Internal Controls are an important part of any organization's operation. They help limit the possibility of fraud, waste, or abuse. In addition, they help protect people from being accused of fraud, waste, or abuse. You cannot always prove guilt or innocence without proper controls.
What are Internal Controls?
- Internal controls consist of the policies and procedures that the ETSU administration has put in place to help ensure that the university meets its goals and objectives.
- Controls relate to financial and operational policies as well as the compliance with legislative requirements.
What are the Objective of Internal Controls?
- Safeguarding university assets
- Operational efficiency
- Compliance with applicable laws and regulations
- Ensuring the accuracy and reliability of financial reporting
Why are Internal Controls Important?
- Internal controls protect you by catching the small mistakes before they become big problems.
- Internal controls protect the university by removing opportunities for innocent mistakes or intentional fraud to cause harm.
What are the Components of Internal Controls?
- Internal controls are composed of the following interrelated components that work together to achieve the university's goals.
- The Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
What is the Control Environment?
- The control environment is the core of any system of internal control.
- The control environment sets the tone for the entire university.
- The control environment is made up of the following:
- The ethics and integrity of the administration and employees of the university.
- The commitment to competence at all levels.
- The administration's operating style and attitude toward controls.
- Human resource polices and procedures.
- Organizational structure.
What is Risk Assessment?
- Risk assessment is the evaluation to determine the areas and functions within the university and each department that have risk of errors, noncompliance, and fraud.
- Controls can be put into place to help mitigate the risks identified during the risk assessment process.
What are Control Activities?
- Control activities consist of specific policies and procedures that are put in place to mitigate the risk of error, noncompliance, and fraud.
- The following is a list of control activity categories:
- Physical control of assets
- Segregation of duties
- Authorization of activities
- Adequate documentation
- Independent performance review
What is Meant by Segregation of Duties?
- Responsibility for the custody of assets, as well as the authorization of transactions related to assets, should be kept separate from the accounting of those assets.
- Responsibility for operations should be kept separate from the related record-keeping.
- Major functions within an electronic data processing department should also be separated.
What is Considered Adequate Documentation?
- Documents should be as simple as possible so that they are clearly understood by all users.
- Documents should be prenumbered and the use of the documents should be periodically verified to ensure accountability.
What is an Independent Performance Review?
- The independent performance review is designed to ensure that the other controls are properly designed and working properly.
- Changes in operations may make some controls unnecessary and may cause the need for new controls (i.e. controls over cybersecurity).
What is Information and Communication?
- Adequate information and communication systems help the university personnel obtain and process information that is needed to carry on and control the operations of the university.
What is Monitoring?
- Monitoring is the review of controls by the university administration to verify that the controls are achieving the desired results.
- As the operations of the university change, the related controls must be changed to ensure that they goals of the university are met.
What are Some of the Limitations of Internal Controls?
- The effectiveness of any system of internal controls depends on the competence of the people who use it.
- Internal controls can be weakened by the management override of control activities.
- Controls can be defeated by the collusion of two or more people.
If you suspect a weakness in internal controls, please contact the Department of Internal Audit at (423) 439-6155 for further assistance.