Standards of Internal Controls - Arizona State University
Standards of Internal Controls - Arizona State University
Standards of Internal Controls - Arizona State University
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
1.0 GENERAL CONTROL REQUIREMENTS<br />
The following general control objectives, which apply to all business cycles, should be adopted by all<br />
university operations.<br />
Standard <strong>of</strong> <strong>Internal</strong> Control<br />
1.1 All employees should comply with all university, ABOR, and departmental<br />
policies and procedures, as well as with all local, state and federal laws.<br />
1.2 <strong>University</strong> policy and procedure manuals should be adhered to by all affected<br />
organizations. Policies and procedures established within our operating units<br />
should, at a minimum, meet and not be in conflict with, the control<br />
requirements specified by university policy. Policies and procedures should<br />
be periodically reviewed and updated.<br />
1.3 Adequate segregation <strong>of</strong> duties and control responsibilities should be<br />
established and maintained in all functional areas <strong>of</strong> the university. In general,<br />
custodial, processing/operating and accounting responsibilities should be<br />
separated to promote independent review and evaluation <strong>of</strong> university<br />
operations. Where adequate segregation cannot be achieved, other<br />
compensating controls should be established and documented.<br />
1.4 No person shall, directly or indirectly, falsify or cause to be falsified any<br />
books, records, or accounts <strong>of</strong> the university.<br />
1.5 All departments should develop a system <strong>of</strong> internal controls to ensure that the<br />
assets and records <strong>of</strong> the university are adequately protected from loss,<br />
destruction, theft, alteration or unauthorized access.<br />
1.6 Records <strong>of</strong> the university should be maintained in compliance with established<br />
and approved record retention policies.<br />
1.7 Costs and expenses <strong>of</strong> all operating units should be maintained under<br />
budgetary control. Comparisons <strong>of</strong> actual expenses to budgeted amounts<br />
should be performed on a regular basis with all significant variances<br />
researched.<br />
1.8 Employees should be instructed regarding the sensitivity/confidentiality <strong>of</strong><br />
university information and refrain from unauthorized disclosure <strong>of</strong> such<br />
information to individuals outside the university or to university employees<br />
without the "need to know". Adequate security should also be maintained in<br />
disposing <strong>of</strong> confidential/proprietary information.<br />
1.9 All operating units and facilities should develop procedures for documenting<br />
and reporting to operating management any occurrences <strong>of</strong> fraud,<br />
embezzlement or unlawful or unethical practices. Reports on all significant<br />
occurrences should be forwarded to the ABOR audit committee, UAAS and/or<br />
General Counsel.<br />
1.10 Critical transactions in the university's business cycles should be traceable,<br />
authorized, authenticated, have integrity and be retained in accordance with<br />
established and approved record retention policy.