Manuals, Guides, and Procedures

Purpose: Below is a list of vendors UNC Charlotte has contracted with for promotional items. Reach out to them directly to obtain a quote.

Vendor Name	Contact Name	Contact email
4Imprint	John Lord	jlord@4imprint.com
Action Plus	Alicia Rhodes	alicia@actionplusideas.co
Blink Marketing	Jenny McIntyre	jenny@blinkmarketing.com
Club Colors	Alexis Bittner	abittner@clubcolors.com
Promo Logic	Angie Johnson	angie.johnson@promologicllc.com

Contact Email: purchasing@uncc.edu

Last Updated: November 8, 2022

• Organizational Encumbrance List

Purpose: Review open Purchase Order Encumbrances in Banner.

Last Updated: November 13, 2014

• Purchasing agent assignments by ORG Code

Purpose: This file contains a table of purchasing agents by level 5 organizational code.

Contact Email: purchasing@charlotte.edu

Last Updated: April 23, 2024

• Purchasing Card Manual

Purpose: Provides general Information and detailed procedures for card issuance and card processes, purchasing guidelines, and documentation requirements.

Last Updated: March 18, 2024

• Purchasing Card User Training Presentation

Purpose: To provide the purchasing card accountholder, reconciler and approver roles user training workshop registration information and the related presentation.

Register for this one-hour virtual P-card user training session by logging into the University’s Learning and Development Portal. Once logged into the Portal, select Learning > Learner Home. Enter “p-card” in the search box and tap the enter key. Select the p-card result to view all available sessions and register. For additional Portal details, please reference the Learning and Development FAQs.

Contact Email: purchasingcard@charlotte.edu

Last Updated: July 31, 2023

• Purchasing Card Reference Guide (PCRG)

Purpose: This guide is meant to serve as a one-stop reference for purchasing card (p-card) users and combines multiple resources into one document. There is a separate tab for each of the following:

• PCRG tab — Overview of allowable and unallowable expenditures by category and spending profile, and receipt reminders
• Flag Assistance tab — Assistance ​with resolving common p-card flags in Works P-card
• Quick Recon. Guide tab — Reconciliation instructions

Last Updated: March 15, 2024

• UNC Charlotte Purchasing Manual

The purchasing manual is an official guide for the departments, schools, divisions, offices, and other organizational entities of UNC Charlotte. These policies should be used for the procurement and handling of supplies, materials, equipment, and services as directed by the General Statutes of the State of North Carolina and as stated in University Policy 601.11, Purchasing Policy.

Please contact Purchasing office if your specific question is not covered.

As purchasing policies or procedures change, this webpage will be updated. Please bookmark this site and refer to it often.

Scott Brechtel, Director of Materials Management

Contact Email: purchasing@charlotte.edu

Last Updated: November 30, 2023

Overview

The Red Flags Rule (Rule) was issued in 2007 by the Federal Trade Commission (FTC) after the Fair and Accurate Credit Transactions Act (FACTA) added provisions to the Fair Credit Reporting Act (FCRA) designed to improve the accuracy of consumers’ credit-related records and directed the FTC to issue guidelines for financial institutions and creditors regarding identity theft with respect to their account holders and customers. The Rule is actually three different but related rules, two of which apply to the University.

The Rule requires financial institutions and creditors that offer or maintain one or more covered accounts to implement a written Identity Theft Prevention Program (ITPP) designed to detect, prevent, and mitigate identity theft. Red Flags are suspicious patterns or practices or specific activities that indicate the possibility that identity theft may occur. The University’s ITPP was approved by the University’s Board of Trustees in 2009. All departments, colleges, and units who are involved with handling Personally Identifiable Information (PII) in connection with the opening of covered accounts and with respect to existing covered accounts must comply with the University’s ITPP and develop reasonable processes and procedures to verify the identity of persons for whom services are being provided and to detect, prevent, and mitigate any instances of identity theft.

