Contact: Accounting Services and Controls
Issued: New Policy April 17, 2000

I. References

  1. Santa Barbara Policy 5005, "Conflict of Interest".
  2. Santa Barbara Policy 5700, "Reporting Misuse of University Assets".
  3. University of California Business and Finance Bulletin G-29, "Procedures for Investigating Misuse of University Resources".
  4. University of California Presidential Policy, "Reporting Improper Governmental Activities and Protection Against Retaliation for Reporting Improper Activities".
  5. University of California Presidential Policy, "Acceptance or Offering of Gifts and Gratuities by University Employees".

II. Definitions

  1. Accountability
    Accountability for financial control purposes is the delegation of authority to qualified persons to initiate, approve, process, and review business transactions. The delegated authority is responsible for assuring that each transaction is:
    1. Within their delegation,
    2. Consistent with policy (and provides benefits to the fund source(s) being charged),
    3. Allowable (meets the stipulations of the fund(s)),
    4. Accurate, and
    5. Reasonable.
  2. Delegation of Authority (and redelegation of authority)
    A delegation of authority entrusts a task, power, or responsibility to another. The purpose of a delegation is to empower an official(s) with designated responsibilities.
  3. Internal Controls
    1. Internal control refers to the processes and procedures used to provide reasonable assurance regarding the achievement of objectives in the following categories:
      1. Safeguarding assets,
      2. Ensuring validity of financial records and reports,
      3. Promoting adherence to policies, procedures, regulations and laws,
      4. Promoting effectiveness and efficiency of operations, and
      5. Facilitating accomplishment of established goals for operations and programs.
    2. Internal controls include but are not limited to:
      1. Segregation of duties
        Financial responsibilities are divided between different people to assure a single person does not perform every aspect of a financial transaction. Segregating responsibilities can reduce errors and prevent or detect inappropriate transactions.
      2. Authorization and Approval
        Transactions should be authorized by a delegated official who verifies, prior to approving the transaction, that:
        1. S/he has approval authority,
        2. Sufficient funds are available,
        3. The transaction is:
          1. Consistent with policy (and benefits the fund source(s)being charged), and
          2. Allowable (meets the stipulations of the fund(s)),
          3. Accurate, and
          4. Reasonable.
    3. Review and Reconciliation
      Routine examination and reconciliation of transaction records to official University records is required to verify the accuracy of the records, the appropriateness of the transactions, and their compliance with policy.
    4. Physical Security
      Equipment, inventories, cash and other property shall be physically secured, and periodically counted and reconciled to University records.
    5. Training and Supervision
      Training is to be provided to ensure employees are equipped to fulfill their job duties. Employees are to be supervised to ensure they are appropriately directed and held accountable. Employees are to be informed of the process for reporting suspected improprieties.
    6. Documentation of Policies and Procedures
      University and department policies and operating procedures shall be written, communicated, promoted, accessible, and used to assure integrity and consistency in processes and transactions.
  4. Conflict of Interest
    A financial conflict of interest exists when an employee initiates, influences, authorizes, or approves a business decision that results in a financial benefit to the employee, a relative of the employee, a business associate or personal friend of the employee, or a business or investment in which the employee is associated.

III. Policy

  1. General
    To foster the mission of the University and sustain the University's integrity as a custodian of public funds, every member of the University community is responsible for safeguarding the University's assets and reputation by following University policies, exercising sound business and financial practices, and ethically performing his/her responsibilities. Internal controls such as policies, practices, processes, systems, and delegated authorities are tools to accomplish these goals.
  2. Accountability
    1. Each department has the responsibility and is accountable for managing the resources it administers on behalf of the University.
    2. The department head may delegate the financial management responsibility to the business officer. Delegating authority and accountability does not relieve the department head of accountability for activities under his/her direction.
    3. The department head and or the business officer is responsible for developing an appropriate structure for handling the unit's financial resources, including the delegation of a variety of tasks to employees within the unit.
    4. The department head must officially record in writing all delegations of authority as well as any cancellations or changes in delegations. S/he may assign a Department Security Administrator (DSA) the responsibility for reviewing the delegations to ensure their accuracy and currency and for maintaining the department's official record of delegations of authority.
    5. Accountability delegations are to be consistent with appropriate internal controls.
  3. Internal Controls
    1. Managers and supervisors at all levels are responsible for ensuring that an appropriate and effective internal control environment has been established within their areas of responsibility.
    2. All UC employees are responsible for:
      1. Following University policy, procedures, and department internal control practices, and
      2. Notifying their supervisor or an appropriate official if they observe or suspect fraud or misuse of University resources. The reporting procedure is explained in UC Santa Barbara Policy 5700, "Reporting Misuse of University Resources."ยน Also see Business and Finance Bulletin G-29, and UC Policy "Improper Governmental Activities and Protection Against Retaliation for Reporting Improper Activities."
  4. Conflict of Interest
    1. All UC employees shall refrain from participating in any activities which place them in a conflict of interest between their official activities and any other interest or obligation. Please refer to UCSB Policy 5005, "Conflict of Interest".
    2. In addition, designated University officials are required to file economic interest statements when they assume their designated position, annually, and when they leave the designated position.

