Internal control is a process effected by a college or university's governing board, administration, faculty and staff designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
This definition reflects certain fundamental concepts:
- Internal control is a process. It is a means to an end, not an end in itself.
- Internal control is effected by people. It's not merely policy manuals and forms, but people functioning at every level of the institution.
- Internal control is geared to the achievement of objectives in several overlapping categories.
- Internal control can be expected to provide only reasonable assurance to an institution's leaders regarding achievement of operational, financial reporting and compliance objectives.
It is the expectation of the Board that the operations of the Internal Audit department shall be consistent with the Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors, and that an evaluation of the University internal audit function shall be conducted on a regular basis as a part of the external audit.
Key Internal Control Activities
Segregation of Duties - Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For example, responsibilities for receiving cash or checks, preparing the deposit to the Student Account Services and University Billing Office, and reconciling the deposit to the Receivable Accounting Office receipt and accounting report should be separated.
Authorization and Approval - Transactions should be authorized and approved to help ensure the activity is consistent with departmental or institutional goals and objectives. For example, a department may have a policy that all purchase requisitions and invoice vouchers must be approved by the director. The important thing is that the person who approves transactions must have the authority to do so and the necessary knowledge to make informed decisions.
Reconciliation and Review - Performance reviews of specific functions or activities may focus on compliance, financial or operational issues. Reconciliation involves comparing transactions or activity recorded to other sources to help ensure that the information reported is accurate. For example, revenue and expense activity recorded on accounting reports should be reconciled or compared to supporting documents to ensure that the transactions are recorded in the correct account and for the right amount.
Physical Security - Equipment, inventories, cash, checks and other assets should be secured physically, and periodically counted and compared with amounts shown on control records. For example, the periodic confirmation of equipment by individual departments is a physical security control.
See Quick Reference Guide for university policies or best practices that Internal Audit believes will help create good internal controls.