The Rule also requires a user of a consumer report to employ reasonable policies and procedures when the user receives a notice of address discrepancy. Therefore, to prevent identity theft regarding an employment or volunteer position for which a credit or background report is sought, University personnel shall take the following steps to assist in identifying address discrepancies:

• Require written verification from any applicant that the address provided by the applicant is accurate at the time the request for the credit report is made to the consumer reporting agency; and

• If notice of an address discrepancy is received, verify that the credit report pertains to the applicant for whom the requested report was made and report to the consumer reporting agency an address for the applicant that the University has reasonably confirmed is accurate.

Other links of interest

• Full text of the FTC’s Fair Credit Reporting Act FCRA 15 U.S.C. §§ 1681-1681x, as amended by the Fair and Accurate Transaction Act of 2003 (effective Sep. 1, 2011)
• Full text of the FTC’s Red Flags Rule FTC 16 CFR Part 681, as amended by the Red Flag Program Clarification Act of 2010 (effective Jan. 1, 2011)
• SEC and CFTC’s final Identity Theft Red Flags Rule rule (effective May 20, 2013)
• Other FTC resources:
  • Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business
  • Consumer Information on Identity Theft
  • Protecting Personal Information: A Guide for Business
• NACUBO Red Flags Rule resources
• IRS site on Identity Protection
• NC Identity Theft Protection Act of 2005, via S1048
• UNC System Guidance (Feb. 2009)

---

UNC Charlotte Procedures and Forms

Red Flags Rule Annual Survey, to be completed by Key Areas (as defined in Procedures).

Red Flag Detection Form, to be completed if Red Flags are detected in the course of University operations.

Note that, while Key Areas must comply with the University’s ITPP, from a Red Flags Rule risk management perspective, all employees who are involved with handling PII must comply with the following procedures related to information security and fraud prevention.

Protection of Personally Identifiable Information

To further prevent the likelihood of identity theft occurring during the conduct of University business, the University will take the following steps with respect to its internal operating procedures to protect PII:

• Ensure that its website is secure or provide clear notice that the website is not secure;
• Ensure complete and secure destruction of paper documents and computer files containing individual account information when a decision has been made to no longer maintain such information;
• Ensure that office computers with access to PII are password protected;
• Ensure that laptops are password protected and encrypted;
• Avoid use of social security numbers when possible;
• Ensure the security of physical facilities that contain PII;
• Ensure that transmission of PII is limited and encrypted when necessary;
• Ensure computer virus protection is up to date; and
• Require and keep only the kinds of individual information that are necessary for University purposes.

Hard Copy Distribution

Each employee and contractor performing work for the University will comply with the following security measures related to hard copy files with PII:

• File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with PII will be locked when not in use, when unsupervised, and at the end of each workday.
• Clear desks, workstations, work areas, printers and fax machines, and common shared work areas of all documents containing PII when not in use.
• Whiteboards, dry-erase boards, writing tablets, and other writing surfaces in common shared work areas with PII will be erased, removed, or shredded when not in use.
• When documents containing PII are discarded, they will be placed inside a locked shred bin or immediately shredded using a mechanical crosscut or Department of Defense-approved shredding device. Label locked shred bins as “Confidential paper shredding and recycling.”

The following can be used to educate your staff regarding the Red Flags Rule and University’s ITPP:

• UNC Charlotte’s Red Flags Rule – ITPP Procedures include definitions and specific actionable items on how to prevent and mitigate identity theft, including a “Red Flag Identification and Detection Grid.”
• For information about data classification and handling, visit the University FAQ site.

Last Updated: November 22, 2023

Payment method:

The preferred method for prepaying for registration fees to conferences and non-conference events associated with University-related business is to use a University-issued Purchasing Card (P-Card).
Other allowable methods include:

• Submit a Travel Reimbursement and Expense Report form

Rationale and other considerations:

Registration fees associated with conferences and non-conference events related to University business are allowable on a P-Card. Please refer to the Travel Manual for additional information (link provided below). Note: Registration tours and other social activities at conferences cannot be paid for using a p-card. The attendee must pay out of pocket and seek reimbursement via a TRER if the department considers the expense appropriate.

