Standard Control Procedures
It is recognized that no one control model effectively or efficiently fits the needs of all units across campus. However, there are standard control procedures that are expected to be in place, unless there is a demonstrated and justifiable need for not doing so, to ensure the reliability of data in myUFL.
In the absence of these controls, there is an expectation that alternative or compensating control procedures are in place.
Reason for Directive
The purpose of this directive is to comply with the University of Florida Board of Trustees Internal Control Principles, mitigate risk, and lessen the opportunity for fraudulent behavior. Fundamentally, controls help to ensure that the university’s assets are being protected. Through effective controls, a department can safeguard assets and detect errors and irregularities.
Who must comply?
All University Departments.
Basic Internal Controls
Liquid assets, assets with alternative uses, dangerous assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposition.
- Access controls (locked doors, keypad systems, card key systems, badges, locked filing cabinets, data encryption, etc.) should be put in place to safeguard these assets
- Items should be physically counted periodically by someone who is not responsible for asset custody, and the counts should be compared to records
Authorizations and Approvals
Appropriate authorizations and approvals should be in place for transactions. Authorization is the delegation of authority and can be general (permission to expend funds from an approved budget) or specific (relating to a specific transaction).
- Approvers should review supporting documentation, question unusual items, and make sure that necessary information is present to justify the transaction
- Approval means that the approver has performed this review and is satisfied that the transaction is appropriate, accurate, and complies with applicable laws, regulations, policies, and procedures
- Under no circumstance should an approver sign a blank form or share their passwords
Cash and Check Collections
For more information see the “Cash and Check Handling and Receipting” directive. The standard control procedures generally expected to be established for each University department with cash and check collections are as follows:
- For collections received in person, it is expected that cash registers, cashiering terminals or other cash receipts be used to receipt funds at the initial point of collection
- Collections received through the mail should be receipted or logged
- Checks should be restrictively endorsed immediately upon receipt
- Cash registers should have appropriate control features and the operator should not have the ability to reset totals
- Different employees should not work simultaneously out of the same cash drawer.
- Whenever funds are transferred among employees, responsibility should be fixed through some receipting mechanism
- Cash collections, petty cash and change funds should always be adequately secured
- Cash drawers should be locked when a cashier must be away from the workstation
- Safe combinations should be changed whenever staffing changes occur
- Police Background Checks should be performed on any new employees who will have significant cash handling responsibilities. This should be coordinated through Human Resources
There should be an audit trail for each financial transaction. Documentation can be in either electronic or paper form.
All financial data should be checked against departmental source documents during the monthly reconciliation process. For financial data to be validated, it must be reconciled.
Payroll and leave information must be reviewed, as appropriate, to ensure that employees are being properly paid and that leave usage is properly recorded.
Separation of Duties
See the Separation of Duties section for information on best practices related to separation of duties.
The University incurs significant costs for telephone usage from long distance calls, credit card calls, cellular telephone charges, telephone charges reimbursed while on travel status, and for monthly service charges. Each department should maintain an adequate system of internal control to ensure that calls and telephone-related expenses are for official university business. Cell phones and wireless communication devices are addressed in the Telecommunications Directive.
03/31/2023: reviewed content
PRO303 – Internal Controls at UF
University Controller’s Office – (352) 392-1321
CNS-Telecommunications – 1-800-458-9409
Disbursements – (352) 392-1241
Banking & Merchant Services – (352) 392-9057
Payroll Services – (352) 392-1231
University Cashier – (352) 392-0185