FAQs—School Districts
Districts that expend $750,000 or more in federal awards are subject to the annual single audit requirements, which would require a district to obtain an audit of its financial statements and federal programs.
Yes. A school district that has an adopted expenditure budget of $2 million or more for the Maintenance and Operation (M&O) Fund is required to contract for an annual financial statement audit. A school district that has an adopted expenditure budget of less than $2 million but more than $700,000 for the M&O Fund is required to contract for a biennial financial statement audit (e.g., an audit of 2 fiscal years performed after the 2nd year). Districts that are required to have an annual audit may choose to contract for a biennial audit if the district’s previous year’s audit did not contain significant negative findings. Biennial audits require a compliance questionnaire to be completed only for the later year. See USFR §VIII, Audit Requirements, for specific requirements.
School districts that have an adopted expenditure budget of $700,000 or less for the M&O Fund are subject to a procedural review performed at our Office's discretion.
Based on the district’s audit contract, the district should submit the audit reports and USFR Compliance Questionnaire (CQ) to the entities as described below within 9 months after their fiscal year-end, (March 31). See USFR §VIII, Audit Requirements, and sample request for proposals and contract for additional information. Districts should coordinate with their auditors, as needed, to submit their audited financial statements to our Office as soon as they are completed, separate from the single audit reports and USFR CQ if those reports are not issued together.
Items to submit | Submit to | How to submit |
Audit reports (Single Audit Reporting Package or Financial Statements) and USFR CQ | Arizona Auditor General | District auditors submit audit reports via ShareFile and USFR CQ via web-based system |
Arizona Department of Education | District submits all reports to ADE for posting on ADE’s website Contact ADE at (602) 542-3901 with any questions | |
County School Superintendent's (CSS) Office | Coordinate with your CSS to provide a paper or electronic copy | |
Single Audit Reporting Package and data collection form | Federal Audit Clearinghouse | Federal Audit Clearinghouse website |
Based on A.R.S. §15-914, as amended by Laws 2021, Ch 7, §3, school district governing boards must publicly accept all audits and compliance questionnaires by roll call vote. District management should provide board members access to audit reports and the USFR compliance questionnaire as part of submitting the district’s audit for board acceptance. Board members may find the videos included in FAQ #6 below or the information included in our Financial Report Users Guide—State and Local Governments and Internal Control and Compliance Reports User Guide helpful in understanding the important and useful information presented in district financial reports.
We have developed the following two videos to help decision-makers, such as district management and governing board members, identify and understand the important and useful information contained in school district financial reports. Understanding this information is useful when reviewing a school district’s financial performance and evaluating financial decisions. Our videos briefly describe key financial information contained within financial reports and highlights where to find this information.
Understanding School Districts Financial Statements
This video can help decision-makers identify and understand the important and useful information presented in school district financial reports.
Understanding School District Internal Control and Compliance Reports
This video can help decision-makers identify and understand the significant information presented in school district internal control and compliance reports.
Yes. In accordance with Arizona Revised Statutes (A.R.S.) §§15-914(E) and 41-1279.21(A)(4), our Office must review and approve all proposed audit contracts and contract amendments before the district signs the contract and the audit firm begins any audit work, including contracts for financial audits where the district subsequently expends $750,000 or more in federal awards and must amend the contract to receive a single audit. Our Office prefers that proposed audit contracts be submitted by email to asd@azauditor.gov.
If a district chooses to exercise a renewal option in an existing contract, the district should notify the audit firm that the district will be renewing the audit contract. The renewal should be made by written notification (letter or email) addressed to the audit firm and include the type of audit to be performed, the year(s) being renewed, and the price(s) as stated in the audit firm's original proposal. A copy of the renewal notification must be submitted to our Office before any audit work begins.
If a district has multiyear contract, without an option-to-renew provision, that our Office has already approved, no additional action is needed.
No. To help districts find an audit firm to perform their annual/biennial audit, our Office will provide, upon request, a list of audit firms who currently have approved audit contracts or are interested in contracting for audit services with school districts. We do not recommend, endorse, or vouch for any audit firms on the list, and the list does not qualify as a prospective bidders' list. Districts may use one of these firms or may select a different firm. When districts submit a proposed audit contract to our Office for approval, we determine whether the audit contract states that the auditor is independent as required by statute. We do not give any assurance that the work performed by the audit firm or the final audit reports will comply with applicable laws and professional standards. However, if we have previously reviewed the work of the audit firm and found that it consistently failed to comply with applicable laws and professional standards, we may disapprove the audit contract. The district must then contract with another audit firm to perform the audit.
Calculating the instructional spending percentage
Appendix B of the annual Arizona School District Spending Report includes a general description of instructional spending based on the definition of “instruction” developed by the U.S. Department of Education’s National Center for Education Statistics (NCES).
Click here to view information from that description and further account–based detail on the calculation.
Additionally, click here for information on how to calculate operational and nonoperational spending.
You can also watch a video on these topics by clicking on a link below.
Cash and bank accounts
No. Districts do not have the authority to borrow, except through bonds or capital lease agreements. Since a district does not have the authority to borrow, it may not establish a line of credit, which is a form of borrowing. However, the county may establish a line of credit for the district, with the county treasurer acting as the agent, subject to the provisions of A.R.S. §11-604.01. This line of credit should be used only to allow expenditures in budget-controlled funds when cash balances are insufficient.
Yes. A.R.S. §15-1221(B) allows a school district’s governing board to establish a bank account to make electronic payments to vendors including retirement contribution payments to the Arizona State Retirement System. The district should maintain a current list of employees the governing board authorizes to make payments from the account. Districts should refer to guidance in the USFR §VI-C, Cash.
No. Districts are allowed only one auxiliary operations bank account. A.R.S. §15-1126 states that auxiliary operations fund monies shall be deposited after authorization by the governing board in a bank account designated as the auxiliary operations fund or in an account with the county treasurer pursuant to section A.R.S. §15-996 that is designated as other monies. However, statute allows the governing board to establish an auxiliary operations revolving bank account for each school within the school district for necessary current expenditures in connection with school bookstore and athletic activities.
No. Districts are not authorized to establish a separate bank account for EAFTC monies. Districts may deposit EAFTC monies in the Auxiliary Operations Fund bank account or directly with the county treasurer in Fund 525—Auxiliary Operations or Fund 526—Extracurricular Activities Fees Tax Credit. Districts may also deposit EAFTC monies in a miscellaneous receipts clearing bank account and then remit the monies monthly to the county treasurer for deposit in Fund 525 or Fund 526. (Please see EAFTC FAQ #2 for additional information on accounting for these monies.)
No. Districts should not provide their employer (taxpayer) identification numbers to booster clubs, parent-teacher organizations (PTO), parent-teacher-student organizations (PTSO), or foundations for the purpose of opening bank accounts. District bank accounts must be authorized by the school districts’ governing boards and are limited to only those allowable under Arizona Revised Statutes. See USFR §VI-C, Cash. Therefore, districts should communicate to all known booster clubs, PTOs, PTSOs, and foundations that bank accounts must be established under the independent organizations’ own employer (taxpayer) identification numbers rather than the districts’ numbers.
Districts that become aware of unauthorized bank accounts should investigate the origin and use of such accounts to determine the proper disposition of the related monies. If it is determined that district monies are held in an unauthorized account, the district should work to recover such monies from the account and deposit them in the appropriate district bank account or with the County Treasurer. If unauthorized bank accounts are discovered that do not hold any district monies, the district should contact the individual bank branch where the unauthorized bank accounts were established and provide a written request that bank staff remove the district’s employer (taxpayer) identification number from the account and refrain from opening any accounts under the district’s name or employer (taxpayer) identification number without written evidence of the district governing board’s approval.
School districts are authorized to pay bank fees from the following accounts:
- Maintenance and Operation Fund revolving bank account.
- Food Service Fund revolving bank account.
- Auxiliary Operations Fund bank account.
- Auxiliary Operations Fund revolving bank account.
Districts should request that bank fees associated with any other bank account be charged directly to one of the authorized accounts listed above. If that is not possible, the District should reimburse the fees from an appropriate fund or authorized bank account.
Certain accounts are not allowed to pay bank fees for various reasons, depending on the type of account in question. For example, some clearing bank accounts are established as a holding place to safeguard and accumulate revenues a district receives directly until remitted to the county treasurer. No expenses, including bank fees, are allowed from these accounts to help ensure that revenues reported are not understated. Bank accounts established for a specific payment or expenditure purpose, such as withholding accounts for insurance and taxes, grants and gifts to teachers, and principals’ supplies, hold monies specifically designated for the purpose of the particular account. Using those monies for other expenditures, such as bank fees, would be a misuse of the designated monies and, in some cases, could overdraw the bank account. Finally, districts have a fiduciary duty related to student activities monies and may hold those monies in a bank account or on deposit with the county treasurer, in accordance with A.R.S. §15-1122. If a district chooses to hold those monies in a bank account, the bank fee is a district cost, not a student activities cost, so it should not be paid with student club monies.
While districts are required by statute (A.R.S. §15-1122) to hold student club monies in a designated bank account or on deposit with the county treasurer, statute does not require districts to allow clubs to accept credit card payments. Therefore, if a district chooses to allow student clubs to accept credit card payments, the district may also require the clubs to pay the associated processing fees. The district should have the clubs document their acknowledgment of the fees and the decision to accept credit card payments in their club minutes to support the payment of the processing fees. Alternatively, districts may choose to absorb the processing expense and reimburse the clubs from an allowable fund or bank account.
Nothing in the USFR prohibits school districts from using mobile bank deposits if they maintain good controls to ensure all monies are deposited, deposited checks are held securely for an appropriate time and then destroyed, and evidence of deposit is retained. Some items to address in ensuring good controls over mobile deposits are:
- Stamp or otherwise endorse the original check before scanning and depositing.
- Limit access to mobile banking only to authorized personnel and to the extent possible, only for deposits.
- Properly log off of the banking website when mobile deposits are completed.
- Mark the check to indicate that it has been deposited to prevent duplicate deposits.
- Securely store the deposited checks in a locked safe or other locked area such as a filing cabinet for an appropriate period, depending on your bank’s requirements and your district’s policies. Deposited checks should be held until the applicable bank account is reconciled and any related discrepancies have been resolved.
- Maintain a log or journal of the checks deposited.
- Keep the deposit receipt, if provided, and any deposit notification emails or reports that may follow to support the deposit.
- Review bank reconciliations to detect any inappropriate use of the online access established to make deposits, such as transfers to other accounts or online payments initiated from any account other than the electronic payments clearing bank account.
- Destroy deposited checks by shredding them after holding them for the appropriate length of time from deposit. Involve 2 employees in the shredding, and record the deposited checks’ destruction in the log or journal of processed deposits.
