• Shared Services Center
  • Procurement Services
  • Financial Analysis and Budget
  • Finance and Accounting
  • Finance Strategy & Analytics
  • Directive Statement

    It is recognized that no one control model effectively or efficiently fits the needs of all units across campus.  However, there are standard control procedures that are expected to be in place, unless there is a demonstrated and justifiable need for not doing so, to ensure the reliability of data in myUFL.

    In the absence of these controls, there is an expectation that alternative or compensating control procedures are in place.

    Reason for Directive

    The purpose of this directive is to comply with the University of Florida Board of Trustees Internal Control Principles, mitigate risk, and lessen the opportunity for fraudulent behavior.  Fundamentally, controls help to ensure that the university’s assets are being protected.  Through effective controls, a department can safeguard assets and detect errors and irregularities.

    Who must comply?

    All University Departments.

    Basic Internal Controls

    Asset Security

    Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposition.

    • Access controls (locked doors, keypad systems, card key systems, badges, locked filing cabinets, data encryption, etc.) should be put in place to safeguard these assets
    • Items should be physically counted periodically by someone who is not responsible for asset custody, and the counts should be compared to records

    Authorizations and Approvals

    Appropriate authorizations and approvals should be in place for transactions.  Authorization is the delegation of authority and can be general (permission to expend funds from an approved budget) or specific (relating to a specific transaction).

    • Approvers should review supporting documentation, question unusual items, and make sure that necessary information is present to justify the transaction
    • Approval means that the approver has performed this review and is satisfied that the transaction is appropriate, accurate, and complies with applicable laws, regulations, policies, and procedures
    • Under no circumstance should an approver sign a blank form or share their passwords

    Cash and Check Collections

    For more information see the “Cash and Check Handling” directive.  The standard control procedures generally expected to be established for each University department with cash and check collections are as follows:

    • For collections received in person, it is expected that cash registers, cashiering terminals or other cash receipts be used to receipt funds at the initial point of collection
    • Collections received through the mail should be receipted or logged
    • Checks should be restrictively endorsed immediately upon receipt
    • Cash registers should have appropriate control features and the operator should not have the ability to reset totals
    • Different employees should not work simultaneously out of the same cash drawer.
    • Whenever funds are transferred among employees, responsibility should be fixed through some receipting mechanism
    • Cash collections, petty cash and change funds should always be adequately secured
    • Cash drawers should be locked when a cashier must be away from the workstation
    • Safe combinations should be changed whenever staffing changes occur
    • A background check should be performed on any new employees who will have significant cash handling responsibilities.  This should be coordinated through Human Resources


    There should be an audit trail for each financial transaction.  Documentation can be in either electronic or paper form.

    Monthly Reconciliation

    All financial data should be checked against departmental source documents during the monthly reconciliation process.  For financial data to be validated, it must be reconciled.


    Payroll and leave information must be reviewed, as appropriate, to ensure that employees are being properly paid and that leave usage is properly recorded.

    Separation of Duties

    See the Separation of Duties section for information on best practices related to separation of duties.


    The University incurs significant costs for telephone usage from long distance calls, credit card calls, cellular telephone charges, telephone charges reimbursed while on travel status, and for monthly service charges.  Each department should maintain an adequate system of internal control to ensure that calls and telephone-related expenses are for official university business.  Cell phones and wireless communication devices are addressed in the Telecommunications Directive.


    Office of Internal Audit


    PRO303 – Internal Controls at UF


    University Controller’s Office – (352) 392-1321

    CNS-Telecommunications – 1-800-458-9409

    Disbursements – (352) 392-1241

    Banking & Merchant Services – (352) 392-9057

    Payroll Services – (352) 392-1231

    University Cashier – (352) 392-0185

    Last Reviewed

    Last reviewed on 03/20/2024