SAS 112/115 Overview

Documenting Your Department's Key Controls

A key control is an action your department takes to detect errors or fraud in its financial statements. It is expected that departments have their processes and controls documented.  Your department should already have key financial review and follow-up activities in place. 

To fulfill documentation requirements, departments should review those activities and identify key controls. The first steps are to determine if:

  • Key controls exist.

  • Those controls are working.

  • Those control activities are documented and properly performed and reviewed.

Why documenting key controls is critical

Departments are required to provide documented evidence that internal control activities are being performed on a regular basis as prescribed by SAS 112/115.

Ongoing monitoring activities and other planned actions to address risks result in an effective internal control system. This ensures sound business practices, which minimizes our risk of inaccurate financial information and maintains the public trust.

Another benefit of key controls is that they can uncover issues or problems. If this occurs, work with your business officer to determine the problem's source and identify a solution. If you need guidance, contact Controls & Accountability.

Your department's key controls must be documented to demonstrate that review and follow-up activities were actually performed. If your department can’t provide documentation to auditors, it's as if key controls haven’t been done.

Who's responsible

Effective internal controls include the proper separation of tasks. No one person should have complete control of any activity. While there may be situations due to staffing or resources that prevent this, make every effort to maintain separation of duties.  Per UCD PPM 330-11, when separation is consisdered impractical, the variance must be documented in writing and approved by the Associate Vice Chancellor - Finance/Controller.

  • Department Initiators are responsible for initiating documents or tasks assigned to them.  Department initiators should not review their own work.

  • Reviewers (department heads, MSOs/CAOs, or fiscal officers) verify that the function has been performed appropriately and within the prescribed accounting period. It may be appropriate to delegate this activity, but department heads are still responsible for ensuring it is completed. Contact Controls & Accountability if you have questions about delegations.

All units must document their performance and certification of key control activities.

Department responsibilities

Your department must perform and review the following controls:

  • Fiscal Operations Review: Review of budget and expenditure reports with actual revenues and expenses monitored to ensure accuracy and reliability of budget and financial information.  Review must be performed and electronically documented monthly in the ALR by fiscal officers, monthly in the MLR by MSO's/Managers and quarterly in the QLR by Dean/VC offices. 

  • Ledger Transaction Verification: Review of ledgers to assure expenditures, liens, and revenues are correct, accurate and reasonable. Review must be performed and electronically documented monthly in the ALR by fiscal officers, monthly in the MLR by MSO's/Managers and quarterly in the QLR by Dean/VC offices.

  • Overdraft Funds Review: Overdraft conditions are monitored and documented for resolution.  Review must be performed and electronically documented monthly in the ALR by fiscal officers, monthly in the MLR by MSO's/Managers and quarterly in the QLR by Dean/VC offices.  Resolution to overdrafts must currently be documented outside the system.

  • Effort Reporting: All employee salaries charged directly to federal and federal flow-through funds, as well  as committed cost shared effort on federally funded projects, must be certified according to  federal regulations.  Effort reports are certified annually on a federal fiscal year (October 1 - September 30) basis by an official with firsthand knowledge of the work performed using the Effort Reporting System

  • Payroll Expense Verification: Detailed payroll expenses are reviewed for general propriety and to validate accuracy of charges.  Review must be performed and electronically documented monthly in the ALR by fiscal officers, monthly in the MLR by MSO's/Managers and quarterly in the QLR by Dean/VC offices.  Payroll Expense Verification includes reviewing the Time Benefits Roster on a monthly basis.  Currently documentation of the review of the Time Benefit Roster must be completed manually outside of the PPS-DS system.

  • Petty Cash and Change Fund: Cash balances are verified and reported to Accounting & Financial Services at least annual or when there is a change in the custodian.

  • Credit Card Activity: Transaction validation is performed and reconciliations prepared.  Performance and review is documented by the department monthly.

  • Physical Inventory: Equipment has been accounted for, tagged, and properly reported.  Performance and review is documented through the biennial inventory.

  • Individual Security Access: Appropriate personnel have been assigned the proper system access.  Performance and review is documented by the department annually or when there is staff turnover.

When key controls should be performed

Key controls activity should occur on a regular and periodic basis to demonstrate that the controls are working properly. Use the following guidelines:

Monthly activities: Conducted 12 times a fiscal year. Should occur as soon after the operating ledger closing date as possible and no later than 60 days afterward.

Quarterly activities: Conducted 4 times a fiscal year. Should occur as soon after the September, December, March, and June final ledgers close as possible and no later than 60 days afterward.

Annual activities: Conducted one time during the fiscal year. Should be performed as soon as the June final ledgers are available, and no later than 60 days afterward (usually around late August).

Supplemental content

Controls & Accountability