Office of the Controller and
Internal Controls
Sandra Featherson
Associate Director of Controls
Office of the Controller
February 2010
Abbreviated Organization Chart
Anne Broome
Vice President,
Financial
Management,
UCOP
Henry T. Yang
Chancellor
Vacant
Vice Chancellor,
Administrative Services
Sheryl Vacca
Senior Vice
President/Chief
Compliance and Audit
Officer, UCOP
Vacant
University Auditor
Ron Cortez
Associate Vice Chancellor,
Administrative Services
Jim Corkill,
Controller, Accounting
Services and Controls
Craig Whitebirch
Director,
Audit and Advisory
Services
Distinct and Complimentary
Roles

Office of the Controller
• Provide leadership in a campuswide effort to ensure effective
controls and accountability
practices.
• Assist management in assessing
their control environment and the
effectiveness and efficiency of
operations.
• Ensure that campus financial
policies and procedures are clear,
adequate, and current.
• Evaluate systems and participate in
system development to ensure
proper controls are implemented
and compliance with policy.

Audit and Advisory Services
• Independent evaluation of
systems of accountability and
control.
• Investigate reported cases of
alleged improper financial
activities.
• Serve as the liaison between
the University community and
external audit agencies.
UCSB Control Initiative
Business Officer
Institute (BOI)
 BOI Feedback
 Common Audit
Findings
Campus Financial
Mgmt. Training
& Manual
Control Advisory
Committee
(CAC) Financial
Risk Assessment
Departmental
Control SelfAssessments
Departmental
Process Risk
Assessment
Campus Wide
Process Risk
Assessment
Assessments
 Departmental
Control Self Assessments
 Departmental Process Risk Assessment
 Campus Wide Process Risk Assessment
Office of the Controller
http://controller.ucsb.edu

Jim Corkill
Controller
Director of Accounting Services and Controls
x5882
jim.corkill@accounting.ucsb.edu

Sandra Featherson
Associate Director of Controls
x7667
sandra.featherson@accounting.ucsb.edu

Neil Clark
Administrative Analyst
x8593
neil.clark@accounting.ucsb.edu

Tonika Jones
Administrative Assistant
x8593
tonika.jones@accounting.ucsb.edu
Internal Controls
 What
are Internal Controls?
• Definition
• COSO Model
• Examples
 Why
are They Important?
 Who is Responsible for Internal Controls?
Internal Control - A definition

Internal Control is a process, effected by a college
or university’s governing board, administration,
faculty and staff, designed to provide reasonable
assurance regarding achievement of objectives in
the following areas:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
Internal Control Concepts & Applications, 1992, Committee of Sponsoring Organizations of the Treadway Commission
COSO Internal Control Model
 COSO
stands for Committee of Sponsoring
Organizations.
 Committee was formed to develop a
common definition of internal controls and
provide guidance on judging its
effectiveness.
 COSO is referred to as an Internal Control
Model or framework.
COSO Internal Control Model
 Officially
adopted by the University of
California
 A tool for departments to use in evaluating
their internal controls.
COSO Internal Control Model
There are five components of internal control
in the COSO Model:

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring
Control Environment
Control Environment

The “tone at the top” set by people in positions of
authority
Based on attitudes and habits of those in authority

An element in establishing the organizational culture

Control Environment
Control Environment Factors:




Integrity and Ethical Values
Commitment to Competence
Management’s Philosophy and
Operating Style
Assignment of Authority and
Responsibility
Risk Assessment
 Risk
- Anything that gets in the way of
meeting your goal/objective
 Risk Assessment - The identification and
analysis of relevant risks associated with
achieving business goals/objectives
Risk Assessment
Why is a risk assessment important?
 Risks impact an organization’s ability to
meet its objectives such as:

• Positive Public Image
• Providing Excellent Customer
Service
• Reducing Overdrafts
Control Activities
 Control Activities
• Policies and procedures that help ensure management
directives are carried out and necessary actions are
taken to address risks
Control Activities Specific Examples
 Segregation
of Duties
 Transaction Reviews
 Reconciliations
Control Activities –
Specific Examples
 Financial
Performance Reviews
 Systems Controls
 Physical Controls
 Case
Study
Information and Communication
The information system must provide data
that is:
• Relative to established objectives
• Accurate and in sufficient detail
• Understandable and in a usable form
This information must be provided to the
right people in time to allow appropriate
action
Information and Communication
Communication
• Up and down the organization
• Across organizational lines
Communication Examples
• Employee duties and control
responsibilities should be clearly
communicated
• Ability to report suspected problems,
without fear of repercussions
Monitoring
Monitoring

A process that assesses the quality of an internal control
system’s performance over time
Monitoring
Monitoring Activity Examples


Management
• Review of actual expenditures vs.
budgeted
• Comparison of various reports with
physical assets
Separate evaluations
• Assessment of internal controls by
Audit and Advisory Services
• External auditors reviews
Internal Controls
 Why
are They Important?
 Who is Responsible for Internal Controls?
Internal Controls and SAS 112
 SAS
112: Statement of Accounting
Standards
 Auditors will be reviewing not only the
transactions and ensuring the numbers are
correct, but also the controls in place to
ensure those numbers are correct.
 Controls must be documented – or they are
not considered controls.
Questions??