IMPORTANT: The FinPro Help Desk is transitioning to a PSC Service Desk. Learn how the OUC and PSC are reorganizing help desk and training functions. During the transition (Sept 7-Oct 31), hours for phone service are 10:00 a.m.-noon and 1:00-3:00 p.m., Mon-Fri. Voicemail will not be monitored. Email us anytime at FinProHelp@cu.edu.
- Organizational units need to implement internal accounting and administrative controls in order to reasonably ensure that fiscal transactions are accurate and proper.
- Examples of strong internal controls include: segregation of duties, review and approval of individual fiscal transactions, and review and reconciliation of financial reports.
Procedural Statement - effective date: 03/01/2018
These procedures outline requirements for internal accounting and administrative controls, including preventive controls like segregation of duties, compensating controls (when segregation of duties cannot be achieved), fiscal transaction review and approval, and financial report review and reconciliation.
Importance of Internal Controls
Internal controls are critical because they promote sound business and financial management practices. They focus on effectiveness and efficiency of operations, reliability of financial reporting, and adherence to applicable requirements. They provide a comprehensive strategy for achieving, among other things:
- Protection of assets (e.g., facilities, data, equipment, supplies, inventory, accounts receivable, and cash) from unauthorized access or theft;
- Adequate authorization and recordkeeping procedures to achieve accuracy and reliability of accounting data and other management information;
- Reasonable assurance of compliance with applicable policies, laws, regulations, and rules, as well as with contracts, grants, and donor restrictions;
- Proper segregation of duties so that no one employee controls all phases of a fiscal transaction (except, in rare instances, where a waiver of segregation has been granted due to implementation of adequate compensating controls); and,
- An effective process of continuous assessment and adjustment for any changes in conditions that affect the internal controls.
Everyone within the University has some role in internal controls. The roles vary according to the individual’s level of responsibility and respective job duties. The Board of Regents, President, and Officers establish the presence of integrity, ethics, and competence that are essential to a positive internal controls environment. Fiscal Principals have oversight responsibility for internal controls within their responsibility units. Fiscal Managers operationalize internal controls by executing policies and procedures at the detail level within their responsibility units. Fiscal Staff follow internal controls in the conduct of their specific job responsibilities.
Typically, cash is received by the University in one of three ways: from in-person cash sales, through the mail, or via electronic means. No matter how cash is received, the requirements below must be followed:
Segregation of Duties
Internal controls require adequate segregation of duties when performing a fiscal transaction. This means that at least two individuals are involved with every fiscal transaction – ideally, before that transaction occurs – in order to ensure that it is accurate and proper. Segregation of duties is considered a preventive control because its purpose is to prevent an event from occurring, as opposed to identifying an error that has occurred. University fiscal systems – including the Finance System, Human Capital Management (HCM) System, CU Marketplace purchasing system, and Concur Travel & Expense System – are designed to enforce segregation of duties by separating key activities for fiscal transactions (e.g., creation of the transaction vs. approval of the transaction).
When key activities of a fiscal transaction are separated between two or more individuals, strong internal controls are present. When key activities are completed by one individual, that person is said to be performing incompatible duties or to have incompatible access. In this situation, internal controls are compromised and compensating controls must be incorporated to provide reasonable assurance that fiscal transactions are being monitored for accuracy and propriety.
Compensating controls involve reviewing a report of fiscal transactions after those transactions have been completed. If an organizational unit does not have the staff resources to establish adequate segregation of duties – and if key activities of fiscal transactions cannot be separated across staff in an additional organizational unit – then management must identify a Reviewer for those transactions. The Reviewer – by reviewing appropriate reports, such as the CU Marketplace Incompatible Access report – provides controls to compensate for the increased risk. Compensating controls cannot be delegated; they must be completed and documented by the identified Reviewer.
To further strengthen internal controls, organizational units can implement the compensating control of reviewing budget activity and doing a trend analysis of expenses. This approach can identify potential problem areas where more detailed review is required.
dual accountability must be maintained and documented for all cash handling procedures, and each individual who receives (or has custody of) cash is responsible and accountable for the cash under her or his control. Thus, any change in the custody of cash must be documented (e.g., a receipt acknowledging the transfer that is signed and dated by both parties) because the responsibility for the cash switches from one individual to another.
Fiscal Transaction Review and Approval
Fiscal activity is monitored at the transaction level. Examples of transactions include Finance System journal entries, Procurement Card expense reports, and CU Marketplace requisitions. When reviewing a financial transaction, the reviewer and approver must apply the Tests of Propriety as outlined in the Administrative Policy Statement Propriety of Expenses.
Financial Report Review and Reconciliation
The financial report review process is a key control to ensure that all fiscal transactions are properly recorded in the Finance System and to detect fiscal misconduct. The fundamental components of this process include:
- Detailed review and reconciliation of all fiscal transactions appearing on the report;
- Periodic analysis of planned fiscal activity or budget in relation to actual fiscal activity; and,
- Comparison and analysis of prior year financial activity to current year financial activity, where appropriate.
Reconciliation is the process of comparing information that exists in two systems or locations, analyzing differences, and making corrections so that the information is consistent in both locations. Reconciliation also includes providing the supporting documentation that details all items making up a specific account balance.
Questions about these procedures should be directed to the appropriate campus controller, who will consult with the Associate Vice President & University Controller, as appropriate.
Unless approved by the Associate Vice President & University Controller, there are no exceptions to this procedural statement. Requests for approval of exceptions must be submitted through the campus controller's office.