INTERNAL CONTROLS

"Internal Control is a process . . . designed to provide reasonable assurance regarding the achievement of objectives in the following categories

Effectiveness and efficiency of operations.

Reliability of financial reporting.

Compliance with applicable laws and regulations."

The Committee on Sponsoring Organizations (COSO)

This process is effected by a university's governing board, administration, faculty and staff.

Internal controls can be achieved in small departments with limited personnel as well as in large departments with more personnel available to achieve segregation of duties. Internal Controls consists of the following five interrelated components:

Control Environment - This includes factors such as integrity, ethical values and the competence of personnel and the way they do business. Management's philosophy and operating style also play a factor. The attention and direction of Senior Administration or the Board significantly affects the control environment. find out how to contribute to a positive control environment.
Risk Assessment - Every organization or department faces a variety of risks from external and internal sources. Management must be able to identify and manage those risks relevant to achieving the organization's objectives. Management must also be able to deal with the risks associated with changing economic, industry, regulatory, and operating conditions. Find our how to identify risk.
Control Activities - Control Activities are the policies and procedures that help ensure management directives are carried out properly and in a timely manner. In addition to segregation of duties, control activities include approval processes, authorizations, verifications, reconciliations, review of operating performance, security of assets and controls over information systems (general and application controls). Most importantly, policies must be implemented thoughtfully, conscientiously, and consistently; a procedure will not be useful if performed mechanically without a sharp continuing focus on conditions to which the policy is directed. Further, it is essential that unusual conditions identified as a result of performing procedures be investigated and appropriate corrective action taken.
Information and Communication - Pertinent information must be identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities. This component of internal control is critical. It not only includes information systems produced reports of operational, financial and compliance-related information, but it also includes the day-to-day communication processes among employees, supervisors and Senior Administration. It is also important that the information and communication flows up and down the organizational structure and flows across departments and divisions. Find out more about Information and Communication.
Monitoring - A process to assess the quality of internal control systems over time is essential. This can be accomplished through ongoing monitoring activities, separate evaluations of internal control such as self-assessments and internal audits or a combination of the two. Ongoing monitoring activities include management and supervisory activities that take place every day. Either management or Internal Audit may undertake separate evaluations. Find out how you can know if internal controls are functioning properly in your area.

Georgia Institute of Technology Internal Control Guide

Columbia University-Guide to Internal Controls

Cornell University-Control Self Assessment

| Home | Contact Us |