Decorative, one image of each system campus

The Controller's Office serves the entire University. Our organization is collectively responsible for supporting departments, colleges, and campuses in their financial operations. If you conduct the business, we've got the tools, systems, procedures, and policies to get the work done. Our goal is to make the business of the University efficient and cost-effective, so people can focus on teaching, research, and outreach. 

Our departments perform a wide range of services focused on reducing costs and increasing efficiency. We are also responsible for supporting the University's enterprise financial systems. Processes, systems, and controls are designed so that the University has timely, accurate, and complete financial information for decision making.

Financial Statements

Our most visible work products are the University's annual financial statements, reporting our financial health. The University's financial statements are available on this site, choose Annual Reports from the menu.

Special Projects or Initiatives

Enhancements to the financial system, business process updates or changes, and other efforts are managed using a standard project process. When major initiatives are underway, information about the effort will be distributed to the University community and posted on this website.

Compliance Areas

Expand all

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires the University of Minnesota to implement safeguards to insure the security and confidentiality of certain non-public customer information. The Safeguards Rule protects certain private information identifiable to individuals that is obtained when the University offers or delivers a financial product or service to them. The University must develop, implement, and maintain a comprehensive information security program containing administrative, technical and physical safeguards that are appropriate based upon the University's size, complexity and the nature of its activities. The following materials are provided for training and education purposes.

How does the University comply with the GLBA Safeguards Rule?

GLBA Information Security Program

This document describes how the University complies with the GLBA Safeguards Rule. All units that handle or maintain covered data must follow the Information Security Program.

How do I know if my unit handles or maintains information that is protected under the GLBA Safeguards Rule? If so, what am I required to do under the University’s Information Security Program in relation to this data?

The following documents can help you determine if you handle or maintain customer information protected under the GLBA Safeguards Rule, and if so, what steps you must take to safeguard that data.

  • GLBA Safeguards Rule Decision Tree
    Use this chart to determine if your unit handles or maintains customer information that must be protected under the GLBA Safeguards Rule.

Understanding more about GLBA Safeguards Rule, additional information and examples

The following documents provide an overview of the GLBA Safeguards Rule regulation as well as examples of financial services or products and a reference guide of in-scope and out-of-scope activities.

  • GLBA: Implementation of the Safeguards Rule 
    This document provides information regarding current and future exposure to and compliance with the law.
  • GLBA Safeguards Rule: Examples of Financial Services or Products 
    Most University departments will not have exposure to the Safeguards Rule. However, units should review this list of activities that can subject a department or program to the law, and examples of customer information that must be protected.
  • GLBA Safeguards Rule: Reference Guide 
    This chart provides examples of in-scope and out-of-scope at the University.

Payment Card Industry Data Security Standard (PCI DSS)

University of Minnesota departments that accept payment cards (credit or debit cards) as a form of payment for goods and services are contractually obligated to follow the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a multifaceted security standard developed and owned by the major payment card companies that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. The standard comprises 12 requirements that are organized in 6 related groups or “control objectives” to protect cardholder data wherever it resides - ensuring that sensitive payment card information is handled safely and a high information security standard is maintained. A copy of the PCI DSS can be found on the Payment Card Industry Security Standards Council (PCI SSC) website

How does the University comply with the PCI DSS?

This document describes how the University complies with the PCI DSS. All units that handle or maintain customer's cardholder data must follow the Payment Card Program.

University Payment Card Program

How do I know if my unit handles information that should be protected by the PCI DSS? If so, how do I comply with the PCI DSS?

If your department or unit wishes to accept payment cards (credit or debit) as a method of payment from your customers, you must meet University policy, state and federal laws, contractual obligations, and rules of the University's banks and financial institutions. This includes meeting compliance with the PCI DSS. Additional information can be found within the policies and procedures below.

Identity Theft Prevention Program: Red Flags Rule

The Red Flags Rule (RFR) requires the University to implement a written identity theft prevention program designed to detect the warning signs (or "red flags") of identity theft in day-to-day operations. Each unit that handles covered accounts must develop reasonable policies and procedures to identify, detect, and respond to red flags in their area. The regulation includes additional responsibilities for users of consumer reports and units that issue credit or debit cards (including certain declining balance cards such as Gopher Gold). Read more about Fighting Fraud with the Red Flags Rule in this information provided by the Federal Trade Commission (FTC).

The Controller’s Office provides oversight for the University’s Identity Theft Prevention Program. The following materials are provided in support of this role.

How does the University comply with the Red Flags Rule?

  • University’s Identity Theft Prevention Program
    This document describes how the University complies with the Red Flags Rule. All units that handle covered accounts must comply with the guidelines described in this Program.
  • RFR Certification of Compliance Form Annual completion required
    Colleges and administrative units that must comply with one or more sections of the Red Flags Rule must annually complete and submit this form to the Controller’s Office.

How do I know if my unit handles accounts that are protected under the Red Flags Rule? If so, how do I comply with our Identity Theft Prevention Program?

  • RFR Self-Identification Questionnaire
    This four-question form helps you decide quickly if your area is in-scope.
  • RFR Compliance Guidance
    Use this document to determine which sections of the Red Flags Rule apply to your area and how to comply.
  • RFR Department Identity Theft Prevention Plan
    This document offers a starting point for in-scope units to identify processes and procedures that assure compliance. It is a good business practice to document processes and procedures employees are expected to follow. Units are encouraged to build on or reference existing practices.
  • FTC Examples of 26 Red Flags
    Guidance information provided by the Federal Trade Commission (FTC).
  • Incident Log (Optional)
    This optional template may help you track identity theft attempts or incidents in your area that could suggest a need for changes to your processes or procedures. Completion is not required.


The Controller's Office works closely with:

Contact Us

Financial Helpline: 612-624-1617
[email protected]

1300 2nd Street S Minneapolis, MN 55454 (WBOB)
Campus Mail Code: 7529

Controller's Office units are housed in the West Bank Office Building (WBOB) and in the McNamara Alumni Center on the Twin Cities campus.