Receipting and Banking Procedures

Application

These procedures apply to all University members who either collect, manage, or receive monies on behalf of the University.

Purpose

To ensure that appropriate procedures are in place so that financial controls are applied to the receipting of all monies received by the University, and to detail the related responsibilities of University members. These procedures are to be read in conjunction with the Receipting and Banking Policy.

Procedures

Daily banking

1. All monies paid to the University are to be receipted on the same day.

2. Payments are to be banked daily.

3. Cash remittances will be accepted but must be separately identified as such when processing receipts.

4. The total amount of cash to be banked on any given day must be balanced to the cash takings and recorded on the serialised bank deposit slip.

5. A serialised bank deposit slip must be prepared for all cash payments. Books of bank deposit slips are to be ordered from the Shared Transaction Centre via service cloud.

6. The Shared Transaction Centre has engaged a security company to collect University banking for depositing with the bank each day.

7. The security company’s customer receipts for each bag must be retained at each cashiers’ office to ensure that there is a complete audit trail from the point-of-sale to the general ledger.

8. Access to cashiering functions in all electronic receipting systems must be controlled by individual operator passwords.

9. The username of the staff member who completes the daily banking must be entered onto the cashiers’ office balancing sheet.

10. A copy of the cashiers’ office balancing sheet is to be forwarded to the Shared Transaction centre via email to collections@auckland.ac.nz by noon of the next working day.

11. These balancing sheets will be used to reconcile to the bank statement.

12. Any variances must be recorded accurately and will be reviewed for each cashiers’ office monthly by the Shared Transaction Centre.

Refunds

13. Refunds are prepared by the administrator of the cashiers’ office or department by completing the digital FS-04 Form, or the SS-01 Form for student fee refunds.

14. Refunds are to be authorised by the manager of the department; authorisation can be attached to the digital form.

15. Refunds submitted by 12:00 PM on Friday are collated and checked weekly by the Accounts Receivable team. The refund payment will be processed to the customer's bank account by the following Friday.

16. Refund payments are approved and made under Delegated Financial authority by Financial Operations as per the Financial Delegations Register.

17. Refunds can only be made on the condition that:

  • the original receipt is produced by the claimant.
  • the refund can be made at a cashiers’ office or using an EFTPOS terminal.
  • the refund must be by the same tender type as the original payment provided.
  • the refund takes place on the same day as payment and
  • the amount is less than $200, and
  • the customer is present to receive the refund

EFTPOS and card payments

18. Card information must not be stored electronically or in paper records in accordance with PCI-DSS requirements.

19. EFTPOS transactions must be identified by card type and balanced to the EFTPOS total each day.

20. Card payments will include an additional convenience fee charged to the customer.

21. Online payment systems and solutions can only be implemented in consultation with the Connect Digital Services cyber security team and Financial Operations.

22. The University uses a PCI-DSS compliant and approved vendor to manage all its Online payments, including card payments and Account2Account payments.

23. University members using EFTPOS terminals must complete EFTPOS terminal training e-module prior to operating a terminal. Training is to be renewed on an annual basis or after a security incident has occurred, whichever is the sooner.

Card information

24. Card information must not be stored electronically or in paper records in accordance with PCI-DSS requirements.

25. Card information must not be sent or received through insecure channels such as email, instant messaging or social media, and payment must not be processed. If card details are received through an insecure channel, they must be deleted immediately and prior to responding to the sender.

26. Card information received by paper record such as post or written down over the telephone must be blacked out with a marker pen, the document photocopied and the original shredded or disposed of.

27. Card receipts must be made in accordance with PCI-DSS requirements as outlined above.

Responsibilities

28. Departments and cashiers’ offices are responsible for:

  • reconciling sales to the to the bank transactions each month, as allocated to the department in the general ledger by the Shared Transaction Centre
  • three-way reconciliation (part 1 to 3)

29. Shared Transaction Centre is responsible for:

  • matching and allocating bank account transactions to the departments
  • receipting bank account transactions into the transactional systems where agreed.

30. Group Financial Control is responsible for:

  • reconciling Bank transactions to the general ledger each month
  • three-way reconciliation (part 2 to 3).

31. Financial Operations is the business process owner for receipting, banking and refunds, associated payment solutions and PCIDSS compliance and are responsible for:

  • approving the business processes for receipting and banking, including compliance with associated tax invoice and receipt templates.
  • liaising with the University’s bank for creation of merchant numbers
  • liaising with the University’s suppliers for EFTPOS and online payment portals
  • assisting cashiers’ offices, departments, and Digital Services on deployment and implementation of payment solutions.
  • monitoring and ensuring PCI-DSS standards are met and maintained over time

32. Digital Services own the business process, and associated business solutions, for Web standards and are responsible for:

  • assisting the departments
  • installing any necessary security certificates (online payment solutions)
  • maintaining a complete record of online receipting websites
  • maintaining and promulgating web standards
  • supporting Financial Operations with PCI-DSS systems monitoring and remediation

Training

33. University members can enrol in EFTPOS terminal training by raising a request to Staff Service Centre > Human Resources > Organisational Development (OD).

34. It is the responsibility of the EFTPOS terminal manager to ensure that new members enrol in the EFTPOS Terminal Compliance Course, and that existing members keep up the annual training.

35. Should a security incident occur, this training must be repeated by the member to reinforce the EFTPOS terminal Compliance.

Definitions

The following definitions apply to this document:

Account2Account (sometimes known as POLi) is an alternative to accepting cards online. It allows customers to make an online payment using their own internet/online banking.

Business solutions is a general term that applies to the process and/or technology needed to record a customer transaction and issue an invoice/receipt following payment.

Card information means all the card numbers except the first 6 digits and the last 4 digits and the CVC number (if applicable).

Card payments means any Debit or Credit card payments where the carrier card company is Visa or Mastercard.

Cashiers’ offices are approved designated departments that are approved to receive cash payments.

EFTPOS means Electronic Funds Transfer at Point of Sale.

In person means all monies handled directly by University members.

Members means those persons who make up the University as set out in section 3(2) of The University of Auckland Act 1961 and includes University employees, students, Council committee members, contractors, sub-contractors and invitees.

Online means all payments/monies handled electronically by the University’s approved provider.

Payment Card Industry Data Industry Security Standard (PCI-DSS) is a standard the University must comply with because it accepts card payments. The standard was established by the payment card industry to define an appropriate set of security standards expected to be maintained by organisations receiving card payments.

Payment systems and solutions is a general term that applies to the entire technology needed to accept a customer transaction at your site.

Three-way reconciliation means a reconciliation between sales (1), bank (2), and the GL-general ledger (3), Three way is part 1 to 2, part 2 to 3, and part 3 to 1.

University means the University of Auckland including all subsidiaries

Key relevant documents

Document management and control

Owner: Chief Financial Officer
Prepared by: Head of Financial Operations
Approved by: Vice-Chancellor
Date approved: 27 July 2021
Review date: 27 July 2026