How to do it:

1. Complete a Travel Authorization form and obtain supervisor approval. Note that a Travel Authorization is not required if the event is local and the attendee will not be in travel status.
2. Upon approval of the Travel Authorization form, the traveler or their designee may then pay the registration fee using a P-Card. When using the P-Card for travel expenses, follow the guidelines and processes identified in the Travel Manual (link provided below).

Policies	Procedures	Forms / Links	Training and Reference Materials
University Policy 602.7, Travel Authorization and Reimbursement OSBM Budget Manual (Refer to Section 5 for Travel Policies) IRS Travel, Entertainment, Gift, and Car Expenses Publication (Publication 463) University Policy 601.8, Appropriate Use of University Funds	Purchasing Card Manual Travel Manual	Travel Forms Package	General Guide for Travelers Expense Account Codes Purchasing Card Reference Guide (PCRG)

Contact for additional questions:

Send an email to the Purchasing Card mailbox at purchasingcard@uncc.edu, or refer to the Purchasing Card website.

Last updated 9/14/18, 6/03/19

Last Updated: June 3, 2019

If you are considering the possibility of accepting payment cards as a method to collect revenues for your University department or unit, e.g., for merchandise sales, event registration, or other University-related revenues, you should become familiar with the UNC Charlotte Payment (Credit/Debit) Card Processing Standard and the UNC Charlotte Payment (Credit/Debit) card Processing Procedures. Below is an overview of some key points to understand:

General Requirements for Payment Card Processing

1. Any department, college, group, or individual who wishes to process credit/debit cards (payment cards) must receive approval from their departmental Business Manager and the eCommerce Office (eCO).
2. All card processing for the University must operate under a UNC Charlotte merchant Account / ID (see below under “Establishing a New Merchant Account”) or an approved alternate process.
3. All contracted services or other purchases related to card processing must receive approval from the eCO and ITS (if appropriate) before they are initiated. All contracts which involve card processing, or link to third party card processing sites, must be reviewed by the eCommerce Manager before they are executed. Any contract that pertains to card processing that does not contain required language will be required to go through an Addendum process before card processing set ups are implemented.
4. All online card processing must occur on an approved, secure web site, through an approved 3^rd party processor.
5. Face to face transactions must be processed on Point-of-Sale (POS) equipment ordered or rented through the eCO on terminals approved and provided by the State, or, through an eCO approved virtual terminal.
6. All staff that interface with card transactions must complete the individual requirements for card processing, as listed below under “Establishing Merchant User Access”.
7. Access to reporting systems will be based on a least privilege basis, or limited to the least number of staff that are required to complete the related tasks.
8. All card transactions that are processed on behalf of the University or its affiliates must be deposited to the University Cashiers on a daily basis.
9. Transaction fees, as set by NC OSC (North Carolina Office of the State Controller), are charged on all processed transactions. General Accounting receives and pays these invoiced charges and debits the designated merchant’s fund monthly.
10. Documentation of processes related to card processing are required to be submitted to the eCO at least annually and whenever significant changes occur.
11. Merchants must complete an annual Payment Card Industry (PCI) Self-Assessment Questionnaire (SAQ), signed Attestation, and other related documentation as required.

