A key control is an action your department takes to detect errors or fraud in its financial statements. Your department should already have key financial review and follow-up activities in place.
To fulfill documentation requirements, departments should review those activities and identify key controls. The first steps are to determine:
- Do key controls exist
- Are those controls working
- Are control activities documented and properly performed and certified
Why documenting key controls is critical
Departments are required to provide documented evidence that internal control best practices are being performed on a regular basis as prescribed by SAS-115.
Your department's key controls must be documented to demonstrate that review and follow-up activities were actually performed. If your department can’t provide documentation to auditors, it's as if key controls do not exist.
A benefit of key controls is that they can uncover issues or problems. If this occurs, work with your business officer to determine the problem's source and identify a solution and document. If you need guidance, contact the Controller's Office.
These ongoing monitoring activities and other planned actions to address risks, result in an effective internal control system. This ensures sound business practices, which minimizes our risk of inaccurate financial information and maintains the public trust.
Who's responsible
Effective internal controls include the proper separation of duties to reduce fraud opportunities. No one person should have complete control of any activity. While there may be situations due to staffing or resources that prevent this, make every effort to maintain separation of duties.
- Performers are responsible for completing the functions described on the form. Performers should not certify their own work.
- Certifiers verify that the function has been performed appropriately and within the prescribed accounting period. It may be appropriate to delegate this activity, but department heads are still responsible for ensuring it is completed.
Department responsibilities
As outlined in the required key controls that your department must perform and certify these controls:
- Fiscal Operations Review: Review of budget and expenditure reports with actual revenues and expenses monitored to ensure accuracy and reliability of budget and financial information
- Ledger Transaction Verification: Review of ledgers to assure expenditures and revenues are correct, accurate, and reasonable
- Overdraft Funds Review: Overdraft conditions are monitored and documented for resolution
- Effort Reporting: All employee salaries charged directly to federal and federal flow-through funds are certified
- Payroll Expense Verification: Detailed payroll expenses are reviewed for general propriety and to validate accuracy of charges
- Reconciliation of Permanent Staffing List: Permanently budgeted faculty and staffing reports are balanced
- Petty Cash and Change Fund: Cash balances are verified and random quarterly cash counts are performed
- Credit Card Activity: Transaction validation is performed and reconciliations prepared
- Physical Inventory: Equipment has been accounted for, tagged, and properly reported
- Individual Security Access: Appropriate personnel have been assigned the proper system access
When key controls should be performed
Key controls activity should occur on a regular and periodic basis to demonstrate that the controls are working properly. Use the following guidelines:
Monthly activities: Conducted 12 times a fiscal year. Should occur as soon after the operating ledger closing date as possible and no later than 30 days afterward.
Quarterly activities: Conducted 4 times a fiscal year. Should occur as soon after the September, December, March, and June final ledgers close as possible and no later than 30 days afterward.
Annual activities: Conducted one time during the fiscal year. Should be performed as soon as the June final ledgers are available, and no later than 60 days afterward (usually around late August).