Cashiering Internal Control Questionnaire 1. Are Batch Totals Reports approved by Office Supervisor? 2.

Is cash kept hidden from customers? 3. Are cash related file cabinets and safes closed when not in use? 4. Are rear/side doors locked to prevent uninvited access? 5. Are supply items properly safeguarded? 6. Do cashiers periodically remove excess cash from cash drawers (skim)? 7. If skimming is performed: o Do cashiers maintain a copy of the bank deposit slip in their cash drawe rs to evidence the "skim"? o Does cash in the drawer approximate the change fund after a skim? o Are "skimmed" funds placed in the safe for later deposit? 8. Are all checks restrictively endorsed? 9. For cashing of checks: o Are employee personal checks approved by Office Supervisor? o Are employees prohibited from cashing their own personal checks through their own cash drawer? o Is cashing of employee personal checks limited to $100? o Is use of 2nd party (except Social Security) and 3rd party checks for bi ll payment or cash prohibited? o Are government checks (Social Security) cashed only for payment of the e lectric bill? o Are account and drivers license numbers included on the checks? 10. Do cashiers use disposable bank bags and individually lockable cash draw ers and cash boxes? 11. Do cashiers maintain sole control over their own bank bag, cash drawer a nd cash box keys? 12. Are monies and paid stamps locked up during cashiers' breaks? 13. Is balancing performed in an area outside of public view? 14. Is cash balancing performed as late as possible to ensure the maximum nu mber of transactions are processed by the system and maximum cash is deposited? 15. Do cashiers use counterfeit detection pens on all $50's and $100's and, as time permits, $20's? 16. Are cash boxes and bank bags locked in the safe at night? 17. Does Office Supervisor perform periodic cash counts of cashiers' cash dr awers at least every 6 months which are logged? 18. Are cashiers with unexplained cumulative cash shortages within the last 12 months disciplined?: 19. Do only current regular employees know the safe and/or drop box combinat ion and have access to keys? 20. Do business office personnel verify picture ID and courier (armored car service) signature? 21. Are Receipts for cashiers' change funds properly signed and approved? 22. Are cash deposits made on a timely basis? 23. Does someone at the office compare validated deposit slips to Batch Tota ls Reports for correct amount, date, and bank? 24. Are employees prohibited from processing transactions against their own accounts? 25. Are all deletes on cashier journal tapes approved by the office supervis or? 26. Does the Office Supervisor track overages / shortages by cashier? 27. Does the Supervisor or designee verify the following daily: o That the Associate/Assistant has listed the bank bag number and the amou nt of deposit (in ink) on the deposit bag and the deposit bag tear off strip? o That the Associate/Assistant has listed the deposit amount (in ink)on th e bank bag log or manifest? 28. Does the supervisor require a background check for all new employees (ca sual, part-time and full-time employees)? 29. Does the supervisor require each employee to read, sign and date the Sec urity of Customer Records Acknowledgment Statement and Information Services USER

ID Authorization Request? 30. Does the supervisor or designee verify that all security cameras are ope rational and are properly positioned (if applicable)? 31. Does the supervisor or designee change the VCR tapes weekly and utilize the VCR Security Log (if applicable)? 32. Does only the supervisor maintain control of building keys and spare set of cash drawer keys? 33. Are employees (supervisor, designee or cashier) prohibited from processi ng payments or any other CSS transaction on their personal, family s or friends without approval? 34. During regular operating hours, o Are all exterior doors (with the exception of the front lobby doors) kep t locked at all times? o Are doors to the cashiering area kept locked at all times? o Are unknown persons admitted to the cashiering area only with proper pic ture ID? 35. Has the supervisor scheduled yearly information meetings by Security to update personnel on safety issues? 36. Are Collection Reports properly prepared and verified by store personnel ? 37. Are Collection Reports mailed separate from stubs and receipts? 38. Are all documents validated/stamped by the collector? 39. Are Agent Collectors providing validated deposit slips for collections w here deposit are made directly to company accounts? Application System Internal Control Questionnaire 1. Are there written instructions or online help available for processing a ll transactions for this application? 2. When transactions are initiated through program logic, are listings or r eports sent to the user department? 3. Are the procedures for controlling input the same when applied to correc ting entries? 4. Are there controls or procedures which effectively prevent persons outsi de the company from accessing, via terminals, the files of this application? 5. Are the installation's standard sign-on and sign-off procedures used on this application? 6. Does the system record which users processed transactions that altered t he contents of the file? 7. In the event that unauthorized access is attempted, what procedures prev ent additional attempts? 8. Is a computer generated log entry created for: o Each message? o Each sign-on? o Each sign-off? o All transactions? o Other: 9. Are the computer generated logs reviewed and summarized for: o Unusual activity? o Error rates by user? 10. Are record counts and control totals generated through the online input process and used to validate the completeness of data entry? 11. Does management take strong corrective action when security violations a re noted? 12. Is ACF2 password protection used? 13. Are all security violations logged? 14. Is adequate documentation maintained on security procedures? 15. Can each transaction be associated with a USERID number? 16. Is a non-printing feature used when the operator keys in a password? 17. Does each user of the application have a unique LOGONID? 18. Are users instructed on how to keep their passwords secure? 19. Are passwords changed at least every 90 days?

