Policy

The College will provide a discretionary fund per contract to the President on an annual basis of up to $15,000 per year for miscellaneous expenses so long as they adhere to state purchasing regulations. Any change to the amount of the fund will be done in consultation with the Executive/Judicial Committee of the Board of Trustees and, as needed, shall be reflected in future iterations of this policy.

Reason for Policy

Sets forth policy regarding the President’s Discretionary Fund.

To Whom Does The Policy Apply

President of the College.

Related Documents

None.

Contacts

Office of the President
(201) 684-7610

Policy

The College will comply with the requirements imposed by federal tax law in order to maintain the tax-exempt status of tax-exempt bonds. The Post-Issuance Tax Exempt Bond Compliance procedure sets forth methodology for ensuring continued post-issuance compliance with Internal Revenue Service (IRS) requirements. The procedure explains the guidelines and practices the College will follow to remain in compliance with the rules relating to tax-exempt bonds.

Reason for Policy

Ramapo College of New Jersey has post-issuance compliance obligations because it finances a portion of its capital needs through the issuance of tax-exempt bonds and receives funding for certain projects and equipment through grants made from proceeds of bonds (referred to as State-Backed Bonds) issued by New Jersey Educational Facilities Authority (NJEFA). The College must satisfy requirements imposed by federal tax law in order to maintain tax-exempt status of these bonds.

To Whom Does The Policy Apply

VPAF, Business Services, Budget, Capital Planning and Construction and Facilities

Related Documents

Procedures

Contacts

Vice President for Administration and Finance
(201) 684-7621

Policy

It is the policy of the College to protect and preserve both the financial and physical assets of the College from fortuitous loss, and to provide students, employees, trustees and members of the general public with a safe and secure environment, all in a cost-effective manner. The College will take steps to identify potential sources of loss, and will prevent, reduce, mitigate and protect against loss through proactive programs, risk transfer and procurement of appropriate insurance coverage for expenses not covered by the State of New Jersey’s Risk Management program and the Tort Claims Act. (Under the State of New Jersey’s Tort Claims Act, the College and its employees are indemnified and defended by the State for tort liability, including directors’ and officers’ coverage, professional liability and medical malpractice.)

Reason for Policy

To set forth policies and procedures that protect and preserve both the financial and physical assets of the College from loss.

To Whom Does The Policy Apply

Ramapo College students, employees, trustees and members of the general public

Related Documents

NJ Tort Claims Act – NJSA 59:13-1 et seq.
NJ Workers Compensation Act – NJSA 34:15-1 et seq.

Contacts

Controller & Assistant Treasurer
(201) 684-7494

The College will purchase insurance in such amounts and in specific areas as will provide adequate coverage against catastrophic loss where required by law or contractual agreement and when the degree of loss dictates the appropriateness of purchasing applicable insurance coverage.

Examples of such coverage include:

1. property insurance for buildings and contents as appropriate and financially feasible;
2. fidelity coverage;
3. accident coverage to safeguard students participating in intercollegiate athletics.

Consistent with the objective of protecting persons and protecting and preserving assets in a cost-effective manner, the College participates in the joint risk management program with the other eight state colleges and universities.

The College self-insures for workers’ compensation and first party auto comprehensive and collision losses, but may purchase excess coverage where appropriate as part of the College’s annual operating budget.

Policy

The College is committed to building and maintaining reserves in fund balances available for operational emergencies, contingency funding, critical needs, and for capital projects, including new construction.

Any drawdown of reserves must be authorized in advance by the Board of Trustees upon recommendation by the Finance Committee except in the case of emergency. In emergency circumstances, the president may approve a drawdown of reserves upon written request by the chief planning officer, and will advise and request approval of the Finance Committee and the full Board of such drawdown of reserves at the next regular meeting. The College plans to maintain unrestricted reserves in the fund balances of approximately 10% of the annual budget for Educational and General expenditures.

Reason for Policy

Sets forth policy and procedures for the use and drawdown of reserve funds.

To Whom Does The Policy Apply

President, Vice Presidents, Associate Vice President for Budget & Fiscal Affairs, Controller

Related Documents

None

Contacts

Chief Planning Officer
(201) 684-7620

Policy

Ramapo College will have an Investment Policy. 

Reason for Policy

This policy establishes guidelines and a prudent framework for achieving reasonable returns on Ramapo College of New Jersey (the College) investment accounts while safeguarding principal. These investment accounts are for cash not needed for immediate operations.

To Whom Does the Policy Apply 

Finance Committee of the Board of Trustees, Vice President for Administration and Finance, Controller, Investment Manager(s)

Related Documents

None

Contacts

Vice President for Administration and Finance 

The purpose  of this Investment  Policy is to establish  policies  and guidelines  related to the investment  objectives  for the Ramapo College  of New Jersey (the College) investment  accounts.  These investment accounts are for cash not needed for immediate operations.  Cash balances of the College accumulate during periods of the year due to the cyclical business cycle inherent to higher education and this policy is intended to create a prudent framework for achieving reasonable returns on its assets while safeguarding principal.

