State auditors cited N.C. Central University for "significant deficiencies" in the university's handling of its finances for the fiscal year ending June 30, 2008.
Among the trouble spots were overpayments to employees of more than $13,000 and underpayments of $6,200, which occurred during calculations for retroactive pay related to salary adjustments.
Auditors noted that the mistakes occurred while NCCU was experiencing "significant turnover" in the university's payroll division that led NCCU to hire "temporary employees to perform crucial payroll functions."
While the overpayments and underpayments are small in the context of a $117 million budget, a spokesman for the Office of the State Auditor the fact that they occurred at all is cause for alarm.
"The amount is not as relevant as the fact that the weakness is there," said state auditor spokesman Dennis Patterson. "It's the fact that there is a weakness, a hole in the armor that might allow for greater loss."
In a statement, NCCU said, "Chancellor Charlie Nelms and the entire NCCU leadership team are fully committed to resolving all internal control issues identified by the Office of the State Auditor."
Auditors found that the university did not properly manage students' accounts. The deficiency resulted in ineligible students being allowed to live on campus and register for classes and the university's accounts receivable balance being misstated.
An examination of 40 student accounts receivable balances found among other things that nine students were allowed to register even though they had a combined balance of $33,194. Policy requires students to pay all of their prior balances and one-half of their current charges before they are allowed to register. Auditors reported that they were unable to determine who was responsible for allowing the students to register.
NCCU officials said steps to resolve the deficiencies include "reviewing and re-engineering the student account process and by strengthening interdepartmental communication and holding ourselves to a higher level of accountability."
Auditors also identified weaknesses in the university's information system's access policy, which they believed could lead to unauthorized or inappropriate transactions.
Those weaknesses included:
- Multiple employees in the information technology systems unit who can log in to the information system under a single user name. This single user name accesses the security form that creates/modifies user accounts, grants access to security classes, sets up passwords and locks/unlocks user accounts. With multiple users having the ability to log in using a single name, there is no way to trace activity to the responsible employee.
- Several individuals having unnecessary access to forms and security classes, even though they had no job responsibilities that required them to have access to some of the forms and/or classes.
In response, NCCU said the items identified by auditors were immediately resolved by "significantly reducing the number of people who are granted access to the information system."
"To further strengthen controls, management has initiated a restructuring program in IT to review and monitor the university security system," the statement said.