Financial Accounting and Controls
KEY CONTROLS CHECKLIST
Documenting the Performance of the Key Controls
To help departments document the fact that they performed the key controls, the Controller's Office developed a Key Financial Controls Checklist (PDF). We strongly recommend that all departments use the checklist, particularly given that our external auditor expects to see a properly completed departmental checklist during annual sampling and testing. The checklist should be signed and dated in hard copy on a timely basis.
If a department does not use the checklist, it will still need to document performance of its key controls in a clear, consistent way that can be observed and understood by third parties.
Documentation of key control performance, whether via the checklist or other means, must be available for inspection upon request by internal or external auditors or by the Controller's Office.
Note that beginning in fiscal year 2010, the checklist has been updated to eliminate the physical inventory section and the personnel activity reports section. All controls related to these two areas must still be carried out, but the checklist no longer includes them. Documentation of these two controls is accomplished through other means (BET920 inventory and the Effort Reporting System). Also, the title of the checklist has changed.
The checklist or other documentary evidence of controls should be retained for three years after the end of the fiscal year.
Proper Dating of the Checklist
Most key control frequencies are monthly (identity management is quarterly), so the checklist should be signed every month soon after fiscal month close. The checklist should be signed immediately after the control is completed.
If you do not complete a key control soon after fiscal month close, then complete it as soon as you can, and sign and date the checklist to indicate the date you completed the control.
Similarly, if you completed the control timely but did not sign the checklist timely, sign and date the checklist to indicate the actual date you completed the control.
Clarifying Checklist Misconceptions
The checklist is not the control. No control over financial reporting is achieved by signing the checklist. The control is achieved through carrying out the key controls themselves. The checklist is merely a place for the control performer to document – to assert – that he or she carried out the control.
The checklist is not a certification that all the financial information is correct. Some people have expressed concern about signing the checklist at the L4 level, stating that because their review is fairly high level (i.e., L4), they cannot assert that all the financial detail across their unit is accurate.
Again, the checklist is an assertion that the control was performed. It is not an assertion that all the financial information represented in the reviewed financial report is correct.
If the control performer printed out the appropriate financial report, reviewed it, and noted and followed up with any unexplained variances, then the control was carried out correctly, and the checklist should be signed. The key control is only one of a portfolio of financial controls within a unit that work together to ensure accuracy in financial reports.