account

PROCESSING CONTROLS 20. Are on-line data validation and editing performed as early as possible i n the transaction processing cycle to ensure that errors are detected and correc ted quickly? 21. Are use of overriding or bypassing data validation and editing routines restricted to designated personnel? 22. Are all uses of the override/bypass feature logged and analyzed for appr opriateness and correctness? 23. Does the application include edit routines to check each transaction for : o Completeness? o Consistency within the transaction? o Transaction validity? o Proper processing period? o Proper cross-footing? 24. Does the application include edit routines to check each applicable fiel d in the transaction types for: o Missing date? o Limit checks? o Range checks? o Check digit validity? o Valid Codes? o Proper sequence? o Proper format? 25. Does the application include edit routines to check each character in a transaction, where applicable, for: o Numerics? o Alphabetic? o Special characters? o Sign? o Blanks? 26. Are there written instructions or online help available for correcting a ll errors detected? 27. Are resubmitted transactions processed identically to those submitted fo r a first time? 28. For on-line real-time processing, are all transactions automatically log ged, stamped and dated to provide a complete audit trail? 29. Can messages and data be traced back to the terminal and user or origin? 30. For applications that update files, does the system protect against conc urrent file updates? 31. Are all changes to the application thoroughly tested and approved by the user before being placed into production? 32. Have users received sufficient training on use of the application? 33. Can users correct errors before they are transmitted? 34. Have adequate user manuals been prepared and distributed to the users? 35. Are operators in IT prohibited from: o Initiating any transactions? o Processing an unusual program without an approved written request? o Duplicating a file without an approved written request? 36. When processing transactions against a master file: o Does the program prevent duplicate master records from being established ? o Are listings printed for all master changes showing: The master record before change? The master records after change? The nature of the change? 37. Does the program check for illogical results prior to changing the maste r record? 38. Are all transactions not processed:

o Reported with reason? o Placed in a suspense file? 39. Are master files periodically reviewed by a program which reads the enti re file and: o Counts all records? o Totals all fields used to control the file? o Crossfoots records where applicable? 40. Are master files periodically purged of obsolete records? 41. Does the application include routines to check the results of calculatio ns for reasonableness? 42. Is the application processed according to a predefined schedule? 43. Are IT's standard library procedures followed for this application? 44. Are programmers prohibited from using live data files from this applicat ion for testing? OUTPUT 45. Is all output from computer operations reviewed for reasonableness, accu racy, and legibility before distribution? 46. Are totals on output reconciled to predetermined totals? 47. Does Data Control have written procedures which include: o Frequency or due dates? o Number of copies to be sent? o Persons authorized to receive output? 48. Does the control group maintain a control schedule? 49. Is all output sent directly to the user groups from the control group? Contract Internal Control Questionnaire 1. If the contract involves an expenditure or revenue of more than $100,000 , and is on other than the standard contract form, or includes any unusual terms or conditions, was it reviewed by appropriate legal, tax or insurance personnel prior to execution? 2. Does the contract contain a standard audit clause? 3. If not, was the contract reviewed by Audit Services? 4. Does the Procurement Requisition and Authorization Form contain a comple te description of services to be rendered? 5. Is it properly approved? 6. Were bids received sufficient to assure competition? 7. Does the contract file have adequate documentation supporting the select ion of the contractor including both technical and commercial evaluations? 8. If the contract was not bid, is there adequate justification? 9. Was the contract signed by the proper authority? 10. Was it properly approved? Fuel Oil Inventory Internal Control Questionnaire Fuel Receiving Procedures Fuel Received By Barge 1. Does your plant use a public gauger for deliveries received from vendors ? 2. Does the public gauger take tank level and temperature readings before a nd after unloading? 3. Do your plant personnel receive a Fuel Transaction Report (FTR) with eac h shipment? 4. Do your plant personnel read gauges or tape tanks before and after deliv eries of FPC owned fuel? Fuel Received By Truck 5. Do your plant personnel make sure that the driver has the proper paperwo rk which should include the FTR and meter ticket? 6. If trailer compartments have been sealed with the seal numbers noted on the FTR, do your plant personnel check to insure that the seal numbers correspon d and the seals have not been broken? 7. Do your plant personnel compare Fuel Transaction Report (FTR) quantity w ith meter ticket? If the plant does not have a meter, do plant personnel compare the truck's gallon markers to the truck meter ticket for reasonableness?