Chart of accounts
A series of short videos designed for new users as a guide through the USFR Chart of Accounts and the coding process.
Object code 3200—Restricted Revenue from State Sources should be used to record all CSF and IIF monies received from the State. Interest earned on CSF and IIF monies should be coded to object code 1500—Investment Income (1510—Interest on Investments).
Function code
The appropriate training function code depends on who is being trained. The following table summarizes the correct training function codes for employees in each payroll function based on the descriptions in the USFR Chart of Accounts and nonemployees. Districts should use the USFR Chart of Accounts function descriptions to determine correct payroll functions for each employee, and then use the payroll function in the table below to determine the training function code:
Function code | ||
Training for: | Payroll | Training |
Instructional staff (e.g., teachers, classroom aides, athletic coaches) | 1000—Instruction or 1900—Other Instructional Staff | 2200—Support Services—Instruction (2213—Instructional Staff Training) |
Instruction-focused technology staff (e.g., technology staff assigned to implement technology in the classroom) | 2200—Support Services—Instruction (2230—Instruction-Related Technology) | 2200—Support Services—Instruction (2230—Instruction-Related Technology) |
Noninstructional staff (i.e., all employees other than instructional or instruction-focused technology staff described above) | 2100–4000 (except 2230) | 2500—Central Services (2570—Personnel Services) |
Governing board members | N/A | 2300—Support Services—General Administration (2310—Governing Board) |
Parents or guardians when training on strategies to support students’ learning | N/A | 2100—Support Services—Students |
Community members (including parents/guardians if purpose of training is other than described above) | N/A | Generally 3300—Community Services Operations |
Object code
Training costs paid to outside parties should be coded to object code 6300—Purchased Professional and Technical Services (6360—Employee Training and Professional Development Services if the training is for district employees).
Districts should code registration fees to object code 6300—Purchased Professional and Technical Services (6360—Employee Training and Professional Development Services). Districts should not code these fees to object code 6580—Travel. 6580—Travel includes only the costs of transportation, meals, lodging, and other expenses associated with traveling on business for the district. See the USFR Chart of Accounts for further details.
If a single amount is paid for a conference that includes registration fees and any lodging or meals, reasonable effort should be made to separate the costs for travel from the conference registration fees. If separation is not practical, the full amount should be coded to the area that represents the largest portion of the expenditure.
No. Software costs, including perpetual license fees, subscription-based information technology arrangements (SBITAs), and fees for updates/upgrades, may not be purchased from the M&O Fund. Software may be purchased from another allowable fund such as Fund 610—Unrestricted Capital Outlay.
Refer to the USFR Chart of Accounts software coding tools to determine the appropriate function and object codes for instructional and noninstructional software, including subscription-based information technology arrangements (SBITAs).
Any separately identifiable service/support contract purchased with, or in addition to, software, regardless of license type, should be coded to object 6340—Technical Services.
Online access to research or assessment materials is not considered software and should be coded to object 6300—Purchased Professional and Technical Services.
Monthly internet access charges should be coded to object code 6531—Telecommunications.
Amounts received from federal or State sources that will require reversion if not spent should be recorded as cash and unearned revenues upon receipt, and later recognized as revenue simultaneously with the recognition of the expenditure. Upon the actual reversion of any unexpended portion of these monies, districts should reverse the initial entry for the amount reverted. (Alternatively, districts may choose to record such grants as revenues upon receipt, then at year-end reclassify the unspent portion from revenue to unearned revenue.) When interest that will be reverted is received, it should be recorded as a liability. The liability should be reversed when interest is reverted.
The following journal entries illustrate the above transactions:
Object | Description | Debit | Credit |
---|---|---|---|
0103 | Cash on deposit with county treasurer | 10,000 | |
0250 | Unearned revenues | 10,000 | |
(federal grant monies received) | |||
6XXX | Expense | 9,000 | |
0103 | Cash on deposit with county treasurer | 9,000 | |
0250 | Unearned revenues | 9,000 | |
4X00 | Revenue from federal sources | 9,000 | |
(federal grant monies expended) | |||
0250 | Unearned revenues | 1,000 | |
0103 | Cash on deposit with county treasurer | 1,000 | |
(federal grant monies reverted) | |||
0103 | Cash on deposit with county treasurer | 700 | |
0215 | Due to federal government | 200 | |
1500 | Earnings on investments | 500 | |
(interest revenue received) | |||
0215 | Due to federal government | 200 | |
0103 | Cash on deposit with county treasurer | 200 | |
(excess interest revenue reverted) |
Districts must code tuition expenditures to function code 1000—Instruction and to the appropriate bolded object code as outlined in the USFR Chart of Accounts. Districts should not code tuition expenditures to object code 6560—Tuition as there are more detailed bolded object codes for tuition. For example, if the tuition was paid to other Arizona school districts, then 6561—Tuition to Other Arizona Districts would be used. If the tuition was paid to school districts out of State, then 6562—Tuition to Out-of-State Districts would be used.
Since districts are accounting for the original expenditures that resulted in the Medicaid reimbursement in the M&O Fund and the reimbursement in the Medicaid Reimbursement Fund (290), the Medicaid reimbursement monies can be spent for any allowable M&O purpose.
"Teaching coaches" assist instructional staff in planning, developing, and evaluating the process of providing learning experiences for students and should be coded to function 2200—Support Services—Instruction (2210—Improvement of Instruction/2212—Instruction and Curriculum Development). If the teaching coaches' responsibilities also include actual student instruction, then their salaries should be split accordingly between function code 2200 (2210/2212) and function code 1000—Instruction.
If a district purchases fuel for district vehicles (other than student transportation vehicles), it should be coded to function code 2600—Operation and Maintenance of Plant [2650—Vehicle Operation and Maintenance (Other than Student Transportation Vehicles)]. Fuel purchases for student transportation vehicles (buses and vans) should be coded to function code 2700—Student Transportation (2710-Vehicle Operation). Costs involved with fueling vehicles, such as maintaining fuel pumps at a maintenance yard should be coded to 2730—Vehicle Servicing and Maintenance.
Districts that are not part of a Career Technical Education District (CTED) should code student transportation expenditures related to vocational and technical education programs during the school day (i.e., field trips) to program Code 470—Vocational and Technical Education. If a district is or later becomes part of a CTED, coding to this program code will help the district determine its base year expenditures and show compliance with the program's nonsupplanting requirements. This program code should not include transportation costs related to transporting vocational and technical education students to and from their residence.
For districts that are part of a CTED, refer to CTED Cost Reporting FAQs for guidance on coding CTED expenditures, including transportation.
No. Only costs directly related to instructing students should be coded to function 1000—Instruction, such as coaches and referees. Other costs associated with athletics should be coded to individual function codes appropriate for the activity. For example, since the bookstore processes gate receipts, employees taking and selling tickets at athletic events should be coded to function 3400—Bookstore Operations. Likewise, security guards at games and athletic equipment managers should be coded to function 2600—Operation and Maintenance of Plant (2660—Security/2640—Care and Upkeep of Equipment).
The coding for student travel-related expenditures (transportation, lodging and meals, and admission costs) is described below. Object code 6580—Travel should only be used for nonstudent travel.
Transportation
Function 2700—Student Transportation (2790—Other Student Transportation) should be used for student travel, which includes trips to and from school and trips to school activities. The following object codes should be used to record student travel transportation costs depending on the situation: 6150—Classified Salaries for employees driving district vehicle/bus, 6621—Natural Gas, 6626—Unleaded Fuel, or 6627—Diesel Fuel for fuel purchases, 6440—Rentals (6442—Rental of Equipment) for rental of a vehicle for an employee to drive, or 6519—Student Transportation Purchased From Other Sources for payments to other entities to provide transportation, such as chartered bus service.
Lodging and meals
Function 2100—Support Services—Students (2190—Other Support Services-Students) and object code 6890—Miscellaneous Expenditures should be used for student lodging and meals.
Admission costs
Function 1000—Instruction and object code 6890—Miscellaneous Expenditures should be used when the activity requires a fee and involves direct interaction between teachers and students, including athletics.
No. While many federal grants use a capitalization threshold of $5,000, Arizona does not use a dollar threshold for determining whether an item is equipment or a supply. The USFR Chart of Accounts includes bold, required object codes under 6730 to separately identify equipment costing $5,000 or more from lower-cost equipment items. Districts should select the correct object code to separately identify equipment with a cost of $5,000 or more from equipment costing less than $5,000.
The criteria for determining whether an item should be classified as equipment or supply is included in the Uniform System of Financial Records for Arizona School Districts (USFR). For example, both a computer costing $400 and a network printer/copy machine costing $6,500 would be classified as equipment under state guidance. However, the $400 computer would be classified in either object code 6737 or 6738 as technology-related equipment with a cost of less than $5,000, while the $6,500 printer/copy machine would be classified in object code 6739 as technology-related equipment with a cost of $5,000 or more. Using the correct detailed equipment classifications allows these items to be correctly classified in accordance with the USFR Chart of Accounts and separately identified for reporting for federal grant purposes.
The bold codes in the USFR Chart of Accounts for equipment costing $5,000 or more are:
6733 Furniture and Equipment—$5,000 or More
6736 Vehicles—$5,000 or More
6739 Technology-Related Hardware and Software—$5,000 or More
The remaining bold codes in the 6730 range of 6731, 6732, 6734, 6735, 6737, and 6738 should be used for equipment purchases that cost less than $5,000 in each designated category.
USFR Memo No. 185 provided guidance for determining whether an expenditure was a capital expenditure or an M&O expenditure. As of May 2016, USFR Memo No. 185 has been incorporated into the USFR Chart of Accounts. Click here for a short video that shows how the guidance was incorporated into the USFR Chart of Accounts.
Functions 1000 and 2400 (2490—Other Support Services—School Administration) should be used to report the salaries and benefits applicable to the separate responsibilities of instruction and chairing a department. Normally, the allocation of salary and benefit costs between functions is done proportionally based on the time spent performing the various duties. However, when a specific stipend is provided for added responsibilities, simply classifying that stipend in the correct function is a reasonable alternative. If a separate stipend is not provided and the teacher’s instructional responsibilities are not reduced related to the added responsibilities, proration between functions may not be practical. In that case, the full salary and benefit costs for the teacher/department chair should be coded to function code 1000.
Entitlement grants have been assigned fund numbers in the USFR Chart of Accounts since most districts receive those grants.
Discretionary COVID-19 federal relief grants, including the grants listed below, must be tracked in a separate fund in the other federal projects fund range (300-399). This list is not all inclusive.
