This page, Westfield State University Did Not Always Perform or Document a Verification of Vendor/Customer Information., is offered by

Westfield State University Did Not Always Perform or Document a Verification of Vendor/Customer Information.

University personnel did not document that they verified the accuracy of change requests for 10 of the 13 vendors that came into service for WSU during the audit period.

Table of Contents

Overview

For 10 of the 13 vendor/customer creations or changes during our audit period, there was no documentation to substantiate that Westfield State University (WSU) personnel verified the accuracy of information on an Internal Revenue Service W-9 form or electronic fund transfer (EFT) form obtained from the vendor/customer before making or changing entries in the Massachusetts Management Accounting and Reporting System (MMARS). These changes were based on requests to create vendor/customer files or to change vendors’ legal names, legal addresses, and/or EFT information.

Additionally, in February 2020, a WSU employee made a change to the banking information in a vendor/customer file without verifying the information in the change request, resulting in WSU transferring $1.75M to an unauthorized account. Upon discovering the transfer, WSU immediately reported it to the Office of the State Auditor in accordance with Chapter 647 of the Acts of 1989, as well as to other proper authorities. WSU recovered all the funds, so there was no loss. WSU officials told us it was their understanding that the event was still under investigation by state and federal authorities.

A lack of documented verification causes a higher-than-acceptable risk of improper payments such as the one discussed above.

Authoritative Guidance

WSU’s internal control plan states,

Each Commonwealth Department Head (the University President) has the responsibility to ensure that the department conducts all fiscal business in accordance with state finance law, including but not limited to . . . policies and procedures of the Office of the Comptroller (CTR).

Section 4c of the Office of the Comptroller of the Commonwealth’s (CTR’s) “Vendor/Customer File and W-9s” policy describes the process that state agency personnel must follow when changing information in vendor/customer files:

Verification of [created or modified vendor/customer] information should not be done solely through email, but should be followed up with a phone call and verified with an authorized signatory, or whatever other actions are necessary to document that the Department has investigated that the . . . change or additional remittance address is appropriate and properly authorized.

CTR’s “Vendor/Customer File and W-9s” policy states,

Departments must ensure the legal and remittance address, classification and [Social Security number or employer identification number] are recorded correctly . . . in MMARS.

Additionally, WSU’s “Bank Wire Procedures” require verification, with an authorized signatory of the vendor, of the validity of requested changes to banking information in vendor/customer files:

If [banking] information has changed since the last time a [payment] was initiated to the [vendor], Financial Accounting verifies this information with the vendor through means other than email (i.e. a telephone call using publicly published information) not just from the information provided by the requestor.

Reasons for Issues

Recommendations

  1. WSU should amend its procedures to ensure that verification is properly performed before creations or changes are processed and require all personnel to document the measures they take to verify the information vendors provide in requests to create or change information in their files.
  2. WSU should implement effective monitoring controls (e.g., a supervisory review process) to ensure that its staff complies with this requirement.

Auditee’s Response

The Vendor Review Procedure in Banner [WSU’s accounting system] and MMARS has been updated and implemented. This procedure complies with the Commonwealth of Massachusetts, Office of the Comptroller, Vendor/Customer File and W-9’s Policy. This procedure also includes steps that document this process coupled with supervisory review.

The University’s procedures have been updated to require actions to be documented on a newly created form entitled Vendor Electronic Payment Instructions—Addition/Change Documentation Form, which requires a review and approval process when updating or adding vendor banking information.

Auditor’s Reply

Based on the reply above, WSU is responding to our concerns.

Date published: April 15, 2021
Feedback