Chief Administrative Officer (CAO) Duties
The Chief Administrative Officer (CAO) of a unit is responsible for:
- Determining individual access to application systems.
- Identifying who will update the systems (Preparers) and who will review the updates/transactions (Reviewers) for each online application.
- Selecting a Departmental Security Administrator (DSA). The DSA is responsible for the input into the Distributed Administrative Computing Security System (DACSS) of the Inquiry/Preparer/Reviewer as specified by the CAO. A backup DSA should also be designated in the event of the primary DSA’s absence.
CAO & DSA Procedures
The above procedures should also serve as a guide for units. Where different measures are adopted, it's important for management to justify the effectiveness of the alternative procedures. In any case, management remains accountable for activities performed by DSAs.
Controlling and monitoring procedures should be documented at the appropriate organization, division, subdivision or department levels.
A DSA is required to maintain a record of all accountability delegations. This record should be readily available for periodic discussions with the CAO when requested. A DSA should also review in detail the information in the DACSS Query Database (QBD) and Online Administrative Systems Information Services (OASIS)/DACSS noted above.
Organizational units should document and maintain at the appropriate organization, division, subdivision or department level:
- Procedures that detail the level and nature of review performed by CAOs and DSAs with respect to DACSS.
- An accountability matrix summarizing how preparer and reviewer functions have been distributed that is approved and dated.
- Reviews performed by CAOs with regards to DACSS and DSA activities that are signed and dated.
In those instances where individuals are both a CAO and the primary DSA, the same documentation is still required. The only difference is that there will be only one initialed approval instead of two.
Annual CAO Compliance Certification
On an annual basis, the Office of the Controller will request that CAOs certify compliance with the UCLA Financial Policy and verify that appropriate controlling and monitoring procedures are performed. Management certifications are an important part of internal control, because they raise and maintain control awareness and promote accountability.
The Office of the Controller maintains a CAO database and lookup utility that defines CAOs by organizational code (Org, Div, SubDiv, Dept).