Authority

New Jersey Statute 18A:3B-6 Powers, duties of governing boards of institutions of higher education.

This policy does not cover the endowment funds.

Responsibilities and Roles

1. Finance Committee of the Board of Trustees
2. Approve the Investment Policy and any revisions thereto, and review the policy annually.
3. Receive and review investment reports, at least annually, and provide feedback to administration.
4. Approve the selection of the investment manager(s) as recommended by the Vice President for Administration and Finance.

Vice President for Administration and Finance

1. Recommend revisions to the Investment Policy, and present for review annually to the Finance Committee.
2. Approve the investment plan for each fiscal year.
3. Assess on an annual basis, or as dictated by the market, the request of the Finance Committee, or changed College requirements, the need to rebalance the investment mix.
4. Recommend for approval the investment manager(s) of the portfolio for the Finance Committee approval, if determined necessary.
5. Provide oversight for investments, review the results of the portfolio against the benchmarks established and relevant market indexes, and ensure the assets are invested according to this
6. Provide summary performance results and status of the investment portfolio to the Finance Committee as requested, or at least

Controller

1. Maintain the cash flow analyses that assess cash flow needs for each level of investment segment on a monthly basis.
2. Monitor the portfolio for compliance with this policy.
3. Ensure that investment manager(s) meet the deliverable responsibilities.
4. Reconcile reports of investment manager(s) and the general ledger, and generate monthly reports regarding portfolio performance and compliance.

Investment Manager(s)

1. Invest assets according to the goals and outcomes presented and approved at time of investment.
2. Optimize investment return and growth of the College’s assets within the guidelines of this policy.
3. Meet with the Vice President for Administration and Finance or a designee no less than quarterly and be available for regular telephone contact.
4. Monthly, provide statements of transactions along with historical cost and market valuation of portfolio assets, as well as any other information requested by the Vice President for Administration and Finance or Controller.
5. Quarterly, provide (a) a review of performance, net of fees, relative to an appropriate index agreed to by the Vice President for Administration and Finance; and (b) the performance results as compared to established benchmarks.

Competitive Selection of Investment Manager(s)

The College may choose to hire an investment manager(s) through a competitive bidding process.  The offer that most closely mirrors the guidelines established within this policy will have highest priority.  The investment manager(s) selected will provide the highest rate of return, net of fees, within the required time to maturity, while creating economic stability. Consideration will be given to historical performance and fee structure during the selection process. The Vice President for Administration and Finance will have authority to select the investment manager(s), with the approval of the Finance Committee.

Investment Objectives and Portfolio Descriptions

The overall investment objective is to maintain appropriate liquidity for day-to-day operational and capital disbursements, and conservatively optimize earnings on excess cash.

Diversification as to liquidity, maturity, market, and risk will be achieved by structuring the portfolio in three segments: operating cash – short-term, intermediate-term and long-term investments, with the following parameters specified for each segment:

Operating Cash – Short-term

Operating cash represents the College’s operating needs to cover payroll and vendor obligations on a daily and weekly basis.  This will be invested in highly liquid interest bearing accounts to cover checks drawn, and the focus will be only on maintaining principal. This segment shall have a minimum balance of $10 million, and target 10-50% of the portfolio.

1. Average maturity: No longer than one year
2. Benchmark: To be defined for each individual investment or fund
3. Investment objective: Liquidity and safety

Intermediate-term Investments

The intermediate-term investments represent the College’s less urgent cash needs, which could represent the scheduled debt service payments, capital needs, and strategic funding. There are no minimum balances for this segment, and the target is up to 40% of the portfolio.

1. Average maturity: For fixed income portion, no longer than five years
2. Benchmark: To be defined for each individual investment or fund
3. Investment objective: Maximize total return without undue exposure to capital risk
4. Credit/quality ratings: Investment grade or better for fixed income

Long-term Investments

The long-term investments represent the College’s reserves. The primary objective of this segment is to increase and enhance the College’s overall investment return in a prudent, conservative manner utilizing a diverse array of investment vehicles. There are no minimum balances for this segment, and the target is up to 40% of the portfolio.

