Background: UCSD's electronic information systems contain many forms of personal and private information. By allowing appropriate system access and recording transactions in an accurate and timely manner, you can manage electronic information and ensure data integrity. Follow these internal control practices to make sure you handle electronic information and technology appropriately.

To learn more about internal control practices related to information systems explained on this page, click the links below:

• Accountability, authorization, and approval
• Security of assets
• Review and reconciliation

Accountability, authorization, and approval
When proper accountability exists, you know who has access to electronic and personal information, for what business purpose they have access, what information systems and data are authorized for use, and where sensitive, private information resides.

• Best practices:
  • Limit business system and data access to appropriate users.
  • Adhere to security and privacy policies for e-mail, Web browsing, and electronic communication.
  • Determine approval hierarchies and appoint a departmental security administrator (DSA).
  • Implement security measures to protect access to electronic resources and private information according to IS-3 (PDF) and PPM 135-3 (PDF).
  • Communicate and coordinate access and security with Administrative Computing and Telecommunications (ACT).
  • Train employees in computer access, security, software, and appropriate use of University information.
  • Address reported or suspected access and security violations according to the CIRT process.

• Potential consequences if accountability does not exist:
  • Misuse of information
  • Identity theft
  • Improper use of university assets
  • Damage to public image
  • Legal actions

Security of assets
UCSD's electronic information is a valuable asset. Security controls prevent and reduce the risk of harm caused by error, accident, natural disasters, or malicious action. Avoid duplication of information if it’s available elsewhere. Store information in a secure location.

• Best practices:
  • Use and share data for business purposes only.
  • Design, document, and test internal processes to ensure security and data integrity.
  • Secure personal information in a locked or password protected location.
  • Regulate authorized access to resources through security measures such as user IDs and passwords.
  • Implement auditable authorization processes that adhere to University policies.
  • Train all users in security awareness.
  • Inform your DSA and system/ data custodians about access rules and security violations.
  • Restrict access of information and systems to people who need the access to perform their jobs.
  • Periodically review information stored in electronic or paper format.
  • Secure or discard personal and private information properly.

• Potential consequences if electronic information is not secured:
  • Identity theft
  • Damage to public image
  • Misuse of University resources and information

Review and reconciliation
Your reconciliation activities confirm that transactions are recorded correctly, can be readily retrieved, and are safeguarded from improper alteration.

• Best practices:
  • Ensure data integrity by validating data with the Data Warehouse, or FinancialLink tools and reporting models.
  • Follow retention schedules and data retention requirements.
  • Periodically review information stored in electronic or paper format.

• Potential consequences if review and reconciliation activities are not performed:
  • Errors, discrepancies, or irregularities undetected
  • Inaccurate, incomplete official records
  • Improper access to business systems and data

Questions? For information about information systems responsibilities, contact Administrative Computing,(858) 534-6960. For information on internal control practices, contact Debbie Rico, (858) 822-2797.