Control activities provide reasonable assurances to management that processes and procedures are adequate to achieve the area’s goals and ultimately the goals of the University. Here are just a few examples of control activities:
- Adequately documented transactions (both paper and electronic) and a periodic review process in place to sample transactions for accuracy
- Reliable management reports providing accurate financial and operational data
- Physical assets secured and periodically inventoried
- Segregation of duties: ensure one person does not have the responsibility for all aspects of financial or sensitive transactions (e.g., ability to authorize, ownership of data, or documentation responsibilities)
- Well-documented and published disaster recovery and business continuation plans in place for all areas
- A completed risk assessment and control analysis
- Proper separation of duties regarding the preparation, approval, and recording of disbursements
- Positive tone at the top: management sets a good example for the area regarding the control environment and adherence to policies