Internal ControlThe New York State Governmental Accountability, Audit and Internal Control Act (Act), Chapter 510 of the Laws of 1999, requires that all state agencies institute a formal internal control program. This system of internal controls is designed to assure that the University and its campuses meet their mission, promote performance leading to effective accomplishment of objectives and goals, safeguard assets, check the accuracy and reliability of financial and other key data, promote operational efficiency and economy, and encourage adherence to applicable laws, regulations and prescribed managerial policies and practices.
The Act requires that all state agencies institute a formal internal control program. As outlined in the Division of Budget (DOB) Budget Policy and Reporting Manual Item B-350, the University is required to take the following actions:
- establish and maintain guidelines for a system of internal controls;
- establish and maintain a system of internal controls and a program of internal control review which is designed to identify internal control weaknesses and actions needed to correct these weaknesses;
- make available to each employee a clear and concise statement of the University's/campus's generally applicable management policies and standards with which each employee will be expected to comply;
- designate an internal control officer at the University and campus levels to implement and review the University's/campuses' Internal Control Programs;
- implement education and training efforts to ensure employee awareness and understanding of internal control standards and evaluation techniques; and
- periodically evaluate the need for an internal audit function.
WHAT IS INTERNAL CONTROL?
Internal control is the integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its objectives and mission.
This definition establishes that internal control:
- effects every aspect of an organization: all of its people, processes and infrastructure;
- is a basic element that permeates an organization, not a feature that is added on;
- incorporates the qualities of good management;
- is dependent upon people and will succeed or fail depending on the attention people give to it;
- is effective when all of the people and the surrounding environment work together;
- provides a level of comfort regarding the likelihood of achieving organizational objectives;
- and helps an organization achieve its mission.
PURPOSES OF INTERNAL CONTROL
While the overall purpose of internal control is to help an organization achieve its mission, internal control also helps an organization to:
- Promote orderly, economical, efficient and effective operations, and produce quality products and services consistent with the organization's mission.
- Safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud.
- Promote adherence to laws, regulations, contracts and management directives.
- Develop and maintain reliable financial and management data, and accurately present that data in timely reports.
EXAMPLES OF INTERNAL CONTROLS INCLUDE, BUT ARE NOT LIMITED TO:
- External (federal, state, university) laws, regulations, policies, and procedures
- Policies of the University Board of Trustees
- College handbook, catalog, and other statements of policy and procedure
- Academic curricular and course outlines
- Student registration system
- Financial and personnel procedures
- College long-range plan
- Collective bargaining unit contracts
- Financial and operational audits
- Employee performance programs and evaluations
- Accreditations (Middle States, etc.)
- Time and attendance reporting
- Property (equipment) control
- Electronic data and network security
- Public safety, environmental safety, code compliance practices
- Faculty Senate governance process
- Service contracts, revocable permits
- Building door lock systems and key control
- Student and employee identification cards, etc.
TYPES OF INTERNAL CONTROLS
There are two types of internal controls: preventative controls and detective controls.
Preventative controls are designed to keep errors or irregularities from occurring in the first place. They are built into internal control systems and require a major effort in the initial design and implementation stages. However, preventative controls do not require significant ongoing investments.
Detective controls are designed to detect errors and irregularities, which have already occurred and to assure their prompt correction. These controls represent a continuous operating expense and are often costly, but necessary. Detective controls supply the means with which to correct data errors, modify controls or recover missing assets.
WHO'S RESPONSIBLE FOR WHAT?
Our competence and professional integrity are essential components of a sound internal control program. By knowing what our responsibilities are, we can help to provide reasonable assurance that our internal control systems are adequate and operating in an efficient manner.
- Fulfilling the duties and responsibilities established in one's job description.
- Meeting applicable performance standards.
- Attending education and training programs as appropriate to increase awareness and understanding.
- Taking all reasonable steps to safeguard assets against waste, loss, unauthorized use and misappropriation.
- Reporting breakdowns in internal control systems to your supervisor.
- Refraining from the use of your official position to secure unwarranted privileges.
Managers have these additional responsibilities:
- Maintaining an office environment that encourages the design of internal controls.
- Documenting policies and procedures that are to be followed in performing office functions.
- Identifying the control objectives for the functions and implementing cost effective controls designed to meet those objectives.
- Regularly testing the controls to determine if they are performing as intended.
The Internal Control Officer spearheads the campus' Internal Control Program and is responsible for the following:
- Monitor and evaluate the organization's overall internal control system.
- Coordinating the development and implementation of the campus' Internal Control Program.
- Monitoring identified weaknesses and required corrective actions.
- Ensuring that employees are informed of applicable policies and receive appropriate training in internal control.
- Complete Central Administration reporting requirements.
Dorothy M. Hughes, Internal Control Officer
Horton Hall, Room 155