Standard Control Procedures

Directive Statement

It is recognized that no one control model effectively or efficiently fits the needs of all units across campus.  However, there are standard control procedures that are expected to be in place, unless there is a demonstrated and justifiable need for not doing so, to ensure the reliability of data in myUFL.

In the absence of these controls, there is an expectation that alternative or compensating control procedures are in place.

Reason for Directive

The purpose of this directive is to comply with the University of Florida Board of Trustees Internal Control Principles, mitigate risk, and lessen the opportunity for fraudulent behavior.  Fundamentally, controls help to ensure that the university’s assets are being protected.  Through effective controls, a department can safeguard assets and detect errors and irregularities.

Who must comply?

All University Departments.

Basic Internal Controls

Asset Security

Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposition.

  • Access controls (locked doors, keypad systems, card key systems, badges, locked filing cabinets, data encryption, etc.) should be put in place to safeguard these assets
  • Items should be physically counted periodically by someone who is not responsible for asset custody, and the counts should be compared to records

Authorizations and Approvals

Appropriate authorizations and approvals should be in place for transactions.  Authorization is the delegation of authority and can be general (permission to expend funds from an approved budget) or specific (relating to a specific transaction).

  • Approvers should review supporting documentation, question unusual items, and make sure that necessary information is present to justify the transaction
  • Approval means that the approver has performed this review and is satisfied that the transaction is appropriate, accurate, and complies with applicable laws, regulations, policies, and procedures
  • Under no circumstance should an approver sign a blank form or share their passwords

Cash and Check Collections

For more information see the “Cash and Check Handling” directive.  The standard control procedures generally expected to be established for each University department with cash and check collections are as follows:

  • For collections received in person, it is expected that cash registers, cashiering terminals or other cash receipts be used to receipt funds at the initial point of collection
  • Collections received through the mail should be receipted or logged
  • Checks should be restrictively endorsed immediately upon receipt
  • Cash registers should have appropriate control features and the operator should not have the ability to reset totals
  • Different employees should not work simultaneously out of the same cash drawer.
  • Whenever funds are transferred among employees, responsibility should be fixed through some receipting mechanism
  • Cash collections, petty cash and change funds should always be adequately secured
  • Cash drawers should be locked when a cashier must be away from the workstation
  • Safe combinations should be changed whenever staffing changes occur
  • A background check should be performed on any new employees who will have significant cash handling responsibilities.  This should be coordinated through Human Resources

Documentation

There should be an audit trail for each financial transaction.  Documentation can be in either electronic or paper form.

Monthly Reconciliation

All financial data should be checked against departmental source documents during the monthly reconciliation process.  For financial data to be validated, it must be reconciled.

Payroll

Payroll and leave information must be reviewed, as appropriate, to ensure that employees are being properly paid and that leave usage is properly recorded.

Separation of Duties

See the Separation of Duties section for information on best practices related to separation of duties.

Telecommunications

The University incurs significant costs for telephone usage from long distance calls, credit card calls, cellular telephone charges, telephone charges reimbursed while on travel status, and for monthly service charges.  Each department should maintain an adequate system of internal control to ensure that calls and telephone-related expenses are for official university business.  Cell phones and wireless communication devices are addressed in the Telecommunications Directive.

Resources

Office of Internal Audit

Training

PRO303 – Internal Controls at UF

Contacts

Finance Hub contact form

CNS-Telecommunications – 1-800-458-9409

Disbursements – (352) 392-1241

Banking & Merchant Services – (352) 392-9057

Payroll Services – (352) 392-1231

University Cashier – (352) 392-0185

Page Contents