Processing Revenue

Scope

This policy governs the accepted payment methods and establishes revenue processing requirements to support all receipts of Indiana University, including those approved as Revenue Producing Activities (“RPAs”), and revenue processed by third party vendors on behalf of IU.

Revenue Producing Activities considered to be exempt from this policy include:

1. Revenue generated by Self-Governed Student Organizations (SGSO)
2. Revenue handled entirely by the Indiana University Foundation
3. Sponsored Programs as defined by the Office for the Vice President for Research

This policy will aid in managing risks associated with revenue processing/producing activities and applies to all university units engaging in internal and external revenue producing activities, whether or not revenue is processed on campus or off. It also applies to any entity or individual processing revenue through IU accounts or through IU technology systems/resources, including external as defined in FIN-TRE-90 and, except as provided below, all student organizations.

It establishes revenue processing requirements and makes references to existing financial, ecommerce, technology, and purchasing policies, as well as relevant externally imposed regulations including, but not limited to, those originating from state, federal and taxing agencies. This policy also covers revenue generated from reportable program income on Contract and Grant accounts. The revenue processing provisions covered in the Intellectual Property Policy, UA-05, which defines the rights of the University and the creators of intellectual property, supersede this policy.

This policy applies to any unit or person processing revenue through IU accounts or through IU technology systems/resources, including external agencies and affiliates. This policy does not apply to revenue producing activities of SGSOs that are not processed through a university account or through IU technology systems.

Activities with less than $1000 of annual revenue will not need to be reviewed under this policy; however, these activities should be directed to Treasury Operations for a consultation to determine how to best process the revenue in a safe, efficient, and compliant manner.

Back to top

Policy Statement

1. The Office of the Treasurer (“Treasury”) will establish the accepted payment methods and processes to support all RPAs of Indiana University. Treasury will review current and proposed revenue processing areas, as stated in this policy. These reviews may be conducted for any of the following reasons: RPA for new activity, change in activity or form of payments accepted, change in vendor, change in university policy, or at the request of university administration. These RPA reviews will cover all university revenue processing activities whether located on or off an IU campus. The unit head, unit fiscal officer, and campus administration are responsible for compliance with implementing the instructions contained in the review. 
2. All requests for RPAs will be reviewed by the Revenue Producing Activity Committee (RPAC). Prior to submission to the RPAC, RPAs must be approved by the RC Fiscal Officer and campus business officer. Revenue must be deposited in an approved university bank account(s) and recorded with the appropriate general ledger account(s) and object code(s).
3. Treasury, in accordance with best practices to efficiently and securely process payments, will standardize revenue processing within IU across similar functions. Purchases of any systems or software to process revenue (including integrated cash registers), and any contracts with vendors to process revenue must be approved by Treasury. No unit has the authority to purchase credit card processing software without first obtaining the explicit permission of Treasury. Revenue producing activities with less than $1000 of annual revenue will not be set up to accept payment cards.
4. Treasury has operational authority over the acceptance and deposit of all payments received by the university, including those received at the individual unit level.
5. All units must employ consistent payment types across similar revenue generating activities.
6. Revenue processing procedures should enable operational efficiency with an optimal cost structure.
7. All revenue processing procedures must maintain the highest level of available operational controls to reduce the possibility of fraud, loss of assets, and/or loss of sensitive university data.
8. Any business needs for exceptions to standard university processes must be approved in advance of their implementation by the Revenue Producing Activity Committee (RPAC) in consultation with campus and university administration, on a case-by-case basis.
9. All receipts must be deposited into an approved university bank account and recorded with the appropriate general ledger account(s) and object code(s). All incoming funds over $500 should be deposited within one day of receipt. Amounts less than $500 should be deposited at least weekly. A general ledger document must be prepared the same day as the deposit. The daily deposit amount for coins and currency may be increased for some units to meet operational efficiency needs only with explicit permission from Treasury. Exceptions to the timing of deposits may be made by Treasury as a result of emergency situations such as extended campus closures. Funds awaiting deposit must be kept in a secure, locked device until deposited. The method used to secure the funds should be appropriate for the amount. For example, a locked desk drawer would be adequate for $50; however, a safe would be required for $1000. Treasury sets threshold amounts and may adjust them to meet operational needs.

Back to top

Reason for Policy

The purpose of this policy is to standardize revenue processing within Indiana University across similar functions with efficient solutions characterized by strong controls to reduce the risk of fraud and/or loss while increasing the efficiency of its cash.

