Skip to main content

System Status: 

Internal Controls Practices

Learn how to incorporate internal control practices into your department's everyday procedures.

Internal control practices enable UC San Diego to achieve its objectives while maintaining an environment that focuses on ethics and accountability. Establishing an ethical environment at all levels of the organization is the most important element of accountability and control.

Effective control activities help you and your department identify priorities, achieve department goals, report reliably, meet compliance regulations, and safeguard university resources.

How does my department benefit from internal controls?

  • Reducing and preventing errors in a cost-effective manner
  • Ensuring priority issues are idenitified and addressed
  • Protecting employees
  • Providing appropriate checks and balances

4 keys to great internal control practices:

With tightened resources, it’s more important than ever to minimize risk and focus on these key areas.

  1. Separation of duties: Divide responsibilities between different people so one individual doesn’t control all aspects of a transaction.
  2. Authorization and approvals: Be sure that only a person with delegated authority approves or authorizes transactions.
  3. Security of assets: Safely secure equipment, cash, inventory, and resources. Reduce the risk of unauthorized use. Count periodically and compare with amounts shown on control records.
  4. Review and reconciliation: Regularly examine transaction records against official university records to verify accuracy, appropriateness, and proper compliance.

Internal Controls Practices

Read about potential consequences and best practices tailored to various business areas:

Accounts Payable

Background

UC San Diego pays approximately $2 million in invoices each day. Using proper internal controls, you can ensure that goods and services are received, and payments are properly processed.

Separation of duties

Ensure that payment documents are processed correctly by having different people involved in the payment process. This principle is called separation of duties.
  • Best practice is to have different people:
    • Approve purchases
    • Receive ordered materials
    • Approve invoices for payment
    • Review and reconcile financial records
  • Potential consequences if duties are not separated:
    • Erroneous or fraudulent invoices approved for payment
    • Unauthorized payments made to non-existent vendors

Accountability, authorization, and approval

Accountability ensures that you authorize, review, and approve invoices for payment based on signed agreements, contract terms, and purchase orders.

  • Best practices:
    • Review and update signature authorizations periodically.
    • Obtain pre-approval of consultant agreements from Purchasing.
    • Verify receipt of goods and services to against contract/ purchase order and invoice information.
    • Reconcile ledgers for accuracy of recorded transactions.
    • Monitor that invoices are paid in a timely manner.
  • Potential consequences if accountability does not exist:
    • Unauthorized, unnecessary, or fraudulent payments or purchases
    • Unauthorized work performed by vendors
    • Loss of supplier discounts due to late payments
    • Improper charges to incorrect account/ funds
    • Conflict of interest when paying a UCSD employee for unauthorized outside work

Security of assets

Once you receive your purchased goods, secure the materials in a safe location. To account for resources, periodically count your inventory and compare the results with amounts shown on control records.

  • Best practices:
    • Secure goods received in a restricted area.
    • Restrict inventory access to appropriate staff.
    • Lock up goods and materials, and provide key or combination to as few people as possible.
    • Keep inventory records and periodically calculate beginning and ending inventory amounts.
  • Potential consequences if your assets have not been secured:
    • Theft of goods
    • Inventory shortages
    • Additional costs incurred for replacement of goods

Review and reconciliation

Your reconciliation activities confirm that you're paying for approved purchases and are being billed correctly. Perform monthly ledger reconciliations to catch improper charges and validate transactions.

  • Best practices:
    • Review vendor invoices for accuracy by comparing charges to purchase orders.
    • Verify that the goods and services purchased have been received.
    • Perform monthly reconciliations of operating ledgers to assure accuracy and timeliness of expenses.
  • Potential consequences if review and reconciliation is not performed:
    • Improper charges made to your department budgets
    • Disallowances resulting from costs charged to incorrect accounts/funds
    • Payments made for items or services not provided
For information about accounts payable responsibilities, contact Disbursements, (858) 534-4080. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Cash

Background

UCSD transacts thousands of dollars in over-the-counter business every day. To ensure that you protect, accurately process, and properly report University assets, follow the internal control practices of separating duties, obtaining appropriate authorizations and approvals, securing assets, and reconciling cash.

Definition: The University defines cash as currency, coins, checks, money orders, and e-commerce transactions like credit card transactions.

