Guidance for Divisions, Units and Departments

Last updated: 10/3/2023

To assist colleges with risk assessments that may be required as part of the accreditation process, UKIA has created a risk assessment template for your use. There are three tabs at the bottom of the template to help sort risks into the three main areas of the college’s activities: administrative, research and instruction

Each tab has a form where you can add the process, risk activity being rated, the policies and regulations, standard and criteria for each risk being assessed, as well as the responsible entity and the controls that are in place to monitor the activity. At the far right, there is a place to rank both the likelihood of the event actually happening and the impact such an event would have on the college/university on a scale of 1-3, with three representing a high likelihood or impact and one representing a low likelihood or impact. The Risk Rating is an average of those two numbers. There are several examples on each tab to help you get started.

Download the Academics Risk Template here.

Please contact internalaudit@uky.edu or call 857-257-3126.

Last updated: 12/11/2024

UKIA hosts Lessons Learned, a virtual roundtable event that allows UK Internal Audit to share information about actual incidents or activities that have occurred here at UK (but not unit-identified) or at other institutions across the nation and the risks associated with these "hot topics." Faculty and staff who attended these events will come away with insights to improve their operations to prevent similar activities from occurring in their units.

Last updated: 4/3/2025

Overtime compensation for non-exempt employees is governed by the Fair Labor Standards Act (FLSA), a federal law that establishes standards for overtime pay, minimum wage, child labor and recordkeeping. The Kentucky Revised Statutes detail additional requirements related to lunch and rest periods for employees. Penalties for violating the FLSA and/or state statutes related to overtime, lunch breaks and rest periods include but are not limited to large fines, back pay to employees, civil and criminal prosecution and reputational damage.

• Fair Labor Standards Act

  • Compensation for Work Performed: "Work not requested but…permitted to be performed…must be paid for by the employer. For example, an employee may voluntarily continue to work at the end of the shift to finish an assigned task or to correct errors. The reason is immaterial. The hours are work time and are compensable."

    • Related UK Policies

      • UK HealthCare Regulation RC 09-02 Staff Scheduling, Vacation/Holiday Leave Requests, Professional Leave Requests and Kronos Rules​

      • UK HealthCare Regulation A07-110 Employee Payroll Time Reporting

  • Compensatory Time: "The [Fair Labor Standards] Act takes a single workweek as its standard and does not permit averaging of hours over 2 or more weeks. Thus, if an employee works 30 hours one week and 50 hours the next, he must receive overtime compensation for the overtime hours worked beyond the applicable maximum in the second week, even though the average number of hours worked in the 2 weeks is 40."

    • Compensatory time is unallowable under any circumstances. However, time can be flexed, if approved by the manager, within the same week to avoid accruing overtime.

    • Related UK Policy

      • HR Policy and Procedure #70

• Kentucky Revised Statutes

  • 337.285(1) Overtime: "No employer shall employ any of his employees for a work week longer than forty (40) hours, unless such employee receives compensation for his employment in excess of forty (40) hours in a work week at a rate of not less than one and one-half (1-1/2) times the hourly wage rate at which he is employed."

    • Related UK Policies

      • HR Policy and Procedure #70​

      • UK HealthCare Regulation RC 09-02 Staff Scheduling, Vacation/Holiday Leave Requests, Professional Leave Requests and Kronos Rules​

      • UK HealthCare Regulation A07-110 Employee Payroll Time Reporting

  • 337.355 Lunch period requirements: "Employers…shall grant their employees a reasonable period for lunch, and such time shall be as close to the middle of the employee's scheduled work shift as possible. In no case shall an employee be required to take a lunch period sooner than three (3) hours after his work shift commences, nor more than five (5) hours from the time his work shift commences."

    • Related UK Policies

      • HR Policy and Procedure #70​

      • UK Healthcare Regulation A07-110​ Employee Payroll Time Reporting

  • 337.365 Rest periods for employees: "No employer shall require any employee to work without a rest period of at least ten (10) minutes during each four (4) hours worked…This shall be in addition to the regularly scheduled lunch period."