1. Average maturity: For fixed income portion, no longer than ten years
2. Benchmark: To be defined for each individual investment or fund
3. Investment objective: Seek higher returns in the five to ten year markets, and maximize returns
4. Credit/quality ratings: Investment grade or better for fixed income

Investment Guidelines

Approved Instruments

1. The following fixed income instruments are considered appropriate for the investment portfolio, and a review of the rating will be made at the time of purchase and reviewed at least annually to be consistent with the College’s investment objectives:

• Obligations of the U.S. government and its agencies
• Money market instruments, repurchase agreements, commercial paper, bankers’ acceptance, certificates of deposit, and approved money market funds
• State and corporate bonds
• Floating rate securities without interest rate caps
• U.S./international indexed equity funds

Diversification

The College will diversify its investment portfolio as a way to limit certain types of risk. Investments shall be diversified as to maturities and as to the type of investment to limit the risk of loss which might result from over-concentration of assets in a specific maturity, in a specific kind of security or from an individual issuer. Any deviation from the guidelines established herein shall be allowed only with the express approval of the Vice President for Administration and Finance.

• The portfolio will not consist of more than 25 percent of total assets in the securities of issuers in any particular industry, other than United States government securities, or government agency securities. No more than 10 percent of the investments will be invested in securities (other than United States Government) of any one issuer.
• For purposes of this policy, securities of a parent company and its subsidiaries will always be combined to determine diversification levels.  Securities issued by the U.S. Treasury and U.S. government agencies are specifically exempted from these restrictions.

Restricted Investments

The portfolio shall not contain derivative instruments, the use of derivatives is prohibited within this policy.

All cash and investments must be denominated in US dollars, and no amounts can be held in foreign currency, or be subjected to currency risk.

Policy

The Office of Internal Audit shall be governed by the Internal Audit Charter as approved by the Audit Committee of the Board of Trustees.

The Audit Committee of the Board of Trustees shall annually review the Internal Audit Charter and shall receive quarterly reports on the Internal Audit Plan.

Reason for Policy

Sets forth the policy, procedures and regulations for the Internal Audit function.

To Whom Does the Policy Apply

All members of Ramapo College.

Related Documents

Internal Audit Charter

Procedure 415.1: Internal Audit

Contacts

Office of the President c/o Director of Internal Audit

Introduction

Internal Audit of Ramapo College of New Jersey is governed by the Internal Audit Charter approved by the Audit Committee of the Board of Trustees and the Policies and Procedures set herewith. Internal Audit subscribes to the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing and the Core Principles stipulated by the Institute of Internal Auditors.

Mission Statement

The mission of Internal Audit is to provide independent and objective reviews and assessments of the business activities, operations, financial systems and internal accounting controls of Ramapo College of New Jersey. Internal Audit accomplishes its mission through the conduct of operational, financial, regulatory and performance audits, selected as a result of a comprehensive risk analysis and assessment process. The risk assessment plan is reviewed and approved by the Audit Committee of the Board of Trustees and the President of Ramapo College.

Objective

Internal Audit conducts independent reviews and appraisals of the College’s procedures and operations. These reviews provide management with an independent appraisal of the various operations and systems of control. The reviews also help to ensure that College resources are used efficiently and effectively while working towards helping the College achieve its mission, as endorsed by the Board of Trustees. It is the intention of Internal Audit to perform this service with professional care and with minimal disruption to College operations.

Standards of Audit Practice

The internal audit function will conduct its activities in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing and Code of Ethics. Generally accepted auditing standards promulgated by the American Institute of Certified Public Accountants and government auditing standards issued by the United States Government Accountability Office will be referenced as appropriate.

Core Principles

Internal Audit at Ramapo College subscribes to the Core Principles stipulated by the Institute of Internal Auditors. Internal Audit will align its effectiveness with the following principles:

• Demonstrate Integrity
• Demonstrate competence and due professional care
• Be objective and free from undue influence
• Align with strategies, objectives and risks of the organization
• Is appropriately positioned and adequately resources
• Demonstrates quality and continuous improvement
• Communicate effectively
• Provide risk-based assurance
• Be insightful, proactive and future-focused
• Promote organizational improvement

Code of Ethics

Internal Audit at Ramapo College shall subscribe to the Code of Ethics established by the Institute of Internal Auditors, as well as adhere to the policies set forth by the management of the College and the State of New Jersey. In addition, Internal Audit will uphold the following:

• Integrity- Establish trust and thus provide the basis for reliance on the judgment of Internal Audit.
• Objectivity- Exhibit the highest level of professional objectivity in gathering, evaluating and communicating information about the area under examination. Make balanced assessments of all the relevant circumstances and do not become unduly influenced by individual interests or by others in forming judgments.
• Confidentiality- Respect the value and ownership of information received and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
• Competency- Apply the knowledge, skills and experience required in the performance of internal auditing services.

Standards of Conduct

Internal Audit at Ramapo College will adhere to the following standards of conduct:

• Service – Preserve a commitment to carry out all responsibilities with an attitude of service toward College members while maintaining a sincere and dignified attitude.
• Excellence – Uphold a high standard of service and a commitment to quality in performing all projects and assignments.
• Leadership – Provide noteworthy examples which emphasize high ethical and moral standards.
• Professionalism – Conduct business in a manner that reflects favorably on the College and the individual. Exercise skill, integrity, maturity and tact in all relations.

