Date Adopted: 05-18-11

Similar documents
Bursar s Office Department Cash Receipting Training for Receipt Book, Pre Numbered Tickets and Cash Register Users.

Cash Handling Questionnaire

Department of Sociology Cash Handling Procedures Fiscal Year 2016

ASSOCIATED STUDENTS, INCORPORATED CALIFORNIA STATE UNIVERSITY, LONG BEACH DATE REVISED: 04/10/2013

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Cash Operations Policy and Procedures. DATE: July 15, 2011

Best Practices for Cash Control

ABC Division Cash Handling Procedures Fiscal Year 20XX

2. Is the mail log prepared by someone who does not participate in any other aspects of the revenue receipts process?

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

COUNTY OF TRINITY CASH HANDLING PROCEDURES

Appendix 1 Payment Card Industry Data Security Standards Program

FS-06-SF3 School Funds Receipt Log; FS-04-SF2 Schools Funds Payment Request; FS-04-SF1 School Funds: Advance of Funds

Information Technology

Management and Set up for Cash and Credit Card Handling Procedures

Department Of Psychology Cash Handling Policy and Procedure FY2015 Dr. Suzanne Kieffer, Dir. Admin Academic Affairs

PCI General Policy. Effective Date: August Approval: December 17, Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

CASH HANDLING AND REPORTING

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

University of York Policy on the Management of Debit/ Credit Card Data

PROCEDURES for CAMPUS CASH MANAGEMENT POLICY ADM-0113 California State University, Sacramento. CASH HANDLING Updated February 2014

SUBJECT: Cash Handling Policy. Forest Preserve District of Cook County: Employee Handbook Rules of Conduct

Supervisor s Cash Handling Procedures. Revised 7/1/2013

2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)

UNT Cash Control and Departmental Deposit Handbook

Standards for Business Processes, Paper and Electronic Processing

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Cashier s Cash Handling Procedures. Revised 7/1/2013

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Draft Version 12 of working document

UGA Cooperative Extension Service Credit Card Machine Policy

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

Saint Louis University Merchant Card Processing Policy & Procedures

University of St Andrews. Unit Income and Cash Handling Policy

OFFICIAL CASH HANDLING PROCEDURES FOR DEPARTMENTS, STUDENT FINANCIAL SERVICES, AND ACCOUNTING

AAM 50. CASH. AAM Treasury Investment (10-09)

Approved and commenced March 2015 Review by March, 2017 CONTENTS

TOWN OF CARLYLE POLICY MANUAL

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.

MINIMUM INTERNAL CONTROLS FOR RACETRACK GAMING OPERATORS

Credit Card Handling Security Standards

Pitt County Schools Individual School Accounting. Internal Controls and Responsibilities Fiscal Year

The University of Georgia Credit/Debit Card Processing Procedures

UNL PAYMENT CARD POLICY AND PROCEDURES. Table of Contents

CASH HANDLING POLICY

Index #: Page 1 of 7

Cash, Petty Cash, Change Funds, and Credit Cards

FINANCE COMMITTEE PROCEDURES. Audit Process. Cash Handling

BUSINESS SERVICES DIVISION PROCEDURES MANUAL REVISED DATE 08/13 CASH HANDLING

UW Platteville Credit Card Handling Policy

SUMMARY OF CORRECTIVE ACTION FOR SEGREGATION OF DUTIES AUDIT ISSUES

Ithaca College Accepting Cash and Checks Procedures

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

Chapter 8. Internal Control. Chapter 8-1

Payment Card Acceptance Administrative Policy

Payment Card Industry Compliance

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

Deposit of Cash Receipts

CR-370 CASH RECEIPTS

Dartmouth College Merchant Credit Card Policy for Processors

CREDIT CARD PROCESSING POLICY AND PROCEDURES

Collections, Contributions, and Accounts Receivable Policies

COMMUNITY EDUCATION Department Summary Transactions Summary Internal Controls of Cash Receipts

PURCHASE CARD POLICIES AND PROCEDURES MANUAL

Daily Till Reconciliation

SKAGIT COUNTY CASH COLLECTION POLICIES

COUNTY OF MENDOCINO CASH CONTROL AND ACCOUNTING STANDARD PRACTICE MANUAL F O R E W O R D

Office of Finance and Treasury

TWU CASH RECEIPTS POLICY

POLICY SECTION 509: Electronic Financial Transaction Procedures

policy D Reaffirmation of existing policy

Cash Operations Manual - Cash Receipts

TERMINAL CONTROL MEASURES

Cash Handling Procedures

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

INFORMATION SECURITY POLICY. Policy for Credit Card Acceptance to Conduct College Business

