Processing Revenue FIN-TRE-VI-120
This policy governs the accepted payment methods and processes to support all receipts of Indiana University (“IU”), including those approved as Revenue Producing Activities (“RPAs”). It will aid in managing risks associated with revenue processing and applies to all university units engaging in internal and external revenue producing activities, whether or not revenue is processed on campus or off. It establishes revenue processing requirements and makes references to existing financial, e-business, technology, and purchasing policies, as well as relevant externally imposed regulations including, but not limited to, those originating from state, federal and taxing agencies. This policy applies to any unit or person processing revenue through IU accounts or through IU technology systems/ resources, including external agencies and affiliates. This policy also covers revenue generated from reportable program income on Contract and Grant accounts. It includes revenue processed by third party vendors on behalf of IU. It does not apply to outside entity student organizations’ revenue producing activities, unless the student organization processes the revenue activity through a university account or through IU technology systems.
The Office of the Treasurer (“Treasury”) will establish the accepted payment methods and processes to support all RPAs of Indiana University. Treasury will review current and proposed revenue processing areas including ongoing operations and those activities reported under the Establishing and Modifying Revenue Producing Activities (RPA), FIN-TRE-VI-121 policy. These reviews may be conducted for any of the following reasons: RPA for new activity, change in activity or form of payments accepted, change in vendor, change in university policy, or at the request of university administration. These RPA reviews will cover all university revenue processing activities whether located on or off an IU campus. The department head, Fiscal Officer and Campus Administration are responsible for compliance with implementing the instructions contained in the review. Activities with less than $1000 of annual revenue will not be set up to accept payment cards.
Treasury possesses core competency relative to banking services, working capital management, credit card processing, electronic payment options and developing trends in payment technology. Treasury, in accordance with best practices to efficiently and securely process payments, will standardize revenue processing within IU across similar functions. Purchases of any systems or software to process revenue (including cash registers), and any contracts with vendors to process revenue must be approved by Treasury. No department has the authority to purchase credit card processing software without first obtaining the explicit permission of Treasury.
Any business needs for exceptions to standard university processes must be approved in advance of their implementation by the Revenue Producing Activity Committee (RPAC) in consultation with Campus and University Administration, on a case by case basis.
All receipts must be deposited into an approved university bank account and recorded with the appropriate general ledger account(s) and object code(s). All incoming funds over $500 should be deposited within one day of receipt or weekly regardless of the amount. A cash receipt document (‘CR”) must be prepared to record the income within one day of deposit. The daily deposit amount for coins and currency may be increased for some departments to meet operational efficiency needs only with explicit permission from Treasury. Funds awaiting deposit must be kept in a secure, locked device until deposited. The method used to secure the funds should be appropriate for the amount. For example, a locked desk drawer would be adequate for $50 however a safe would be required for $1000. Treasury sets threshold amounts and may adjust them to meet operational needs.
Reason for Policy
The purpose of this policy is to implement best-in-class revenue processing procedures that standardize revenue processing within IU across similar functions with efficient solutions characterized by strong controls to reduce the risk of fraud and/or loss while increasing the efficiency of its cash.
- Treasury has operational authority over the acceptance and deposit of all payments received by IU including those received at the individual department level.
- All units will employ consistent payment types across similar revenue generating activities.
- Revenue processing procedures should enable operational efficiency with an optimal cost structure.
- All revenue processing procedures must maintain the highest level of available operational controls to reduce the possibility of fraud, loss of assets and/or loss of sensitive university data.
- The fiscal officer of the account receiving revenue will be responsible for implementing proper revenue processing procedures, payment methods, and assume responsibility for payment risks and compliance.
- Treasury possesses core competency relative to banking services, working capital management, credit card processing, electronic payment options and developing trends in payment technology.
- Treasury will provide ongoing education regarding accepting payments in compliance with IU’s data security policies and the Payment Card Industry Data Security Standards (PCI DSS) requirements.
To establish a new RPA or make changes to an existing activity, form of payments accepted, or change in vendor, the department must comply with the Establishing and Modifying Revenue Producing Activities (RPA), FIN-TRE-VI-121 policy. Treasury will exercise its operational authority over the acceptance and deposit of all IU revenue, in accordance with best practices, to efficiently and securely process payments and any associated data. Revenue processing requirements will involve the following:
- Process payments electronically.
- Eliminate, where possible, face to face payments at the department level through the use of web based and/or lockbox processed transactions.
- Use standard IU processes (such as QuikPay, BEX, IUPayPlus) to link payment options directly into the university’s Kuali Financial System (“KFS”), whenever possible, to ensure the timely recording of transactions and expedite the prompt reconcilement of general ledger and bank accounts. Discourage the use of cash to reduce the high administrative costs associated with its handling and transport.
- Endorse all checks immediately upon receipt and ensure that payee is appropriate.
- Record endorsed checks in the KFS and deposit or put in transit for deposit, via a method approved by Treasury, within one day of receipt.
- All revenues must be deposited into a University approved bank account per the Establishing and Closing University Bank Accounts FIN-TRE-VI-52 policy.
- Ensure separation of duties for all revenue processing per the Internal Controls, FIN-ACC-I-470 policy.
- Verify that only IU employees, its agents or individuals specifically approved by Treasury are processing revenue and making deposits.
- Process for deposit all checks, excluding foreign checks, using Remote Image Capture.
- Ensure all full time employees involved in revenue processing or with access to university banking/payment card systems have attended a face to face Treasury revenue processing training session and part time and student temporary employees have either attended the Treasury delivered face to face training or taken the revenue processing training available on the Office of the Treasurer website prior to performing any revenue processing transactions.