Establishing a New Merchant Account

1. Complete an Initial Interest Form to Process Payment Cards to assess whether your department’s/unit’s activity meets the criteria to accept payment cards at UNC Charlotte.
2. Once your Interest Form has been approved, complete an Application to Process Payment Cards (EC-APP).
   • Approval must be obtained by your department’s Business Manager before submitting to the eCO.
   • Note that a University eCommerce ‘Merchant Account’ is established for each major department on campus that accepts payment cards. If your department does not currently have its own Merchant Account, certain minimum sales thresholds apply for establishment of a new Merchant Account.
   • Note also that you must know detailed information about your potential payment card processing setup to fill out this application. Required fields include: business case, frequency and volume of transactions, types of processing requested (e.g., online, face-to face/POS), Banner Fund code to deposit revenues into and from which to charge credit card fees, draft refund policy, list of employees who will be handling card data, and agreement to the following statements:
     • Storage/Retention: University staff and entities are prohibited from storing the Primary Account Number (PAN) or Sensitive Authentication Data (SAD), physically or electronically (e.g., computer hard drives, CDs, Disks, and other external storage media), after authorization of the transaction. Records pertaining to card transactions will be kept in a physically secure, limited access location for two fiscal years. If no litigation, claim, audit, or other official action involving the records has been initiated, all records will be destroyed via cross-cut shredding after this time period.
     • Sensitive Cardholder Data (CHD) (as defined by the Payment Card Industry Security Standards Council – PCI SSC): Our office will not store the Primary Account Number (PAN) or any sensitive authentication data (Full magnetic stripe data or chip equivalent, card validation number/security code, or PIN block) physically or electronically. Any request to accept sensitive CHD by mail will be pre-approved by the eCO, and the physically received portion of the record containing CHD will be cross-cut shredded immediately after the transaction is entered for processing (the day it is received). Sensitive CHD will not be collected/accepted via email or fax. Any sensitive CHD gathered via POS devices will only be stored within the device until settlement (must occur daily), after which the data is automatically erased.
     • Receipts: All software will be configured so that all customer and merchant receipts print only the truncated card number (the last four digits), and the customer copy does not display the expiration date.
       (N/A for internet-only merchants)
     • Deposits: Our office will complete and submit a Payment Book Receipt (PBR) (with the required supporting documents attached) to the Cashier’s Office no later than noon of the business day following each credit card settlement.
   • The eCommerce office will make a final determination of the best business solution available after evaluation of the application.
3. If, as part of the payment card processing setup, the applicant desires a third party application that interfaces with the University network/gateway processor, the applicant must also:
   • Receive approval from the eCO for the use of the requested third party before the third party is contracted.
   • Work with the eCO to ensure contracts reflect required PCI and card processing language. No contracts that involve card processing are to be exectued without approval from the eCO first.
   • Receive approval from ITS if the third party agreement that involves ITS resources must comply with IT Governance processes. A review of those may be located at IT Governance.
4. Once a business solution is agreed upon and approved, if a new Merchant Account is to be created, the new Merchant must complete a Merchant Agreement Form.
   • This must be signed by the departmental Business Manager before sending to the eCO.
5. The eCO will then establish the new Merchant Account and set up required account information with NC OSC.

Establishing Merchant User Access

Once a Merchant Account is established, each employee that has access to and/or is required to handle cardholder data must:

1. Be a permanent employee of UNC Charlotte.
2. Complete a background check (completed by HR for all new employees prior to hire).
3. Complete all required trainings and forms which include, but may not be limited to, initial and annual training required for the PCI Data Security Standards ( PCI DSS), and the ITS Security Awareness Training. Information on training may be located on the eCommerce Training page.
4. Sign the DSS Acknowledgement Form (EC Acknowledgement Form).
5. Complete the EC Merchant Access Request to Reporting Systems. (Access the form via the Imaging website at: https://workflowforms.charlotte.edu/imaging/imaging-forms-department/ecommerce)
   • This must be approved by the employee’s supervisor.
   • Approval for access will be evaluated based on:
     • Whether the above requirements are met,
     • The business need for access, and
     • The number of access already granted within the requesting department.
6. Once approved, the eCO will set up access with NC OSC to both ClientLine (for STMS) and OMS (for AmEx) and notify the user. The new user must login to OMS within 72 hours of initial setup. Access to the TouchNet Payment Gateway and/or TouchNet Marketplace is also initiated via the EC Merchant Access Request form and is implemented by the eCO.
7. To maintain access to eCommerce reporting systems, users must login every 21 days, or their access will automatically lapse and may require that the access request be resubmitted.

Origins

Campus divisions and departments are ultimately responsible for the accuracy and timely submission of personnel action forms including Personnel Distribution forms (PD7) and time records. Failure to do so may result in overpayments to employees, creating an unnecessary financial burden on the department.