Grants identified by ADE
- Acceleration Academies (continue using fund 327, if already assigned)
- School Safety Program ̶ ESSER
- ARP Homeless I – Education for Homeless Children & Youth Expansion
- ARP Homeless I – Mini-Grant
- ARP Homeless II
- ARP school and community grants
Grants identified by the Governor’s Office of Strategic Planning and Budgeting
- Expansion and Innovation Fund microgrants
- Project Momentum
- Civic Innovation
- Education Plus-Up
- 100 Day In-Person Reimbursement
- AZ OnTrack Summer Camp
Grants identified by other agencies
- Federal Emergency Management Agency (FEMA) Public Assistance
- Emergency Connectivity Fund (Federal Communication Commission program administered by the Universal Service Administrative Company)
COVID-related monies received as a vendor or beneficiary, rather than a subrecipient, should not be recorded in a federal grant fund; they should be recorded in the appropriate fund depending on the grant’s purpose (e.g., gifts and donations or community school funds). If you are unsure whether your district is considered a grant subrecipient or vendor/beneficiary, contact the grantor/awarding agency to make the determination.
PPE such as gloves, face shields, and masks are often disposable or single-person-use items worn to minimize exposure to hazards for the wearer’s and others’ safety. Therefore, PPE expenditures should be coded to function 2600—Operation and Maintenance of Plant under optional function 2670—Safety and object 6610—General Supplies.
Other safety expenditures for cleaning and sanitizing supplies beyond normal purchases and for nonwearable supply items, such as plexiglass trifolds that sit on countertops or desks, should also be coded as general safety supplies (function 2670, object 6610).
Districts may purchase PPE and other safety supplies from federal relief grants, as allowable. However, if such items are not purchased entirely from federal relief grants, they can be purchased from the Maintenance and Operation (M&O) Fund or other allowable funds, but not from the Unrestricted Capital Outlay (UCO) Fund.
Other safety expenditures for more durable items, including freestanding or installed plexiglass wall-type barriers, should be coded based on how they are purchased and installed applying the detailed code descriptions in the USFR Chart of Accounts as described below:
- Function 4000—Facilities Acquisition and Construction, object 6610—General Supplies for construction materials that are assembled or installed by district personnel.
- Function 4000—Facilities Acquisition and Construction, object 6450—Construction Services for projects involving constructing, renovating, or remodeling.
- Function 2670—Safety, objects 6731-6733—Furniture and Equipment for equipment that does not require installation.
- Function 4000—Facilities Acquisition and Construction, objects 6731-6733—Furniture and Equipment for fixtures or nonmovable equipment installed by district personnel or a vendor.
Similar to less durable safety items, districts may use federal relief grants, as allowable. However, if such items are not purchased entirely from federal relief grants, they can be purchased from the UCO Fund or other allowable funds, but not from the M&O Fund.
A SBITA is defined in GASB Statement No. 96, and is a contract that conveys control of the right to use another party’s IT software, alone or in combination with related capital assets, for a specified period of time. An entity has control of the right to use the related capital assets if it is allowed to temporarily use the asset and determine the nature and manner of use of the asset as specified in the contract. A SBITA differs from other technology arrangements that don’t have a specific expiration, such as perpetual licenses, that can be used indefinitely in the purchased form. When a SBITA subscription expires, access to the software is no longer available.
GASB Statement No. 96 does not apply to the following:
- Perpetual licensing arrangements. In the perpetual license model, customers pay a one-time fee for the software, although annual update/upgrade fees may occur. Perpetual licensing software purchases are subject to GASB Statement No. 51, Accounting and Financial Reporting for Intangible Assets, as amended.
- Contracts that convey control of the right to use a combination of IT software and tangible capital assets when the underlying tangible capital asset meets the definition of a lease in GASB 87 and the software component is insignificant compared to the cost of the capital asset. For example, a smart copier that is connected to an IT system or a computer with operating software.
- Other exceptions listed in GASB 96, paragraph 4, that are less common among school districts.
GASB Statement No. 96 provides more information on:
- Subscription terms in paragraphs 9 through 12.
- Short-term SBITAs in paragraphs 13 and 14.
- Subscription asset and liability recognition and measurement (full accrual accounting) for SBITAs greater than 12 months in paragraphs 15 through 41.
- Incentives provided by a SBITA vendor in paragraphs 42 and 43.
- Contracts with multiple components in paragraphs 44 through 49.
- Contract combinations in paragraphs 50 and 51.
- SBITA modifications and terminations in paragraphs 52 through 57.
- Financial statement reporting requirements (modified accrual accounting) in paragraphs 58 and 59.
- Notes to Financial Statements in paragraphs 60 and 61.
See FAQs 4 and 5 above for information on coding software purchases, including SBITAs.
Prepaying the entire subscription balance does not mean the agreement is no longer a SBITA. Districts that prepay SBITAs to obtain a pricing discount should record the entire prepayment amount as an expenditure in the year the payment occurs to ensure the expenditure is appropriately subjected to the district’s expenditure budget limit. To record the prepayment, districts must debit the applicable principal and interest codes described in the USFR and instructional and noninstructional software coding tools for SBITAs (more than 12 months) and credit cash. See the example journal entry for a 4-year noninstructional software subscription prepayment below:
Account Code | Description | Debit | Credit |
---|---|---|---|
610-100-5000-6832 | Redemption of Principal—Other | $100,000 | |
610-100-5000-6842 | Interest—Other | 6,000 | |
610-000-0000-0103 | Cash on Deposit with County Treasurer | 106,000 |
For purposes of recording the transaction on the government-wide statements, which are prepared using the economic resources measurement focus and the accrual basis of accounting, assuming the prepayment was made when the SBITA contract term began, the district should still record an intangible right-to-use subscription asset. However, since the district made the full payment at the beginning of the subscription term, there would be no corresponding subscription liability as there are no subsequent payments due. The subscription asset should be amortized in a systematic and rational manner over the shorter of the subscription term or the useful life of the underlying IT assets. The amortization of the subscription asset should be reported as an outflow of resources (for example, amortization expense), which may be combined with depreciation expense related to other capital assets for financial reporting purposes. Amortization should begin at the commencement of the subscription term.
For purposes of recording the transaction on the fund-based statements, which are prepared using the current financial resources measurement focus and the modified accrual basis of accounting, if a SBITA is expected to be paid from general government resources, the SBITA should be accounted for and reported on a basis consistent with governmental fund accounting principles. Normally, an expenditure and other financing source should be reported in the period the subscription asset is initially recognized. However, since the entire amount of subscription payments was paid at the beginning of the subscription term, there would be no corresponding other financing source.
Districts should refer to GASB 96, paragraphs 26, 27, 58, 59, 60, and 61, for additional information.
Classroom Site Fund (CSF)
Yes. A.R.S. §15-977(B) requires district governing boards to adopt a performance-based compensation system at a public hearing to allocate funding from the CSF. In addition, A.R.S. §15-977(C) contains the required elements of a performance-based compensation system.
CTED cost reporting
Effective July 1, 2017, program codes established in the 300 range in the USFR Chart of Accounts must be used to report CTED program costs from all district funds. CTEDs and their member districts are required to annually report CTED program costs to ADE’s CTE Division. Click here to view a sample of the central and member district reporting pages and instructions. Click on links below to watch videos on general cost reporting guidance, the central cost reporting page, or the member district reporting page.
General CTED Cost Reporting Guidance
Central CTED Program Reporting Form
Member District CTED Program Reporting Form
Member districts must code the monies received from a CTED in Fund 596—Career Technical Education, revenue object code 1950—Miscellaneous Revenues from Other Districts.
Costs that support | ||
All CTED programs or a group of CTED programs | Only 1 or 2 CTED program(s) | |
Nontransportation CTED costs | Report the costs in program code 300—Career Technical Education (CTED). | Report the costs in the specific detailed program codes in the 301-399 range assigned to the CTED programs. |
Example:
- Code the cost of supplies that will be used by multiple CTED programs program code 300. However, code the cost of a Culinary Arts teacher’s salary to the detailed program code 320 for that specific program.
Costs that support | ||
Central CTED programs | Satellite CTED programs | |
Transportation CTED costs* | Report the costs in program 450—CTED Central. | Report the costs in program 460—CTED Satellite. |
* These costs should not include basic to/from home and school transportation as these costs should be reported in other program 400 codes along with all other to and from school transportation costs. |
Examples:
- CTEDs or member districts that transport their students to central CTED campuses or transportation for central program field trips should be coded to program code 450.
- Transportation for satellite program field trips should be coded to program code 460.
Program code 270—Vocational and Technical Education should be used for all vocational and career and technical education costs, other than transportation, that are not for CTED-approved programs. This may include costs for vocational classes that are not CTED-eligible programs, that are provided at non-CTED member districts, or that serve students below 9th grade.
Program code 470—Vocational and Technical Education (Pupil Transportation) should be used to account for vocational and career and technical education transportation costs that are not for CTED-approved programs. For example, field trip transportation for vocational and career and technical education non-CTED-approved program classes should be coded here. This code should not include basic to/from home and school transportation costs as these costs should be reported in other program 400 codes along with all other to and from school transportation costs.
All district funds (CTED, M&O, federal and state grants, etc.) should use the CTED program codes for recording costs related to CTED-approved programs.
In accordance with Arizona Revised Statutes §15-393(D)(7), CTED monies must be used to supplement and not supplant non-CTED monies used for vocational and career and technical education programs in the year district voters approved joining a CTED, referred to as the base year. Districts should review the guidance provided with the Work Sheet for Determining the Appearance of Supplanting with CTED Monies for additional information on avoiding the appearance of supplanting with CTED monies and related reporting requirements. The work sheet is included as part of the school district annual financial report packet located on the Forms—School District page.
Expenditures and credit cards
Videos—Click here to see a list videos that outline the guidance included in the USFR and discuss proper internal controls and commonly asked questions about expenditure processing.
Raising employee awareness is the best way to help prevent fraudulent purchasing or information request schemes. Below are some steps that can be taken to help raise employee awareness.
- Alert employees to the possibility of an information or payment solicitation scheme targeting your district.
- Ensure appropriate employees are trained in the proper procedures for payment processing as outlined in the USFR.
- Always compare prices, terms, and quantities on vendor invoices with receiving reports and purchase orders prior to making any payments.
- Train employees on district policies and procedures for making and responding to requests for sensitive district data, such as personally identifiable employee or student information. Those procedures should include confirming the validity of the request and requestor and the legal basis for providing the sensitive district data.
Additionally, if your district receives incorrect invoices or fraudulent emails that indicate someone is using a slightly modified domain name to impersonate district employees, District IT personnel can investigate the existence of the similar domain using “WHOIS” on ICANN.org. If the registered user of the domain appears inappropriate or if unnamed, your district can make a Terms of Service violation complaint to the registrar of the domain name to request they investigate and revoke the use of the domain name.
For more information on fraud prevention please see our Fraud Prevention Alerts on our website.