Separation of duties

One of the most important steps your unit can take to protect cash — and you — is to separate cash handling duties among different people. With proper separation of duties, no single person has control over the entire cash process.

  • Best practice is to have different people:
    • Receive and deposit cash
    • Record cash payments to receivable records
    • Reconcile cash receipts to deposits and the general ledger
    • Bill for goods and services
    • Follow up on collection of returned checks
    • Distribute payroll or other checks

    Note: The key to effective cash control while separating duties is to minimize the number of people who actually handle cash before it's deposited.

  • Potential consequences if duties are not separated:
    • Concealed errors or irregularities going unchecked
    • Lost or stolen cash receipts
    • Inaccurate application of cash receipts to department accounts

Accountability, authorization, and approval

Cash accountability ensures that cash is accounted for, properly documented and secured, and traceable to specific cash handlers.

  • When proper cash accountability exists, you can answer the four W's during a process:
    • Who has access to cash
    • Why they have access to cash
    • Where cash is at all times
    • What has occurred from the transaction's beginning to end
  • Best practices:
    • Record cash receipts when received.
    • Keep funds secured.
    • Document transfers.
    • Give receipts to each customer.
    • Don’t share passwords.
    • Give each cashier a separate cash drawer.
    • Supervisors verify cash deposits.
    • Supervisors approve all voided refunded transactions.
  • Potential consequences if accountability does not exist:
    • Lost or stolen cash receipts
    • Inaccurate application of cash receipts to departmental accounts
    • Improper use of University assets

Security of assets

Be sure to keep all of your resources physically protected, including your cash handlers. Follow these practices to promote a safe work environment when working with cash.

  • Best practices:
    • Conduct the proper background checks on prospective cash handlers.
    • Follow physical layout standards prescribed by policy.
    • Restrict access of cash to as few people as possible.
    • Lock cash in a secure location like a safe or locked storage facility.
    • Provide combinations, passwords only to authorized personnel.
    • Change combinations, passwords annually, or when someone leaves.
    • Minimize the amount of funds held overnight.
    • Use a buddy system when taking funds from one location to another.
    • Count cash in a non-public area not easily visible to others.
  • Potential consequences if cash is not secured:
    • Unsafe work environment
    • Lost or stolen cash receipts
    • Loss of liability coverage with University insurance carriers

Review and reconciliation

Your reconciliation activities confirm that you've recorded transactions correctly. Perform monthly reconciliations of cash receipts and bank account statements to provide good checks and balances.

  • Best practices:
    • Compare receipts to deposit records.
    • Record cash receipts when received.
    • Count and balance cash receipts daily.
    • Perform periodic surprise cash counts.
  • Potential consequences if review and reconciliation activities are not performed:
    • Errors, discrepancies, or irregularities not detected
    • Lost or stolen cash receipts
    • Inaccurate application of cash receipts to department accounts
For information about cash handling responsibilities, contact the Cashier's Office, (858) 534-3725. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Entertainment Expenses

Background

Entertainment usually involves a guest-host relationship in which a UCSD host invites an official guest to attend an event. You may have meetings that don't fall into this category but still incur allowable entertainment expenses.

Separation of duties

A key step your department can take when handling entertainment expenses is to have different people involved in the process. Entertainment expenses must serve a business purpose, with no personal benefit to the host or other University employee.

  • Best practice is to have different people:
    • Host the event
    • Prepare cost reimbursements
    • Approve reimbursable costs
    • Review and reconcile financial records
  • Potential consequences if duties are not separated:
    • Erroneous or fraudulent charges approved for payment
    • Unauthorized or fraudulent reimbursements processed
    • Unauthorized or excessive costs incurred
    • Personal or non-business related costs are reimbursed

Accountability, authorization, and approval

You maintain accountability when you properly authorize, review, and approve expenses that make the best use of public funds and comply with University entertainment policy.

