Standards of Internal Controls - Arizona State University
Standards of Internal Controls - Arizona State University
Standards of Internal Controls - Arizona State University
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CONTROL<br />
Information Technology <strong>Controls</strong>:<br />
(preventive and detective)<br />
General controls cover data center<br />
operations, s<strong>of</strong>tware licensing, security<br />
access and system maintenance.<br />
Application controls cover edit checks and<br />
matching/batch processing to help ensure<br />
accuracy <strong>of</strong> information, authorization and<br />
validity <strong>of</strong> transactions<br />
Regular Reconciliations: (detective)<br />
In a timely manner, verifies subsidiary<br />
information to the <strong>of</strong>ficial book <strong>of</strong> record<br />
(the university’s financial system is the<br />
<strong>of</strong>ficial record for all financial transactions)<br />
and helps identify variations from budget<br />
Other controls:<br />
Cross-training, job/task rotations,<br />
vacations, surprise audits, requesting<br />
reviews from independent parties (like the<br />
Dean’s Office or Financial <strong>Controls</strong>) or<br />
peer groups, asking employees what is<br />
working or not working, being involved,<br />
following the rules and taking appropriate<br />
action when rules/policies are not followed<br />
LOWERS RISK OF:<br />
Violation <strong>of</strong> licensing agreements, fines<br />
and penalties, compromise <strong>of</strong> confidential<br />
and/or research information, financial<br />
reporting misstatement, adverse legal<br />
action, loss <strong>of</strong> public trust<br />
Financial reporting misstatement, making<br />
decisions based on erroneous information,<br />
personal or prohibited purchases (p-card<br />
statement reviews), incorrect payments,<br />
account deficits<br />
Low employee morale, losing sleep, being<br />
stressed, doing things inefficiently or<br />
ineffectively, lagging behind, violating<br />
policy, disciplinary action, department<br />
turnover and time/money spent posting,<br />
hiring and training<br />
NOTE: Particular attention should be paid to management override <strong>of</strong> controls.<br />
Repeated policy exceptions or overrides may indicate potential fraudulent activity or a<br />
need to reassess current policies/procedures. Any unusual conditions that are identified<br />
should be investigated by the appropriate party and include corrective action if necessary.<br />
Exceptions to university policy can only be approved by the custodian <strong>of</strong> the relevant<br />
policy (e.g. Financial Services, Purchasing, Human Resources, etc. – not each individual<br />
department, Dean’s Office or VP area).