Page Content
The information provided in this quide will assist a campus department or program in evaluating and establishing effective financial transaction control procedures for a campus financial process.
This guide provides cursory information about financial accountability and separation of duties. For detailed information on these topics refer to the Understanding Financial Accountability and Understanding Separation of Duties guides.
For questions, email: controller@ucsc.edu.
-
What is a financial control
A financial transaction control is a procedure that is intended to detect and/or prevent errors, misappropriations, or policy non-compliance in a financial transaction process.
- Control procedures help an organization achieve its mission and strategic objectives by ensuring resources are effectively collected and used, and accurately accounted for.
- A control procedure may be performed by either an individual or as part of an automated process within a financial system.
- A control procedure is effective only if there is adequate separation of duties between individuals performing the different control responsibilities in the process.
- An individual usually receives a formal delegation of authority to perform a transaction process control procedure and, upon successful completion of the procedure, is expected to document his or her accountability.
- This is usually done by indicating approval through a signature on a form or an on-line approval captured in an automated financial system. For more information about financial accountability, refer to the “Understanding Financial Accountability Guide."
Back to Top
-
Financial transaction process stages
A specific financial process may be composed of some or all of the following activities, or stages:
Transaction Process Stage |
Description |
Examples |
Entity set-up review and approval * |
Setup of basic vendor, customer, or employee information in a financial system and verification (review) of the data’s accuracy. |
Customer, vendor, or employee account set-up, which includes account number assignment, contact, and other information. |
Transaction review and approval. ** |
Review and approval of a transaction. This may occur at more than one stage of a financial process. |
Purchase requisition approval; Cruzbuy requisition approval; cash receipt form approval; time report approval; transfer of expense approval. |
Transaction verification |
Verification of payment being made or of goods or services being received. |
Goods receipt confirmation; manual signature on check payments. |
Post-transaction report review ** |
Verification of transactions appearing in a ledger, subledger, and other report, such as an edit or exception report. |
General ledger transaction review; distribution of payroll expense review; transaction exception report review. |
Reconciliation * |
Balance comparison between ledger and an independent data source. |
Bank account reconciliation; accounts receivable reconciliation. |
Balance analysis |
Review of ratios, trends, or year-to-year comparisons to identify potential errors. |
Comparison of monthly expenditures with prior years’ amounts; comparison of expenditures to budget. |
* This process stage usually applies only to a central campus office
** Typically a key stage of the process.
Back to Top
-
Transaction process risks
At each stage of a financial process, there are one or more risks that could prevent the process from completing successfully.
Risk |
Examples |
1. Error in accounting classification |
Incorrect input of organization, fund, or account code assigned to a transaction; critical accounting coding data omitted |
2. Number or arithmetic error |
Input of incorrect amount; arithmetic or numerical transposition error |
3. Unintentional asset misdirection error |
Good sent to wrong place because of the input of an incorrect address; excess financial aid check sent to wrong address because of incorrect student account data |
4. Misappropriation |
Pocketing cash receipt; unauthorized issuance of parking passes; purchase of equipment or other goods or services for personal use |
5. Fraud |
Falsifying accounting records or data; entering into unauthorized agreements in the name of the University |
6. Regulatory, contractual, or policy non-compliance |
Failing to comply with a policy requirement; failing to fulfill the terms of a contract |
Back to Top
-
Transaction process control standards
The goal of a well-managed financial transaction process is to ensure that each completed transaction complies with all of the following seven transaction control standards applicable to the process:
- Appropriate: The transaction is directly related to achieving the mission of the University.
- Valid: The transaction is allowed by policy, law, contractual agreement, and/or professional standards.
- Reasonable: The amount being paid for a product or service, or received in payment for a product or service is fair.
- Funded: For payment transactions, sufficient funding exists to pay for the transaction.
- Accurately recorded: The transaction amount is consistent with value received, provided, or adjusted for; and is free from accounting coding or arithmetic error.
- Supportable: The amount being paid or received for a good or service, or the amount of an adjustment is consistent with supporting documentation, standard, situation, or practice.
- Timely recorded: The date associated with the transaction is accurate.
Back to Top
-
Types of financial controls
To manage the risk of a financial transaction processing failure, manual and/or automated control procedures are implemented at key stages of the process.
