Skip to main content

System Status: 

Documenting Your Department's Key Controls

Learn about documenting your department's key control activities to mitigate financial errors.

A key control is an action your department takes to detect errors or fraud in its financial statements. Your department should already have key financial review and follow-up activities in place.

To fulfill documentation requirements, departments should review those activities and identify key controls. The first steps are to determine:

  • Key controls exist.
  • Those controls are working.
  • Those control activities are documented and properly performed and certified.

Why documenting key controls is critical

Departments are required to provide documented evidence that internal control activities are being performed on a regular basis as prescribed by SAS 112.

Your department's key controls must be documented to demonstrate that review and follow-up activities were actually performed. If your department can’t provide documentation to auditors, it's as if key controls haven’t been done.

Another benefit of key controls is that they can uncover issues or problems. If this occurs, work with your business officer to determine the problem's source and identify a solution. If you need guidance, contact the Controller's Office.

Ongoing monitoring activities and other planned actions to address risks result in an effective internal control system. This ensures sound business practices, which minimizes our risk of inaccurate financial information and maintains the public trust.

Who's responsible

Effective internal controls include the proper segregation of tasks. No one person should have complete control of any activity. While there may be situations due to staffing or resources that prevent this, make every effort to maintain separation of duties.

  • Performers are responsible for completing the functions described on the form. Performers should not certify their own work.
  • Certifiers (department head, DBO, or MSO) verify that the function has been performed appropriately and within the prescribed accounting period. It may be appropriate to delegate this activity, but department heads are still responsible for ensuring it is completed. Contact the Controller's Office if you have questions about delegation.

All units must document their performance and certification of key control activities through the Control Tracker Module, which was released to the campus July 2014.

For more information and training, please go to the following website:

Department responsibilities

As outlined in the required key controls that your department must perform and cerify these controls:
  • Fiscal Operations Review: Review of budget and expenditure reports with actual revenues and expenses monitored to ensure accuracy and reliability of budget and financial information
  • Ledger Transaction Verification: Review of ledgers to assure expenditures, liens, and revenues are correct, accurate and reasonable
  • Overdraft Funds Review: Overdraft conditions are monitored and documented for resolution
  • Effort Reporting: All employee salaries charged directly to federal and federal flow-through funds must be certified according to OMB Circular A-21 (PDF).  Effort reports are certified by an official with firsthand knowledge of the work performed using Electronic Certification of Effort and Reporting Tool (ECERT). 
  • Payroll Expense Verification: Detailed payroll expenses are reviewed for general propriety and to validate accuracy of charges
  • Reconciliation of Permanent Staffing List: Review permanently budgeted faculty and staff reports to ensure employee accounting information is accurate.
  • Petty Cash and Change Fund: Cash balances are verified and reported to Central Accounting Office
  • Credit Card Activity: Transaction validation is performed and reconciliations prepared
  • Physical Inventory: Equipment has been accounted for, tagged, and properly reported
  • Individual Security Access: Appropriate personnel have been assigned the proper system access

Effort reporting is the method of certifying to granting agencies that the required effort has actually been completed. All employee salaries charged directly to federal and federal flow-through funds must be certified according to OMB Circular A-21 (PDF).

When key controls should be performed

Key controls activity should occur on a regular and periodic basis to demonstrate that the controls are working properly. Use the following guidelines:

Monthly activities: Conducted 12 times a fiscal year. Should occur as soon after the operating ledger closing date as possible and no later than 30 days afterward.

Quarterly activities: Conducted 4 times a fiscal year. Should occur as soon after the September, December, March, and June final ledgers close as possible and no later than 30 days afterward.

Annual activities: Conducted one time during the fiscal year. Should be performed as soon as the June final ledgers are available, and no later than 60 days afterward (usually around late August).

For more information, contact Arlynn Renslow, (858) 822-2968.