Beginning April 2024, the Controller’s Office Cash Operations Team will resume transfers to the Central Fund of cash, wire, and ACH payments received in UCSF’s main depository account that remain unclaimed for over 12 months. This transfer process was paused in early 2023 to allow Controller’s Office personnel to make improvements to the cash application and department accounts receivable processes. With these improvements complete, more payment information is available to help departments identify and claim funds. Instructions for identifying and handling unclaimed payments, including additional information about outstanding unclaimed payments, are available on the Controller’s Office website. If you have questions about this change, email the Cash Operations Team at [email protected].
While convenience and efficiency are essential to our payment processes, the importance of secure payment processing cannot be overstated. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.All UCSF departments that have merchant capabilities to accept payments in any form are required to have documentation that meets PCI DSS guidelines no later than July 1, 2024, to maintain their merchant eligibility status.UCSF is under continuous scrutiny of our PCI DSS processes. The current cycle of PCI DSS compliance testing has identified that many merchants’ payment process documentation is either not formalized (written), not current, or not complete, and does not meet the compliance requirements. Requirements for achieving and maintaining PCI DSS compliance have been recently communicated to all UCSF merchants and shared throughout 2023 in our Merchant Services trainings. This article aims to assist in understanding these requirements.What Your Department Needs to Meet PCI DSS Guidelines:Payment Process Documentation: Payment process documentation is required to be on hand and reviewed for updates at least annually for PCI DSS compliance. This documentation should contain step-by-step procedures covering the entire payment acceptance process. Be sure to include an effective date and a reviewed date in your document and keep it readily available in a known location for all payment staff.Regularly Scheduled Process Training: All staff, including temporary support staff, must complete training prior to accepting payments and be re-trained annually utilizing the current process documentation in addition to required annual PCI security training.Payment Terminal Maintenance & Inspections: Payment terminal maintenance and inspection process documentation should be in place in each department, specific to the equipment in place. Documentation should include step-by-step inspection processes to ensure that staff understand the minimum monthly reboot process for security updates, that no skimmers or overlays have been applied to the terminal(s), and that the terminal(s) are the original equipment (have not been replaced with a fraudulent terminal) and do not show any other signs of tampering. Terminal inspection schedules should be daily at a minimum and more frequent for public facing terminals that are not attended to full-time.Incident Response Plan: Staff are required to know and understand the current steps for responding to evidence of a terminal being tampered with or stolen, or to any suspected fraudulent activity. Incident response process documentation should be readily available to staff for quick reference. This includes reporting the issue to IT Security, Merchant Services, and UCSF Police as necessary along with disabling the terminal or discontinuing use.Employee and Activity Logs: It is mandatory that each department maintain current logs of all equipment and staff that are authorized to accept, process, or obtain reporting on payments. Logs should include terminal model and serial numbers along with the address of where the terminal resides. Staff names, hire and termination dates, and training dates must also be logged, including those for temporary staff. Terminal inspections must be logged including dates, times, staff name, and notes of the terminal condition. Mobile or wireless terminals that are carried by staff to customer locations or that are utilized by roaming staff must have logs of users and the time of use and return included.Steps to Achieve PCI DSS Compliance:Assess Your Environment: Conduct a thorough assessment of your payment processing systems and payment steps. Include pictures and step-by-step instructions with as much detail as possible in your documentation.Regular Maintenance and Training: Frequent inspection and maintenance of terminals, process document updates, and training of staff will ensure a smooth PCI DSS testing process.Maintain Compliance: PCI DSS compliance is an ongoing process that requires dedication and vigilance. Regularly review and update your PCI DSS procedure documents and logs to ensure they are current with the staff, actions, and systems currently in play for your department.PCI DSS compliance is not just a checkbox exercise; it's a legal obligation and a critical component of responsible day-to-day business practices. By prioritizing the security of cardholder data, UCSF departments not only protect themselves from financial and reputational harm but also uphold the trust and confidence of their customers.Merchant Services is here to support departments in meeting the upcoming deadline. If you have questions, please email [email protected].
The Controller’s Office Student Accounting team regularly conducts training to guide administrators through every aspect of the non-payroll stipend process. New employees responsible for submitting non-payroll stipend requests are encouraged to attend. The training is also a good refresher for all employees who submit these requests.The following sessions are open and available for registration. They will run from 10 to 11:30 a.m. on the given date:March 25, 2024April 18, 2024May 23, 2024June 12, 2024Attendance is limited, and registration is required. Log into the UC Learning Center (opens in new window) to register. This training is presented via Zoom; meeting details will be emailed to registered students prior to the class.If you have any questions about using the UC Learning Center, contact Controller's Office Training Manager Michael Burgess.