Manual Transaction Controls
Control Procedure Type |
Examples |
1. Transaction initiation review and approval |
- Review and approval of expense reimbursement request
- Review and approval of a CruzBuy requisition
- Review and approval of a transfer of expenditure
- Review and acceptance of a sponsored award contract
- Review and approval of a recharge
- Review and approval of Financial Information System, Payroll Personnel, CruzBuy system user access forms
|
2. Asset receipt verification |
- Review and approval of a receiving report
|
3. Post-transaction review |
- Review and certification of transactions appearing in the general ledger
- Review and certification of monthly Purchasing Card transaction reports
- Review and certification of Distribution of Payroll Expense reports
- Review and certification of Financial Information System or Data Warehouse transaction edit (suspicious transactions) or exception (error) reports
|
4. Balance reconciliation |
- Monthly reconciliation and certification of summarized accounts receivable ledger balance to detailed debtor accounts balances listing
- Monthly or quarterly petty cash account reconciliation and certification
|
5. Balance analysis |
- Review and approval of entertainment expenses for unusual fluctuations in the balance over the course of a year
- Analysis and certification of material budget to actual expense differences
|
Automated Transaction Controls
Control Procedure Type |
Examples |
1. System access functions |
- Financial Information System password access requirement
|
2. Data input |
- Date or telephone number format checking
|
3. Data validation |
- Organization, fund, and/or account code validation
|
4. Data processing |
- Automatic summarization and posting of invoice payment data to the general ledger
|
Back to Top
-
Control procedure strength levels
Important information to know:
The strength, or level of reliance, placed on a financial control procedure in managing risks depends on three key factors:
- Control quality objectives of the control procedure;
- Skills, qualifications, and accountability of the individual assigned to perform the procedure; and
- Adequacy of separation of duties within the process.
Procedure Control Strength |
Typical Attributes |
|
Procedure Control Quality Objective |
Staff Skills and Qualifications |
Separation of Duties |
Strong |
Complete, thorough transaction review |
Strong knowledge and analytical skills, and experience |
Adequate |
Moderate |
Complete, but cursory; or limited scope, but thorough transaction review |
Somewhat knowledgeable and experienced, with adequate analytical skills |
Adequate |
Weak |
Cursory and/or limited scope transaction review |
Minimal knowledge, experience and/or analytical skills |
Inadequate |
A well-managed organization deploys a mix of strong, moderate, and weak control procedures at different stages of a financial process in the most cost effective way.
- Strong controls, relied upon heavily to manage risks, tend to cost more to maintain.
- A strong control is typically implemented at the point or points in a financial process where the maximum number of risks can be managed, which enables using weaker, usually less costly controls, at other points in the process.
Control procedures for the same financial process may differ between departments in recognition of differing operational needs, financial accountability structures, staff skills and experience levels, and risk tolerances.
A control procedure is rendered ineffective if it is performed by an individual with conflicting duties, such as by an individual accountable for both approving purchase requests and certifying the general ledger transaction review.
Back to Top
-
Assessing financial process control procedures
Follow this approach to assess the overall effectiveness of control procedures within a financial process.
- For each stage of the process, perform the following steps:
- Identify the specific risks that exist at this stage of the process, without regard to existing control procedures in place. Refer to Transaction Process Risks for more information about risks.
- Assess the strength of the control procedure currently in place in terms of the following factors:
- Effective management of the risks identified above.
- Based on the response to the previous item, identify which of the seven financial transaction control standards the control procedure provides reasonable assurance of compliance.
- Evaluate the thoroughness of the review.
- Evaluate the knowledge, analytical skill, and qualification levels of the individual responsible for handling the procedure control.
- Evaluate the adequacy of separation of duties between the individual responsible for handling this control procedure and those responsible for handling other control procedures in the financial process. For more information about separation of duties, refer to the Understanding Separation of Duties Guide.
- Based on the assessment information gathered above, evaluate the strength of the procedure control. Refer to Financial Control Assessment for further guidance.
- Repeat steps 1 and 2 for each stage of the process.
- From a process-wide perspective, evaluate the strength of controls taken together.
- Is a strong control procedure(s) in place at the point(s) in the process where many or all of the risks have been identified?
- Do the controls provide reasonable assurance that a transaction will consistently complete the process complying with all applicable transaction control standards?
- If the strength of procedure controls taken together is insufficient, then reexamine procedure controls and make the necessary adjustments.
- Strengthen controls at existing points in the process; or
- Implement new controls at critical points in the process.
You may find the Financial Control Assessment useful in evaluating the overall adequacy of control procedures in a specific financial process.
Back to Top
-
Where to get help
Back to Top
-
Relevant Appendices
Back to Top
There are no results.