|Approved by:||Board of Trustees|
|History:||Issued -- March 14, 2002|
|Last Reviewed --|
|Responsible Official:||Vice President for Finance and Treasurer tel. (202) 319-5606|
To preserve the accuracy and integrity of University data, all administrative software systems will have appropriate access and control mechanisms. This policy sets the requirements for documentation, responsibility and maintenance of systems access.
This policy shall apply to all University administrative computer systems which contain financial data or elements which impact financial data.
Procedures and Regulation
Each system shall have complete documentation of the details of user access of University employees, students and others to panels, data and processes in that system. Access related to financial records of the University shall be reviewed and approved by the Vice President for Finance and Treasurer before any system is implemented. Access requirements shall also be reviewed by the Vice President responsible for that system's function prior to the live use of the system.
III. Internal Control
The Vice President for Finance and Treasurer designates the University Controller and University Internal Auditor to review and approve the adequacy of the internal control processes of any system before implementation. They shall be responsible to produce a document identifying the risks and the controls in the system to address those risks.
IV. Maintenance of Access
Each system shall have a designated responsible individual, the system "Owner" to provide oversight and management of system operation. This person shall be designated by the appropriate Vice President for that system and identified to the Vice President for Finance and Treasurer. This person shall be responsible for the provision of daily operational support including establishing and maintaining records of access to that system as well as development and maintenance of procedures for using the system. The system owner will be responsible for developing appropriate mechanisms to compare and update access based on changes in employment or other status as appropriate for the users of that system.
V. Regular Review
The University Internal Auditor shall conduct annual reviews of access to ensure compliance with documented processes of system access and use.