  • Best practices:
    • Ensure that the proper approval authority is in place.
    • Complete and file approval authorization forms with UCSD Travel.
    • Obtain pre-approval for entertainment event.
    • Evaluate expenses to ensure that anticipated benefits outweigh costs.
    • Verify that expenses are appropriate to the fund source charged.
    • Ensure that the approver does not approve their own costs or costs for those they supervise.
    • Justify why exceptional expenses were incurred and necessary.
    • Obtain vice chancellor approval for all exceptional expenditures.
  • Potential consequences if accountability does not exist:
    • Damaged public image if costs are inappropriate
    • Unauthorized, unnecessary, or fraudulent payments
    • Loss of funding
    • Improper charges to incorrect account/ funds resulting in a misappropriation of funds
    • Excessive costs incurred

Security of assets

Once you've purchased and received the goods to be used for an approved event, secure them in a place where a limited number of people have access.

  • Best practices:
    • Secure goods in a restricted area.
    • Restrict access to the appropriate staff.
    • Keep inventory records of goods to assure anticipated consumption levels will be met.
  • Potential consequences if your assets have not been secured:
    • Stolen or lost goods
    • Inadequate quantity of goods and supplies to support the event
    • Personal use of university assets
    • Increased costs due to replacement of goods

Review and reconciliation

Your reconciliation activities ensure that your entertainment costs are accurate and appropriate. Perform monthly ledger reviews to confirm that you're paying for approved charges.

  • Best practices:
    • Review costs to ensure that they are properly classified and recorded.
    • Review fund restrictions to assure that expenses are allowable and appropriate.
    • Periodically review and update signature authorizations.
  • Potential consequences if review and reconciliation is not performed:
    • Improper charges made to your department budgets
    • Disallowances resulting from costs charged to incorrect accounts/funds
    • Payments made for items or services not provided
    • Misstated financial records
For information about entertainment activities, contact Travel and Entertainment, (858) 822-0202. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Equipment Management

Background

Campus funding is affected by reports of expenditures for equipment that are sent to federal, state, and private funding agencies. Keep your resources safe and reports reliable by focusing on the following key internal control practices.

Definition: Inventorial equipment has an acquisition cost of $5,000 or more and must be tracked as property through CAMS (Campus Asset Management System) and through UC San Diego’s financial system. All equipment items are either owned by or in the custody of UC San Diego, and must be non-expendable (can't be used up), stand alone, have a normal useful life of more than one year, and qualify as tangible personal property.

Separation of duties

One of the most important things you can do to protect your equipment is to separate equipment management duties so that no one person has control over the entire equipment management process.

  • Best practice is to have different people:
    • Purchase items
    • Approve invoices for payment
    • Classify equipment and record changes
    • Perform periodic/ annual physical inventory
    • Maintain custody and dispose of property
    • Reconcile equipment purchases to financial records
  • Potential consequences if duties are not separated:
    • Inaccurate equipment location recorded
    • Lost, stolen, or destroyed property
    • Misstated financial records
    • Incorrect insurance requirements and liability charges
    • Inaccurate asset values recorded

Accountability, authorization, and approval

You maintain accountability when the right person authorizes equipment purchases, classifies property based on UCSD equipment classification criteria, and correctly records new purchases and changes of asset location.

  • Best practices:
    • Approve invoice based on purchase order information.
    • Inspect equipment to determine condition and valuation.
    • Adjust inventory records periodically to record changes in equipment status.
    • Equipment Management pre-approves the physical removal, sale, and transfer of assets.
    • Report equipment theft to UCSD Police.
  • Potential consequences if accountability does not exist:
    • Unsuitable or unauthorized items purchased
    • Improper transfer of property to unauthorized location
    • Assets acquired for personal use
    • Incorrect valuation of equipment recorded in financial and equipment records
    • Lost or stolen property
    • Misstated financial statements and information sent to reporting agencies

Security of assets

Keep all your equipment physically protected. This also applies to off-campus use of University equipment. Establish detailed equipment records to maintain accounting control and physical accountability of assets.

  • Best practices:
    • Department head approves off-site business use of equipment.
    • Equipment Management approves all relocations of offsite equipment transfers.
    • Review and update insurance requirements periodically, or when changes in equipment status change.
    • Provide keys and combinations of secured locations only to authorized personnel.
    • Restrict access to equipment to those who have a business need to use property.
    • Follow recommended physical layout standards.
  • Potential consequences if security of assets does not exist:
    • Lost or stolen property
    • Inaccurate equipment records and financial statements
    • Liability for off-site accidents

Review and reconciliation

Reconciliation activities ensure the proper classification, recording, and documentation of equipment. Perform periodic reviews to ensure the accuracy of equipment records and recorded asset balances.

