Provide a brief description of the transaction cycle. The key internal control and/or operational risks, are summarized below:
Risk | Existing Control Processes | Control Risk Value | Operational Risk |
After The Fact Pos: Risk of injury by service providers could result in a lawsuit when insurance is not requested upfront; risk of commitment to outside vendors that is inappropriate and circumventing University pricing agreements occur when PO is issued after business activity occurs. | Training, notification letter to staff impacting, and KFS PO/payment request approval process. Review of all After the Fact POs on quarterly basis. University is changing process to notify senior management of violations. The University is changing the process for notifying senior management of violations. There are no consequences to individuals. | Moderate | High |
Units signing contracts: Risk is increased when contracts are signed by individuals who do not have transaction authority (sits with Procurement Services only unless delegated authority specifically granted in an MOU). (See After the Fact POs) | University policy, training to staff telling them not to sign vendor contracts. No transaction authority to do so. | Moderate | Moderate |