Yes. Arizona Revised Statutes §15-321 requires board members to review and authorize vouchers and the related expenditures before processing and payment.
The statute allows board members to sign expenditures between board meetings, provided that, prior to the signing, the board has passed a resolution to use that procedure. When board members approve expenditures between meetings, the board must ratify the expenditures in its next regular or special meeting. Ratification is not the first approval, but the formal action taken to document the board approval obtained between meetings.
District policy may allow an electronic approval process. Districts should consult their legal counsel and authorized county personnel for satisfactory methods to document board members’ signatures, such as faxed documents; electronic approval software; preauthorized, dedicated email addresses; or another agreed-upon method.
Extracurricular activities fees tax credit
Guidance on the appropriate use of extracurricular activities fees tax credit monies is available on the Arizona Department of Revenue's website under Public School Tax Credit in 707 Publications: School Tax Credit Information.
Districts may account for extracurricular activities fees tax credit monies in Fund 525—Auxiliary Operations or Fund 526—Extracurricular Activities Fees Tax Credit. Tax credit monies may be deposited directly with the county treasurer in either fund, deposited in the Auxiliary Operations Fund bank account, or deposited in miscellaneous receipts clearing bank accounts. Any tax credit monies deposited in miscellaneous receipts clearing bank accounts should be remitted monthly to the county treasurer for deposit in Fund 525 or Fund 526.
Regardless of which fund or account a district chooses to use for tax credit monies, the district must maintain detailed accounting records to ensure that tax credit monies are used only for allowable expenditures and in support of both the school and purpose designated by the taxpayer. If districts receive tax credit contributions that are not designated for a specific purpose, the applicable school's site council must determine how the contributions may be used in support of the school's eligible activities.
Fund balance reserve reporting
A school district’s fund balance consists of unused revenues from previous or current fiscal year(s) that can be used in future years if budget capacity allows. A school district’s reserve is the specific amount of its fund balance that it is maintaining for either specific purposes or as a contingency for risks such as revenue shortfalls, emergencies, and/or other unforeseen circumstances.
While it is not required, it is a recommended best practice that all school districts have a governing board-approved fund balance reserve policy to provide transparency and accountability to decision-makers, stakeholders, and the public. However, even an informal process is a beneficial tool for a district to use in budgeting and financial decision-making processes.
Each district will need to analyze its own circumstances and risks to determine the appropriate amount of fund balance reserve to maintain. It is recommended that school districts describe the specific risks and circumstances considered in their fund balance reserve processes or policies.
The Government Finance Officers Association (GFOA), an association of over 20,000 public finance officials whose mission is to advance excellence in public finance, published Fund Balance Guidelines for the General Fund. Additionally, the GFOA has published the following resources districts may consider reviewing when establishing their own policies or processes:
- General Fund Reserve Calculation Worksheet —This is a detailed worksheet that walks through many different circumstances to consider when developing a reserve policy, such as extreme events, revenue stability, expenditure volatility, growth, and capital projects.
- Example government financial reserve policies —These are reserve policies submitted to GFOA by various local governments around the country. GFOA has not reviewed the policies for consistency with their best practice guidance.
- Should we rethink reserves? —A paper that describes new opportunities for local governments to get the best value from their reserve strategies.
A fund balance reserve policy or process is meant to guide a district in its financial decision making. School districts should evaluate their fund balances annually. If their established targeted reserve levels are not met (exceeded or falls short), school districts should evaluate what that means for their circumstances and whether their process/policy needs changes, and develop planned actions, accordingly.
The AFR fund balance reserve tab, section A, presents details to clarify how a school district plans to use fund balances remaining at the end of a fiscal year. Section B provides information on the process or policy a district uses to establish targeted (goal) fund balance reserves. A school district may choose not to include certain funds in those policies for targeted fund balances. For example, a district may choose to not include the Debt Service or Bond Building Funds in its fund balance reserve policy since those funds have dedicated revenue sources and specific allowable uses.
Yes, school districts will be required to complete section B of the fund balance reserve tab in the FY 2024 AFR to describe any fund balance reserve processes or policies it currently has.
Yes, while our Special report on school districts’ and charter schools’ COVID-19 relief spending highlighted a need for the fund balance reserve reporting, it provides school district decision-makers, stakeholders, and the public more complete financial information that will still be needed when COVID-19 relief monies are no longer available.
We have made a recording of 1 of the virtual meetings available here. A PDF version of the PowerPoint slides presented in the virtual meetings is available here. The draft fund balance reserve tab from the FY 2025 budget is available here.
Yes, please send any feedback or suggested changes to asd@azauditor.gov. Information related to the FY 2025 budget forms must be submitted no later than Monday, April 8, 2024. Information related to the FY 2024 AFR must be submitted no later than Tuesday, April 30, 2024.
The final fund balances tab is included in the FY 2025 budget forms. This final fund balance reserves tab will be included in the FY 2024 AFR when available.
Information technology
The following terminology is used throughout the Information Technology (IT) FAQs below. As needed, a brief note on roles and responsibilities has been added in italics to the end of each answer to help describe the different departments and employees that should be involved in establishing and maintaining the related IT policies and procedures.
IT–IT department personnel within the school district responsible for managing the district’s hardware, software, systems, and networks. IT personnel are generally led by a director who has the ultimate authority within their department. IT personnel who set and control user access rights within a system, commonly called system administrators, should not be end users on the systems they control. However, they should have the ability to assign system access for users based on guidance from the applicable system manager.
System manager–Generally a system’s highest supervisory-level user who communicates to IT the levels of user access to establish for all users of the system. For example, a business manager could be the system manager for the accounting system. As the system manager is a system user, the system manager should not have access to establish users’ roles and access in the system (see Information Technology above).
Human resources (HR)–Responsible for managing employee-related information regarding job roles, such as job transfers, promotions, or terminations.
Decision-makers–Those who have the authority over any given policy, process, or project within a school district and are accountable for the outcome. Generally, the governing board, superintendent, or other executive-level district administration.
A district should have IT policies and procedures that implement and maintain an IT security framework to help protect its systems and data and to document appropriate and inappropriate use of its IT resources. These policies and procedures outline district processes and provide written guidance to help ensure employee/contractor accountability when using the district’s IT resources. It is important to clearly communicate and disseminate all policies to district employees/contractors to ensure they understand and are aware of the district’s IT policies. The Arizona Department of Homeland Security (AZDOHS) has a list of resources including policies, standards, and procedures on its website that can help districts develop IT security framework policies and procedures.
System managers should work in conjunction with IT to develop and update policies in line with the district’s IT security framework, as needed. Decision-makers should be informed of those policies and procedures and approve their implementation, as well as make any key decisions necessary to facilitate the creation of the policies.
While most districts have some IT policies and procedures in place, those policies or procedures may not be comprehensive enough to cover all IT areas. The policies and procedures may also need to be more formally documented to fully implement the district’s IT security framework. A district should evaluate its current policies and procedures in comparison to IT standards and best practices (See FAQ #3) and identify any gaps that need to be addressed in its IT environment.
Significant gaps in a district’s IT security policies and procedures can be discovered through performing an organizational risk assessment. By identifying any risks that the district may take, supplementary controls may be designed to mitigate or minimize the risks.
The following list of policy topics is not intended to be exhaustive, so a district may have additional policy needs. Districts need to evaluate current systems and processes to be able to determine exactly what policies and procedures are needed to help secure its IT resources.
Some policy topics a district should address include the following:
- Data privacy, security, and access to data and systems, including data backup, remote access, and wireless networks.
- General IT security, including user password security, device security settings, etc.
- Logging and monitoring of key activities on systems and networks.
- Use of the internet and district email systems.
- Use of Student Information System.
- Use of digital learning platforms.
- Use of accounting information system.
- Use of cloud computing.
- Contingency planning (See FAQs #7-10 for more information).
There are a number of credible resources available that the IT industry uses to help shape policies. Some of these resources include, but are not limited to, Control Objectives for Information and Related Technology (COBIT), National Institute of Standards and Technology (NIST), Federal Information System Controls Audit Manual (FISCAM), and the International Organization for Standardization (ISO).
Other resources available to districts are the IT policies, standards, and procedures set forth by the Arizona Strategic Enterprise Technology (ASET) Office within the Arizona Department of Administration, and the IT Security policies, standards and procedures provided by the Arizona Department of Homeland Security (AZDOHS). ASET and AZDOHS established these policies for Arizona State agencies, and a district can adapt them for its own needs. It is important to note that a district should review these resources regularly because IT best practices can change rapidly. While these IT resources can act as baselines for IT practices, districts may need a higher level of control based on their specific circumstances.
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) provides alerts, tips, and resources. For example, CISA’s Weak Security Controls and Practices Routinely Exploited for Initial Access alert discusses the weaknesses malicious cyber actors commonly exploit and best practices that entities can use to help strengthen their network security controls. CISA’s alert #StopRansomware: Vice Society, issued jointly with the Federal Bureau of Investigation and the Multi-State Information Sharing and Analysis Center (MS-ISAC), discusses ransomware attacks against the education sector and recommended mitigation techniques to reduce the risk of the cyber incidents.
IT should be responsible for knowledge and implementation of IT best practices within a district.
Managing access to computer systems and networks is a critical component of establishing an effective internal control system. User accounts at a district may change frequently as new employees or contractors are employed, change job duties, or leave the district. When employment changes are made, decision-makers, system managers, IT, and HR departments should work together to ensure all user accounts in the district systems are appropriate and necessary for district operations.
HR staff are generally responsible for maintaining employee/contractor information and are aware of new hires, terminated employees/contractors, job transfers, and other aspects of employment within the district. Decision-makers and system managers should communicate employee/contractor changes to HR and IT so they can use that information to ensure employees’/contractors’ system and network access levels are appropriate and critical systems and sensitive data are protected from unauthorized use.
The district should establish a process to ensure timely communication from decision-makers and system managers to HR to IT staff when there is an employee/contractor employment change that requires revised system access. IT should make all necessary user access changes in a timely manner, and the applicable decision-maker or system manager should review the changes for accuracy.
The decision-makers and system managers should work with HR and IT to ensure that access to critical systems and sensitive data is protected from unauthorized use.
Restricting access to least privilege necessary provides users access to only the resources and data required to perform their jobs and restricts users from accessing resources that are not necessary for their job function. The concept of least privilege can be applied through the physical restriction of access to buildings or rooms, implementation of logical access controls within IT systems, minimizing of an individual’s capabilities, etc., across many aspects of managing a district, from restricting the physical key access to buildings to tightening logical access controls within IT systems.
