, business manager or other staff – of Yale University are expected to adhere to the Standards of Business Conduct in all dealings inside and outside of the University. As an Initiator, Preparer or Approver you have the following responsibilities;

Initiator

Has first-hand knowledge of how the expense benefits the account charged, is appropriate and allowable based on the funding source. Has reasonable assurance funds are available.  Initiators may need to consult their business support office if they are unsure.

For sponsored awards, Initiators other than the Principle Investigator must be authorized by the Principle Investigator to initiate transactions on the account.  The authorization must be documented in the award file. Departments may use form 1310 FR.05 Delegation of Initiator Authority for Sponsored Projects. Initiators assure that the expense is allowable per sponsor policies and the terms and conditions of the account (if applicable), and is consistent with University policy.

Preparer

Provides appropriate documentation for transactions. Verifies that transaction contains appropriate and complete transaction information and description (WHO, WHAT, WHERE, WHEN & WHY) and provides valid and appropriate account(s).

Approver

Approves transactions and ensure compliance as follows:

Confirm compliance with University and sponsor policies, and terms and conditions of the account (if applicable). Confirm availability of funds, and appropriateness of accounting information and source of funds and review basic transaction information to ensure it is appropriate, reasonable, and complete. Verify delegated authorities.

Online System Accountability

University employees with online responsibilities are held accountable for any inappropriate transactions or access, and inappropriate use of University information. Users are responsible for maintaining the security of NetIDs, system logon IDs and passwords. Information is to be kept confidential and to be shared only with authorized employees. Employees will be assigned unique NetIDs, which are not to be shared.

Consult Policy 1601 Information Security and Access for a more detailed discussion.

3 – Improper Transactions

An employee of the University must not knowingly prepare or approve a business transaction that is incorrect, inappropriate, fraudulent or in violation of University policy or governmental law should not grant inappropriate system access to any unauthorized person.

Reporting Fraudulent Activities

If an employee discovers or suspects fraudulent activity, they must report such activity to the Director of University Auditing and to a supervisor, Dean, the Controller, or the Office of the Vice President and General Counsel, depending upon the nature of the violation. Also they may call the Yale University Hotline (877-360-9253) to report a concern.

4 – Quality Assurance

Departments must maintain copies of signed Financial Management Checklists (until central electronic filing is available) and annual Controls and Business Process Questionnaires indicating compliance with the policy.

5 – Delegation Approval Limits/Responsibilities

When delegating authority it is best practice to give authority at the highest level appropriate for the individual throughout the department. If an employee is delegated multiple responsibilities, they should be at the highest level across those responsibilities for that department or organization.

University Office or Department

Approval and Documentation of Transactions

Yale Corporation

  • The Yale Corporation By-Laws provide signature authority to the President and Vice President for Finance and Business Operations

The President and Vice President for Finance and Business Operations

  • Has the power to delegate to one or more subordinate officials or, with the approval of the President and when appropriate to the duties and responsibilities of such individual, to another officer or to officials subordinate to another officer, any or all of the powers mentioned in the Yale Corporation By-Laws. Some delegation may be subject to approval by the Committee on Finance.

Provost

  • Subject to the authority of the President, the Provost shall prepare the operating and capital budgets of the University on the basis of the estimated operating income and capital receipts furnished by the Vice President for Finance and Business Operations and may further delegate to Deans, Directors and Chairs.

Controller’s Office

  • Review Termination status subsequent to June 30 each year
  • Review University-wide access and the Benefits Organization

Lead Administrators

  • Retain accountability and responsibility for the delegated transactions.
  • Carefully evaluate the delegation of approval authority to other employees.
  • Required annual review at fiscal year-end.
  • Periodically review EMS Approvers (BUG112a – Expense Report Approver with Approver Limits Pivot), SciQuest Approver Pivot, as well as Disbursement Approver department limits.
  • Evaluate risk
  • Place limits as appropriate on dollar level and types of transactions
  • Review access of employees within your department that may have access to information outside of your department.

Business Service Center

  • Responsibilities, among other things, are defined by standard partnership agreements that are established for each client unit and generally include the following:
  • Retain accountability and responsibility for the delegated transactions.
  • Carefully evaluate the delegation of approval authority to other employees.
  • Required annual review at fiscal year-end.
  • Periodically review EMS Approvers (BUG112a - Expense Report Approvers with Approval Limits Pivot
  • Evaluate risk
  • Place limits as appropriate on dollar level and types of transactions

Training Access Coordinators (TAC’s)

TAC’s review and approve Oracle training and access requests as follows:

  • Receive e-mail notifications of pending requests for which approval is required. The notification includes a link to the Xtrain web site
  • Log on and review pending requests, as specified below, approve or reject
  • If TAC is not business manager, must have written documentation of authority to grant access request.
  • If University-level access to the Data Warehouse is requested (View all Financial Information, View All Balance-Level Financial Information), the TAC must also complete the on-line Data Warehouse University Wide Access Request form

Initiator

  • Has first-hand knowledge of how the expense benefits the account charged, is appropriate and allowable based on the funding source.
  • Has reasonable assurance funds are available. Initiators may need to consult their business support office if they are unsure.
  • For sponsored agreements, Initiators other than the Principle Investigator must be authorized by the Principle Investigator to initiate transactions on the account. The authorization must be documented in the award file. Departments may use form 1310 FR.05 Delegation of Initiator Authority for Sponsored Projects.
  • Initiators assure that the expense is allowable per sponsor policies and the terms and conditions of the account (if applicable), and is consistent with University policy.

Preparer

  • Places the order for goods and services on direction of the initiator
  • Provides appropriate documentation for transactions.
  • Verifies that transaction contains appropriate and complete transaction information and description (WHO, WHAT, WHERE, WHEN & WHY)
  • Provides valid and appropriate account(s).

Approver

  • Confirm compliance with University and sponsor policies, and terms and conditions of the account (if applicable).
  • Confirm availability of funds, and appropriateness of accounting information and source of funds and
  • Review basic transaction information to ensure it is appropriate, reasonable, and complete.
  • Verifies through inquiry or has direct knowledge that the goods were received or the service was performed.
  • Verify delegated authorities.

6 – Delegated Authority and Access Review and Maintenance

Review

Good judgment and common sense are the guiding principles for performing an efficient and effective financial review of transaction activities.  On a monthly basis lead administrators, regional offices or the BSC should use the Financial Management Checklist as a minimum guide to ensure that all required monthly financial review of approved transactions is completed in an efficient and effective manner and to ensure that their designees are exercising delegated authority responsibly and appropriately.  Lead administrators must be satisfied that each designee has either documentation or specific knowledge to confirm that the transaction is:

  • accurate,
  • valid,
  • complete, and
  • in accordance with relevant financial, legal, and contractual requirements.

If the lead administrator is not satisfied that the above conditions have been consistently met, the employee’s approval authority should be revoked.

Appendices

The following Appendices include the applications that departments should review to verify delegation of authority and access to financial transactions.

  • Appendix A – Alphabetical glossary of job functions found in Access Review Report, the majority are accessed through START
  • Appendix B – BMS Web Security and Menu Access Review Reports
  • Appendix C – Other University and Medical School significant applications. See Comment and Contact fields for access information.

Ongoing Department Maintenance

Whenever there is a new hire, change in position, grade, function, termination, and transfer out/in, then you are required to review the following:

  • High-Risk Access & Approval (Access Review Report, High Risk Summary Report)
  • View Access by Person (Access Review Report, Financial Access Review)
    • See Appendix A
    • If employees in your home organization have access outside of the department, contact outside departments to confirm access/responsibility is appropriate.
  • If the Medical School is involved – BMS Web Security and Menu Access Review Reports
    • See Appendix B
  • Contact Process owners for other systems/approvals not included above.
    • See Appendix C
    • Refer to the prior year’s list supplied by the process owner and update as employee’s access changes.
  • Signature on Management Review Checklist attests to the completion of required maintenance.

Documentation:

  • Maintain the documentation initiating access or changing access (i.e. email, fax, departmental form) for seven years.
  • If Disbursement Approver limits vary within a department, then the OK2Pay Internal Approvers Limits Template in the Access Review Report must be completed and retained for seven years.
  • Keep chronologically

Annual Maintenance (Overall Review of Access and Responsibilities)

Department/Organization

An annual review and update of access and responsibilities at fiscal year-end using the following reports is required.

  • High-Risk Access and Approval (Access Review Report; High Risk Summary Report)
  • View Access by Person (Access Review Report; Financial Access Review Reports)
    • See Appendix A
    • If employees in your home organization have access outside of the department, contact outside departments to confirm access/responsibility is appropriate.
  • View Access for High-Risk Employees (Casuals/Consultants/Associates, Students, those on leave, and terminated employees)
  • If the Medical School is involved – Medical School Application Inventory
    • See Appendix B
  • Respond to process owners for other systems/approvals checklists with any changes.
    • See Appendix C
  • Sign the annual Controls and Business Process Questionnaire acknowledging completion of this annual review.

Process owners of systems in Appendix C (Other Significant Applications)

Process owners for other systems/approvals in Appendix C will review and correct or provide departments with list of system access and approvals for review and update each year in the month of June. Those lists should be kept throughout the year and updated as employees access changes.

Note:  Organizational Access Report is available in START to view employees outside your department that have access to your department