UC San Diego SearchMenu

Delegation of Authority and Potential Risk: Information Systems and Data Integrity

Read the Administrative Responsibilities Handbook's section on responsibilities and delegation of authority in the areas of information systems and data integrity.

Administrative officials can delegate certain duties to staff. Even so, administrative officials remain accountable for all activities in their areas of responsibility and should take appropriate precautions to avoid risk.

Responsibilities that cannot be delegated by administrative officials

  • Implementing systems that ensure data integrity, proper segregation of duties, appropriate system access, and accurate and timely recording of transactions
  • Determining approval hierarchies and appointing a departmental security administrator
  • Appointing the departmental data security administrator
  • Determining whether employees are "preparers" or "reviewers"
  • Addressing reported or suspected access and security violations

Responsibilities that can be delegated by administrative officials

  • Establishing departmental access
  • Reviewing core systems transaction preparation
  • Training employees in computer access, security, software, and appropriate use of University information
  • Monitoring of departmental core systems transactions

Practices that should be in place to avoid risk

  • Accurate transaction recording: The recording and posting of financial and personnel transactions must be accurate and timely. Transactions should contain sufficient detail, be stored securely, and be safeguarded against improper alteration, disclosure, or use.
  • Department-developed systems: Internal systems must be designed, documented, and tested to ensure security and data integrity, with controls to ensure that data is synchronized and validated to core systems. Local and wide area networks, including electronic mail and calendaring systems, must be reliable, stable, and secure.
  • Financial reporting and monitoring: Ensure data integrity by integrating data elements with the data warehouse, Darwin, or FinancialLink tools and reporting models. Shadow systems often produce inaccurate reporting and use significant resources to maintain.
  • System back-up, recovery, and contingency planning: Departments must follow Office of Records retention schedules and requirements.
  • Training: Employees must be adequately trained to use online systems and process transactions properly.

If a situation involving data integrity risks occurs or seems likely to occur, involve the appropriate office immediately.