Scope of the Internal Audit Function

While carrying out its duties, Internal Audit is responsible for utilizing a systematic, disciplined approach to evaluating and improving the effectiveness of internal controls and should include the following:

• Developing and maintaining a comprehensive audit program necessary to ensure compliance with, policies and procedures necessary to safeguard College resources.
• Communicating the results of audits and reviews by preparing timely reports, including recommendations for modifications of management practices, fiscal policies and accounting procedures as warranted by audit findings.

Services Provided by Internal Audit

Internal Audit’s primary activity is to implement a program of regular audits of College business operations. The complete range of services provided by Internal Audit may also include special projects and consultations as directed by the President and the Audit Committee. Reviews performed by Internal Audit include:

• Operational Audits– Operational audits consist of critical reviews of operating processes and procedures and internal controls that mitigate area specific risks. These audits examine the use of resources to determine if they are being used in the most effective and efficient manner to fulfill the College’s mission and objectives.
• Compliance Audits– These audits determine the degree to which areas within the College adhere to mandated Federal, State and College policies and practices. Other regulatory agencies are also included within compliance audits (e.g. NCAA, EPA, OSHA, Department of Education, etc.). Recommendations usually require improvements in processes and controls used to ensure compliance with regulations.
• Financial Audits– These audits review accounting and financial transactions to determine if commitments, authorizations and the receipt and disbursement of funds are properly and accurately recorded and reported. This type of audit also determines if there are sufficient controls over cash and other assets and whether there are adequate process controls over the acquisition and use of resources. Unlike external financial audits, internal financial audits do not prepare or express professional opinions on the financial statements fairness.
• Investigative Audits– These audits are conducted to identify existing control weaknesses, assist in determining the amount of loss and recommending corrective measures to prevent additional losses. Internal Audit will also work with outside agencies to determine if misconduct occurred at Ramapo College. These types of investigations can encompass misuse of College funds or assets, fraud or potential conflicts of interest.
• Technology Audits– Technology audits are usually comprised of control reviews of disaster recovery plans, system back up procedures and the general security of data and of the physical plant. The purpose of these audits is to evaluate the accuracy, effectiveness and efficiency of the College’s electronic and information processing systems.

Professional Proficiency

The Internal Auditor has a professional obligation to schedule and attend on-going professional education forums to ensure they maintain academic proficiency and to advance professionally.

Responsibility for Detection of Errors or Irregularities

The management of the College is responsible for establishing and maintaining controls to discourage perpetuation of fraud. Internal Audit is responsible for examining and evaluating the adequacy and effectiveness of those controls. Audit procedures alone are not designed to guarantee the detection of fraud.

An error is an unintentional mistake in financial statements which includes mathematical or clerical mistakes in the underlying records and accounting data from which the financial statements or other reports are prepared, mistakes in the application of accounting principles and oversight or misinterpretation of facts that existed at the time the reports were prepared. An irregularity is an intentional distortion of financial statements or other reported data or the misappropriation of assets.

If Internal Audit believes that a material error or an irregularity exists in an area under review or in any other area of the College, the implications of the error or irregularity and its disposition shall be reviewed with the responsible Vice President and/or the President.

Internal Audit Plan

As noted throughout this Charter, the Director of Internal Audit is responsible for establishing a risk-based plan to determine the priorities of the internal audit activity, consistent with the College’s goals. The risk assessment takes into consideration the risk profile of the College as set by Management as well as the Auditor’s own judgement of risk and input from Management, the President and the Audit Committee. The plan will be adjusted and reviewed as needed in response to changes in the College’s business, risks, operations, programs, external regulations, systems and controls.

At least annually, the Director of Internal Audit will submit to senior management, the President and the Audit Committee an internal audit plan. The Committee will review, discuss, and endorse the plan subject to the Audit Committee members’ concurrence. The internal audit plan will include a summary of engagements and other audit activities, as well as resource requirements for the next fiscal year. The Director of Internal Audit will communicate the impact of resource limitations and significant interim changes to senior management and the Audit Committee. Any proposed changes to the approved Audit Plan will be presented to the President and to the Audit Committee at subsequent meetings.

Risk Factors

Internal Audit will evaluate each identified auditable area based on certain risk factors and the weight of risk impact and risk concerns, as follows:
• Compliance Risk – The threat to the College as a result of violations and nonconformance with State, Federal and Industry laws, regulations or prescribed practices.
• Operational Risk – Risk of loss resulting from inadequate or failed in internal procedures, people and systems or from external events.
• Financial Risk – Multiple types of risk associated with financing, including financial transactions and financial loss.
• Reputational Risk – Risk resulting from damages to the College’s reputation.
• Strategic Risk – Uncertainties and untapped opportunities embedded in the College’s strategic intent and how well they are executed.
• Technology Risk – Threats to assets and processes vital to the business and may prevent compliance with regulations, impact profitability and damage reputation. Risk can result from human error, malicious intent or event compliance regulations.
• Human Capital Risk – Events and employee behaviors that occur both within and outside the workplace that can affect employee productivity and/or otherwise effect the organization’s operation and financial results.

