Suggested Internal Controls Checklist

This list is not intended to provide an exhaustive list of internal controls required for each department*. This listing is designed to assist and provide guidance on the possible features of an effective system of internal controls. Each department* is encouraged to identify its significant risks and tailor the system of internal controls accordingly in order to mitigate these risks. Components of an effective system of internal controls should include: 

Segregation of Duties: The staff member who raises a purchase requisition, transaction approver, custodian and account reconciler should not be the same individual. In the case of cash handling, one individual should not be responsible for the initiation, processing, recording and reporting of the transaction;

Authorisation: Those charged with the responsibility to approve transactions should be of an appropriate level of management / seniority within the department*. Transaction approvers should be familiar with the University's policies and procedures, terms and conditions of the transaction or terms of endowment / project contract terms in order to provide informed authorisation and approval for the transaction;

Reconciliations: Financial reports related to the department* should be prepared on a periodic basis and reviewed by management. Significant accounts (in quantum or sensitivity) should be reconciled to supporting documentation on a periodic basis;

Governance / Performance Review: Executive management in each department* should perform a regular review of academic and administrative resource inputs and outputs to ensure intended quality and value for money is obtained;

Error Handling via journal entry should be approved and documented by an individual of relevant authority in a timely manner in addition to the sign off of the preparer of the journal;

Budget Review: Comparison of budget income and budget expenditure to actual income and actual expenditure should be performed on a monthly basis and approved by department* management;

Books & Records: Sufficient records should be maintained by the department* for the time periods suggested by the Corporate and Legal Affairs Department of the University (source: https://www.ucc.ie/en/ocla/policy/  );

Safeguarding of Assets: Assets purchased by the department* 1) should be safeguarded and 2) reviewed to ensure proper insurance cover is maintained. Further details on the asset management are contained in the University's Finance Office policy suite and available at Finance Office Policies A-Z (sharepoint.com);

Conflict of Interest: Staff in each department* should be aware of any potential conflict of interest in department* activities and the need to demonstrate fairness at all times in decision making. Appropriate action to avoid actual / perceived conflicts of interest should be taken in each department* to ensure that all staff adhere to the University's policy on conflict of interest policies.  

Risk Management: A sound system of internal control depends on a regular and thorough evaluation of the operational, strategic and reputational risks to which the department* is exposed. The UCC Risk Management process is outlined in the Risk Management Policy and User Guide available at https://www.ucc.ie/en/ocla/risk/ on your web browser;

* Please note that 'department' mentioned above is defined in a broad sense meaning department, institute, college, school, office, centre, or unit of the University. It is important to emphasise that responsibility to ensure that an appropriate system of internal controls is maintained at the local level rests, in the first instance, with local management of each department, institute, office, centre, or unit of the University.