Evaluating Results: If you answer "no" to these questions, please contact Internal Audits for a consultation. We will work with you and your staff to strengthen internal controls in your department.


  • Does your department have a mission statement?

  • Does your department have a code of conduct?

  • Does your department have written up-to-date procedures for processes specific to your department?

  • Does your department follow University policies for record retention?


  • Are expenditures and commitments of funds tracked and compared to budgets on a timely basis?

  • Do you have accountability for cash?

  • Do you have separation of duties (different people responsible for receiving, balancing and verifying cash accounts?)

  • If separation of duties is not practical, is there supervisory oversight?

  • Is there adequate security where cash handling activities occur?

  • Are cash receipts deposited timely? (Daily)

  • Are all cash receipts deposited and not used in lieu of petty cash funds?


  • Is there separation of duties for purchasing related duties? i.e. different individuals are responsible for (1) approving the purchasing requisitions and orders, (2) receiving ordered materials, (3) approving invoices for payment, and (4) reviewing and reconciling the monthly General Ledger.

  • Are vendor invoices approved prior to payment?


  • Is there separation of duties for inventories? i.e. employees assigned to perform physical inventories to confirm that materials and equipment listed on inventory sheets are not responsible for maintaining custody of the items.

  • Are equipment records maintained?

  • Is your equipment tagged with UC property numbers?

  • Do you take equipment inventory counts at lease every two years and document them?

  • Can all your equipment items be located?


  • Are your staff employee overtime hours properly authorized, recorded and compensated?

  • Is administrative staff cross- trained to provide coverage during extended absences?

  • Are procedures specified and followed when an employee terminates for any reason? ( removal of computer access, return of keys, ID cards, purchasing cards)


  • Is computer access limited to authorized employees?

  • Is critical information backed up and stored off-site?

  • Are passwords controlled and protected?

  • Are laptop computers secured when not in use?

  • Is all software properly licensed?


  • Have you done a risk assessment for your area? Did you consider areas such as financial, regulatory, human resources, information security, health & safety, effectiveness and efficiency?

  • Have you identified your critical objectives and performance monitors?