Cash & Check Handling Policy

Merchant Card Processing Best Practices

CAL POLY POMONA FOUNDATION. Policy for Accepting Payment (Credit) Card and Ecommerce Payments

Transcription:

Page 1 of 9 I. PURPOSE: The Oakland County Parks and Recreation Cash and Payment Card Industry (PCI) outlines procedures for the safe handling of funds managed on behalf of Oakland County as well as PCI Compliance Information. II. CASH MANAGEMENT PROCEDURE: The following guidelines outline the procedures that Oakland County Parks and Recreation staff will follow when managing cash and interacting with Oakland County Fiscal Services Parks & Recreation Accounting (F/S P&R Accounting) and Oakland County Auditing (Auditing). A. General Information 1. Revenue supervisors are required to notify all of their cash handling staff of the Oakland County Parks & Recreation (OCPR) Cash and Payment Card Industry (PCI), provide access to a copy of this policy to be thoroughly read and understood, have each sign the acknowledgement form indicating receipt of the policy, and provide a copy for their reference. 2. Any employee who is asked or instructed by a supervisor to act in a way that is not in accordance with or in the spirit of the policy is to notify Sue Wells at 248-343-6220 within 24 hours to report the incident and circumstances. 3. Any employee who is asked or instructed to act, or witnesses another employee acting, in a way that is not in accordance with or in the spirit of the policy is to notify their immediate supervisor within 24 hours to report the incident and circumstances. 4. All employees handling cash must attend a mandatory cash handling training seminar in accordance with Oakland County Board of Commissioner s Miscellaneous Resolution #00278, dated November 2, 2000. Employees must retake the training every ten years. 5. All payments must be received at or before the time of service; OCPR does not extend credit, unless a signed letter of agreement or contract is in place. 6. All discounts, promotions, coupons, etc. that reduce the price of an item must be accounted for, reconciled with revenue records and submitted with other documentation required by F/S P&R Accounting. If no physical document is available, the discount description must be detailed in the payment reference field. 7. All pre-numbered forms must be accounted for, reconciled with revenue records and submitted with other documentation required by F/S P&R Accounting. These include, but are not limited to: OCPR annual permits, OCPR daily permits, OCPR/HCMA (Huron-Clinton Metropolitan Authority) joint permits, manual receipt forms, boat rental slips, bike rental slips, helmet rental forms, ski rental forms. Any discrepancies in sequential numbers must be reported with an explanation/reason documented. 8. No expenditures should be paid from change funds. 9. No one employee should perform cash handling processes from the beginning to the end of a process. When possible, collecting and receipting, balancing and depositing, and reconciliation should be performed by different employees. When

Page 2 of 9 this is not possible, the revenue supervisor should perform reviews of these processes as a compensating control procedure. 10. It is mandatory that the following items be in place where the change fund is stored for review by the Auditing Division during their unannounced cash counts: a. Copy of Oakland County Petty Cash Procedures document. b. Copy of petty cash (change) fund custodian and alternate custodian appointment forms. c. Copy of this document. d. Original of OCPR cash policy acknowledgement form. 11. Any cash shortages of $20 or more must be reported in writing to the Manager of the Oakland County Auditing Division, within 24 hours of discovery. a. The report should include: 1. The total amount of the cash shortage and the period covered. 2. A detailed explanation showing date, place and complete circumstance for the incident which caused the shortage. b. The report should be signed by a revenue supervisor and emailed to weipertp@oakgov.com or faxed to 248-858-2918. c. A copy of this report is to be submitted with other documentation required for F/S P&R Accounting. B. Safeguarding Cash Secure Location 1. A secure cash handling area should be identified and used with adequate light, clean and free of clutter and not visible from other areas, when possible. Nonemployees or other unauthorized personnel should not have access to this area, when possible. 2. A standard cash drawer starting fund is to be established for each point of sale location. 3. All change funds and starting funds are to be counted at the beginning of each day and again at the closing of each day by the revenue supervisor or designated staff on duty to ensure the total money count on hand is the same as the original allocation received for the season s operation. EXCEPTION: coin machine funds should be checked at regular intervals on a schedule determined by the revenue supervisor. 4. Count cash outside of public view in a secure area. 5. The revenue supervisor or their designated authorized employee is to transport all cash between the secure cash handling location and the point of sale location. 6. All cash is to be locked in closed cash drawers or cash boxes and/or locked in the safe or other lockable storage device at all times. Non-park revenues/funds may not be kept in the cash drawers, safe or lockable storage device. 7. The safe or other lockable storage device is to be relocked after each entry and remain so throughout the day. 8. The entire change fund and cash received from customers should be whole at all times. This means that any cash that has been taken away (e.g. - deposited or taken to the bank for change during the day) should be counted and documented