Risk Measures

Risk Measures taken in consideration when rating each auditable area that weigh on the risk impact and risk concern are:
• Analysis and prioritization of the audit universe.
• Input of senior management and the Audit Committee.
• First-hand knowledge of the College and its evolving operations.
• Results of prior audits.
• Understanding of risk in higher education, and biomedical and health care services.
• Quality of management.
• Emerging needs of campus clients.
• Support to external auditors.

Unplanned Audits

The majority of audits are planned. However, said planning does not preclude Internal Audit from conducting unplanned audits. Prior to any audit, the Director of Internal Audit will discuss the engagement with management. The discussion will include the scope, purpose and estimated timeframe of the audit. As unplanned projects emerge, they will be included in the overall plan for the year.

Internal Audit Process

Although every audit project is unique, the audit process is similar for most engagements and normally consists of five stages:
1. Audit Announcement and Initial Meeting
2. Preliminary Review
3. Fieldwork
4. Audit Report
5. Follow-up
Client involvement is critical at each stage of the audit process. As in any special project, an audit results in a certain amount of time being diverted from a unit’s usual routine. A key objective of an internal audit is to minimize this time and avoid disrupting the on-going activities.

1. Audit Announcement and Initial Meeting

The Director of Internal Audit, will schedule a meeting with (as appropriate) the Unit Manager and the Senior Managers of the process to be audited. An initial meeting will take place, during this meeting, the client describes the unit and/or system, the organization, available resources (personnel, facilities, equipment, funds), and other relevant information. The internal auditor meets with the senior officer directly responsible for the unit under review and any staff members he/she wishes to include. It is important that the client identify issues or areas of special concern that should be addressed.

2. Preliminary Review

The development of the Audit Program is based on the preliminary survey and internal control reviews. The auditor talks to key personnel and reviews reports, files and other information as needed to obtain a general overview of the operations. The auditor will review the unit’s internal control structure, which helps the auditor determine the areas of highest risk and design tests to be performed in the fieldwork section. The audit program outlines the fieldwork necessary to achieve the audit objectives.

3. Fieldwork

The field work concentrates on transaction testing and informal communications. It is during this phase that the auditor determines whether the controls identified during the preliminary review are operating properly and in the manner described by the client. The fieldwork stage concludes with a list of issues or/and best practices from which the auditor will prepare a draft of the audit report.

• Transaction Testing – After completing the preliminary review, the auditor performs the procedures in the audit program. These procedures usually test the major internal controls and the accuracy and propriety of the transactions.

• Advice and Informal Communications – As fieldwork progresses, the auditor discusses any significant issues with the client. Hopefully, the client can offer insights and work with the auditor to determine the best method of resolving the issue. Usually these communications are oral. However, in more complex situations, memos/emails can be written in order to ensure full understanding by the client and the auditor. The goal: No surprises.

• Audit Summary – Upon completion of the fieldwork, the auditor summarizes the audit issues, conclusions, and action to be taken (as agreed upon by both auditor and client) for the audit report discussion draft.

• Workpapers– Audit workpapers are the connecting link between fieldwork and audit report. They serve as the systematic record of work performed and shall contain sufficient, competent and relevant evidence to support the auditor’s findings, opinions, conclusions, judgements and recommendations in the audit report. All workpapers will be kept electronically secure within Internal Audit’s private Network Drive.

4. Audit Report

Internal Audit’s principal product is the final report in which we express our opinions, present the audit issues, and action to be taken for improvements. To facilitate communication and ensure that the final report is practical, Internal Audit will discuss the rough draft with the auditee prior to issuing the final report.

• Discussion Draft and Draft Report– at the conclusion of fieldwork, the auditor drafts the issues. This discussion draft is prepared for the unit’s operating management and is submitted for the auditee’s review. The Auditor and management will meet to discuss the issues, reach an agreement of audit issues, resolution and implementation date. If management does not agree to the issue, management must accept the risk of not implementing the recommendation. The auditor then prepares a formal draft, taking into account revisions resulting from the meeting with management. Managers and senior managers will have one last review before the report is issued.

• Final Report – The final Audit Report will include the scope of the review, Audit’s opinion, and Audit Issues (with management’s response, responsible party and implementation date). Final Audit Reports will be issued timely and distributed, via email, to the Audit Committee of the Board of Trustees, the President, General Counsel, and Vice Presidents.

Internal Audit reports are considered advisory, consultative, deliberative and highly confidential. Approval is required from the Director of Internal Audit and General Counsel prior to release to anyone not noted on the report distribution list.

