CFO Advising

CFOs, Controllers and Finance Directors utilize internal controls and risk management to maintain an educational institution’s operational effectiveness, efficiency, security and compliance.

Guided by federal, state and local laws, SOX compliance and U.S. Department of Education guidelines, the CFO Advising program provides a high-level report and map of internal controls outlining current strengths and gaps, opportunities for efficiency and cost savings and recommendations to reduce risk.

Apply Now
Corrective Controls - CCF Advising
Corrective controls
Automate Manual Processes - CCF Advising

Automate Manual Processes

Prevent Errors and Fraud - CCF Advising

Prevent Errors and Fraud

Detective Controls - CCF Advising

Detective controls

No Cost Assessment Information Technology and Internal Controls

CFOs, Controllers and Finance Directors utilize internal controls and risk management to maintain an educational institution’s operational effectiveness, efficiency, security and compliance. Technology plays a pivotal role in effective internal controls that safeguard educational institutions against risk such as human error, fraud, cyber threats, procedural inefficiencies, and legal non-compliance. Although internal controls help reduce risk, they too can be evaluated for efficiency, optimization, and cost-benefit like other investments.

The Campus Consortium Foundation (CCF) CFO Advising program for Higher Education provides a no cost internal controls assessment for member institutions. Properly configured and executed, technology optimizes internal controls and provides proactive risk management. The CCF assessment is based on three control types:

  • Preventive controls
  • Safeguard assets and avert potential problems by using role-based identity access management, separation of duties, and data encryption.
  • Detective controls
  • Identify past events or ongoing issues by using internal audits, IT security monitoring, and advanced surveillance systems.
  • Corrective controls
  • Mitigate, recover, and resolve adverse events by using Security an Operations Center (SOC), incident response and disaster recovery plans.
No Cost Assessment - CCF Advising
CFO Advising and Implementation Services
  • Manage Remote Access

The remote workforce changed how institutions operate; the same is true for their internal controls. Printing financial reports or tax documents is no longer tenable for remote employees. All documents should be maintained in a secure cloud-based location with appropriate access distributed to employees.

  • Automate Manual Processes

Automation and integration of manual tasks, systems, processes and procedures reduces fraud, human error risks, improves operational efficiency and saves time and money.

  • Support Compliance

Technology helps institutions comply with laws and regulations, such as wage and hour laws, GLBA and Financial Aid. Additional compliance includes document and record retention requirements, audit trails, transaction history, PCI-DSS (credit and debit cards), GDPR, and other education regulatory requirements.

  • Data Governance

An essential data policy framework includes data quality, data stewardship, data protection, data compliance, and data management. Data governance is managing the availability, usability, integrity and security of data in an educational institution based on internal standards and policies that also control data usage. Effective data governance ensures that data is consistent, trustworthy, located in a secure and central location and is not misused. All institutions face expanding data privacy regulations and increasingly rely on data analytics to optimize operations and drive decision-making.

  • Prevent Errors and Fraud

A critical preventive control is updating and monitoring user access. Implementing role-based access and a zero-trust policy means only authorized employees with appropriate permissions can access critical information and data. Roles differ based on job functions and responsibilities and permission to resources are granted or removed as needed. Identity and Access Management (IAM) gives an institution the ability to control access to data.

  • Incident Response and Disaster Recovery
An Incident Response Plan is formally approved by the senior leadership team and helps an institution react and recover before, during, and after a confirmed or suspected security incident. The plan clarifies key participants, roles and responsibilities, communication and provides guidance on key activities. It should also include a cybersecurity list of key people who may be needed during a crisis. Disaster recovery is the process of maintaining or reestablishing vital infrastructure and systems following a natural or human-induced disaster, such as a storm or battle. It employs policies, tools, and procedures.

Apply Now

Testimonials

Slide

"Campus Consortium Foundation was valuable in helping us find and affordable student engagement solution and communicate with a fabulous EdTech partner."

Dr. Torie Jackson
Vice President for Institutional Advancement
West Virginia University at Parkersburg

Slide

"Working with Campus Consortium Foundation is streamlined, simple and the communication was fantastic"

Anthony K. Wintera
Director of Network Services
Calumet College of Saint Joseph

Slide

"Campus Consortium Foundation was valuable in helping us find its EdTech vendor who provided Single Sign-On, Password Manager, Adaptive Authentication, Mobile App and Automated Provisioning Software and reduced total cost of software and services."

Jake Fowler
Director of Campus Technology
Kansas City Art Institute

Join Campus Consortium Foundation Now For CFO Advisory Services

Apply Now