Restricting access helps ensure employees/contractors cannot make unauthorized changes and that only those who need access to perform their job function can view sensitive data. For example, human resources (HR) clerks do not need to create purchase orders, and accounts payable (AP) clerks do not need to view or modify employee/contractor records as a part of their job function, so under the concept of least privilege, HR clerks would not have access to create purchase orders, and AP clerks would not have access to view or change the sensitive information maintained in employee records.
Implementing least privilege necessary can be done through broad role-based access rights based on a particular job function for a group of employees, and through very specific rule-based access rights that restrict individual employee/contractors access to specific files and folders. A district should determine the most appropriate way to establish user access to help control IT systems and data. The following Arizona Department of Homeland Security (AZDOHS) policies, standards, and procedures include information on restricting access:
- P8260 Physical Security Protection Policy and Template.
- P8310 Account Management.
- P8320 Access Controls Policy and Template.
Typically, system managers are responsible for deciding and approving appropriate access, and it is IT’s role to set up the users’ access and ensure the systems enforce the appropriate access levels. The system manager should not have the capability within the IT system to grant users access.
A district should provide annual security awareness training to help employees/contractors understand how to detect, prevent, and report technology-related threats. (i.e., phone and email phishing, website and ransomware attacks, and data breaches). The training should also provide detailed instructions regarding how to prevent, identify, and report suspected security risks and incidents. Security awareness training contents should be reviewed regularly and after significant organizational events such as a breach or change in policy.
Annual security awareness training is important because it can help keep employees/contractors up to date on possible threats to help protect a district’s information technology systems and sensitive data from cyberattacks and other security risks. The District should maintain evidence of training for those who attended the annual security awareness training, including the date(s).
Some resources available to districts for developing annual training are:
The Arizona Department of Homeland Security (AZDOHS) provides policies, standards, and templates related to security awareness training on their website. AZDOHS established these policies for Arizona State agencies, which a district could adapt for its own needs. Specifically, S8210 Security Awareness Training and Education Standard includes a detailed list of security training topics, along with the following AZDOHS policies, standards, and procedures that include information on security awareness training:
- 8210 Security Awareness Training and Education Policy and Template.
- 8210 Security Awareness Training and Education Summary.
- 8240 Incident Response Planning.
Additional resources are available from the National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), and National Cybersecurity Alliance that can include security awareness training topics. The following list of security awareness training topics is not intended to be exhaustive, but rather to provide suggestions for annual training topics:
- Identifying and reporting phishing, spoofing, and pharming scams.
- Updating software regularly.
- Preventing malware and ransomware attacks.
- Using secured networks and VPNs.
- Identifying social engineering.
- Reporting and handling security incidents.
A district may include any additional training topics to fit its specific district needs. Districts may also refer to the following credible resources for information on security awareness training:
It is important to note that IT contingency plans are just one part of a larger district-wide business continuity plan. Business continuity plans encompass activities necessary to continue business operations during and after a disruption. As such, decision-makers should not only develop continuity plans for the main district functions, but also coordinate with IT to ensure business continuity and IT capabilities are matched.
Since a district uses technology systems to perform many business operations, ensuring that the IT systems are available and running effectively is critical. IT contingency planning involves analyzing business functions and the IT systems, data, and resources necessary to support those business functions in case of emergencies or disasters and determining methods to restore full functionality. Such emergencies can include both natural disasters and human-error incidents.
The items necessary for each plan may vary by entity. Some basic contingency plan components include the following:
- Identifying critical equipment, data, and resources, including off-site locations to store backup data and maintain redundant system resources to allow for emergency data processing.
- Contact list of key individuals with their roles and responsibilities.
- Procedures for regularly backing up systems and data and regularly testing backups.
- Procedures for activating the contingency plan, notifying appropriate parties, and assessing the severity of the disruption and the required incident response.
- Steps and procedures for restoring systems to full functionality.
- Supporting information as necessary to ensure a comprehensive plan such as business impact analysis, vendor contact information, etc.
Typically, decision-makers should work in conjunction with the system managers, IT, and other appropriate district staff to determine appropriate key factors, such as acceptable downtime and criticality of systems and resources. These determinations will then enable IT to develop the contingency plan according to the agreed upon factors.
As hardware and software are updated and personnel changes occur, the current contingency plan may not work as intended. By testing the plan at least annually, the district can expose issues that may arise during an actual emergency and, thereby, develop new procedures to help ensure the contingency plan will work as needed in an emergency. The following Arizona Department of Homeland Security (AZDOHS) policy and template include information for contingency planning:
There are many ways to test a contingency plan to give assurance about its effectiveness. Contingency plan testing should include verifying that all plan participants fully understand their responsibilities in addition to testing the assumptions of the plan where possible. Contingency plan testing can come in many forms, including (but not limited to):
- Walkthroughs—Walkthrough testing is verbally explaining the plan to discover any potential weaknesses. This is the least disruptive testing methodology but can lack the thoroughness of other testing strategies.
- Table-top discussions/simulations—Table-top discussions or simulations are slightly more in-depth analyses of a contingency plan. These tests include testers role-playing their part in the plan, vendor coordination, and alternate site testing.
- Full interruption—full interruption testing of a contingency plan includes fully immersing an organization in a testing environment by halting normal operations and acting as if some disaster has occurred. This form of testing is very disruptive but can be used to clearly expose flaws in a plan.
The following AZDOHS policies and templates include information for contingency plan testing:
- P8230 Contingency Planning Summary.
- P8230 Contingency Planning Policy Template.
- P8240 Incident Response Planning Summary.
- P8240 Incident Response Planning Policy template.
It is common to have IT responsible for incident response/disaster recovery testing; however, system managers, other applicable district staff, and decision-makers should also be accountable for their specific roles within the plan related to testing the plan’s effectiveness.
Incident response/contingency plan testing documentation should describe how the district performed the tests (i.e., walkthrough, tabletop discussion, system test, or full interruption, etc.), what the test results were, and any lessons learned from the test. If the tests did not identify any problems or gaps in the contingency plan, the district should document details of how the tests conducted showed that the plan worked. If the tests identified problems or gaps in the contingency plan, the district should document details of how the tests conducted showed that the plan failed, why it failed, and how the district can adjust the plan to compensate for the identified issues. Maintaining documentation of these tests, such as screenshots during tests, backup run results, and minutes from related meetings, provides support for auditor review and can help the district track contingency plan changes to ensure, throughout its lifetime, the plan meets the district’s current needs and the original design intention.
It is typically IT’s responsibility to determine appropriate incident response/contingency plan test documentation to illustrate the testing outcome and challenges; however, system managers and decision-makers should review test outcomes and be involved in approving contingency plan changes to address any issues noted in testing.
Data classification is a process to categorize data by its sensitivity. This categorization can be used to apply security standards and practices to groups of data. A district should identify what pieces of its data belong in classification groups, such as important, critical, confidential, or sensitive. Some data may belong in more than one group, such as personally identifiable information (PII), or student data as defined by the Family Education Rights and Privacy Act (FERPA). Classifying data into groups allows the district to ensure it appropriately protects information based on its classification(s).
Classifying data and restricting a user’s access based on the least privilege necessary are related, as unauthorized users should not have access to sensitive data, and authorized users should have only the access they need to that data to do their job. A district can use data classification in combination with assigning privileges to identify what data is appropriate for which positions and grant access to those employees/contractors (See FAQ #5 for additional information on least privilege).
It is common for IT to be responsible for establishing the controls that ensure the various classifications of data are adequately protected. IT should work with decision-makers and system managers to ensure that the controls in place for each data classification accurately reflects the district’s needs for data access and security.
Proper monitoring can help a district be proactive and address potential threats and other issues before harm occurs. Logging and monitoring are essential to ensuring the integrity of district data. Logging involves keeping a record of changes and actions related to the district’s network and computer systems. Monitoring involves timely review of logged activities to ensure they are appropriate.
Most accounting and student information systems, as well as their databases, have logging functionality built in, often enabled by default. On the IT infrastructure side, operating systems and network devices, such as firewalls, web filters, and anti-malware products, can also be configured to log activities and events for review. IT staff often need to manually enable this type of logging, and it can add value to operations.
Due to the nature of IT systems, logs can quickly become unmanageable in length. As a result, a district should determine the key activities or critical IT events and areas to log and monitor, such as those affecting security, availability, and appropriate use of its computer systems and other resources. Once the district has identified data classifications, such as sensitive data, and what IT activities and events it is most concerned about, such as unauthorized users accessing the network, it should log and monitor these events and follow up when something occurs that requires attention. The district should review these logs on a regular basis (i.e., daily, weekly, or monthly) depending on the district’s specific needs to ensure appropriate actions are taken to resolve issues identified. Some organizations find it useful to develop or acquire software to help them to correlate, monitor, alert, and report on the events they decide to log.
IT should generally be responsible for logging and monitoring efforts; however, it is also important for decision-makers and system managers to be accountable for identifying those key activities that should be monitored, such as activities that do not have a compensating control elsewhere or that pose a separation of duties issue. System managers should also monitor logged activity reports to help ensure that activities are appropriate and follow up and remediate any questionable activities if necessary.
To help protect both their physical and digital assets from malicious threats and inappropriate use, a district should compare its existing network and data (IT security) policies and procedures to industry standards and best practices (See FAQ #3) to ensure appropriate controls are in place.
For instance, the district should:
- Be aware of all relevant federal requirements related to IT and ensure it is complying with the regulations. These federal requirements include but are not limited to the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and Children’s Information Protection Act (CIPA).
- Separate employees’/contractors’ access to computer systems and data based upon least privilege access necessary to perform their job duties to prevent any users from accidentally or maliciously harming district data or systems because of excessive permissions.
- Limit the number of people who have access to the server room to only those who have an essential, IT-related need to be in the room.
- Implement port security to ensure only authorized users have access to the network.
- Apply best practice logical controls to ensure that user accounts within both critical and noncritical systems are not breached by malicious users (See FAQ #5).
- Implement internal and external network protection solutions, which include, but are not limited to, antivirus, firewalls, web content filtering, and intrusion detection/prevention.
IT is responsible for ensuring the network is secure and adequately protected from unauthorized access.
A district should follow a password policy that secures sensitive information and ensures proper user authentication to help protect its systems and data. Strong password policies help mitigate the risk of serious security threats such as data breaches and unauthorized access.
There are many resources available to districts for developing and following a password policy. A few possible resources are below.
The Arizona Department of Homeland Security (AZDOHS) provides policies, standards, and templates regarding IT policies on their website. AZDOHS established these policies for Arizona State agencies, and a district could adapt them for its own needs. The following AZDOHS policies and templates include information concerning the identification and authentication of users, as well as access controls:
- Section 6 of Policy 8340 on Identification and Authentication
- Section 6 of Policy 8320 on Access Controls
A password policy could include, but is not limited to, the following topics:
- Strong passwords.
- Screen locks.
- Repeated failed sign-on attempt lockouts.
