Controls, Accountability & Risk Management (CARMO)

Contact Us

Financial Key Control Requirements for all UC Berkeley Departments

All campus departments are required, at the L4 level, to perform certain key controls over financial reporting. They must also document the fact that they performed the key controls. This requirement to perform and document key controls does not obviate the need to perform all other existing departmental internal controls over financial reporting.

Key Financial Controls

A "key" financial control is a control that, if other controls fail, can be relied upon to detect or prevent a material misstatement of the financial statements. The key controls for the Berkeley campus that must be carried out by all departments at the L4 level are the following:

1. General Ledger Summary Review
2. General Ledger Transaction Verification Review
3. Overdraft Fund Review
4. Payroll Expense Review
5. Identity Management (User System Access) Review

Read more information regarding the key controls.

Checklist for Documenting the Performance of the Key Controls

To help departments document the fact that they performed the key controls, the Controller's Office developed a key controls checklist. We strongly recommend that all departments use the checklist, particularly given that our external auditor expects to see a properly completed departmental checklist during annual sampling and testing. The checklist should be signed and dated in hard copy on a timely basis.

If a department does not use the checklist, it will still need to document performance of its key controls in a clear, consistent way that can be observed and understood by third parties.

Documentation of key control performance, whether via the checklist or other means, must be available for inspection upon request by internal or external auditors or by the campus Controls, Accountability and Risk Management Office.

Note that for fiscal year 2010, the checklist has been updated to eliminate the physical inventory section and the personnel activity reports section. All controls related to these two areas must still be carried out, but the checklist no longer includes them. Documentation of these two controls is accomplished through other means (BET920 inventory and the Effort Reporting System). Also, the title of the checklist has changed.

Some departments, including the Controller's Office, have implemented an electronic version of the checklist. Contact Hans Gude, Manager, Controls and Accountability, if you wish to explore how your department might be able to move to electronic documentation of key controls.

The checklist or other documentary evidence of controls should be retained for three years after the end of the fiscal year.

Proper Dating of the Checklist

Most key control frequencies are monthly (identity management is quarterly), so the checklist should be signed every month soon after fiscal month close. The checklist should be signed immediately after the control is completed.

If you do not complete a key control soon after fiscal month close, then complete it as soon as you can, and sign and date the checklist to indicate the date you completed the control.

Similarly, if you completed the control timely but did not sign the checklist timely, sign and date the checklist to indicate the actual date you completed the control.

Clarifying Checklist Misconceptions

The checklist is not the control. No control over financial reporting is achieved by signing the checklist. The control is achieved through carrying out the key controls themselves. The checklist is merely a place for the control performer to document – to assert – that he or she carried out the control.

The checklist is not a certification that all the financial information is correct. Some people have expressed concern about signing the checklist at the L4 level, stating that because their review is fairly high level (i.e., L4), they cannot assert that all the financial detail across their unit is accurate.

Again, the checklist is an assertion that the control was performed. It is not an assertion that all the financial information represented in the reviewed financial report is correct.

If the control performer printed out the appropriate financial report, reviewed it, and noted and followed up with any unexplained variances, then the control was carried out correctly, and the checklist should be signed. The key control is only one of a portfolio of financial controls within a unit that work together to ensure accuracy in financial reports.

Related Information

Learn about SAS 115, which replaced SAS 112.

Learn about internal controls.

CARMO Home

Controls & Accountability Home

• Financial Key Controls

  • Financial Key Control Requirements
    (formerly SAS 112)
  • Department Key Controls
  • SAS 115
  • Internal Controls Overview
  • Key Controls Checklist (Word)

• Related Links

  • Ethics
  • Policy Access & Coordination

• Related Sites

  • Controller's Office
  • BFS Security & GL Systems
  • Extramural Funds Accounting
  • Financial Accounting & Operations
  • Financial Management Training

• Controller's Office Contacts
• UCB Directory
• Privacy Policy
• Webmaster

Copyright © UC Regents. All rights reserved