Control Self-Assessment Tool

The activities listed on the pages that follow are recommended and in some cases required as means to achieve the primary objectives of Brown.

University’s system of internal controls:

  • Protection of University assets –
    human, physical, financial, intellectual, and reputation
  • Compliance with laws, regulations, and University policies
  • Reliability and integrity of reported financial and other information
  • Effective and efficient operations
  • Achievement of established University goals and objectives

These activities are classified in six categories:

  1. Budgeting, Expenditure, and Accounting Controls
  2. Cash Handling and Revenue Controls
  3. Personnel Administration Controls
  4. Safety, Facilities, and Property Controls
  5. Information Security Controls
  6. Research Administration Controls

They should be considered University “best practice” recommendations for department operations.


Department heads are asked to use this checklist to self-assess the control activities of their departments, consulting with their staff who are responsible for these activities. For each item, assess the department’s compliance with the related practice or prohibition on a scale of 0-10, or indicate “ N/A” if the practice is not at all relevant to the department’s operations. (0: Never Comply, 2: Seldom/Minimally, 5: Occasionally/Partially, 8: Usually/Mostly, 10: Always/Completely, N/A: Not Applicable)

Also for each item, please communicate directly to the University Auditor if you would like:

  1. more information about the practice and the reasons behind it.
  2. department training regarding a particular practice or set of practices.
  3. the University Auditor’s verification of the department’s self-assessment.

For a "pdf" version of the file, please follow this link: Control Self-Assessment Tool.


