Internal Controls

Internal controls are broadly defined as processes, affected by an organization's people, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Reliability and integrity of financial and operational information.
  • Effectiveness and efficiency of operations and programs.
  • Safeguarding of assets.
  • Compliance with laws, regulations, policies, procedures, and contracts.

Control Categories:

  • Effectiveness and efficiency of operations
  1. Processes run smoothly and help us meet our objectives
  • Reliability of financial reporting
  1. Numbers are accurate and are an aid to decision-making
  • Compliance with laws and regulations
  1. Stay out of trouble
  • Safeguarding of assets

We believe everyone uses internal controls in their typical daily activities such as the following:

  • Did you lock your doors at home before leaving for work?
    Probably so because you wanted to protect the assets in your home from theft.
  • Do you write your PIN number on your debit card?
    Probably not because you know if you lose your card, you would also most likely lose your money.
  • Do you balance your bank statement each month?
    Hopefully, because it ensures you know the correct balance in your account, ensures no one has inappropriately accessed your funds, and ensures that the bank hasn't’t made mistakes in their records.

Most internal controls can be classified as preventive or detective. Preventive controls are designed to discourage errors or irregularities.

  • A computer application which checks validity prevents the entry of an invalid account number.
  • Reading and understanding University Human Resource policies, such as Work Hours [for PA Staff], helps prevent violations of the Federal Fair Labor Standards Act. [Human Resources Professional Staff Policy 2.14]
  • A manager's review of purchases for propriety and validity prior to approval prevents inappropriate expenditures.

Detective controls are designed to identify an error or irregularity after it has occurred.

  • An exception report detects and lists incorrect or invalid entries or transactions.
  • A comparison of validated Cash Receipt Vouchers to monthly financial statements will detect deposits posted to erroneous accounts.
  • The manager's review of long distance telephone charges will detect improper or personal calls that should not have been charged to the account.

Internal Audit assists the University in maintaining effective controls by evaluating their effectiveness and efficiency, making recommendations for improved controls, and by promoting continuous improvement as part our internal auditing and consulting activity. Every employee play a role in either strengthening or weakening our University's internal control system.

Below is a list of typical best business practices in maintaining an effective control environment:

  • Set a strong example for the expectation of ethical behavior, compliance with laws/policies, and communicate your expectations routinely to your unit's personnel.
  • Never sign something you do not understand.
  • Limit signature authority and do not let anyone sign your name (an employee should sign their own name). Never use a signature stamp.
  • If something does not make sense ask questions about it until it does. Pay attention to what your employees are doing.
  • Be familiar with University policies and procedures. Be willing to call and ask questions.
  • Consider unique risks your unit may have (i.e. cash collections, contracts and grants, etc.) and ensure additional oversight is provided.
  • Ensure level reports are reconciled monthly and review this reconciliation for any unusual transactions.
  • Do not let one employee have complete control of any process.
  • Keep offices and labs locked to protect property, data, and other resources. (Remember to shred paper documents with identifying information.)
  • Ensure University assets are used for University business.