Skip to main content

Tip of the Month logo

December 2021

The Policy Framework

The Policy Framework sets behavioral expectations across the University. The Policy Framework empowers members of the University community with the knowledge, protection, and flexibility they need to perform their day-to-day roles and responsibilities within certain defined boundaries. The Policy Framework also constrains members of the Carolina community outside of those defined boundaries, thus reducing institutional risk. Finally, the Policy Framework shifts the University to a more proactive policy development and risk management model by formalizing the process by which Policies, Standards, and Procedures are developed, approved, reviewed, published, and communicated; promoting consistency, efficiency, and transparency; and reflecting best practice in higher education.

Previous Tips

1505.3 – Procedure for Reconciling a Travel & Expense Card

The University has developed a process that allows T&E Card charges to be reconciled and/or reallocated to other accounts in Concur Expense.

Charges are available to reconcile after the merchant submits the charge, the bank receives and processes the data and then feeds the transaction data to Concur Expense. This normally takes one to three business days. Concur Expense will automatically send email notifications when “new company card transactions arrive.”

Email Domain Policy

Email accounts used to conduct the business of the University require that appropriate security, backup, and records-retention measures be in place. Departments may wish to host or contract for separate email systems using either unc.edu sub-domains (such as “physics.unc.edu”) or entirely separate domains (such as “unclatindepartment.org”). This policy balances that option with the University obligation to ensure that public records and sensitive information are protected appropriately.

1105.2 – Procedure for Overpayment Recovery

Overpayment occurs when compensation that is not owed to an employee is paid in error. The primary cause of employee overpayments is late salary actions; however, this does not negate an employee’s obligation to repay overpaid funds immediately.

Passwords, Pass-phrases, and Other Authentication Methods Standard

Many information security incidents result from unauthorized access to information stored on computers. Frequently, access to such information is controlled through the use of passwords, pass-phrases, and other authentication methods… In accordance with the Information Security Policy this document sets forth password/pass phrase requirements for all UNC-Chapel Hill individual user accounts, administrator accounts, and system accounts.

1229 – University of North Carolina at Chapel Hill Policy on Responsibility for University-Purchased Goods, Services, and Equipment

The administrative head of a University school, department, or division (such as a chairperson of a department), or the principal investigator (PI) of a sponsored research project, is accountable for all supplies, services, materials, and equipment purchased in the school’s, department’s or center’s name, regardless of the source of funds. The administrative head is responsible for developing and implementing the internal controls necessary to protect such materials from theft and abuse, and that accurate records be maintained regarding proper identification and location of movable equipment…

Records Retention and Disposal Policy

The Records Retention and Disposal schedule is a tool for the employees of UNC-Chapel Hill to use when managing the records of the University.

1102.2 – Reporting Payroll Exceptions Procedure

This procedure’s intent is to correct pay records and accurately pay all University of North Carolina at Chapel Hill employees.

Policy in Terms of Use for Administrative Systems

In accordance with the Enterprise Data Governance Policy and Acceptable Use Policy all users who access enterprise data or University systems in performance of their assigned duties, including, but not limited to, viewing, entering, downloading, copying, querying, storing, disclosing, or updating data or information must adhere to the following tenets:

  • Confidentiality: Respecting the confidentiality and privacy rights of individuals whose records they may access. Reporting any known or suspected breaches of University Information in a timely manner according to procedures defined in the Incident Management Policy and the Privacy of Protected Health Information Policy.
  • Ethics: Observing the ethical restrictions that apply to information to which they have access.
  • Policy Adherence: Abiding by applicable laws and University policies with respect to access, use, protection, proper disposal, storage, and disclosure of information.
  • Responsible Access: Accessing and using enterprise data only as required in their conduct of University business.

1229 – University Responsibility for University-Purchased Goods, Services and Equipment

The administrative head of a University, school, department or division (such as a chairperson of a department) or the principal investigator (PI) of a sponsored research project, is accountable for all supplies, services, materials, and equipment purchased in the school’s, department’s or center’s name, regardless of the source of funds.  The administrative head is responsible for developing and implementing the internal controls necessary to protect such materials from theft and abuse, and that accurate records be maintained regarding proper identification and location of movable equipment. Furthermore, the administrative head is responsible for ensuring the goods and/or services provided meet and continue to meet the specifications, terms and conditions indicated on the relevant supplier contract or purchase order (PO).

1218.1 – University of North Carolina at Chapel Hill Procedure on Determining Vendor Documentation

Changes to vendor direct deposit bank accounts need to be confirmed by the department requesting the update, with a known contact for the vendor.  Once departments receive vendor information, they should upload the direct deposit form for vendors and a copy of a voided check or bank letter, through Campus Vendor in ConnectCarolina.

Records Retention and Disposal Policy

The Records Retention and Disposal schedule is a tool for the employees of UNC-Chapel Hill to use when managing the records of the University. It lists records found in an office and gives an assessment of their value by indicating when (and if) those records should be destroyed. The schedule is also an agreement between the office, the University Archives and Records Management Service (UARMS) and the North Carolina Department of Cultural Resources (DCR).

According to G.S. §121-5 and G.S. §132-3, you may destroy public records only with the consent of DCR. DCR has an agreement with UARS to provide records management services to the University of North Carolina at Chapel Hill. This schedule is the primary way DCR gives consent through UARS for the destruction of University records. Without an approved schedule, your office cannot destroy any record, no matter how insignificant.

Office of Sponsored Research 300.04 – Pre-Submission Compliance Requirements

The University and any persons conducting research on behalf of the institution are required by law to comply with established Federal standards regarding sponsored research. In conjunction, the University is responsible for maintaining compliance through training and education, communication between and among researchers, monitoring, and auditing systems to detect compliance issues, and preventing non-compliance by proactively accessing and responding to compliance concerns.

1226 – University of North Carolina at Chapel Hill Policy on Purchase Authorization

Each school, department, and division within the University is given a budgetary allotment for purchases. The administrative head (dean, director, department head) of each area is fiscally responsible for the appropriate use of this allotment and has the sole authority to make purchases. The administrative head may delegate this authority to another University representative to approve charges against the department’s budget; however, this delegation of authority does not relieve or excuse the budgetary head from their responsibility for the allotted budget.

1218.1 – Procedure on Determining Vendor Documentation

Changes to vendor direct deposit bank accounts need to be confirmed by the department requesting the update, with a known contact for the vendor. Once departments receive vendor information, they should upload the direct deposit form for vendors and a copy of a voided check or bank letter, through Campus Vendor in ConnectCarolina.