5. Audit Issue Follow Up

The Institute of Internal Auditors (IIA) Professional Standard 2500, requires the Auditor to establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action.

• Responsibility – it is the responsibility of management to implement the corrective action, however the Director of Internal Audit is responsible for assessing that corrective action has been taken to achieve the desired results, or that senior management has assumed the risk of not taking corrective action on reported issues/observations.

• Follow up process: the Auditor will follow up with the responsible party prior to the issue due date, and at a minimum quarterly. When, according to management, the issue has been implemented and is complete, the auditor will conduct a review and obtain documentation to ensure the process has been properly implemented. This may occur on or before the due date.

• Closure: If by the due date the issue has been satisfactorily handled and addressed, the auditor will consider the issue closed and no further action will be required from management at that time. If the issue is not properly addressed, the issue will remain opened and will be considered past due.

• Reporting: The Director of Internal Audit will report quarterly to the President and to the Audit Committee of the Board of Trustees and such reports shall include issue follow up status. Open, closed and past due items will be reported. Past due items will be aged and tracked until resolution.

Evidential Matter

Evidential matter obtained during the course of fieldwork provides the documented basis for the auditor’s opinions, observations and recommendations as expressed in the auditor’s opinions, observations and recommendations as noted in the audit report. The Office of Internal Audit is obligated by professional standards to act objectively, exercise due professional care and collect sufficient and relevant information to provide a sound basis for audit observations and recommendations.

Auditors must obtain all evidence necessary for the effective completion of the audit. The decision on how much evidence is enough and what type to seek requires the exercise of the auditor’s judgment based on experience, education and intuition. A thorough knowledge of the concepts underlying audit evidence will help the auditor to improve the audit quality and efficiency of the process.

Standards for the Professional Practice of Internal Auditing require that work papers possess certain attributes to provide a sound basis for audit observations and opinions and to be considered as evidential matter. These attributes are:

• Sufficient information is factual and adequate so that a prudent, informed person would reach the same conclusions as the auditor
• Information is reliable and the best attainable through use of appropriate audit techniques
• Relevant information supports audit findings and recommendations and is consistent with the audit objectives for the audit
• Useful information helps the organization meet its goals. It also provides a reference for the preparer when called upon to answer questions.

Types of Evidence

If the evidence supports the basic test of sufficiency, competence and relevance, it may be used to support the auditor’s findings. The following outlines the different types of evidence obtained during the course of an audit:

• Physical evidence– Obtained through observation and inquiry

• Testimonial evidence – Based on interviews and statements form involved persons
• Documentary evidence– Consists of legislation, reports, minutes, memoranda, contracts, extracts from accounting records, formal charts and specifications of documentation flows, systems design, operational and organizational structure

• Analytical evidence – Secured by analysis of information collected by the auditor.

Documentation of Evidential Matter

Standards for the Professional Practice of Internal Auditing require that audit workpapers reflect the details of the evidence upon which the auditor has relied. The Internal Auditor must maintain adequate documentation of the audit, including the basis and extent of planning, the work performed and the results and findings of the audit. This will allow the workpapers to serve both as tools to aid the auditor in performing their work and as written evidence of the work done to support the auditor’s report. Information included in work papers should be sufficient and relevant to provide a sound basis for audit findings and recommendations. Evidence gathered should be organized and easily correlated with audit program steps and subsequent conclusions and issues reported.

In the process of collecting evidential matter, the auditor is required to perform audit testing to support all observations and opinions. During the performance of such testing, the auditor is not required to test the population in its entirety. Audit sampling may be employed. Audit sampling is performing an audit test on less than 100% of a population. In “sampling”, the auditor accepts the risk that some or all errors will not be found and the conclusions drawn (i.e. all transactions were proper and accurate) may be wrong. The type of sampling used and the number of items selected should be based on the auditors understanding of the relative risks and exposures of the areas audited.

Policy Statement

Ramapo College takes the possibility of identity theft seriously and in full compliance with the Red Flag Rule* has developed and implemented an Identity Theft Prevention Program.

Reason for Policy

The purpose of the policy is to establish an Identity Theft Prevention Program designed to reasonably detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. This Policy is in conformance with *The Financial Institution Regulators, including the Federal Trade Commission have issued a final rule (The Red Flag Rule) under Sections 114 and 315 of the Fair and Accurate credit Transactions Act of 2003

To Whom Does the Policy Apply

Bursar, Financial Aid, Human Resources, ITS

Related Documents

Procedure

Contacts

Vice President for Administration and Finance
(201) 684-7621

The Financial Institution Regulators, including the Federal Trade Commission have issued a final rule (the Red Flag Rule) under sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The Red Flag Rule requires the institutions that hold “covered accounts” (accounts for which a person makes repeat payments) to develop and implement an identity theft prevention program for new and existing accounts.