• The fiscal officer of the account receiving revenue is responsible for implementing proper revenue processing procedures and payment methods, and the unit represented by the fiscal officer assumes responsibility for payment risks and compliance.
• Treasury will provide ongoing education regarding accepting payments in compliance with IU’s data security policies and the Payment Card Industry Data Security Standards (PCI DSS) requirements.

Back to top

Procedures

Revenue processing requirements will involve the following:

1. Process payments electronically whenever possible or practicable.
2. Eliminate, where possible, face-to-face payments at the unit level through the use of web based and/or lockbox processed transactions.
3. Use standard IU revenue collection processes to link payment options directly into the university’s Kuali Financial System (“KFS”), whenever possible, to ensure the timely recording of transactions and to expedite the prompt reconcilement of general ledger and bank accounts. 
4. Discourage the use of cash to reduce the high administrative costs associated with its handling and transport.
5. Endorse all checks immediately upon receipt and ensure that payee is appropriate.
6. Prepare a KFS document and put in transit for deposit, via a method approved by Treasury, or remote capture the check(s) and prepare a KFS document within one day of receipt. Exceptions to allow checks to be held longer before depositing may be made by Treasury due to emergency situations.
7. All revenues must be deposited into a university approved bank account per  FIN-TRE-52, Establishing and Closing University Bank Accounts.
8. Ensure separation of duties for all revenue processing per FIN-ACC-470, Internal Controls.
9. Verify that only IU employees, its agents, or individuals specifically approved by Treasury are processing revenue and making deposits.
10. Use remote capture to process and deposit all checks, excluding foreign checks.
11. Ensure that all employees involved in revenue processing or with access to university banking/payment card systems have completed Treasury Revenue Processing Training annually. This training is available on the Office of the Treasurer website.
12. Ensure that all employees involved with processing credit and debit card transactions complete Security Awareness (SAE) training annually. This training is available on the Office of the Treasurer website.
13. Work with the campus human resources office to ensure that all such background checks are performed within the requirements of IU’s Background Check policy; completion of background checks for all employees involved in revenue processing prior to the employee assuming payment processing responsibilities is strongly encouraged.
14. Conduct all revenue processing activities in accordance with all university policies and state and federal regulations regarding data security, specifically including PCI DSS. 
15. Delete/remove copies of checks (paper or electronic) or listings of complete bank account/credit/debit card account numbers from any university databases or files, unless specific written approval has been granted by Treasury. The storage of truncated numbers, in Treasury-approved formats, is permissible.
16. Consult the Office of the Treasurer website for updates including standard operating procedures and guidelines.

Procedures for Establishing or Modifying Revenue Producing Activity (RPA)

Treasury will exercise its operational authority over the acceptance and deposit of all IU revenue, in accordance with best practices, to efficiently and securely process payments and any associated data.

To establish a new RPA or make changes to an existing activity, the department must: 

1. Schedule a preliminary review meeting/discussion with the fiscal officer to explain the proposed activity.
2. Prepare a budget and/or business plan. A budget template is available on the Online RPA System site.
3. If a recharge center, prepare a schedule of rate calculations for the operation under the guidance of the Office of the University Controller.
4. Complete a Revenue Producing Activity Questionnaire (RPAQ) through the Online RPA System site.
5. The completed RPAQ will route to all levels of campus approval, then to the Revenue Producing Activity Committee (RPAC). Submission by the campus signifies endorsement and support for the activity. Planning should include approximately 14-21 days for review.

RPAC reviews will include, but not be limited to compliance with University mission, compliance with existing external requirements and University policy, efficiency of request, redundancy and risk.

The committee will communicate its decision by email.

The RPAC may be composed of members from the following functional areas:

Treasury, Office of the University Controller, Purchasing, UITS, University Budget Office, Other areas including but not limited to University Counsel, University Architect, Risk Management, or Public Affairs and Government Relations may be brought in to review specific requests as appropriate. Depending on the nature of the request, other departments may be consulted.

Back to top

Definitions

Conflict of Interest Disclosure Statement: Under Indiana State law and reiterated under the university Conflict of Interest Policy, University employees and their dependents are prohibited from having an aggregate financial interest of $250 or more per year in, or deriving an aggregate profit of $250 or more per year from, any contract(s) or purchase(s) connected with the University. If the employee is not a member or on the staff of the governing body empowered to purchase or contract, and the functions and the duties performed by the employee for the University are unrelated to the purchase or contract, employees and their dependents may have an interest in, or derive an aggregate profit from, a purchase or contract with the University of $250 or more if:

1. The employee first obtains the written approval of the Board of Trustees, and:
2. Files a disclosure with the Indiana State Board of Accounts.

