Issued: July 17, 1989
Owner: University Comptroller
Latest Revision: May 16, 2003
This policy has been migrated to the standardized
This policy describes the general guidelines for establishing and maintaining internal control procedures for departments and other University activities.
2.0 Policy [Top]
Internal controls include organizational plans and procedures which are designed to:
- Safeguard assets
- Verify the accuracy and reliability of accounting data and other management information
- Promote operational efficiency
- Ensure adherence to prescribed policies and compliance with federal and state regulations.
Department and activity heads are responsible for conducting their business activities in a manner consistent with good internal control. Individuals responsible for administering University funds are expected to:
- Ensure that University, School, Department, Unit, and Sponsor policies and procedures are available to and understood by those carrying out financial transactions
- Comply with University, Federal, State, Sponsor, and Donor terms, conditions and restrictions on the use of funds
- Grant or delegate financial authority carefully, with consideration for proper segregation of duties
- Ensure that appropriate reviews and monitoring take place, including a monthly review of transactions for reasonableness and necessity, and conduct a periodic review of operating reports and performance indicators
- Explain to individuals that they will be accountable for their actions when viewing institutional records or processing transactions
- Communicate financial information properly and in a timely manner, and grant access to financial information only for appropriate business uses
- Protect assets, including data, equipment, supplies, inventory, and cash from unauthorized access or theft
- Set a tone within the organization for ethical conduct and integrity
The University Comptroller is responsible for the promulgation of policies and procedures directed toward the establishment of good internal control.
The University's internal auditors, in their periodic reviews of departments and activities, will review the system of internal control and make recommendations for improvements.
2.2 Responsibility to Safeguard Assets
Assets include all property of the University. Examples of assets are buildings, equipment, inventory, accounts receivable, and cash (including checks).
Extreme care must be exercised in safeguarding cash and items easily convertible to cash, such as accounts receivable. Appropriate physical safeguards must be employed to protect all assets. Cash must be secured in a locked facility (an appropriate safe is strongly recommended).
Appropriate procedural safeguards must be in place to protect cash and cash convertible items. THE EMPLOYEE WHO RECEIVES AND DEPOSITS PAYMENTS ON ACCOUNT MUST NOT ALSO HAVE THE RESPONSIBILITY OF RECORDING PAYMENTS IN THE ACCOUNTS RECEIVABLE RECORDS.
Any observed weaknesses in internal control should be brought to the attention of the University Comptroller immediately.
2.3 Responsibility to Verify the Accuracy and Reliability of Financial Data
The University's Integrated System maintains a comprehensive record of all financial transactions. Access to information about the status of individual projects, awards, tasks, and transactions is available through queries, pre-defined reports and custom reports.
It is the responsibility of departments and activities to process all transactions in a timely manner and to verify, promptly, the accuracy of all transactions posted to their projects and accounts. This will require, at least, a monthly review and approval of all transactions recorded in a given project or account. Any errors should be reported immediately to the originator or to the appropriate central financial office.
See also Procedure 1-4, "Reviewing Project/Award Activity"
The reliability of information retrieved from the financial modules of the Integrated System is dependent on the timely recording of all transactions. Vouchers, travel expense reimbursement vouchers, billings of support service units, receipts, personnel/payroll actions, and any other financial transactions must be immediately entered into the Integrated System or forwarded promptly to the appropriate central financial office for processing.
The University's central financial offices will review accounts on a selective basis and seek resolution of any questionable transactions or balances.
2.4 Responsibility to Safeguard Personal Financial Information
Financial Institutions, including collegies and universities are subject to the provisions of the Gramm-Leach-Bliley Act (2000) as it pertains to ensuring the security and confidentiality of customer records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. All University service providers are responsible for preparing and executing an Information Security Program to:
- ensure the security and confidentiality of personal financial information;
- protect against any anticipated threats to the security or integrity of such information; and
- guard against the unauthorized access to or use of such information that could result in substantial harm or inconvenience to any member of the university community
2.5 Responsibility to Review Projects and Reconcile Accounts Periodically
Fiscal Administrators are responsible for ensuring each assigned project or account is reviewed and reconciled to departmental records on a monthly basis, and that all transactions placed in suspense projects are also resolved monthly. Departments are responsible for maintaining source documentation for all transactions in accordance with established records retention and distribution schedules. Departments are also responsible for providing source documentation, in a timely manner, at the request of a central financial office or an internal or external audit.