- Prohibited sharing of user IDs and passwords.
- User authentication controls.
Districts may also refer to the following credible sources for information and recommendations related to password policies:
Network directory services provide a shared infrastructure and often a central information repository that a district can use to help locate, manage, administer, and organize network resources, such as users, groups, devices, and storage volumes. These services also provide capabilities to set and manage policies that apply to these resources. For example, use of directory services would allow a district to set and manage policies that govern what district users and workstations can and cannot do and what resources they can and cannot access. Changes to the workstation policies would be automatically applied to all of the district’s workstations instead of requiring IT personnel to make changes to each computer manually. Properly configured, this would help ensure that no computer on the network would be running outdated policies.
IT is responsible for ensuring appropriate user account management on the network.
Newer operating systems often have increased security features, as newer security technologies and approaches are generally incorporated and implemented in them. These security features can range anywhere from better reporting of problems to new technologies that increase the system level of security. Newer operating systems are also more likely to be patched against known security issues, so it will be harder for malicious users to break into the system using techniques to which older operating systems were vulnerable.
Despite the benefits of newer operating systems, the district should fully test any upgrades, like any other software installation. The district should ensure that the newer operating systems will function properly with any software in use and will integrate well with the network. Should the district find any incompatibilities, these should be resolved before implementing any new operating system into its live environment.
Regardless of the upgrade frequency a district chooses, it is important to ensure the vendor actively supports the operating system in use so it can continue to receive security fixes for known vulnerabilities or bugs. The district should plan to replace any operating systems or software that may be close to the end of its useful life or no longer eligible for support from its vendor.
IT is responsible for ensuring appropriate operating system use within the district. This includes IT updating decision-makers and system managers when operating systems may be approaching end-of-life so that they can consider any budget requests.
Decision-makers, system managers, HR, and IT should discuss the potential implications involved with social media, wireless and remote access, and personal devices. Following a district-wide determination of appropriate technologies, IT will typically develop the related policies and submit them to decision-makers for review.
Like any change in practice, before a district adopts a new IT practice, it should consider the security risks that any related technology introduces, ways to help mitigate those risks, and what policies will be needed to guide the use of these technologies before adopting or permitting the use of any new technology. A few examples of risks to consider for BYOD, social media, wireless, and remote access are listed below.
BYOD
- A district should be aware of all devices that are on the network or using district resources to ensure it can monitor these devices. Monitoring can help detect malicious activity occurring on, and from, these devices.
- A district should consider how the BYOD devices will access the internet and how they will maintain compliance with federal regulations such as the Health Information Portability and Accountability Act (HIPAA), Children’s Internet Protection Act (CIPA), and Family Education Rights and Privacy Act (FERPA).
- A district should consider how to ensure adequate security of mobile devices to prevent the devices from potentially infecting district networks with malicious software.
- A district should consider what data BYOD devices can store, view, and modify and how it should protect that data while on mobile devices.
Social media
- A district should consider the goals and objectives for social media. A valid district purpose should exist to warrant social media use.
- A district should consider who can post to social media sites and what they can post, and develop policies to guide staff on what is appropriate.
- A district should consider what district-related information employees/contractors can post on their own personal social media outlets and develop policies to guide staff on what is appropriate.
- A district should consider how to manage feedback from nonemployees posting on the district’s social media sites.
Wireless
- Many districts have already implemented wireless technologies to support mobile devices such as laptops and tablets. However, a district should consider security features to ensure it is protecting sensitive and/or confidential data from outside users prior to implementing wireless technologies.
- A district should consider how it is going to isolate the wireless devices from the network and whether they wish to allow the devices to access network resources.
- A district should consider how to provide web content filtering to wireless devices so it ensures compliance with district policies and guidelines and federal regulations, such as Children’s Internet Protection Act (CIPA).
- A district should consider how it is going to monitor the wireless network to determine if there is any unauthorized access or attempted attacks on the network.
Remote access to systems and resources from locations outside the district
- Remote access provides mobility to employees/contractors by allowing authorized users the ability to perform work away from their offices, such as working from home. Despite the benefits to end-users’ mobility, remote access does introduce security concerns to a district’s information technology that it should consider and address before permitting remote access.
- A district should have authentication solutions in place to help ensure that users who are attempting to access systems remotely are authorized to have such access (See FAQ #19).
- Since remote access may allow users to access some data from outside the district’s internal network, a district should consider what information it should restrict while remotely connected. Controls should be set up to ensure that it enforces these restrictions to prevent employees/contractors who are remotely connected from unauthorized viewing, modifying, or transferring of data outside the district’s network.
- As remote access enables a district to send sensitive data off-site for employees/contractors to perform their duties, the district should consider how to secure the sensitive data. This includes securing data while it is in transit from the district to the remote users’ locations, as well as data at rest on both district machines and any personal machines. One potential solution for the district is to use full-disk encryption on all remote hard disks that will store district information.
- A district should develop policies for connecting to district resources remotely, including the security requirements for remote-access users to minimize the potential damage from unauthorized use that may result in the loss or misuse of sensitive data. Policies should address data accessed remotely with district computers and with nondistrict machines, such as employees’ or contractors’ home computers that are allowed to log into district servers.
- To address employee/contractor turnover, a district should have procedures to disable remote access quickly to help prevent former employees/contractors from unauthorized access to sensitive data.
Technology User Agreements (sometimes called Electronic Information System Agreements or Acceptable Use Agreements) help the district ensure that all district staff and students are informed of district policies regarding technology resources and of the appropriate behavior when using those resources. User agreements provide the district with a record of when users agreed to policies so it can properly enforce technology policies.
In addition, a district’s cloud computing, digital learning, and vendor contracts or data-sharing agreements should have appropriate security/access, processing, and backup controls in place. The District should appropriately review data accessed or processed by vendors or third parties for propriety. Further, a district should have written agreements that include an acknowledgement that service providers are responsible for the security of confidential data the service provider possesses.
Typically, IT will develop appropriate user agreements and submit them to decision-makers for approval. After approval, it is the IT department’s responsibility to enforce the user agreement policy.
At a minimum, a district should implement multifactor authentication or compensating controls for all users with remote access, administrative access, and access to its critical IT systems (i.e., systems that contain sensitive information or that are necessary for district safety, mission, business, or security operations) to help protect those systems and sensitive information contained within them. Multifactor authentication uses more than 1 of the following factors to gain access to an IT system:
- Something you know (e.g., a password or pin number).
- Something you have (e.g., a phone to receive a verification code or contact or a USB security key).
- Something you are (e.g., a fingerprint, facial recognition, or other biometric data).
Recently, the Cybersecurity & Infrastructure Security Agency (CISA) updated its Bad Practices Catalog to include the practice of “Single-Factor Authentication for remote or administrative access” to critical systems. This practice is a security risk, and addressing it will help protect systems against cyberattacks. The National Institute of Standards and Technology (NIST) and the Arizona Department of Homeland Security (AZDOHS) made similar updates to their authentication configuration guidance. The related NIST special publications and AZDOHS policies and procedures, which are based on NIST’s guidelines, are available at:
- NIST special publications
- AZDOHS policies and procedures
Districts should conduct a risk assessment to determine appropriate changes to authentication configurations. The risk assessment should help identify any systems that may need additional authentication controls; determine if those systems can implement additional authentication controls; and if not, determine what compensating controls may help limit access to critical systems and sensitive information to only those individuals who need it for their job responsibilities.
Districts may also refer to the following credible resources for viewpoints on single-factor and multifactor authentication.
- Center for Information Security (CIS)
- CIS Controls, Version 8, Control 6—available for download after signing up for a free membership.
- CIS Controls, Version 8, Control 6—available for download after signing up for a free membership.
- Payment Card Industry (PCI)
- Data Security Standard (PCI-DSS) Version 3.2.1—choose the most recent dated version at the top of the page, provide contact information, and refer to Requirement 8.2 and 8.3.
- Data Security Standard (PCI-DSS) Version 3.2.1—choose the most recent dated version at the top of the page, provide contact information, and refer to Requirement 8.2 and 8.3.
- National Security Agency (NSA)
The Arizona Attorney General’s website at Arizona’s Data-Breach Notification Law FAQ | Arizona Attorney General (azag.gov) has information regarding data-breach laws covered in Arizona Revised Statutes §§18-551 and 18-552.
Miscellaneous
In accordance with A.R.S. §15-914.01, school districts may apply to assume accounting responsibility. Districts begin by sending our Office a written request for evaluation prior to January 1 preceding the intended fiscal year of implementation. Our Office will evaluate each district's most recent audit reports and USFR Compliance Questionnaire and make a recommendation to the Arizona State Board of Education that the district be approved or denied participation in the Accounting Responsibility Program. Districts must also submit an application to the State Board of Education, an accounting responsibility plan to ADE, and notify the County Treasurer and County School Superintendent by March 1 of its intention to assume accounting responsibility in the next fiscal year.
Yes. A.R.S. §15-905(G) allows a district governing board to authorize the expenditure of monies budgeted within a maintenance and operation subsection of the adopted budget but only by action taken at a public meeting of the governing board and only if the expenditures for all subsections do not exceed the total M&O Fund budget. The regular education subsection includes program codes 100, 610, 620, 630, 700, 800, and 900. The other 7 subsections include programs 200, 400, 510, 530, 540, and 550.
Yes. Districts may refund the unused portion of prepaid meals by check from the Food Service Fund revolving bank account, or if necessary, from daily cash receipts. For refunds made from daily cash receipts, a Meal Card or Ticket Refund Slip should be completed in duplicate for each refund and signed by the parent or student, preparer, and cafeteria manager. The total amount of refunds should be recorded on the Daily Cash Reconciliation Report, and returned meal cards should be voided, attached to the original refund slip, and retained with the Daily Cash Reconciliation Report. See USFR pages X-F-21 and 22 for sample forms.
An account description such as “overdraft of cash on deposit” is acceptable for a school district’s internal accounting records to show a negative cash balance on deposit with the county treasurer; however, it is not appropriate for external financial reporting. This presentation is not appropriate for external financial reporting because it does not reflect the nature of the liability, such as interfund borrowing, credit line payable, or an amount due to the county treasurer for investing in the school district’s debt (overdraft). Also, if interfund borrowings are not presented, it may result in cash being overstated in other funds.
In accordance with A.R.S. §15-996, county treasurers must hold school district monies in 1 of 2 ways. First, treasurers may keep a separate account for each school district fund. Second, treasurers may maintain only 2 accounts for each school district plus additional accounts for each of the bond building, debt service, and new school facilities funds. If only 2 accounts are maintained, the first account must consist of the budget-controlled funds (maintenance and operation, unrestricted capital outlay, adjacent ways, and classroom site funds), and the second account must consist of federal and State grant monies and all other monies.