Payroll Calendar & Due Dates: Each year, Payroll provides monthly and bi-weekly schedules for the upcoming year, including deadlines for receiving personnel action forms and time records. The Payroll Calendar is readily available on Payroll’s website.

Supervisors: All supervisors must communicate information about search postings, hiring recommendations, terminations, leaves of absence, pay rate changes, etc. to their department’s Business Officers in a timely manner. The supervisor is then responsible for ensuring that the information is submitted through the proper approval process (e.g., through the Graduate School, Office of Academic Budget & Personnel, Human Resources and/or Payroll) prior to the “Paperwork Due to Payroll” date (in Payroll Calendar). Since some of the personnel action documents must have multiple approvals before delivery to Payroll for processing, departments may need to anticipate review time or simply monitor the status of the personnel action to help prevent potential overpayments and ensure new/current employees are paid timely.

Overpayment & Collection Process

If the employing department becomes aware of a potential overpayment, Payroll should be contacted immediately, and this overpayment form must be completed. Upon notification, Payroll will:

• Gather the supporting documents and calculate the overpayment on a gross-to-net basis. The employee is only required to repay the net amount if repayment can be accomplished within the same calendar (tax) year. If repayment crosses the calendar (tax) year, the gross amount must be repaid.
• Send written notification to the employee, with a copy to the employing department, detailing the overpayment and the University’s expectation for collection. This includes notification of North Carolina General Statute 147-86.23 which outlines the University’s right to add interest & penalties to past due accounts. Effective January 1, 2015, the University will assess a one-time 10% late payment penalty and accrue interest charges at 5% annually unless payment is received or a payment plan has been agreed to by both parties within 30 days of the notification date.
• For Repayment Options: Contact Payroll (Note: Current employees will have their overpayment collected through a payroll deduction, unless other payment arrangements are made.)

Most of the time, individuals make repayment arrangements within 30 days of being notified; however,

• If Payroll has not received a response after 30 days, the overpayment is considered past due and a second communication is sent, indicating interest and penalties will begin unless repayment arrangements are made immediately.
• Students with a past due overpayment will have a registration hold placed on their account until payment is made. Once the overpayment is 30 days past due, the student will be denied readmission, transcripts, diploma, etc. until payment is made.
• If no response is received after 60 days past due, then the Controller’s Office notifies the State of North Carolina Attorney General’s (AG) Office of the debt. The AG’s office then sends a final communication to the employee for collection. The Controller’s Office will also refer the debt to the North Carolina Department of Revenue (NCDOR), under North Carolina General Statute 105A-3(b), to have it deducted from the employee’s State income tax refund according to the Set-Off Debt Collections Act (SODCA).
• If no response is received to the AG’s letter within 90 days, then the University may turn the debt over to a state-approved collection agency.

Once full repayment is received, the funds are returned to the department and updates are made to the employee’s gross pay, taxes, deductions, and benefit records. If needed, an amended Form W-2 is issued.

Contact Email: payrolldept@charlotte.edu

Last Updated: June 22, 2021

• North Carolina Sales and Use Tax Exemption Certificate (2024)

Purpose: To provide the sales and use tax exemption certificates on file with UNC Charlotte’s Tax Office. The University is exempt from North Carolina sales and use tax for qualifying purchases.

Contact Email: taxoffice@charlotte.edu

Last updated: March 6, 2024

Please remember that all security incidents must be immediately reported to your supervisor, who must immediately take action to determine the extent and category of the breach to minimize loss of sensitive data. The chart below indicates other parties that must be notified when a breach occurs. Refer to UNC Charlotte UNC Charlotte Policy Statement #311.5 Personal Information Security Breach Notification Procedures for further guidance.