    • Related UK Policy

      • HR Policy and Procedure #70

Last updated: 10/3/2023

The BPM Section B-2 General Purchasing and Contracting Authority prohibits purchases and contracts from being “made with an employee of the University of Kentucky for any item of supply, equipment, or service.” These situations clearly indicate this policy is not being followed. While certain exceptions may be made in the event of sole source providers and, in health care, when it is a medication or therapy deemed to be best approach for a patient, in general, using a company owned by a UK employee is unallowable. UKIA attributes use of employees as vendors to a lack of communication regarding the policy noted above and the ability to bypass the established processes for engaging and vetting vendors:  

• Supplies: Units should always verify that the vendor they want to use is listed in the SAP vendor database.  If the vendor is not listed, the unit should follow the steps to onboard a new vendor in the PaymentWorks system found here. ​
• Services: Units should verify whether a university unit or personnel can provide the desired service. If it cannot be provided, the unit should complete a Standard Contract for Personal Services and submit it to Purchasing for approval (see BPM B-3-1 Use of Existing Contracts).

Last updated: 4/3/2025

Detailed below are recommendations based on University policy to address trending procurement card (ProCard) audit findings. UKIA has included supplemental guidance and best practices, which are not required by the University but may assist units in further improving operations and fiscal stewardship while reducing risk.

Purchasing

• Include a business purpose to justify the expense as necessary, reasonable and appropriate. (Procurement Card Manual)
• Use existing University price contracts when purchasing goods/services covered by these contracts. [Business Procedures Manual (BPM) B-3-1: Use of Existing Contracts]
• Ensure that sales tax is not charged to the ProCard when purchasing within Kentucky and states that recognize UK's tax-exempt status. However, based on cost and administrative burden for recoupment, a threshold of $30 is allowable. For inappropriate sales tax charges greater than $30, contact the vendor directly to arrange a credit. (Procurement Card Manual)

Editing

• Submit ProCard expense reports to Accounts Payable by the 15th day of the following month after purchase to ensure any errors and/or inappropriate activity can be addressed in a timely manner. (Procurement Card Manual)

Reconciling

• Compile supporting documentation, such as payroll documents, receipts, purchase orders, departmental authorization vouchers, travel vouchers, cash transmittals and journal vouchers (JVs). (BPM E-17-6: Reconciliation and Review of Financial Transactions)
• Compare supporting documentation to system generated (e.g., SAP) line-item reports to ensure all transactions are allowable, reasonable, allocable, accurate and approved for the cost object. (BPM E-17-6: Reconciliation and Review of Financial Transactions)
• When appropriate, verify that labor distribution reports meet the above criteria. (BPM E-17-6: Reconciliation and Review of Financial Transactions)
• Certify the reconciliation by having both the reconciler and approver sign. (BPM E-17-6: Reconciliation and Review of Financial Transactions)

Documenting

• Supporting documentation should detail the vendor’s name, item description (quantity and price), total dollar amount, transaction date, list of attendees (if applicable) and the business purpose. (Procurement Card Manual)
• Fiscal records should generally be retained for three years, then destroyed. (State University Model Records Retention Schedule). UK Libraries provides a Records Destruction Certification form to document destroyed records, which must be signed by the Records Officer.

Supplemental Guidance and Best Practices

• Developing an initiation protocol to request and justify purchases can help simplify later ProCard steps and detect any errors and/or inappropriate activity.
• Separating shipping costs from the primary general ledger (GL) code can improve the accuracy of expense tracking and help identify purchasing patterns that may be adjusted to reduce freight expenses.
• When reconciling, units with large volumes of transactions and/or high-dollar transactions should prioritize high-risk purchases.

Last updated: 9/10/2024

UKIA systematically evaluates UK regulations, policies and procedures at all levels of the enterprise through a hierarchical lens. This ensures that each not only aligns with other related internal policies but also complies with all federal regulations, state statutes and industry standards to which the institution — and its divisions — must adhere. Click here to learn more.