  • Best practices:
    • Perform periodic equipment reviews to determine value and proper usage and/ or disposal.
    • Count physical inventory at least annually.
    • Compare property records to physical inventory status.
    • Properly classify equipment as non-inventorial or inventorial.
    • Identify and account for inventorial equipment with UCSD property tag.
    • Review and update insurance requirements periodically, or when equipment status changes.
    • Document and report changes to inventory records on central campus database.
  • Potential consequences if review and reconciliation activities are not performed:
    • Lost, stolen, or temporarily diverted assets
    • Incorrect asset values
    • Inaccurate equipment records and financial statements
    • Inability to provide funding agencies with accurate data
For information about managing equipment, contact Equipment Management, (858) 534-6163. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Honorarium Payments

UC Employee Honorarium Payments

Honorarium payments for UC employees must be processed through UCPath for tax reporting purposes following the multi-location appointment guidelines.

For instructions on how to process UC Employee Honorarium Payments, visit the PayPath Transactions section and see the UCPath job aid for How to Manage Multi-Location Appointments.


Non-UC Employee Honorarium Payments 

People invited by UCSD to give lectures, seminars, or concerts may be paid an honorarium instead of reimbursement for travel expenses or other fees. Be sure that these guests are paid through Disbursements and the accounts payable system.

Separation of duties

Assign duties associated with handling honorariums among different people. A key step your unit can take to ensure a proper payment process is to have different people involved in the process.

  • Best practice is to have different people:
    • Prepare honorarium payments.
    • Approve honorariums.
    • Review and reconcile financial records.
  • Potential consequences if duties are not separated:
    • Excessive costs incurred
    • Unauthorized or unnecessary payments made
    • Improper charges applied to account/funds
    • Loss of future funding

Accountability, authorization, and approval

Remember that honorariums are only paid to non-University employees. University employees providing special services are paid through the payroll system. Contact Disbursements for information about eligibility requirements for recipients, best methods of payment, and tax liabilities.

  • Best practices:
    • Determine recipient's eligibility status.
    • Provide accurate information about the recipient.
    • Consult with Disbursements about visa requirements and documentation.
    • Obtain pre-approvals.
    • Review signature authorizations periodically and update as needed.
  • Potential consequences if accountability does not exist:
    • Unauthorized, unnecessary, or fraudulent payments
    • Unauthorized special events conducted
    • Improper charges to incorrect accounts/funds
    • Incorrect method of payment used

Security of assets

Be sure to keep payments in a safe place and protect your guest's private or personal information. Secure information in a safe location and restrict access only to designated employees who need the information to perform their job functions.

  • Best practices:
    • Follow up with Disbursements regarding check status.
    • Assure that payment has been sent.
    • Secure personal information in a locked or password protected location.
    • Limit people who have access to personal information.
  • Potential consequences if your assets have not been secured:
    • Lost or stolen checks
    • Identity theft

Review and reconciliation

Your reconciliation activities confirm that honorarium activities have been approved and billed correctly. Perform monthly ledger reconciliations to catch improper charges and validate transactions.

  • Best practices:
    • Review the operating ledger to ensure honorarium payments are properly classified and recorded.
    • Review contract and grant terms and other fund restrictions to ensure expenses are allowable.
    • Perform monthly reconciliations of operating ledgers to assure accuracy and timeliness of expenses.
    • Assure daily honorarium limits are applied correctly.
    • Assure payments comply to UCSD policy.
  • Potential consequences if review and reconciliation is not performed:
    • Improper charges made to your department budgets
    • Disallowances resulting from costs charged to incorrect accounts/funds
    • Payments made for items or services not provided
    • Inaccurate financial reports
For information about honorariums, contact Disbursements, (858) 534-0045. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Information Systems

Background

UC San Diego's electronic information systems contain many forms of personal and private information. By allowing appropriate system access and recording transactions in an accurate and timely manner, you can manage electronic information and ensure data integrity. Follow these internal control practices to make sure you handle electronic information and technology appropriately.

