Internal Control System

Key Components of an Effective Internal Control System

A university’s internal controls system should include the following components:

  • Control environment: A control environment establishes for all employees the importance of integrity, ethical values, and a commitment to revealing and rooting out improprieties, including fraud. Management creates this environment and lead by example. Management must put into place the internal systems and personnel to facilitate the goals of internal controls.
  • Risk assessment: A university must regularly assess and identify the potential for, or existence of, risk or loss. Based on the findings of such assessments, added focus and levels of control might be implemented to ensure the containment of risk or to watch for risk in related areas.
  • Monitor: A university must monitor its system of internal controls for ongoing viability. Doing so can ensure, whether through system updates, adding employees, or necessary employee training, the continued ability of internal controls to function as needed.
  • Information/Communication: Solid information and consistent communication are important on two fronts. First, clarity of purpose and roles can set the stage for successful internal controls. Second, facilitating the understanding of and commitment to steps to take can help employees do their job most effectively.
  • Control activities: These pertain to the processes, policies, and other courses of action that maintain the integrity of internal controls and regulatory compliance. They involve preventative and detective activities.
  • Compliance with laws and regulations: A university’s financial activities must adhere to all relevant laws, regulations, and standards. This involves keeping up-to-date with changes in financial regulations and implementing measures to ensure compliance.
  • Separation of duties: Distributing responsibilities among different people reduces the risk of error or inappropriate actions. This includes separating authorization, custody, and record-keeping roles to prevent fraud and errors.
  • Physical controls: A university must implement security measures to protect its assets, including cash, inventory, and equipment. This could involve secure storage facilities, access controls, and surveillance systems.