The Controller’s Office Student Accounting team regularly conducts training to guide administrators through every aspect of the non-payroll stipend process. New employees responsible for submitting non-payroll stipend requests are encouraged to attend. The training is also a good refresher for all employees who submit these requests.The following sessions are open and available for registration. They will run from 10 to 11:30 a.m. on the given date:April 18, 2024May 23, 2024June 12, 2024Attendance is limited, and registration is required. Log into the UC Learning Center (opens in new window) to register. This training is presented via Zoom; meeting details will be emailed to registered students prior to the class.If you have any questions about using the UC Learning Center, contact Controller's Office Training Manager Michael Burgess.
UPDATE: This announcement was updated to reflect corrected pay dates and deadlines. The compensatory time payout will occur on April 18, 2024. All leave requests must be approved in HBS or submitted using the SmartSheet request form by 5 p.m. on April 10. If you need further assistance, contact the Controller's Office Solution Center.The next twice yearly compensatory time payout will occur on April 18 as a separate off-cycle payment. The payout will be based on each employee's comp time off (CTO)/holiday comp time (CTU) balance as of March 30.CNA employees will be paid down to 36 hours. Shift pay for the CTO/CTU paydown will be paid on the 04/24/2024 on-cycle pay date.HBS Leave RequestsApproved CTO/CTU leave requests for future-dated leaves will not be included in the compensatory time payout. Leave requests made through the HBS Leave Request page must be in an approved state by 5 p.m. on April 10, 2024, to ensure that those hours are not paid out.Non HBS Leave Requests – includes Clairvia/OnOrOff/other Scheduling SystemsEmployees who use Clairvia/OnOrOff/other scheduling systems do not have access to the HBS Leave Request page and must use the alternate procedures for future-dated leave requests:Confirm approved future-dated CTO leaves.Complete a request to preserve CTO/CTU balances approved for future leaves by 5 p.m. on April 10 using this SmartSheet request form.For more information about compensatory time off, consult the UCSF Medical Center administrative policies (MyAccess login required).If you have questions about HBS or the compensatory time preservation process, contact the Controller's Office Solution Center.
We have reached capacity for the April and May sessions of the current Post Award Management (PAM) training series. If you are registered and will not be able to attend, please cancel your registration in the UC Learning Center to make your seat available.The next PAM training series will be announced soon. We encourage new research administrators to review post award financial administration guidance on the Controller’s Office website and to stay informed by joining the Research Administration forum on Microsoft Teams.If you have questions about using the UC Learning Center, contact Controller's Office Training Manager Michael Burgess.
Starting April 2024, Contracts and Grants Accounting (CGA) will streamline escalation notifications for awards that are out of compliance with the award verification process.Here’s what you need to know:Quarterly Notification Schedule: the simplified escalation process will send quarterly notifications for overdue awards in January, April, July, and October.Verifications Past Due by One to Three Months: the Principal Investigator (PI) and Research Services Analyst (RSA) will receive notification of all awards with verifications up to three months overdue. RSA notifications will group awards with overdue verifications by the Award PI.Verifications Past Due by Four or More Months: CGA will notify the Department Financial Administrator, Award PI, and RSA of all awards with verifications overdue by four or more months.Failure to complete award verifications at least quarterly will result in an escalation of past due award verifications. The lack of completed verifications may jeopardize the submission of future proposals, cause a proposal to be withdrawn, and/or result in the transfer of personal services and other unverified expense activity to an unrestricted fund.If you have questions or need assistance, please reach out to [email protected].
Coming later this month, Award Verification Tool users will see several new enhancements to the web version of the application. In response to feedback from UCSF’s research administration community, the following new features aim to streamline the user experience:Buttons to verify individual awards and review individual projects are replaced by checkboxes. Save time by selecting multiple awards or projects before verifying or reviewing.Verify and review buttons in section headers have a new color scheme to enhance visibility.The display settings you select for each dashboard section are retained the next time you return to the dashboard or log into the tool.The ability to expand and collapse is expanded to all sections in the tool.For a more detailed review, visit the Using the Award Verification Tool training page on the Controller’s Office website. If you have questions, contact [email protected].
Petty Cash verification letters were distributed via DocuSign to all petty cash custodians on January 17, 2024. Custodians must complete verification letters no later than Wednesday, February 14, 2024.Failure to comply with the required process may result in closure of the petty cash fund. If you did not receive a DocuSign email containing your petty cash verification request or if you have questions about the verification process, contact the Cash Operations Team.
Human Resources and Payroll developed a new timesheet change form for requesting changes to campus employee timesheets after the pay period has closed in HBS. The new form is available on the Controller’s Office website.The prior forms will only be accepted through March. If you have bookmarked the prior forms or have a copy of the form saved locally, please update your systems with the new form.You can submit completed forms to Human Resources by submitting an HBS Timekeeping case in PeopleConnect (opens in new window) and attaching the completed form.Features of the new form include:One consolidated form for all campus employees, replacing the three existing formsAn Excel file that replaces the PDF file for easier editingDetailed instructions to assist the employee and supervisor on how to complete the formAll applicable pay codes are available to select on the formAdditional fields available for notes, entering time for concurrent appointments and/or entering funding overrides as neededReach out to your HR Generalist (opens in new window) with any questions.