Breach involves	Contact immediately	Contact information
Any sensitive information, including eCommerce-related data or equipment	Chief Information Security Officer	Report IT Security Incident
University-owned equipment and/or criminal activity	UNC Charlotte Police	Located at Police & Public Safety site
All breaches	Office of Legal Affairs	Located at Office of Legal Affairs site

Last Updated: August 24, 2016

Signature Authority Policy

Purpose: Clarifies the source of all University signature authority, the responsibilities of those individuals to whom University signature authority has been delegated, and the consequences of signing Contracts without the appropriate signature authority.

Last Updated: August 18, 2017

Payment method

The primary method for purchasing computer software is to use 49er Mart, but purchasing card (p-card) use may also be acceptable on a case-by-case basis. However, before moving forward with any software or IT-related purchase, it must be reviewed and approved by OneIT. To begin this process, employees must complete the Software and IT-Related Contract Request form available on the OneIT website. Once the form is submitted, it will be sent to the Purchasing Office, which will work with OneIT to review it. If approved, the Purchasing Office will let the campus department know to complete the purchase.

Additionally, guidance is available on paying for mobile communication device (MCD) apps.

Rationale and other considerations

Orders are processed online through a web browser, depending on the type of supplier used. To begin, choose a supplier, select items and place them in your virtual shopping cart. After shopping, your cart proceeds to the checkout, where a requisition draft is created. Enter the appropriate accounting codes (e.g., fund, account) that your department will use for this order.

• Placing the order prompts the workflow process to begin. Approvers are notified via email that an order is pending. The level of approvals required depends on the purchase type and the dollar amount. The final approval generates a purchase order (PO).
• To receive the order, you must log in to 49er Mart. Receiving initiates payment to the vendor.

How to do it

1. Log in to 49er Mart
2. Click on the supplier’s logo (e.g., Dell, etc.)
3. If the vendor is a punch-out supplier, you will be directed to the vendor’s site to shop for your item(s)
4. Add the desired item(s) to your cart and click “Checkout” when finished ordering
5. If the vendor does not have a catalog, you will enter the items as non-catalog and select the appropriate supplier
6. Review the details of your order, and select “Proceed to Checkout”
7. Select the appropriate accounting codes for your college/department
8. Perform a final review and select “Place Order”

Questions?

Email Purchasing at purchasing@charlotte.edu or refer to the list of Purchasing contacts.

Last Updated November 17, 2023

• Sources and Uses of University Funds Presentation (slides)

Sources and Uses of University Funds Recorded Presentation [51-minute video from Oct. 2022 Legal Symposium)

Purpose: The University’s operations and activities are supported by a variety of fund sources, and each of these sources has its own spending characteristics and rules. This presentation covers the broad categories of these funding sources and some of the key considerations for the use of these funds. In addition, several of the key online resources available to departments to guide faculty and staff with their spending practices are highlighted.

Last Updated: May 1, 2023

See How to Pay Students and/or How to Pay Individuals guides. For additional questions, consult with the Tax Office.

Last Updated: January 10, 2017

Payment method

The preferred method for paying for subscriptions to professional journals, other periodicals and electronic surveys is to use a University-issued Purchasing Card (p-card).

Other allowable methods include:

• Submit a reimbursement request

Rationale and Other Considerations

The costs associated with subscriptions to professional journals, magazines, other periodicals and surveys is an allowable expense on a p-card. Because the p-card allows for an improved approval and prepayment process, it is the preferred purchasing method for such transactions.

Please note that the periodical/journal must be delivered to a University address for the cost of the subscription cost to be allowable.

Note: Refer to University Policy 601.8, “Appropriate Use of University Funds” to confirm if this is a permissible use of funds for your area.

How to do it

1. Review the resources below to confirm the allowability of the purchase and obtain supervisor approval.
2. Pay the subscription using a p-card.

Policies	Procedures	Training and Reference Materials
University Policy 601.8, Appropriate Use of University Funds	Purchasing Card Manual	Cardholder/Reconciler/Approver Training Expense Account Codes Purchasing Card Reference Guide (PCRG)

Contact for additional questions

Email the Purchasing Card staff at purchasingcard@charlotte.edu or visit the Purchasing Card Program website.

Last Updated: August 29, 2023