In accordance with A.R.S. §15-304, school district governing boards may authorize expenditures from budget-controlled funds up to the amount of the adopted budgets regardless of the amount of cash available in the fund. Also, when sufficient cash is not available in federal and State grant funds, if county treasurers maintain 2 accounts as provided in A.R.S. §15-996 and expenditures have been included in the budget section of federal or State grant applications, the school district governing boards may authorize expenditures from federal and State grants as authorized in the budgets. As a result, cash deficits may occur in these funds.
When cash deficits occur, Arizona Revised Statutes provides the following options.
In some cases, a school district may have interfund borrowings that reduce or eliminate a fund’s cash deficit with the county treasurer. In accordance with A.R.S. §15-996, interfund borrowings may occur between (1) budget-controlled funds or (2) if 2 accounts are maintained as described above, federal and State grant funds may borrow from other funds in the second account or, if the amount in the second account is negative, from the maintenance and operation fund. Interfund borrowing should be reported as interfund payables and receivables in the financial statements.
Another option for budget-controlled funds, in accordance with A.R.S. §11-604.01, is for the county treasurer to establish a revolving line of credit on behalf of the school district with the county treasurer’s servicing bank. The credit line could then be used to finance the school district’s short-term borrowing needs in budget-controlled funds when cash balances are insufficient. With this option, a school district would report a line of credit on its financial statements.
If a revolving line of credit has not been obtained for a school district or if the revolving line of credit has been spent and if there are insufficient monies in the district's accounts, the county treasurer may register warrants, substitute checks, or electronic funds transfers of budget-controlled funds in accordance with A.R.S. §11-635. The registered items should be reported as a payable on the financial statements. Alternatively, county treasurers may invest in a school district’s registered warrants, substitute checks, or electronic funds transfers (evidences of indebtedness) in accordance with A.R.S. §35-323. If the county treasurer chooses to invest in the registered items by paying the amount and collecting amounts due from the school district, the school district should report the balance as due to the county treasurer.
Cash deficits should not occur in funds other than the budget-controlled and federal and State grant funds since the governing board should not authorize expenditures from other funds unless sufficient cash is available in the individual fund. If sufficient cash is not available, the expenditure should be reclassified to another appropriate fund that has cash or budget balance available, as applicable.
If a school district has individual funds with short-term cash shortfalls that are not appropriately addressed by the options above but has other funds with cash available to make up for that shortfall, the school district should report interfund payables and receivables on the financial statements between the fund with the cash deficit and the fund(s) from which it presumably borrowed. Because many funds have restrictions placed upon them, such borrowing may violate statutory restrictions and result in compliance audit findings.
School districts should communicate with either or both their county school superintendent’s and county treasurer’s offices regarding how cash deficits have been handled to ensure proper financial statement presentation. Also, the notes to the financial statements should contain all required disclosures for interfund receivable and payable balances, payables, or short-term debt.
Proceeds from the sale or lease of school property must be deposited into the School Plant Fund (500), in accordance with A.R.S. §15-1102.
A.R.S. §15-1102 describes the limitations on the use of School Plant monies. The following addresses the limitations on those monies based on statute. However, as indicated in the statute, the restrictions described in tables 1 and 2 below do not apply to the proceeds from:
- Leases of school property to other schools.
- Leases of school property for less than 1 year (leases with automatic renewals that result in total lease terms in excess of 1 year are considered leases of 1 year or more).
- Sales of school property of less than $100,000 per transaction.
Table 1: For districts with bond debt at or below the indicated percentage of current year assessed valuation
Type of school district, bond debt % at or below |
Proceeds from |
Allowable use and paragraph reference in ARS §15-1102 |
Elementary, 7%, or Union high, 7%, or Unified, 14% |
|
|
|
|
Table 2: For districts with bond debt in excess of the indicated percentage of the district’s current year’s assessed valuation
Type of school district, bond debt % in excess of |
Proceeds from |
Allowable use and paragraph reference in ARS §15-1102 |
Elementary, 7%, or Union high, 7%, or Unified, 14% |
|
|
|
|
Yes, the Arizona Attorney General’s Arizona Agency Handbook (Handbook), which is linked below, includes Section 6—Public Records. The Handbook provides guidance on public records law, confidential records, and addresses the difference between commercial and noncommercial public records requests. School districts should consult with their legal counsel as needed in addition to reviewing these resources to ensure compliance with public records request requirements.
School district TANs, authorized in Arizona Revised Statutes §35-465.01, are short-term notes school districts issue to provide cash before they receive expected property tax revenues. School districts generally repay TANs with tax revenues once property taxes are collected. Districts should record cash from the TAN proceeds and a related liability in the Maintenance and Operation (M&O) and/or Unrestricted Capital Outlay (UCO) Funds depending on where they will use the TAN proceeds.
The examples below illustrate the journal entries districts should record when they issue and repay TANs:
To record the issuance of $1,000,000 in TANs:
M&O and/or UCO Fund | Debit | Credit |
Cash (Object 0103) | $1,000,000 | |
Tax Anticipation Notes Payable (Object 0205) | $1,000,000 |
To record the repayment of $1,000,000 in TANs and related interest costs:
M&O and/or UCO Fund | Debit | Credit |
Tax Anticipation Notes Payable (Object 0205) | $1,000,000 | |
Interest on Short Term Debt (Function 2510, Object 6850) | $50,000 | |
Cash (Object 0103) | $1,050,000 |
Interest revenue received on TAN proceeds before they are used should be recorded in the M&O and/or UCO Funds like any other interest received on cash balances.
If a district accounts for TANs in a fund other than M&O or UCO, the district should make a journal entry to move the interest revenue and expenditures to the M&O and/or UCO Funds, depending on which fund used the TAN proceeds. This entry should be made at least at fiscal year-end before the accounting records are closed and amounts are reported on the annual financial report.
As each county may handle TAN transactions differently, districts should work with their County School Superintendent’s Office to ensure all necessary adjustments are made in the district’s accounting records to correctly report TANs.
Payroll
Videos—Click here to see a list videos that outline the guidance included in the USFR and discuss proper internal controls and commonly asked questions about payroll processing.
Yes, districts should establish a delayed payroll system. This type of system allows time for payroll adjustments to be made before payment to help ensure that employees receive the appropriate amount of compensation. Districts should determine how long to delay payment to allow adequate time for adjustments, but may not delay payments more than 7 business days during their normal 2-week payroll processing cycle. If an employee is discharged from district service, the district must pay the wages due to the employee within 10 calendar days from the date of discharge. Arizona Revised Statutes (A.R.S.) §§15-502(F) and 23-351
Yes, provided that at no point during the year the hourly employee is paid more than actual hours worked to date. Pursuant to Arizona Attorney General Opinion I04-007, all school district employees may request that their compensation be paid over the actual months worked or be prorated in any number of payments as set forth in A.R.S. §23-351(C)(2). Districts should refer to guidance in the USFR §VI-H, Payroll.
College tuition reimbursements should be paid through the payroll system and coded to object code 6240—Tuition Reimbursement. Tuition reimbursement is typically a non-taxable fringe benefit; however, schools should review IRS Publication 15-B for more information on taxable and non-taxable fringe benefits, and the limitations on those benefits.
Procurement
A.R.S. §15-213 requires districts to follow procurement practices adopted by the State Board of Education. The School District Procurement Rules are based on the Arizona Procurement Code (A.R.S. Title 41, Ch. 23), which is the legislative authority and guidance for procurement. These rules:
- Simplify, clarify, and modernize the law governing procurement by the State.
- Permit the continued development of procurement policies and practices.
- Make the procurement laws as consistent as possible.
- Provide for increased public confidence in the procedures followed in public procurement.
- Ensure the fair and equitable treatment of all persons who deal with the procurement system of this State.
- Provide increased economy in the State procurement activities and maximize to the fullest extent practicable in purchasing value for public monies of this State.
- Foster effective broad-based competition within the free enterprise system.
- Provide safeguards for the maintenance of a procurement system of quality and integrity.
USFR §VI-G, Expenditures includes the current guidelines for written quotes and the threshold for competitive sealed bids and proposals.
The School District Procurement Rules are available on the Arizona Secretary of State’s website in Title 7 Education, Ch. 2 State Board of Education (Board), Articles 10 and 11, School District Procurement.
School District Procurement Rules the Board recently adopted are available at: Rules | Arizona State Board of Education (az.gov)
Districts should obtain written quotes from at least 3 vendors for purchases costing at least $10,000 and less than $100,000. Refer to the USFR §VI-G, Expenditures for detailed requirements.
School District Procurement Rule R7-2-1023 requires a district to compile and maintain a prospective bidders' list. Vendors desiring to be included on a district's prospective bidders' list must notify the district, and the district should mail or otherwise provide the person with the district's procedures for inclusion on the bidders' list.
If a district's prospective bidders' list has 4 or fewer prospective bidders on the list, then Rule R7-2-1022(B) requires the district to publish notices of the invitation for bids or request for proposals in the official newspaper of the county within which the district is located, in addition to issuing an invitation for bids or request for proposals to vendors that are on the bidders' list.
Yes. School District Procurement Rule R7-2-1022(A) requires districts to advertise the notice of the IFB/RFP if procuring services other than the following:
- Clergy.
- Architect.
- Certified public accountant.
- Engineer.
- Physician.
- Land surveyor.
- Dentist.
- Assayer.
- Legal counsel.
- Geologist.
- Landscape architect.
Further, for all other goods, services, and construction procurements, if there are 4 or fewer bidders on the bidders list, the district must advertise the notice of the IFB/RFP.
Districts must maintain a record of all bids/proposals received, including the time and date each bid/proposal or modification is received. Maintaining the time-and-date-stamped envelopes in the bid file is 1 way to comply with these rules. Alternatively, districts may keep photocopies of the time-and-date-stamped envelope/box. The district may also choose to maintain a log of bids/proposals received, with a second person signing off at the bid submission deadline that all bids received have been logged in and no further bids will be entered below that point in the log. School District Procurement Rules R7-2-1029(A) and (B), and R7-2-1045 (A) and (B).
Yes, if a majority of the work will be done in the last year of the contract and work will not carry over substantially into the next fiscal year. However, the district should not ask or allow the architect to start work on any new projects scheduled for the fiscal year after the contract period, thereby circumventing the School District Procurement Rules that would require those services to be competitively bid. School District Procurement Rule R7-2-1093(E)
If a district has evaluated the availability of the required goods or services and determined that there is only 1 source for those goods or services, then it may award a sole source procurement contract without competition. Before making a purchase or entering into a contract, the governing board must determine in writing, following the requirements in School District Procurement Rule R7-2-1053, that there is only 1 source for the required material, service, or construction item. However, designating a vendor as a sole source should be avoided, except when no reasonable alternative exists.
