Internet Banking Policy

Department of Education Guidelines

1. Background
1.1 Internet (electronic) banking offers an online facility (via a website) which provides users with the ability to undertake various banking functions, such as checking account balances, transferring funds between accounts, Direct Debit/Credit and BPay.
1.2 An important feature of dedicated internet banking software, and in particular the ability to process creditor/payroll and related payments through Direct Debit/Credit and BPay, is that the payment is directed to one creditor/payee only and the inclusion of detailed audit trails or transaction reports results in a high level of data security and validation.
1.3 Other forms of internet banking are effectively on a ‘pay anyone’ basis, e.g. Direct Debit from the school’s Official Account, using the school level payroll as distinct from utilising dedicated payroll software from a financial institution. As robust data security and validations are absent with this type of payment method, this potentially raises the financial risk for the school in relation to:
• the setting up of payee details, and
• the transfer of funds from the Official Account to valid and accurate payee account(s).
1.4 In order to minimise these risks, schools should be reminded of the compliance requirements in the Education Training and Reform Regulations 2007, section 37(1) Revenue and Expenditure which outlines that all cheques and negotiable instruments drawn on any account kept under the control of a school council must be authorised by the principal and a person nominated by the school council for that purpose. Payments through internet banking software are effectively just another form of payment and as such, any payments must still be authorised by two people. A single authoriser of payments via internet banking software is a clear breach of the regulations governing the payment of accounts by schools.
1.5 Furthermore, section 4 outlines that the school Business Manager cannot be nominated as an authoriser under this regulation even if he or she is a member of the school council.
1.6 The various internal controls that need to be considered include:
• proper authorisation and approval of both the initial setting up of account details and any subsequent transactions against the account(s)
• completeness and accuracy of details so they can be verified by a responsible officer
• security and confidentiality of data at all times
• documentation kept by the school confirming all transactions related to the account(s) such as purchase orders, payment vouchers, payroll listings, screen prints of payee(s) details, screen prints of transaction(s) confirmation details, relevant CASES21 reports
• the appropriate segregation of duties to ensure and maintain the accuracy and legitimacy of accounts and transactions
• delegation
• bank imposed security issues.

2. Direct Debit
2.1 A Direct Debit facility effectively allows an external source, e.g. financial institution or supplier, to remove or ‘sweep’ funds pertaining to a pre-arranged amount and date from the school’s Official Account on a regular or ad hoc basis.
2.2 Routine payments are regular in amount and/or due date, for example monthly operating lease or annual insurance premium payments, while ad hoc payments would occur on an ‘as needs’ basis with differing dollar amounts, e.g. payments for teacher requisites or classroom materials.
2.3 From an internal control viewpoint, the school should ensure that it receives a tax invoice/statement from each supplier prior to the Direct Debit ‘sweep’ date each month in order to confirm the accuracy of all payment’s as well as any cash flow considerations.
2.4 Prior to agreement with a supplier to utilise the Direct Debit payment option, the school should ensure that it receives in writing from the supplier all relevant details of the Direct Debit.  These details include the actual amount, the day/date on which the payment will be processed, and the regularity of the payment. The school also needs to ensure that the supplier will continue billing the school. If the direct debit differs in amount or timing, the supplier must be contacted immediately and the issue resolved or the direct debit cancelled.
2.5 Information required to be kept:
• All details provided by the supplier relating to the amount, date of Direct Debit and regularity of the payment
• Original payment approval usually via an Application for Direct Debit Form signed by Principal and a designated signatory of school council
• Schedule and timing of deductions (if not included in the above)
• All related billing and statement details
• Relevant CASES21 finance reports.