Accountability, authorization, and approval

When proper accountability exists, you know who has access to electronic and personal information, for what business purpose they have access, what information systems and data are authorized for use, and where sensitive, private information resides.

  • Best practices:
    • Limit business system and data access to appropriate users.
    • Adhere to security and privacy policies for email, Web browsing, and electronic communication.
    • Determine approval hierarchies and appoint a departmental security administrator (DSA).
    • Implement security measures to protect access to electronic resources and private information according to IS-3 (PDF) and PPM 135-3 (PDF).
    • Communicate and coordinate access and security with IT Services.
    • Train employees in computer access, security, software, and appropriate use of University information.
    • Address reported or suspected access and security violations according to the CIRT process.
  • Potential consequences if accountability does not exist:
    • Misuse of information
    • Identity theft
    • Improper use of university assets
    • Damage to public image
    • Legal actions

Security of assets

UCSD's electronic information is a valuable asset. Security controls prevent and reduce the risk of harm caused by error, accident, natural disasters, or malicious action. Avoid duplication of information if it’s available elsewhere. Store information in a secure location.

  • Best practices:
    • Use and share data for business purposes only.
    • Design, document, and test internal processes to ensure security and data integrity.
    • Secure personal information in a locked or password protected location.
    • Regulate authorized access to resources through security measures such as user IDs and passwords.
    • Implement auditable authorization processes that adhere to University policies.
    • Train all users in security awareness.
    • Inform your DSA and system/ data custodians about access rules and security violations.
    • Restrict access of information and systems to people who need the access to perform their jobs.
    • Periodically review information stored in electronic or paper format.
    • Secure or discard personal and private information properly.
  • Potential consequences if electronic information is not secured:
    • Identity theft
    • Damage to public image
    • Misuse of University resources and information

Review and reconciliation

Your reconciliation activities confirm that transactions are recorded correctly, can be readily retrieved, and are safeguarded from improper alteration.

  • Best practices:
    • Ensure data integrity by validating data with the Data Warehouse, or FinancialLink tools and reporting models.
    • Follow retention schedules and data retention requirements.
    • Periodically review information stored in electronic or paper format.
  • Potential consequences if review and reconciliation activities are not performed:
    • Errors, discrepancies, or irregularities undetected
    • Inaccurate, incomplete official records
    • Improper access to business systems and data
For information about information systems responsibilities, contact IT Services, (858) 534-6960. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Purchasing

Background

UCSD department buyers spend approximately $350 million per year on goods and services. Follow these internal control practices and learn the importance of separating duties, obtaining appropriate authorizations and approvals, securing assets, and verifying charges.

Separation of duties

To ensure proper separation of duties, assign related buying functions to different people. With proper segregation, no single person has complete control over all buying activities.

  • Best practice is to have different people:
    • Approve purchases
    • Receive ordered materials
    • Approve invoices for payment
    • Review and reconcile financial records
    • Perform inventory counts
  • Potential consequences if duties are not separated:
    • Unauthorized or unnecessary purchases made
    • Improper charges made to department budgets
    • Excessive costs incurred
    • Goods purchased for personal use

Accountability, authorization, and approval

You maintain accountability when you authorize, review, and approve purchases based on signed agreements, contract terms, and purchase orders.

  • Best practices:
    • Comply with ethical buying practices and policy.
    • Review and update signature authorizations periodically.
    • Obtain pre-approval of consultant agreements by Purchasing.
    • Verify receipt of goods and services against contract/ purchase order and invoice information.
    • Reconcile ledgers for accuracy of recorded transactions.
    • Monitor to ensure that invoices are paid in a timely manner.
  • Potential consequences if accountability does not exist:
    • Unauthorized, unnecessary, or fraudulent purchases
    • Unauthorized work performed by suppliers
    • Lost supplier discounts due to late payments
    • Improper charges to incorrect account/ funds resulting in a misappropriation of funds
    • Conflict of interest when paying UCSD employee for unauthorized outside work

Security of assets

Once you have received your purchased goods, secure the materials in a safe location. To ensure that your resources are accounted for, periodically count your inventory and compare the results with amounts shown on control records.

