UMass logo University of Massachusetts
Home DIRECTORY A - Z Contact Us
SEARCH:
Amherst Boston Dartmouth Lowell Medical UMassOnline

University Internal Audit

Audit Matters

University of MassachusettsInternal Audit > Audit Matters

Share |

Today's Best Practice

Best Practices for Monitoring Department Assets and Equipment

All reasonable efforts should be made to physically safeguard the assets of the University (department) from the risk of damage, theft, or other loss.  Loss of such may temporarily impact operations and/or may result in unplanned replacement costs to the department.  These assets may include, but are not limited to the following:

  • Cash and checks received to be deposited
  • Petty cash funds
  • Other cash funds maintained on-site for operating purposes
  • University credit cards
  • Credit card processing devices
  • Confidential documents and files (paper and electronic)
  • Original financial transaction records
  • Supplies, tools, machinery
  • Office equipment which may easily be misappropriated (cameras, TV's, specialized electronic equipment)
  • Computing related equipment, including laptops

Individual departments are ultimately responsible for the safeguarding of equipment and/or inventory.  One control related to physical security of assets is to monitor inventory of items purchased.

An Asset Listing should be maintained for valuable items, especially computing equipment, which may not only be costly to replace, but may also contain sensitive University related data on the equipment.  The department should periodically utilize the listing (obtained from the Campus Property Office) to verify the presence of the physical equipment subject to monitoring.  Any variances or missing items should be reviewed and resolved in a timely manner with the Campus Property Office.

Additionally, many departments allow employees and students to sign out and borrow equipment.  In all such cases the department should have a sign-out system in place to document and account for the status of all equipment removed from the department or the University.  For example, some campuses require property passes as a means of tracking laptop computers.

If you have any questions, please contact the Internal Audit Office at 774-455-7551.

 

IT Corner

27002 ISO Standards

In December 2010, The University of Massachusetts Board of Trustees voted to adopt ISO/IEC 27002 as the official Information Security policy for the UMass system.

ISO 27002 provides best practice recommendations on information security management for those responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).

Information security's main goal is to protect the confidentiality, integrity and availability of information services through a "Defense in Depth" strategy.  This strategy involves employing specific controls at each layer of vulnerability.  For the most part, any changes will not affect the majority of the user community.

If you have any questions your Information Security Officer (ISO) on your campus is your best resource.  If you don't know who your campus ISO is, please contact Internal Audit at 774-455-7551.

   

 

The PDF files on this page require the free Adobe Acrobat Reader.

Printer Friendly | E-mail this page

Phone  Suspect Fraud?

If you suspect or discover fraud in your department, either follow reporting guidelines in the referenced documents below, or contact the University Internal Audit Office immediately. All calls are handled confidentially, whenever possible.

Audit Hotline: 774-455-7555

Email: AuditLine@umassp.edu

    Audit Matters
              Archived Newsletters

Home Pages

About Us

What We Can Do For You

Policies and Guidelines

Reports & Resources

 

Privacy Policy | Site Map | Contact the Webmaster

  This is an official page/publication of the University of Massachusetts.
©2012 University of Massachusetts.

This page last updated on February 8, 2012.