3. BPay
3.1 When paying accounts using BPay the school has full control of the payment date and amount of the expenditure. Schools must ensure that suppliers’/creditors’ accounts are always paid by the due date and for the correct amount.
3.2 BPay is a secure electronic banking product identified on a supplier/creditor account with a unique biller code. The payee selects either the internet or telephone option to transfer funds from the school’s Official Account to the supplier and follows a series of steps to attach the amount owed to the creditor’s account and biller code.
3.3 With BPay transactions the standard controls related to creating an order, setting up the commitment and determining the date and amount for the transfer can be easily maintained by schools.
3.4 Schools will receive an invoice in the normal manner. The invoice should then be attached to the pre-approved purchase order and forwarded to the principal for approval for payment. Once payment has been made using BPay, the BPay receipt number and details of the transaction should be printed from the internet banking website. This printed receipt should then be attached to the original payment approval/invoice.
3.5 If the phone is used to action a BPay payment, the BPay receipt number and date of transaction should be noted on the original payment approval/invoice information.
3.6 Information required to be kept:
• Original signed payment approval and creditor invoice
• Printout of BPay receipt (if processed through the internet), clearly displaying BPay receipt reference number and date of transaction
• Relevant CASES21 finance reports.

4. Local Policy
At Glen Waverley South Primary School, the policy for internet banking is based on the recommended DET guidelines detailed above.
4.1 CommBiz will be used as the recommended internet banking facility and it will be set up to include various levels of authorisation for each transaction batch as determined by Audit requirements.
4.2 Payment batches will be prepared by the Business Manager or a delegated officer. These batches will be uploaded to the CommBiz internet banking website by the Business Manager who will check the correctness of each payment.
4.3 Payments will be confirmed by the person registered and approved by School Council as the ‘Confirmer’ of internet banking transactions. It is the responsibility of the person authorised to confirm transactions on the CommBiz internet banking site, to ensure that all transactions are valid. In most instances this will be the Assistant Principal.
4.4 Final approval of all transactions will be authorised by the registered School Council approved representative. This person will, in most instances, be the Principal.
4.5 At no time will the Business Manager have the authority to either confirm or authorise transactions on the CommBiz website.
4.6 Existing bank-imposed restrictions or security measures will be adhered to.
4.7 All transactions will be authorised according to DET guidelines and audit requirements.
4.8 For payroll payments the Business Manager will:
• print the screen for each individual’s pay prior to processing the final payment screen
• obtain the Principal’s signature on the printout.
4.9 For creditor payments the Business Manager will:
• print the payment screen ensuring key transaction details such as creditor name, address, account number, BSB number, description and quantity of goods and payment amount are visible
• attach the print out to the original tax invoice.
4.10 For creditor payments the Principal will:
• verify that the details on the tax invoice are identical to the screen print, particularly the BSB and account number details
• sign the printout
• process the final payment screen.
4.11 A receipt clearly displaying the date of the transaction, amount paid, and the recipient’s BSB, account number and name will be retained.
4.12 In the event of extended absence of the Principal, the Assistant Principal will act as authoriser and the alternative School Council nominee will confirm transactions.
4.13 In the event of extended absence of the Assistant Principal, the alternative School Council nominee will confirm transactions.
4.14 In the event of extended absence of the Business Manager, an appropriately qualified and authorised replacement will be responsible for the duties of the Business Manager.
4.15 The principal will sign and date the internet transaction receipt, and attach this to the authorised payment voucher.
4.16 All documentation will be safely and securely stored.
4.17 Records presented to the Finance Committee will be as per the Finance Policy.
4.18 Records to be kept include:
• The School Council minutes that record prior approval utilisation of the ‘pay anyone’ basis of internet banking.  This will include the specific individuals it applies to with all relevant details such as BSB number, account number, payroll number, etc.
• The school’s approved ‘Internet Banking Procedures’ document
• Signed or initialled screen prints as part of the approval to pay creditors/local payroll
• Relevant CASES21 finance reports.
The local policy is to be read in conjunction with the DET policy. Where a conflict occurs between the two policies, the DET guidelines will take precedence.

5. Evaluation:
This policy will be reviewed and minuted at School Council each year.


Circular S385-2007 School Internet Banking Guidelines

Victorian Government Schools Reference Guide 

Financial Risks:

Guidelines for Electronic Payment of Accounts



This policy was last ratified by School Council on:  15/02/16.