  • Best practices:
    • Secure goods received in a restricted area.
    • Restrict inventory access to appropriate staff.
    • Lock goods and materials, and provide key or combination to as few people as possible.
    • Keep inventory records and periodically calculate beginning and ending inventory amounts.
  • Potential consequences if your assets have not been secured:
    • Theft of goods
    • Inventory shortages
    • Additional costs incurred for replacement of goods

Review and reconciliation

Practice timely review of supplier’s invoice, packing slips, and purchase orders. Check accuracy of the information for prior payment, correct quantity ordered, and price charged. Monthly ledger reconciliation enables you to find improper charges and validate appropriate financial transactions.

  • Best practices:
    • Review supplier invoices for accuracy by comparing charges to purchase orders.
    • Verify that the goods and services purchased have been received.
    • Perform monthly reconciliations of operating ledgers to ensure accuracy and timeliness of expenses.
  • Potential consequences if review and reconciliation is not performed:
    • Improper charges to your department budgets
    • Disallowances resulting from costs charged to incorrect accounts/funds
    • Payments made for items or services not provided
For information about purchasing responsibilities, contact Purchasing, (858) 534-9494. For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.

Travel

Follow UC San Diego travel policy requirements

UC San Diego travel policy, as published in Blink, is decisive. It has been adapted to UC San Diego's organization, delegation of authority, terminology, chart of accounts, and processing applications. Travel expenses must serve a business purpose, with no personal benefit to the traveler.

Separation of duties

Your department is required to have different people involved in handling travel expenses.

  • Have different people:
    • Initiate travel preauthorization and prepare the expense claim
    • Approve travel preauthorization and the expense claim
    • Review and reconcile financial records

Note: Travelers cannot approve their own expense claims, or the expense claim of a direct or indirect supervisor.

  • Potential consequences if duties are not separated:
    • Erroneous or fraudulent charges approved for payment
    • Unauthorized or fraudulent reimbursements processed
    • Unauthorized or excessive costs incurred
    • Personal or non-business related costs are reimbursed

Accountability, authorization, and approval

You maintain accountability when you properly authorize, review, and approve expenses that make the best use of public funds and comply with university travel policy.

  • Requirements:
    • Ensure that the proper approval authority is in place.
    • Complete and file approval authorization forms (see instructions).
    • Preauthorize travel (see instructions).
    • Evaluate expenses to ensure they are the most economical for the travel situation.
    • Verify that expenses are appropriate to the fund source charged.
    • Ensure that approvers do not approve their own costs or costs for those they supervise.
    • For any request to approve an exception to travel policy, include a detailed explanation of why it is necessary.
  • Potential consequences if accountability does not exist:
    • Damaged public image if costs are inappropriate
    • Unauthorized, unnecessary, or fraudulent payments
    • Loss of funding
    • Improper charges to designated fund source resulting in unauthorized use of funds
    • Excessive costs incurred

Security

Following best practices optimizes security for travelers and sensitive information.

  • Best practices:
    • Secure your UCSD Travel Card and any unused tickets in a safe place.
    • Restrict access to sensitive traveler information to the appropriate staff.
    • Use Concur to book travel (air, hotel and car rental). Car rental booked through Connexxus includes coverage (CDW and liability insurance).
    • Note: Additional practices apply to the UCSD Travel Event Planner System (EPS) program. For details, contact UCSD Travel.
  • Potential consequences if your assets have not been secured:
    • Unauthorized use of the UCSD Travel Card (personal liability) or EPS program (department liability)
    • Unauthorized use of sensitive traveler information

Review and reconciliation

Timely reconciliation activities ensure that travel costs are accurate and appropriate. Perform monthly ledger reviews to confirm payment of approved charges.

  • Best practices:
    • Review costs to ensure that they are properly classified and recorded.
    • Review fund restrictions to assure that expenses are allowable and appropriate.
    • Periodically review and update signature authorizations.
  • Potential consequences if review and reconciliation is not performed:
    • Improper charges made to your department budgets
    • Disallowances resulting from costs charged to incorrect accounts/funds
    • Payments made for items or services not provided
    • Misstated financial records
For information on internal control practices, contact Arlynn Renslow, (858) 822-2968.
Find answers, request services, or get help from our team at the UC San Diego Services & Support portal.