Due diligence is the process of obtaining and reviewing documentation to verify that the procuring entity procured contracts pursuant to the School District Procurement Rules and determining that the contract price and terms are favorable to the district to receive the best value for the good or service desired.
Whether administering or purchasing from a cooperative purchasing agreement, districts are responsible for ensuring that procurements are done in accordance with School District Procurement Rules.
Due diligence, at a minimum, should include verification that the cooperative contract was awarded through a competitive process. Districts should review the cooperative’s procurement compliance questionnaire (PQ), if available. If a PQ is not available, a district should review a sample of cooperative contract documents, including:
- Bidder’s list.
- Solicitation, including evaluation factors.
- Multiple offers received.
- Vendor pricing lists.
- Bid evaluations and offer evaluation sheets.
- Basis for cooperative contract award with established evaluation factors.
- Cost analysis to determine price is fair and reasonable.
- Review of cooperative contract terms and conditions.
If deficiencies are noted based the review of the PQ or the contact documents, districts should evaluate the frequency and severity of those deficiencies to determine if they can rely on that contract or take additional steps to remedy the deficiency and use the contract.
Based on R7-2-1004(B), districts are authorized to prescribe methods and operational procedures to be used in preparing written determinations.
Districts should prepare and maintain written determinations, as required by R7-2-1004 to support their reason(s) for the selection of a particular vendor, including for any specified professional services, construction, construction services, or materials to an entity selected from a qualified select bidders list or through a school purchasing cooperative. The determination shall specify the reasons for the determination, including how the determination was made. Documentation should be included in the procurement file to substantiate the determination.
The procurement file for competitive sealed bids or proposals (either paper or electronic), as applicable, could include the following:
- List of the notified vendors/notice of solicitation.
- Final solicitation with evaluation factors.
- Solicitation amendments.
- Due diligence.
- Verification ROC license and Corporation Commission.
- Discussions.
- Clarifications.
- All submitted vendor bids and proposals.
- Offer revisions/best and final offers.
- Signed procurement disclosure statements.
- Bid evaluations or final evaluation report/matrix.
- Award determinations.
- Determination of non-responsive bids.
- Justifications for multiple awards.
- Offer & acceptance form signed by both parties.
- Notice to proceed.
- Contract and renewals or extensions.
- Any other required contract documentation.
The procurement file should be available for public inspection within 10 days after contract award, as prescribed in the School District Procurement Rules. We have developed a checklist that districts may use to assist them in compiling their procurement files. The complexity of the file is based on the type of procurement that was completed.
Districts should carefully research goods or services and determine in writing that the pricing or contract terms are fair and reasonable. If the good or service needed has been provided before, districts should consider what price was previously paid and research and determine if another district has purchased the same item. Districts may also review documents and evaluate the following, as applicable, to determine:
- Contract or modification is based on adequate competition;
- Price is supported by established catalog and/or market prices;
- Price is established by law or rule;
- Price is supported by relevant, historical price data;
- Estimated value, scope, complexity of project;
- Nature of the service; or
- If there are any government or educational discount programs.
This research will provide valuable pricing information that can be used during negotiations and in determining price reasonableness. R7-2-1079, R7-2-1110 and R7-2-1122
Yes. The School District Procurement Rules and the requirements in the USFR apply to all district expenditures of public money, including federal grant monies such as E-rate monies. Additionally, when expending federal grant monies, districts must comply with the individual grant agreements. School District Procurement Rule R7-2-1002(A).
School District Procurement Rule R7-2-1101 includes procedures for creating a qualified select bidders list, R7-2-1106—1115 includes procedures for construction-manager-at-risk, design-build, and job-order contracting methods of construction, and R7-2-1117—1123 relate to specified professional services such as architects or engineers.
School District Procurement Rule R7-2-1021(B) addresses the use of electronic, on-line bidding and R7-2-1018 addresses the use of reverse auctions.
Yes/No. Auxiliary Operations and Community School Fund monies are public monies. The School District Procurement Rules or USFR guidelines for written price quotes apply to every district expenditure of public monies when the cost of the construction, materials, or services is at least $10,000, unless an expenditure is specifically exempted by a federal/State law or regulation or is otherwise specifically exempted from the Procurement Rules or USFR guidelines (e.g., payroll or student activities monies).
Example:
A district decides to run a dance program through the Community School Program/Fund and wants to hire a dance instructor.
Yes. If the district hires a new employee to be the dance instructor, the payment would not be required to be bid.
Yes. If the district hires a current district employee to be the instructor (by addendum to a teacher's contract or classified employee's agreement), the payment would not be required to be bid since the extra duties are within the realm of duties normally added by addendum to a contract or agreement (e.g., coaching, or sponsoring a student activity or extracurricular activity).
Note—Services such as t-shirt silk screening, painting buildings, plumbing, construction, etc., performed by a teacher/employee acting as a vendor, regardless of what fund they are paid out of, would require the district to follow the School District Procurement Rules. (USFR §VI-G, Expenditures).
No. If the district hires someone other than a district employee to be the instructor, the district should obtain written quotes or formal competitive bids in accordance with the USFR guidelines or Procurement Rules, as applicable, for this service.
If the district obtains written quotes and does not want to select the lowest bidder, they should document why they selected someone other than the lowest bidder (e.g., the person who was the lowest bidder does not know how to dance!).
Sometimes.
Articles 10 and 11 do not apply to purchases made in compliance with the terms and conditions of any grant, gift, bequest, or cooperative agreement. Therefore, competitive bids/proposals and quotes are not necessary if, for example, the donor has specified, as a condition of the gift, the specific vendor or contractor to be used. If the gift’s or donation’s terms and conditions are not specific as to the use of a particular vendor or contractor, then the district should follow the School District Procurement Rules or USFR guidelines because the School District Procurement Rules or USFR guidelines apply to every district expenditure of public monies when the cost of the construction, materials, or services is at least $10,000. R7-2-1002(C)(15)
No. A.R.S. §15-213(N) prohibits district employees from accepting personal gifts from vendors.
Further, A.R.S. §15-213(Q)(1) defines “gift or benefit” as a payment, distribution, expenditure, advance, deposit or donation of monies, any intangible personal property or any kind of tangible personal or real property. A gift or benefit does not include items that are of nominal value such as a greeting card, t-shirt, mug or pen, food or beverage, or expenses or sponsorships relating to a special event or function to which individuals involved in procurement are invited.
In addition, A.R.S. §38-504(C) prohibits a public officer or employee from using their official position to secure anything of value or benefit for themselves that they would not ordinarily receive as part of their official duties, if the thing or benefit is of such character as to manifest a substantial and improper influence on the officer or employee with respect to their official duties.
Some scenarios to consider and whether they could be considered a personal gift or benefit:
1. A district vendor invites you to a charity event and pays your fee that includes meals, hotel stay, and golf. Highly questionable.
2. The vendor also pays for your spouse to attend the charity event. Highly questionable.
3. A district vendor, also a friend, gives you a birthday gift. Depends. Are you in a position as defined under A.R.S. §15-213?
4. A district employee, who is also a district foundation board member, seeks donations from district vendors for a foundation event. Does not appear to be, but caution is needed. The scenarios above and any other types of actions that might be considered or give the appearance of a personal gift or benefit should be carefully evaluated and discussed with district management and the district’s legal counsel, as appropriate, before accepting anything of value.
Districts should train employees about the gifting prohibitions and should require employees involved in the procurement process to attest that they have not violated the gifting prohibition as prescribed in A.R.S. §15-213(N). The employee’s attestation could be included as part of a procurement disclosure statement that is required by R7-2-1008.
Vendors are required to certify that it has taken steps and exercised due diligence to ensure its bid or proposal has not violated the gifting prohibition. A.R.S. §15-213(O), R7-2-1003(J), R7-2-1024(B)(1)(q), or R7-2-1042(A)(1)(l).
Student activities
No. Arizona Attorney General Opinion I84-018 states that only clubs that are not school-controlled (such as off-campus clubs, clubs sponsored by civic groups, or parent-teacher organizations) and fit within the tax exempt categories defined by A.R.S. §43-1201 may hold raffles or lotteries if they also meet the requirements of A.R.S. §13-3302(B).
No, except when the vendor is a district employee (USFR §VI-G, Expenditures).
School District Procurement Rule R7-2-1002(C) exempts purchases made with student activities monies from procurement requirements unless district monies are involved. To maximize purchasing power, it is recommended that student clubs follow the purchasing guidelines in USFR §VI-G, for obtaining written quotes for student activities disbursements below $100,000; however, the student clubs are not required to do so.
Travel
Videos—Click here to see a list of videos that describe the guidelines for school district travel.
For days of departure, the rates for the location in which the traveler will end the day are used, regardless of where the meal is provided.
For days of return, effective 10/1/17, use the rate for the location in which the traveler last stayed the night, prior to returning to his regular duty post and/or home.
For travel days without overnight travel, the meal reimbursement rates for Phoenix, AZ, are used to reduce the Single or Extended Day Meal Reimbursement amounts, regardless of where the meal is provided.
No. Employees should report the lesser of the actual cost of meals or the maximum meal reimbursement amount on their travel reimbursement claims. The district must verify that the amount claimed for meal reimbursements does not exceed the maximum meal reimbursement amount, but is not required to obtain receipts to verify that the amount claimed does not exceed the actual cost of meals. However, the governing board may establish a policy to require receipts for meal reimbursements. This policy should be in writing and included in the district's travel policy.
Districts should use object code 6290-Other Employee Benefits to record taxable meal reimbursements for employee travel without an overnight stay or substantial rest period. For travel expenditures that are not taxable to the employee (meal reimbursements with an overnight stay or substantial rest period, and mileage and lodging reimbursements), districts should use object code 6580-Travel. To help ensure that all taxable reimbursements are identified, districts should process all employee travel reimbursements through their payroll department.
When an employee receives meal reimbursements for travel without an overnight stay or substantial rest period, the district should withhold social security, Medicare, and federal and State income taxes from the taxable meal reimbursement. State retirement and long-term disability should not be withheld from taxable meal reimbursements.
In accordance with the State of Arizona Travel Policy, certain exceptions to standard travel policies may be made with special written approval. Among these exceptions is the payment of meals and lodging within 50 miles of duty post or personal residence for employees as determined necessary.
Any student–related employee travel exceptions should be included in the district’s adopted travel policy. The policy should address both the nature of allowable exceptions and the required level of approval necessary for each type of exception. Districts should also specify the procedures for documenting a detailed explanation of the need for the exception and obtaining the required special written approval in advance of the travel.
Guidance related to the school district’s ability to provide food, beverages, and refreshments while not on travel status can be found in Arizona Attorney General Opinion I10-003 (R9-040).