Ramapo College takes the possibility of identity theft seriously and in full compliance with the Red Flag Rule, has developed and implemented an Identity Theft Program Prevention Program. After consideration of the size of the College’s operations and account systems, and the nature and scope of the College’s activities, the Board of Trustees determined that this Program was appropriate for Ramapo College, and therefore approved this Program on February 23, 2009.

Definitions

Identify theft means fraud committed or attempted using the identifying information of another person without authority.

Covered Account means an account that a creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. These accounts include all student accounts or loans that are administered by the College.

Red Flag means a pattern, practice or specific activity that indicates the possible existence of identity theft.

Program Administrator is the group or individual designated with the primary responsibility for oversight of the program.

Identifying Information means any name or number that may be used in conjunction with any other information to identify a specific person including: name, address, telephone number, social security number, date of birth, driver’s license or identification number, alien registration number, passport number, employer or taxpayer identification number, student identification number, Internet Protocol address or routing code.

Purpose

The purpose of this policy is to establish an Identity Theft Prevention Program designed to reasonably detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. The Program shall include reasonable policies and procedures to:

1. Identify relevant Red Flags for new and existing covered accounts it offers or maintains and incorporate those Red Flags into the program;
2. Detect red flags that have been incorporated into the Program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Ensure the Program is updated periodically to reflect changes in risks to students and to the safety and soundness of the creditor from identity theft.

The Program shall, as appropriate, incorporate existing policies and procedures that control reasonably foreseeable risks.

Covered Accounts

Ramapo College has identified two types of accounts, one of which is covered accounts administered by the College and one type of account that is administered by a service provider.

The College covered account is the tuition payment plan which allows students to pay their bills over a series of installments.

The service provider covered account is the Perkins Loan Program administered by Campus Partners; refer to “Oversight of Service Provider Arrangements.”

Identification of Relevant Red Flags

The Program shall include relevant red flags from the following categories as appropriate:

1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
   1. Report of fraud accompanying a credit report.
   2. Notice or report from a credit agency of a credit freeze on an applicant.
   3. Notice or report from a credit agency on an active duty alert for an applicant.
   4. Receipt or notice of address discrepancy in response to a credit report request.
   5. Indication from a credit report of activity that is inconsistent with an applicant’s usual pattern or activity.
2. The presentation of suspicious documents;
   1. Identification document that appears altered or forged.
   2. Identification document on which a person’s photograph or physical description is not consistent with the person presenting the document.
   3. Other document with information that is not consistent with existing student information.
   4. Application for service that appears to have been altered or forged.
3. The presentation of suspicious personal identifying information;
   1. Identifying information that is inconsistent with other information such as inconsistent birth dates, address not matching address on a loan application or photograph or physical description on the identification is not consistent with the appearance of the student presenting the identification.
   2. Identifying information presented that is consistent with fraudulent activity such as in invalid phone number or fictitious billing address, social security number presented that is the same as one given by another student, an address or phone number that is the same as that of another person.
   3. A person fails to provide complete personal identifying information on an application when reminded to do.
4. The unusual use of, or other suspicious activity related to, a covered account;
   1. Change of address for an account followed by a request to change the student’s last name.
   2. Payment stops on an otherwise consistently up-to-date account.
   3. Account used in a way that is not consistent with prior use.
   4. Mail sent to the student is repeatedly returned as undeliverable.
   5. Notice to the College that the student is not receiving mail sent by the College.
   6. Notice to the College that an account has unauthorized activity.
   7. Breach of the College’s computer system security.
   8. Unauthorized access to or use of student account information.
5. A request made from a non-College issued E-mail account;
6. A request to mail something to an address not listed on file;
7. Notice from a student, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.

Detection of Red Flags

The Program shall address the detection of red flags in connection with the opening of covered accounts and existing covered accounts, such as by:

1. Obtaining identifying information such as name, date of birth, home address or other identification, and verifying the identity of a person opening a covered account; and
2. Authenticating the identification of students if they request information either in person, via telephone or e-mail. Verifying the validity of change of billing address requests and in banking information for billing and payment purposes in the case of existing covered accounts.

In order to detect any of the Red Fags identified above for an employment position for which a background or credit report is sought, the College will require written verification from any applicant that the address provided by the applicant is accurate and in the event that notice of an address discrepancy is received, verify that the background and/or credit report pertains to the applicant for whom the requested report was made and report to the reporting agency an address for the applicant that the College has reasonably confirmed is accurate.

Response

The Program shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft. The appropriate responses to the relevant red flags are as follows:

1. Monitor a covered account for evidence of identity theft;
2. Deny access to the covered account until other information is available to eliminate the red flag, or close the existing covered account;
3. Contact the student and/or provide student with new student identification number;
4. Change any passwords, security codes or other security devices that permit access to a covered account;
5. Reopen a covered account with a new account number or not open a new covered account;
6. Notify program administrator for determination of the appropriate step(s) to take;
7. Notify law enforcement; or
8. Determine no response is warranted under the particular circumstances.