Best Practice Assessment (0-10, N/A) Want Information Want Training Want Verification
Budgeting, Expenditure, and Accounting Controls
1. Duties to initiate, authorize, record, reconcile, and monitor the department’s financial activities are sufficiently segregated among enough different employees that errors or fraud can be detected in a timely manner.
2. FRS reports and accounts are reviewed and reconciled on a monthly basis.
3. Payroll reports are reviewed monthly and reconciled to submitted time reports and corresponding FRS reports.
4. Unreconciled financial transactions are researched and corrected in a reasonable period of time.
5. Spending is within budgetary limits. Actual or potential cost overruns are promptly identified, mitigated through corrective action, and/or reported to the responsible senior officer.
6. Purchases and commitments for $3,000 or more are initiated through purchase requisitions
7. The department's equipment purchases are requisitioned through Purchasing, and those for $ 3,000 or more are reported to ORA for tagging and recording in the University’s equipment inventory listing.
8. Purchase requisitions are properly authorized, sufficiently documented, and for appropriate University purposes.
9. The number and scope of those with department expenditure authority is reasonable, up-to-date, on record with the Controller’s Office, and consistent with electronic purchase requisitioning and (if applicable) procurement card authorization levels.
10. Individuals with expenditure authority sign their own names to transaction documents rather than have others sign their names for them.
11. Check requests, including personal reimbursements, are properly authorized, sufficiently documented, and for appropriate University purposes.
12. Procurement card use is controlled by the cardholder and transactions are properly logged, sufficiently documented, for appropriate University purposes, and accounted by correct subcode in the financial record system.
13. Expenses unallowable by OMB Circular A-21 (such as alcoholic beverages) are charged to accounts or subcodes (e.g., - 3210) that are not included in the indirect cost rate calculation.
14. Journal transfers recorded in department accounts are appropriate, properly authorized, and adequately documented.
15. Telephone logs are reviewed and arrangements are made for personnel to reimburse the University for personal long distance telephone calls that they have not charged to their own calling cards.
16. Department personnel do not make personal purchases through University accounts.
17. Travel advances and travel/business expense reports are authorized by the traveler’s supervisor and sufficiently documented to support the fact, University purpose, and costs of the travel.
18. Travel expenses comply with University policy and any applicable regulatory restrictions.
19. Travel advances are accounted for within two weeks of the trip completion.
II. Cash Handling and Revenue Controls
1. Checks collected for deposit are payable to Brown University rather than third parties.
2. The department's petty cash funds are sufficient and necessary, adequately secured in the custody of one person, replenished on a timely basis, reconciled by the custodian to the account’s general ledger balance at least monthly, and periodically verified by the responsible person for the account.
3. The department does not have unauthorized bank accounts or charge accounts.
4. Cash and checks received in the department are logged when received, adequately secured awaiting deposit, and credited to the appropriate general ledger account with sufficient documentation to support its accounting. 5. Gifts by cash or check are provided promptly to the Cashier’s Office for deposit, along with any original documentation (e.g., donor’s letter) that supports the source and purpose of the gift.
5. Gifts by cash or check are provided promptly to the Cashier’s Office for deposit, along with any original documentation (e.g., donor’s letter) that supports the source and purpose of the gift.
6. Arrangements are made with the Cashier’s office to transport all deposits, especially those containing cash, to the Cashier’s Office or bank by armed guard.
7. The department's revenue-producing activities have established accounting procedures for compliance with IRS and state tax regulations.
8. Departments who sell merchandise assess RI state sales tax (7%) on customers’ purchases unless the merchandise or customer is exempt from sales tax, and make arrangements with the Controller’s Office for remittance of this tax to the State.
9. Departments do not generate their own “ accounts receivable” invoices. Arrangements for billing and collection of amounts due to the department are made through the Bursar.
10. In accordance with RI State Law, no raffles or other games of chance are conducted without authorization by the RI State Police.
III. Personnel Administration Controls
1. Department leaders and supervisors set a positive ethical tone that encourages compliance with laws, regulations, and rules of the University and its sponsors.
2. All non-exempt staff are paid or receive compensatory time in accordance with the Fair Labor Standards Act and Brown’s policy on overtime compensation.
3. Time sheets are properly authorized, and they are checked against payroll/labor distribution reports monthly.
4. The department maintains daily logs of hours worked by miscellaneous and student employees, and the logs agree with corresponding time sheets.
5. The department tracks and maintains adequate records of employees' vacation time and sick leave.
6. Independent Contractor (consultant) payments are properly classified and adequately documented.
7. Independent Contractor contracts are approved by the General Counsel, Provost, or other authorized officer.
8. Employees are aware of and adhere to University workplace policies and procedures related to drugs and alcohol, sexual harassment, smoking, and pets.
9. Staff understand that personal telephone calls should be kept to a minimum.
10. Employees charge personal toll calls made on University lines to personal calling cards.
11. Department personnel are aware of the University's "Employment of Relatives" policy. Exceptions to the policy do not exist, or exceptions have been disclosed to the relevant senior officer who has authorized a related management plan for the exception.
12. Department personnel are aware of the University policy on conflict of interest and commitment and have filed applicable disclosures.
13. The department notifies the Human Resources Department of terminating employees and submits associated paperwork on a timely basis, and immediately terminates all computer and card access privileges and signature/purchasing authority.
14. New employees are "I-9'd" and they complete paperwork requested by Human Resources and Payroll on a timely basis.
15. New employees receive orientation training.
16. Foreign students who graduate in May are allowed to work at Brown past graduation only if they receive special work permission paperwork from the IRS.
17. Employees are not asked or required, as part of their job duties, to transport cash and checks outside of University buildings.
18. Employees are not asked or required as part of their job duties to sign others’ names to documents.
19. Employees demonstrate competence and are provided opportunities to participate in University-sponsored or other training programs relevant to their work at Brown.
20. Allocation of duties within the department promotes the efficient use of resources.
21. Department interactions and operations are conducted in a manner that promotes fairness, respect, and positive staff morale.
22. There is awareness of the department’s EEO/AA responsibility, status, and goals.
23. The department provides a positive, tolerant climate for diversity.
24. "Essential functions" of each employee, per the Americans with Disabilities Act (ADA), are identified for each employee’s PCD.
IV. Safety, Facilities, and Property Controls
1. The department updates its equipment inventory listing as items are acquired or disposed, and performs federally-required biannual equipment inventory procedures promptly at ORA’s request.
2. Inventory items listed on the University's property list are easy to locate, properly tagged, and in good condition.
3. Surplus property is declared to the Purchasing Office and disposed in compliance with established University policy and procedures ( Finance_and_Admin/Purchasing/), e.g., hard drives are wiped clean, and items are not sold, given away, or discarded directly by the department.
4. The department has an emergency action plan, and all employees have been trained to know how to respond to emergency situations such as fire ( Administration/EHS/).
5. Employees who work in laboratories have received all required training.
6. Employees who handle hazardous materials have received all required training.
7. Hazardous materials are stored and disposed in accordance with procedures established by the Environmental Health and Safety Office.
8. Loss prevention practices such as strong key control and security devices on equipment reasonably protect University property from theft or damage.
9. The department maintains an up-to-date inventory control log of all department keys and their assignment to individuals.
10. Use of department space by outside groups is limited and coordinated with the Office of Insurance.
11. Department employees are familiar with the University's Software Piracy policy, and the department can establish its ownership of all software installed on department computers.
12. Physical security of microcomputers, terminals, and work stations is adequate and complies with University policy.
13. Items of University property such as computers that are used in employees’ homes are documented and approved for off-campus use.
V. Information Security Controls
1. The department has a Departmental Computing Coordinator (DCC) with related duties specified in a Position Content Document (PCD) approved by Human Resources on file.
2. Employees understand University guidelines for safeguarding private and confidential information ( Facilities/ CIS/policy/protectinginfo.html).
3. Employees are familiar with restrictions and protections (e.g., FERPA, HIPAA, and theGramm-Leach-Bliley Act) relevant to any personal, confidential information that they handle.
4. Employees are familiar with University policies and procedures related to information technology and security (
5. Employees respect copyright protections for printed materials, software, and electronically-distributed information.
6. Live updates of virus protection software are scheduled to run on an automatic basis daily, and virus scans are run periodically on locally maintained servers.
7. Operating system security updates are kept current.
8. Access deletions and additions for authorized users of servers and mainframe computer systems are up-to-date.
9. Backup and recovery procedures for microcomputers, servers, and LANs are adequate to protect the department’s operations from lengthy disruption and its information assets from loss.
10. Prior to declaring a computer a surplus piece of property, its hard drive is wiped clean.
VI. Research Administration Controls
1. All proposals to receive funding from external sponsors are submitted according to procedures coordinated with the Office of Research Administration.
2. All protocols for research involving human subjects, conducted by students or faculty, are reviewed and approved in advance by Brown’s Institutional Review Board.
3. Individuals’ time and effort reports are certified by the individuals themselves or someone else who has first-hand knowledge that the time and effort being reported was provided to the project(s) indicated.
4. Principal investigators provide all required financial and program reports to sponsors within required deadlines.
5. Documentation to substantiate transactions charged to a federal grant account is maintained within the department for at least 3 years after the final financial report for the respective grant is filed with the sponsor. This is especially important for grants that run longer than 4 years because the Controller’s Office does not maintain original documentation for University transactions for more than 7 years.
6. Costs that the federal government classifies as " unallowable" charges (e.g., alcoholic beverages, political lobbying costs, etc.) are not charged to federally-sponsored grants.

Revised December 2004