Page 3 of 9 with a signed receipt or log acknowledging the transfer of the funds and the responsibility for the completeness of the funds. 9. The safe or other lockable storage device combinations should be changed annually. a. Combinations should be known only to limited authorized personnel and kept in a secure area with limited access. b. If a safe or other lockable storage device cannot accommodate a combination change, a replacement will need to be purchased that can. c. If keyed, no more than two keys should exist and be maintained in a secure area with limited access. 10. Funds are not to be borrowed by any employee or person. 11. Do not allow anyone access to any cash without proper authorization and proper identification, including Auditing staff during unannounced cash count purposes. C. Safeguarding Cash during unannounced cash counts conducted by Auditing 1. The revenue supervisor or their designated authorized employee must remain with Auditing staff when they are counting money. 2. P&R staff must count the money and verify the totals with the Auditing staff before they leave the premises. 3. The total amount of cash/checks/credit card activity on hand at the time of the unannounced cash count should agree with the revenue records, less any cash already deposited from that day s activity. Any overages/shortages must be explained. D. Safeguarding Cash Point of Sale 1. The cash handler is to count their cash drawer at the beginning of their shift and at the end of their shift to ensure the proper amount is on hand. Each cash handler is responsible for their shift s revenue activity. 2. A cash drawer is never to be open without the cash handler s full attention. 3. The cash handlers on duty and only those persons authorized by the revenue supervisor are to be allowed in the cashier s booth or behind a cashier s counter. 4. All transactions are to be rung into the point-of-sale (POS) system or otherwise receipted for as they occur. a. Revenue transactions are not to be over rung/written or under rung/written to force the POS totals or receipts to match the cash on hand. b. Cash overage or cash shortage keys (RecTrac) should be used to reconcile the report to match the actual revenue on hand at the end of the day by the revenue supervisor or designated staff. c. All overages and shortages must be reported with an explanation/reason documented. 5. Refunds/returns must have the proper refund/return form filled out completely and signed by the customer, preparer and revenue supervisor. a. The original receipt or receipt number must be referenced to complete any refund.

Page 4 of 9 b. Cash may be refunded if the original transaction was paid for in cash and if enough revenue (minus change fund cash) is available in the drawer. If not, a request for refund form (Refund Finance, in RecTrac) should be completed and submitted to F/S-P&R Accounting. c. Business checks (not personal checks) may be refunded up to $100 if enough revenue (minus change fund cash) is available in the drawer. If not, a request for refund form should be completed and submitted to F/S- P&R Accounting. d. Transactions originally paid for on credit card should be refunded only to the same credit card. 6. Any correction (error, over ring, etc.) to a revenue transaction is to be handled by a revenue supervisor or their designated authorized employee. 7. Change may be made for customers as a convenience, at the discretion of the revenue supervisor. E. Credit Card Processing 1. The cardholder, and only the cardholder, is required to produce the card, show a photo I.D. and sign the credit card authorization receipt. 2. For advance reservations, the cardholder is to provide all necessary information (card type, cardholder name, card number, expiration date, 3-digit validation code). Telephone order should be indicated on the authorized signature line. 3. Credit card authorization receipts must be accounted for, reconciled with revenue records and submitted with other documentation required by F/S P&R Accounting. 4. In the event of a network or power outage; refer to the OCPR Manual Payment Processing Procedures. F. Check Processing 1. The check (whether received in person or by mail) is to be immediately stamped with the revenue center s For Deposit Only stamp. 2. The following information is to be imprinted on the check: a. Person or company name and address (verify with non-expired driver s license) b. Bank name and/or logo 3. The following information is to be written on the check by the cash handler: a. Non-expired driver s license number, if not present (if company check, then the person presenting the check) b. Telephone number, if not present c. Initials of the employee accepting the check. 4. Do not accept post-dated checks, two-party checks, checks drawn on foreign currency, payroll checks or checks not completely filled out. 5. There should be no evidence of either the numeric or written amounts listed on a check having been changed. 6. Do not cash personal checks for employees or others.