IV. Internal Control Guidelines

  1. Payroll/Personnel
    1. Separation of Duties
      • Different employees should be responsible for (1) updating the on-line Payroll/Personnel System (PPS), (2) reviewing PPS actions (Post Authorization Notification (PAN) notices), and (3) reviewing the monthly Distribution of Payroll Expense reports.
      • Payroll checks and Surepay statements should be distributed by an employee who does not update PPS or who does not prepare or approve payroll time sheets.
    2. Authorization and Approval
      • Only persons with delegated authority should approve forms.
      • Current Signature Authorization forms should be on file in the Accounting Office.
      • Employees should not approve actions affecting their own pay.
      • Supervisors should approve employee attendance records each month.
      • Supervisors should approve any time recording or reporting alterations.
    3. Custodial and Security Arrangements
      • Payroll records should be filed in a secure location with access limited to authorized personnel.
      • Payroll checks should be kept in a locked, secure area pending distribution.
      • Presentation of identification should be required when releasing checks to employees not known to the person distributing checks. Employees picking up checks must sign for the check.
    4. Review and Reconciliation
      • Payroll expense reports should be reviewed and approved monthly.
      • Any questionable or irregular entries should be immediately investigated and resolved.
      • The person performing the review should sign and date reports to signify that the review has been satisfactorily completed and any discrepancies resolved.
  2. Procurement of Materials and Services
    1. Separation of Duties
      • Separations of purchasing related duties should be established so that no one employee has total control over any purchase transaction.
      • Different individuals should be assigned responsibility for (1) approving purchase requisitions and orders, (2) receiving ordered materials, (3) approving invoices for payment, and (4) reviewing and reconciling the monthly general ledger.
    2. Authorization and Approval
      • Only persons with delegated authority should approve purchases, invoices and check requests.
      • Signature Authorization forms should be up to date and on file in the Accounting Office.
      • The receipt of goods and services should be verified prior to approving invoices for payment.
      • Verification should be made that invoiced amounts are correct, accounts charged are correct, object coding is correct, and payment has not already been made.
      • Low-value purchasing policy requirements should be observed.
  3. Supply and Equipment Inventories
    1. Separation of Duties
      • Employees assigned to perform physical inventories to confirm that materials and equipment listed on inventory records are actually on hand should be persons other than those responsible for maintaining custody of the items or subordinates of the custodian.
      • Someone not directly responsible for custody or disposal of equipment should approve equipment Inventory Modification Request forms.
    2. Authorization and Approval
      • A person delegated approval authority should approve purchase requisitions.
      • Adjustments to inventory records for returned, missing, damaged or stolen items should be approved by departmental management.
    3. Custodial and Security Arrangements
      • Security arrangements for safeguarding inventory should be proportional to its value.
      • Off-campus use of University equipment should be primarily for University business purposes and should be approved by the department head or higher authority, and a record maintained.
      • University equipment should not be used for personal purposes except as permitted by policy for incidental use.
      • The number of employees having access to inventories should be held to a minimum.
      • Locks should be re-keyed or changed whenever significant personnel turnover occurs. Keys should be obtained from separating employees.
    4. Review and Reconciliation
      • Items should be inspected for condition prior to their inclusion in the inventory.
      • Obsolete, inactive or damaged items should be removed from inventory.
      • Physical counts of large supply inventories should be taken annually. Equipment should be counted annually.
  4. Cash Receipts
    1. Separation of Duties
      • Different persons should be responsible for (1) receiving and recording cash collections, (2) balancing daily cash receipts to related cash recordings, and (3) verifying that the deposit amounts reflected in the general ledger are in agreement with departmental records.
    2. Cash Accountability
      • Employees handling cash are individually accountable for their actions. Each is responsible for handling cash consistent with UC policy and guidelines.
      • Transfers of cash between two people should be jointly verified and documented.
      • Supervisors should verify cash deposits, voided transactions, and cash overages and shortages.
    3. Recording and Depositing
      • All cash receipts should be recorded on a cash receipt form, cash register, or a properly controlled computer database at the time of receipt.
      • Checks should be made payable to the UC Regents and promptly endorsed for deposit upon receipt.
      • All collections (cash, checks, or cash equivalents) in excess of $2,000 should be deposited with the Central Cashier's Office on the day they are received. Cash and equivalents totaling less than $2,000 may be deposited weekly if departments meet safe requirement standards (Business and Finance Bulletin BUS 49, "Cashiering Responsibilities and Guidelines"). If safe requirements are not met, cash and equivalents in excess of $500 should be deposited on the day they are received.