Contract and Grant Account: Award funds supervised through the IU Office of Research Administration. This includes any grants, contracts, and cooperative agreements awarded to Indiana University researchers. Because Indiana University (not the school, department, center, or individual faculty member) is the legal entity for all awards, each agreement must support IU's mission and protect the rights of the researchers.

Data Security: this is a top priority at IU and it covered by several policies and procedures along with numerous Federal and State laws and contractual requirements (i.e. PCI DSS).

Endorse: The stamping of deposit information on the back of a check using an endorsement stamp approved by Treasury. All endorsements stamps must be provided by Treasury.

External Sales: An exchange by the university of tangible or intangible products and/or services with external customers for monetary consideration. For the purposes of this policy, an external customer is anyone not paying for the goods or services from an IU account. Transactions handled for technology transfer, license and trademark agreements are excluded from this definition.

External Revenue Producing Activities: An exchange by the university of tangible or intangible products and/or services with external customers for monetary consideration. For the purposes of this policy, an external customer is anyone not paying for the goods or services from an IU account. Transactions handled for technology transfer, license and trademark agreements are excluded from this definition.

Internal Revenue Producing Activities: The sale of goods or services by one university unit to another university unit; sales within a unit.

Internal Sale: The sale of goods or services by one university department to another department within the university and to sales within a department. Transactions are completed using an Internal/Service transfer document. If it is considered necessary or efficient for an IU organization or department to sell to another university organization or department in order to accomplish university objectives, then a recharge (or internal service) center must be established in compliance with university policies. All sales activity must be conducted in accordance with university policy and procedures to ensure adequate compliance with federal and state regulations and to minimize legal, insurance, and tax risks. Rates set by recharge centers are subject to review by the Office of the University Controller for compliance with federal cost principles and regulations as well as IU policies and guidelines as set forth in the policy reference section below.

Lockbox: A collection and processing service provided by a third-party processor, typically a bank. Treasury handles all banking contacts for the university.

Payee: An individual to whom money is being paid or is due, especially in a transaction such as the payment of a check or money order. Some examples of approved payees for Indiana University are: 

• Trustees of Indiana University 
• Indiana University
• Indiana University, (insert campus, unit, school, etc.)

Payment Card: A payment card that supports cashless payment for goods and services. Examples are: credit cards, debit cards, charge cards, and smart cards.

Payment Card Industry Data Security Standards (PCI DSS): A set of comprehensive requirements for enhancing payment account data security, developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.  International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Remote Capture: The electronic transmission of check images and deposits to a bank for processing and clearing.

Revenue: Any incoming funds generated from the sale of products and/or services provided by the university or university employees.

Revenue Producing Activity: An activity that generates revenue from the sale of products and/or services provided by the university or university employees. This definition excludes all Sponsored Programs.

Self-Governed Student Organizations:  Student organizations that are considered organizations separate from Indiana University and that must agree to and operate under specified conditions in order to use university facilities and services and receive benefits associated with the Indiana University name; to be distinguished from University Student Organizations, which are treated as operating units or agencies of IU within the administrative and fiscal structure of Indiana University. See STU-01 for more information.

Sponsored Programs: Sponsored Programs shall not be considered an RPA under this policy. Any questions as to whether an activity should be considered a Sponsored Program should be referred to Office for the Vice President for Research.

Back to top

Sanctions

When planning or approving business activities, deans, unit heads, and other appropriate administrators should ensure that revenue-producing activities comply with this policy. Units that do not follow the guidelines set forth in this policy will, at a minimum, be held responsible for any fines or penalties. Generating and processing revenue and accepting payment cards imposes responsibilities on both the university and the unit. Failure to follow defined and approved procedures will minimally result in interruption of revenue processes and may result in immediate termination of the activity.

Back to top

Additional Contacts

Back to top

History

This policy was established on July 1, 2006.

This policy was revised on March 5, 2015 to emphasize training requirements for full-time, part-time, and student employees.

This policy was updated on August 18, 2021.

This policy was updated on June 6, 2024 and merged with FIN-TRE-121: Establishing and Modifying Revenue Producing Activities (RPA).

Back to top