Page 5 of 9 G. Donations/Monetary Gifts 1. Donations/gifts are processed within RecTrac by the Business Development Representative for Business Management. 2. Forward any donations/monetary gifts to Melissa Prowse, Resource Development, Administration Building for processing. H. Receipting (Cash Register, RecTrac, Manual) 1. All revenue must be receipted for through a cash register, RecTrac or receipt system approved by OCPR Administrative Services. 2. All customers are to receive some form of a receipt immediately after the revenue is received. 3. All customers receiving special event prize money must sign an appropriate form to acknowledge receipt of the cash funds. 4. Manual receipts must be issued from an official OCPR sequentially numbered three-part receipt book and stock kept in a secure location. The white copy is for the customer, the pink copy is sent to F/S-P&R Accounting and the yellow copy stays in the book at the revenue center at the discretion of the revenue supervisor. 5. All receipts must be accounted for and reconciled with revenue records. a. Keep copies of all voided or spoiled receipts. b. F/S-P&R Accounting stores the pink copy of all manual receipts for seven years. I. Completing Bank Deposits 1. Bank deposits are to be made at regular intervals as established by the revenue supervisor and may include multiple deposits in the same day. 2. Provisions are to be made for the safe transport of bank deposits. a. A certified cash handler may make the deposit in a safe method. b. If a non-certified cash handler (OCSO Deputy or other OCPR staff) makes the deposit, funds must be in a secured/sealed bank bag (available from F/S P&R Accounting). 3. The money prepared for the deposit is to be counted twice. 4. The bank deposit slip must include the following information: a. Signature of the employee(s) preparing the bank deposit (not just initials). b. Revenue center abbreviation. c. Separate listing of checks using the customer or company name. 5. The total of cash and the total of checks on the deposit slip should match the amounts shown on the revenue records. Any discrepancies must be reported with an explanation/reason documented. J. Obtaining Change from Bank 1. A slip signed by an authorized cash handler must be placed in the safe or lockable storage device when cash is taken out to be turned in for change at the bank. The

Page 6 of 9 supervisor on duty must be notified of the amount taken, who took it, date, and time. 2. Provisions are to be made by a certified cash handler for safe transport for the purpose of obtaining change from the bank. 3. The cash handler who removed the cash from the safe must count the change received to ensure it is accurate when placed back in the safe or lockable storage device. K. Procedures Specific to RecTrac Operations 1. All revenue must be accounted for through RecTrac. Non-RecTrac collected revenue must be input into the designated RecTrac location. 2. Limited access must be given to supervisor and manager functions in RecTrac. 3. Every item sold must be assigned a unique trans code to identify the item. 4. Discrepancies between the cash/checks/credit card totals and the totals by each payment type listed on the Custom GL Summary should be explained in writing. 5. A cash balancing worksheet should be used to list money collected by denomination. This can be generated by selecting the standard balance sheet option on the Cash Journal. L. Procedures Specific to non-rectrac Operations 1. Access to and knowledge of the X and Z key operations are to be restricted to the revenue supervisor and authorized employee(s) only. No more than two keys should exist and be maintained in a secure area with limited access. 2. X tapes are only to be run when changing cash handlers (for the purpose of balancing their cash drawer) or needing to verify current balance and are to be run only by the revenue supervisor or their authorized employee. There is no need, and it is not acceptable, to run an X tape immediately before running a Z tape. 3. Z tapes are to be run at the close of the business day and are to be run only by the revenue supervisor or their authorized employee. 4. All revenue must be summarized and reconciled on a daily cash summary (DCS) prepared daily or at regularly established intervals. 5. Any differences between the Z tape and the DCS figures must be explained on the DCS by the revenue supervisor or the preparer. This includes discrepancies between the cash/checks/credit card totals and the totals by each payment type listed on the Z tape. 6. A cash balancing worksheet should be used to list money collected by denomination. 7. The DCS must be signed by the employee preparing the DCS and the revenue supervisor. M. Miscellaneous Revenue Tracking