8. Do your plant personnel check each trailer compartment before unloading to insure that it is filled to the proper benchmark? 9. Do your plant personnel visually check each trailer compartment after un loading to insure that it is completely empty? 10. Are all valving operations, other than valves on the truck, performed by your plant personnel? Fuel Received By Pipeline 11. Do your plant personnel have a pipeline representative or public gauger present when oil is received? If so, is the temperature of the oil in the tank c hecked with a dip thermometer before any oil is pumped into the tank? 12. Do your plant personnel take a tank level reading before and after unloa ding? 13. Do your plant personnel record on a tank log the amount of oil received as calculated by the before and after tank readings? 14. Do your plant personnel compare the amount calculated as received to the FTR which is received later? If so, do they record any differences on a "varian ce" log? Fuel Received By Railroad Tank Car 15. Do your plant personnel check to insure that the seals on the cars are u nbroken and that the seal numbers agree with those on the FTR? 16. Do your plant personnel open the top hatch on each car and check oil lev el against the benchmark? 17. Do your plant personnel receive a Fuel Transaction Report (FTR) with eac h tank car? 18. Do your plant personnel put a meter ticket into the unloading meter for the first unloading of the day? 19. Do your plant personnel compare the FTR quantity with the meter tickets? 20. Do your plant personnel visually inspect each car after unloading to ass ure that the car is empty? 21. Do your plant personnel list the car number and type of fuel unloaded ea ch day on a log? Tank Level Measurement 22. Do your plant personnel take daily level measurements as close to midnig ht as possible by reading the automatic side gauges? If not, at the same time ev ery day? 23. Do your plant personnel tape the tanks on the last day of each month? 24. If so, do they adjust the side gauge as appropriate and take gauge readi ngs as close to midnight as possible? 25. With respect to water found in tank: On a monthy basis: Is the inventory reported gross (inclusive of water)? Is the amount of water measured reported to Fuel Accounting either in the fuel i nventory tracking system, on the adjustment explanation report or by memo? At year-end: Is an adjustment to ending inventory reported in fuel inventory tracking system if the amount of water measured is +/- 1% of inventory or more? Tank Temperature Measurement 26. Do your plant personnel take temperature readings daily at the same time level measurements are made? 27. Are temperature readings for tanks which have multiple thermometers aver aged by your plant personnel including only those known to be immersed in the oi l? 28. Do your plant personnel check the oil temperature measurement devices fo r accuracy at least semiannually, or more often if they appear to have become in accurate for any reason? Calibration Procedures 29. Do your plant personnel calibrate the side gauges when variance exceeds 1"? 30. Do your plant personnel calibrate the temperature measuring devices at l

east semi-annually? Fuel Transaction Report (FTR) 31. Do your plant personnel use FTR's in sequential order? 32. Do your plant personnel mark those FTR's which cannot be used as "Void" and forward all copies to System Operations? 33. Do your plant personnel round the fuel amounts shown on the FTR's to the nearest whole barrel? Fuel Inventory Procedures Daily Tank Inventories 34. Do your plant personnel record the inventory values in their local log b ook for sending related information to input clerks at System Fuel Operations? Materials and Supplies Inventory Internal Control Questionnaire 1. Based upon observation and discussion with storeroom personnel, is there an absence of: o Overstock situations? o Understock situations? o Obsolete items? o Damaged items? 2. If damaged items are observed, what was the cause (storage method, shipp ing, handling or other reason)? 3. Do crews properly notify storeroom personnel of items they remove from o r return to the storeroom or yard? 4. Is all material located within the fenced yard or storeroom area include d in inventory? 5. Are shelving, bins and aisles adequately marked and maintained to promot e efficient and safe storage and handling and good housekeeping? 6. Are receipts accepted only after stores personnel have inspected them an d verified order and quantity? 7. Are personnel and inventory safe from hazards, such as fire and weak she lves? Working Fund Internal Control Questionnaire 1. Do personnel responsible for approving transactions have sufficient data to make informed decisions? Petty Cash 2. Does the fund custodian have a lockable cash box & key? 3. Are blank WF checks inaccessible to any person besides the fund custodia n or supervisor during the day & locked up at night? 4. Does the Department Supervisor or Manager have duplicate keys to the fac ilities that protect petty cash? 5. Are the keys secured? WF Reimbursement Requests 6. Are WF disbursements for business purposes only? 7. Are large or recurring bills submitted to Accounts Payable versus paying through the WF? 8. Are employee advances made through the WF monitored for timely repayment ? 9. Are WF disbursements supported by paid invoices, Expense Reports or Work ing Fund Receipts? 10. Do supporting papers for WF disbursements contain accounting information , business purpose & approval by the appropriate supervisor? 11. Are WF Reimbursement Requests approved? WF Checks 12. Do WF checks contain a cancellation clause "Void After 60 Days"? 13. Are WF checks outstanding more that 60 days cancelled? 14. Are WF checks voided so that they cannot be cashed (defaced & signature block torn)? WF Reconciliation 15. Are WF Reconciliations done monthly? 16. Are WF Reconciliations performed by someone other than an authorized che ck signer?

17.

Are WF Reconciliations reviewed & approved by a supervisor?