University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Fraud/inappropriate activity
Reference to Master List
Key Control
Monitoring of BRC-processed transactions for unusual items or
patterns.
Risk
Fraudulent or otherwise inappropriate transactions could go
undetected.
Control Objective
Identify significant inappropriate or fraudulent activity.
Department or group with
primary responsibility
BRC customer departments
BRC Roles, Responsibilities and Accountability
Accountability Analyst
Perform monitoring activities or run processes as directed by the
Accountability Manager and assist in the development of queries.
Accountability Manager
Develop monitoring procedures/processes.
Other Department
Compliance & Audit (UCOP
Office)
Perform risk assessment and complete internal audits as per Audit
Plan.
Automated or Manual
Manual and/or automated
Documentation of Control
Query results, reports, or other evidence of monitoring activities.
Frequency
At least annually
Special Year-end Activity
Analysis of large year-end transactions for possible cutoff issues.
Prepared by: G Blumberg
Last Updated: May 2, 2010
University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Staffing
Reference to Master List
Key Control
Sound HR practices are employed to ensure a qualified, competent,
ethical, and satisfied workforce.
Risk
Customers might not be provided with effective and efficient service
from courteous staff
Control Objective
Employees employ their skills to serve customers in an efficient,
effective manner applying the highest ethical standards and find
satisfaction and growth in so doing.
Department or group with
primary responsibility
BRC Leadership Team
BRC Roles, Responsibilities and Accountability
Team Leads &
Accountability Manager
Provide on-going training in ethics, controls, and BRC processes.
BRC Director
Ensure that sound HR practices are employed including:

Appropriate recruitments

Background checks including fingerprinting for all BRC staff
(except for strictly administrative personnel).

Training of supervisors

On-going training in ethics, controls and BRC processes

Annual performance evaluations
Other Department
SRCT
Maintain BRC employee files including evidence of completion of
background checks.
UCOP (UCSF) HR
Provide assistance with recruitments and background checks.
Compliance & Audit
Provide courses in ethics and related areas.
UCOP Budget Office
Ensure appropriate training/certification on systems before granting
access rights.
Automated or Manual
Manual
Documentation of Control
Personnel files
Training materials and BRC calendar
Frequency
Annual and on-going
Special Year-end Activity
None
Prepared by: G Blumberg
Last Updated: May 2, 2010