    4. Review and Reconciliation
      • Cash receipts should be balanced to receipt records on the day received.
      • Deposit receipts should be verified to ensure the Central Cashier recorded the proper amount.
      • Deposit entries in the general ledger should be reviewed and verified.
  5. Petty Cash
    1. Fund Establishment and Review
      • Petty cash funds should be authorized by Business Services Office, maintained in a secure location accessible only by the fund custodian of record, and used only for appropriate UC business purposes.
      • A supervisory employee with signature authorization and not responsible for custody of the fund should review expenditure documentation, verify that the total fund amount is accounted for and approve requests for fund replenishment.
    2. Custodial and Security Arrangements
      • Cash and checks should be stored in a locked receptacle located in a secure area.
      • Custodial responsibility for a fund should be assigned to only one employee, with a designated alternate.
    3. Review and Reconciliation
      • A receipt documenting the expenditure should support all disbursements.
      • The fund should be counted and balanced at least monthly by a supervisor not directly responsible for maintaining the fund.
  6. Billing and Accounts Receivable
    The use of the campus Billing/Accounts Receivable System (BA/RC) is recommended for billings to external parties.
    1. Separation of Duties
      • Different persons should be responsible for (1) billing and maintaining accounts receivable records, (2) receiving or handling incoming payments, and (3) reconciling receivable records to the general ledger.
    2. Custodial and Security Arrangements
      • Invoices should be prepared for all charges and issued on a timely basis.
      • Invoices should be issued in numerical sequence.
      • Blank invoices, credit memos, and cancellation forms should be controlled to prevent misuse.
    3. Review and Reconciliation
      • Receivable reports should include aged listings of all amounts due, should be reviewed at least monthly, and should be balanced to the related general ledger account.
      • Delinquent account balances should be examined and follow-up with customers should be initiated on a timely basis to facilitate payment.
  7. Budgetary Control
    • Budgets should be prepared annually and should be based on realistic expectations of revenues and expenses.
    • General ledgers should be reviewed monthly to verify charges to expenditure accounts. Department financial records (shadow system) should be reconciled monthly to the General Ledger.
    • Actual expenditures should be compared to budgeted amounts, and variances should be identified monthly.
    • Financial and budgetary status reports should be regularly provided to the department head, principal investigator and other responsible managers.
  8. Information Systems
    • New systems should be developed or acquired consistent with UC and Campus policies, guidelines, and procedures. (See Business & Finance Bulletins, Information Systems (IS) series).
    • New systems should be completely tested prior to putting them into operation.
    • Systems should be fully documented, including operations, program, and user instructions.
    • All changes to computer programs should be properly authorized and documented.
    • Systems should include audit trails and edit routines.
    • Systems, programs, databases, and data files should have logical access security and be physically secure.
    • Equipment should be properly safeguarded against theft, power fluctuations and application viruses.
    • Departments shall have backup and recovery processes to ensure continuity of operations. Backup media should be stored off-site, remote from the production files.
    • Employees should be properly trained and cross-trained to prevent an unduly high degree of reliance on one knowledgeable employee.
    • Employees should receive appropriate information on managing and protecting confidentiality of passwords.
    • Software installed on UC equipment should be authorized and used for UC business purposes. Software use shall conform to copyright laws and licenses.
  • Documentation
    • The department should prepare a written mission statement and communicate it to employees.
    • The department should document its internal policies and procedures, its business practices, and its goals and objectives.
    • Employees should have ready access to departmental and University policies and procedures (hard copy, computer-based or web-based).
    • Documentation supporting all business and financial decisions and activity should be prepared, approved at the appropriate level, and retained.

V. Resources

You may obtain additional information on:

  • Internal Control Mechanisms And Practices from the Director, Accounting Services and Controls, or the Director, Audit Services;
  • Reporting Known or Suspected Improper Activities from the Director, Audit Services, or the Director, Human Resources;
  • General Conflict of Interest and Code Requirements from the Conflict of Interest Coordinator, Administrative Services;
  • Research Related Conflict of Interest from the Director, Sponsored Projects, Office of Research;
  • Conflict of Interest Reporting Requirements for the Procurement of Materials and/or Services from University Employees Outside the Scope of their UC Employment, or from Near Relatives of Employees from the Materiel Manager, Business Services.

1 Policy 5700 is currently titled "Reporting and Reviewing Defalcations." It has been renamed, "Reporting Misuse of University Resources." The revised policy will be issued for review shortly.