- Encourage background checks for all employees involved in revenue processing prior to the employee assuming payment processing responsibilities and work with the campus Human Resources office to ensure that all such background checks are performed within the requirements of the IU’s Background Check policy.
- Conduct all revenue processing activities in accordance with all University policies and state and federal regulations regarding data security, specifically including PCI DSS.
- Delete/remove copies of checks (paper or electronic) or listings of complete bank account/credit/debit card account numbers from any university databases or files, unless specific written approval has been granted by Treasury. (The storage of truncated numbers, in Treasury approved formats, is permissible.)
- Attend ongoing training sessions delivered by Treasury; annual training is required for those involved with processing credit and debit card transactions.
- Consult the Treasury website for updates including standard operating procedures and guidelines that address:
- Electronic payment receipt
- Approved Payees for checks to be deposited
- Proper safekeeping of funds prior to deposit
- Endorsement of checks
- Check handling for checks not payable to Indiana University
- Check handling for checks payable to the Indiana University Foundation
- Transportation of funds for deposit (e.g. couriers, Accountable Mail-BL only)
- Data security
- PCI DSS compliance
- Fraud prevention
- Using third party vendors to process IU revenue.
Automated Clearing House (ACH): This is an electronic alternative to checks. Direct deposit of pay is an example of an ACH payment.
Bursar External Upload (BEX): Provides interface to IU’s Bursar system for billing student accounts. Campus Administration - Vice Chancellor for Administration and Finance (for IUB campus, the Associate Vice Provost for Finance) or his delegate.
Centralized Payment Card System: The university’s system-wide credit/debit card system administered by Treasury that processes VISA, MasterCard, Discover and American Express.
Data Security: This is a top priority at IU and is covered by several policies and procedures along with numerous Federal and State laws and contractual requirements (i.e. PCI DSS).
Endorsed: The stamping of deposit information on the back of a check using an endorsement stamp approved by Treasury. All endorsements stamps must be provided by Treasury.
External Sales: Defined as an exchange by the university of tangible or intangible products and/or services with external customers for monetary consideration. For the purposes of this policy, an external customer is anyone not paying for the goods or services from an IU account. Transactions handled for technology transfer, license and trademark agreements are excluded from this definition.
Internal Sales: Defined as the sale of goods or services by one university department to another department within the university and to sales within a department. Transactions are completed using an Internal/Service Billing form or the batch processing process that recognizes income and expense between university accounts. If it is considered necessary or efficient for an IU organization or department to sell to another university organization or department in order to accomplish university objectives, then a recharge (or internal service) center must be established in compliance with university policies. All sales activity must be conducted in accordance with university policy and procedures to ensure adequate compliance with federal and state regulations and to minimize legal, insurance, and tax risks. Rates set by recharge centers are subject to review by Financial Management Services (FMS) for compliance with federal cost principles and regulations as well as Indiana University policies and guidelines as set forth in the policy reference section below.
Lockbox: A lockbox is a collection and processing service provided by a third party processor, typically a bank. Treasury handles all banking contacts for the university.
Payee: A person to whom money is being paid or is due, especially in a transaction such as the payment of a check or money order. Some examples of approved payees for Indiana University are:
Trustees of Indiana University
Indiana University, (insert campus, departments, school, etc.)
IUPayment Card: A payment card supports cashless payment for goods and services. Examples are: credit cards, debit cards, charge cards, and smart cards.
Funds must be separately budgeted and accounted for, or;
Funds are restricted to the sponsored activity until expiration of the agreement, or;
The activity is the result of an individual agreement with an external entity with terms and conditions unique to that particular project or activity, or;
The activity is the result of a Federal or Federal Pass Through contracts of any kind.
Any questions as to whether an activity should be considered a sponsored program should be referred to Office for the Vice President for Research.
Payment Card Industry Data Security Standards (PCI DSS): A set of comprehensive requirements for enhancing payment account data security, developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Remote Image Capture: The electronic transmission of check images and deposits to a bank for processing and clearing.
Revenue: Any incoming funds generated from the sale of products and/or services provided by the university or university employees.
Revenue Producing Activity: A revenue producing activity (RPA) is established when revenue is generated from the sale of products and/or services provided by the university or university employees. This definition shall exclude all Sponsored Programs.
Revenue Producing Activity Committee: University level group organized to aid the University in managing the risks associated with sales activities. Representative members are from the Office of the Treasurer, Purchasing, Financial Management Systems, University Counsel, University Information Technology Services, and other areas as needed to consider specific requests. Completed RPA requests are considered twice monthly.
Sponsored Programs: Sponsored programs shall not be considered an RPA under this policy. As a general rule, sponsored programs are differentiated by RPA’s by the following criteria:
- Funds must be separately budgeted and accounted for, or;
- Funds are restricted to the sponsored activity until expiration of the agreement, or;
- The activity is the result of an individual agreement with an external entity with terms and conditions unique to that particular project or activity, or;
- The activity is the result of a Federal or Federal Pass Through contracts of any kind.
Any questions as to whether an activity should be considered a sponsored program should be referred to Office for the Vice President for Research.
When planning or approving business activities, deans, department heads, and other appropriate administrators should ensure that revenue producing activities comply with this policy. Units that do not follow the guidelines set forth in this policy will at a minimum be held responsible for any fines or penalties. Accepting payment cards imposes responsibilities on both IU and the department. Failure to follow defined and approved procedures will minimally result in interruption of revenue processes and may result in immediate termination of the activity.
|Policy Interpretation||Dennis Reedyfirstname.lastname@example.org|
|Policy Interpretation||Ruth Harpoolemail@example.com|
This policy was established on July 1, 2006.