Protecting Identifying Information

The College will take the following steps with respect to its internal operating procedures to protect identifying information:

1. Ensure the College’s website is secure or provide clear notice that the website is not secure;
2. Ensure complete and secure destruction of paper documents and computer files containing identifying information when such documents or files are no longer needed;
3. Ensure that office computers with access to covered account information are password protected;
4. Avoid use of social security numbers and allow access to social security numbers to very limited number of staff that have been approved by the Red Flag Committee;
5. Ensure computer virus protection is up to date;
6. Require and keep only the kind of information that is necessary for College purposes.

Oversight of the Program

Responsibility for developing, implementing and updating this program lies with the Red Flag Committee for the College. The Committee is chaired by the Chief Planning Officer and the remainder of the Committee is comprised of the unit directors for those areas that have direct access to identifying information. The Program Administrator in conjunction with the Committee will be responsible for the Program and oversight of the Program shall include:

1. Assignment of specific responsibility for implementation of the Program and ensuring appropriate training of College’s staff in the detection of Red Flags, and the responsive steps to be taken when a Red Flag is detected;
2. Reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft;
3. Determining which steps of prevention and mitigation should be taken in particular circumstances;
4. Review of reports prepared by staff regarding compliance; and
5. Approval of material changes to the Program as necessary to address changing risks of identity theft.
6. Committee will review all requests by staff requesting access to the Social Security Numbers of either students or staff members and make recommendation to the Program Administrator on access.

Staff Training and Reports

College staff responsible for implementing the Program shall be trained either by or under the direction of the Program Administrator in the detection of Red Flags and the responsive steps to be taken when a Red Flag is detected.

1. College staff will be trained as necessary to effectively implement the Program;
2. College staff is expected to notify the Program Administrator once they become aware of an incident of identity theft or of the College’s failure to comply with this program.

Reports shall be prepared as follows:

1. The Program Administrator will report to the President’s Cabinet at least annually on compliance by the College with the Program.
2. The report shall address material matters related to the Program and evaluate issues such as:

1. The effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts;
2. Service provider agreements;
3. Significant incidents involving identity theft and management’s response; and
4. Recommendations for material changes to the Program.

Oversight of Service Provider Arrangements

The College shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts.

1. Require that service providers have such policies and procedures in place;
2. Require that service providers review the College’s Program and report any Red Flag to the College employee with primary oversight of the service provider relationship.

Updating the Program

The Program shall be reviewed and updated periodically by the Committee to reflect changes in risks to students or to the safety and soundness of the College from identity theft based on factors such as:

1. The experiences of the organization with identity theft;
2. Changes in methods of identity theft;
3. Changes in methods to detect, prevent and mitigate identity theft;
4. Changes in the types of accounts that the organization offers or maintains;
5. Changes in the College’s business arrangements with other entities.

Policy

The Board of Trustees of Ramapo College of New Jersey may declare a state of fiscal emergency by a majority vote of the appointed members of the board.

Reason for Policy

This policy governs the procedures to be used by the College when it becomes necessary to reduce the number of employees due to a fiscal crisis.

To Whom Does the Policy Apply

To all employees

Related Documents

Procedure

Contacts

Office of the President
(201) 684-7610

Once a state of fiscal emergency is declared by the Board of Trustees, the Board of Trustees shall direct the President to implement a plan and make recommendations to the Board of Trustees. Such a plan shall consider a full range of options, from the curtailment of College operations and programs to the layoff of employees.

Policy

The President or the Vice President for Administration and Finance is authorized to suspend procurement practices to restore operations and preserve capital when a threat to the health, safety and welfare of the community exists (i.e. a boiler failure during winter) that must be addressed immediately. The Chair of the Board of Trustees and the Finance Committee of the Board of Trustees will be notified at the time.   The circumstances surrounding the suspension of procurement practices will be reported to the Finance Committee at the meeting following the incident.

Reason for Policy

Authorization to suspend procurement practices when an emergency situation occurs which must be addressed immediately.

To Whom Does the Policy Apply

The President, Vice President for Administration and Finance

Related Documents

Procurement Practices located on the Purchasing Department Website

Contacts

Vice President for Administration and Finance
(201) 684-7621

Policy

All employees who receive a paper paycheck will have payroll checks mailed to the primary address on record for regular biweekly employees during the College’s flex schedule and when a pay date occurs on a holiday. Checks will be mailed via US Postal Service one day prior to each payday.

Reason for Policy

Due to a change in banking regulations release of paychecks prior to the date on the check can no longer be accommodated.

To Whom Does the Policy Apply

All employees

Related Documents

Authorization Agreement for Direct Deposit

Contacts

Payroll Manager
(201) 684-7782