Page 7 of 9 1. Boat rental deposit money that has not been returned to the customer is to be rung into the miscellaneous key at the end of each day and separately identified as deposit money not returned on the DCS or Custom GL Summary. 2. Golf cart key deposit money is to be rung into RecTrac when a key is given to a customer. Upon return of the key, a $1.00 refund will be rung in and given to the customer. Unclaimed deposit money will remain in the revenue totals for the reporting period. 3. Any revenue received for bottle/can returns are to be rung into the POS system and identified as such on the DCS or Custom GL Summary if the bottles/cans were collected by an employee while on duty. III. PAYMENT CARD INDUSTRY COMPLIANCE: This establishes the requirements for secure credit card handling for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) Council (www.pcisecuritystandards.org). The is to be used as training, education, and security enforcement for those individuals responsible for handling credit card transactions. Further, this document outlines the policies and procedures necessary to comply with auditing requirements as set by the credit card industry. The Parks and Recreation Department is expected to comply with the PCI DSS Questionnaire B requirements. Definitions RecTrac - created by Vermont Systems Inc., is the only application the Parks and Recreation Department uses for credit card payments. The system interfaces with Plug n Pay which is a validated PCI-DSS (Payment Card Industry Data Security Standards) service provider. Cardholder - Customer who submits credit card information to be processed for payment. Cardholder Data - Full magnetic stripe or Full PAN (Primary Account Number) or Cardholder name, Expiration date, Service Code when stored in conjunction with PAN. Cardholder data is not stored in RecTrac. If it is necessary to use an imprint machine for credit card transactions, the credit card data is destroyed after it is entered into RecTrac and processed. A. PCI Security Standards 1. Roles and responsibilities are outlined in the table below: Role Assignment Responsibilities PCI Compliance Owner Executive Officer Parks and Recreation PCI Incident/ Compliance Manager Business Development Rep for Internal Services Responsible for overall PCI compliance efforts Security incident response coordination, updates PCI User Support Specialist II Validates Service Providers PCI

Page 8 of 9 Compliance Coordinator Revenue Supervisors Site Manager -Park Supervisor(s) -Supervisor of Golf Revenue Operations -Supervisor of Administrative Services -Seasonal Specialists assigned to Golf Course Pro Shops, Day Use Parks, Campgrounds, and Waterparks -Office Assistants assigned to ADM and REC status Tracks staff s acknowledgement of policy, acts as the on-site supervisor to ensure all PCI policies and procedures are followed On-site Coordinator responsible for managing seasonal employees PCI compliance, works under the supervision of a PCI Compliance Facility Supervisor. 2. Enforcement a. Any suspected violations of this policy must be reported to the PCI Compliance Owner and the PCI Incident/Compliance Manager. b. Subject to approval of Human Resources and Corporation Counsel, violators of this policy shall be subject to disciplinary actions up to and including termination. c. Individuals who violate this policy may face civil or criminal prosecution to the extent of local applicable laws. 3. Periodic Review and Acknowledgement of a. This policy must be reviewed and updated by the PCI Incident/Compliance Manager annually and upon significant changes to the PCI Requirements. b. The PCI Compliance Owner reviews and approves the annually. c. This policy must be reviewed by all RecTrac users. They must sign the Acknowledgement form annually. B. 1. Cardholder Data a. Cardholder data is not stored in the RecTrac System. b. Cardholder data must not be transmitted or recorded in any form, written, voice, or electronically except for the following three situations: i. Cardholder data may be directly entered in RecTrac to process transactions ii. Cardholder data may be recorded using imprint machine when manual processing is required to process transactions iii. Cardholder data may be provided to an authorized employee by the cardholder via phone/mail to process a transaction. When this occurs, cardholder data must only be entered directly into RecTrac c. RecTrac access will be limited to individuals whose job requires the application. As a result, cardholder data is limited to those individuals.

Page 9 of 9 2. If the credit card payment functionality is not available (i.e. electric and/or network outage), the following manual process must be adhered to for accepting credit card payments: a. An imprint machine will be used to record credit card transactions. b. The imprint receipt must be secured and classified as confidential. c. Once RecTrac is available, all manual transactions will be processed in RecTrac within 24 hours. Transactions will be back-dated, if necessary. d. All imprinted credit card receipts must have all but the last four digits of the credit card number redacted. e. Receipts should be stored securely (sealed envelope marked Confidential and the event date) at the Park for a one year. f. Imprint receipts will be cross-cut shredded one year after the event date. g. Used imprint receipts must be locked in a safe at all times. h. Only revenue supervisors and authorized PCI Compliance Officers will have access to the safe. i. The imprint receipts should not leave the site at which they were created. i. In the event that imprint receipts or any media containing cardholder data must leave the site, a secured transportation method and tracked delivery method must be used. ii. The revenue supervisor or site manager must approve the delivery of cardholder data. 3. Security Incident Response - All security incidents must be reported to the PCI Compliance Owner, PCI Incident/Compliance Manager, and the PCI Compliance Coordinator, who will determine the actions to minimize the security threat or impact. 4. Service Providers a. Any service providers and payment processors Parks and Recreation uses to assist in the processing of credit card transactions must adhere to PCI DSS requirements and must be PCI compliant. b. The PCI Compliance Coordinator will confirm, annually, the PCI compliance status of the service providers assisting with credit card processing. c. The contracting of a service provider must abide by all formal procurement procedures set forth by the Oakland County Purchasing Division.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information