Audit Information & Procedures
ProCard activity shall be analyzed and monitored by the University of Louisville ProCard Office. The ProCard Office will perform regular compliance reviews (audits) of ProCard account files. Such reviews will be designed to verify the completion of the Transaction Summary Log (TSL), and other obligations and restrictions in reference to the ProCard policies and procedures. The types of audits include: individual cardholder, departmental, and monthly spot check of transactions. The following actions may be imposed following a review, depending on the severity of the findings:
- Surrender, suspension and/or cancellation of the ProCard.
- Improper or fraudulent use of the ProCard may result in disciplinary action, up to and including prosecution and/or termination of employment.
Departments should periodically conduct their own internal review of ProCards. The ProCard Audit Checklist can be used as a tool to facilitate internal reviews. Any policy violations or fraudulent purchases discovered during an internal review should be reported immediately to Robin Stewart, Assistant Director for Card Services, at 502-852-8255 or anonymously through the Compliance Hotline.
Review Process & Procedures
- The cardholder or departmental liaison (if it's a departmental review) will be contacted by the ProCard Compliance Analyst with a recommended date and time to conduct the compliance review. If the scheduled date and/or time conflicts with the cardholder’s or department's schedule, a request can be made to reschedule the review. The rescheduled date should be within one week prior to or after the date recommended by the ProCard staff. Any request that cannot be accommodated within this timeframe must be submitted to the Assistant Director for Card Services for approval with the requested date.
- Compliance reviews will be conducted at the office where the records are maintained, assuming there is adequate work space for the staff. If desired by the cardholder or department liaison, the review can be conducted at the Compliance Analyst's office. This option will require original documentation to be taken out of the department for the term of the review. The department may maintain copies of records, at the department’s expense, if needed. At the completion of the review, all files will be returned.
- The department or cardholder should make copies of the bank statements, TSLs, sign in/out logs, user agreements, and other documentation deemed necessary before the scheduled review date. A draft report will be sent to the cardholder and/or department liaison for their review and comments. A meeting with the Compliance Analyst and/or training with the relevant parties may also be required. The relevant parties will be determined by the ProCard Office and will be dependent on the review findings. A final report will be issued, with a copy sent to the department head/chair and VP/Dean, at the conclusion of the review.
- The required parties must sign the final page of the report and return this page (with original signatures) to the Compliance Analyst by the date given in the notification. Required parties will be identified by the ProCard Office based on the review findings and may differ from the relevant parties noted above.