Fiscal Administrators are expected to be familiar with financial policies and procedures and serve as the primary resource for inquiries on that group of projects or accounts. "Fiscal Administrator" is the person responsible for monitoring and reconciling the activity in a group of projects or accounts. A Fiscal Administrator will usually have the Integrated System Funds Management responsibility of "Project Manager" or "Award Manager".
2.6 Responsibility to Promote Operational Efficiency Through Organization and Training
- The University is committed to achieving a high level of efficiency and effectiveness in the use of personnel and other resources.
- The achievement of an acceptable level of operational efficiency is dependent on a proper organizational plan and sufficient training of employees.
- Organizational plans must be designed to segregate duties so that no one employee controls all phases of a transaction.
- New employees must be trained adequately for their responsibilities to ensure efficiency and accuracy.
- Human Resources is responsible for the development and delivery of broad training programs and for specific training in Integrated System responsibilities. Specific job training and assignment of job responsibilities are the responsibility of the department or activity head.
2.7 Adherence to University Policies and Procedures
The University's policies and procedures are a primary means of establishing internal controls. In addition to conforming to certain State and Federal regulations, these controls allow the University to fulfill the dictates of prudent management. All individuals who deal with financial and administrative matters must be familiar with and adhere to these policies and procedures. Failure to adhere to the University's policies and procedures may be considered misconduct, as stated in the State's Standard of Conduct Policy.
2.8 Monitoring of Internal Controls by the Audit Department
The University's Audit Department is an integral part of the internal controls system. This office will monitor and evaluate internal controls as part of its annual audit plan. Weaknesses in internal controls will be commented on by the Audit Department in its reports.
The appropriate department or activity head must make a written response to any findings of inadequate internal controls and take prompt corrective action as recommended.
2.9 Documenting Departmental Business Operations
Departments should document all unique business operations with internal policies and procedures. Such departmental policies/ procedures not only document current operating practices, but also enhance management's communication to employees, help produce consistency of effort during periods of turnover, and provide a training aid for new employees.
2.10 Maintenance of Internal Controls
In an effort to maintain an effective system of internal controls, University management has instituted the following measures:
- Internal Audit's program of ongoing reviews throughout the year.
- An annual questionnaire to verify the soundness of departmental internal controls.
- An extensive questionnaire follow-up program with selective departments to ensure compliance with internal controls standards.
- At least annually, review with the Audit Committee of The Board of Visitors the internal audit reports and both the external auditors' management comments and the progress reports to resolve those comments.
- At least every four years, ensure all financial systems have been reviewed by external auditors, internal auditors, or by management.
3.0 Definitions [Top]
4.0 References [Top]
The following is a list of financial policies and procedures addressing major internal controls issues.
- Policy I.A.2, "Reporting Fraudulent Transactions"
- Policy I.C.1, "Internal Audit"
- Policy II.C.1, "Records Retention and Disposition"
- Policy II.E.2, "Petty Cash, Petty Cash Checking and Change Funds"
- Policy II.E.4, "Controlling Cash Items"
- Policy V.A.1, "Revenue Generating Activities"
- Policy V.B.1, "Cashiering Activities"
- Policy V.B.2, "Credit and Collection"
- Policy VI.F.1, "Disbursements: General Requirements"
- Policy VI.F.3, "Timely Payments to Vendors"
- Policy VII.C.2, "Types of Purchases Requiring Special Processing"
- Policy X.A.1, "Maintenance of Equipment Inventory"
- Policy X.F.1, "Surplus Property Disposal"
- Policy XV.A.1, "Conflict of Interests"
- Procedure 1-1, "Completing the Internal Controls Questionnaire"
- Procedure 1-4, "Reviewing Project/Award Activity"
- Procedure 1-5, "Reviewing GL Account Activity"
- Procedure 5-7, "Cash Item Controls"
See also Employee Policies maintained by Human Resources
5.0 Approvals and Revisions [Top]
version in effect from 6/14/01 to 5/16/03 available
in policy archive.
Previous version in effect from 3/8/00 to 6/14/01 available in policy archive.
Previous version in effect from 7/17/89 to 3/7/00 available in policy archive.