Understanding Internal Controls
How can you, in your role at the university, safeguard assets and be part of a structure that enhances fiscal accountability? Does your department have a standard practice in place to prevent fraudulent activity or errors that everyone in your area is aware of and understands? Internal controls, when properly designed and executed, will help ensure your area has optimal safeguards against loss, errors, or fraud.
The internal control definition, as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), has three key points. Internal control is:
- An ongoing process (not just checking a box one time)
- Effected by people from the board of trustees, to managers, to front-line employees (the people and their actions are what is important, not the form, system or procedure manual)
- Designed to provide reasonable assurance regarding the achievement of the University’s objectives (absolute assurance is not possible)
It is important to note how adaptable and flexible the definition is – it can be applied university-wide, or an operating unit.
As the definition says, internal controls depend on the participation of all employees at every level. Therefore, all of us share the responsibility of establishing and following appropriate policies and procedures on internal control. Employee competence and professional integrity are essential components of a sound internal control program, and the training class PRO303 – Internal Controls at UF is highly recommended for all fiscal staff.
Employees are responsible for complying with internal controls by:
- Successfully fulfilling the duties and responsibilities established in the job description;
- Monitoring work to ensure it is done properly and that errors are corrected promptly;
- Meeting applicable performance standards;
- Taking all reasonable steps to safeguard assets against waste, loss, unauthorized use and misappropriation;
- Adhering to all applicable policies and procedures;
- Attending education and training programs to increase awareness and understanding; and
- Reporting concerns, including breakdowns in internal controls, missing internal controls, or other issues, to the supervisor or manager
Managers and supervisors are responsible for executing control policies and procedures within their departments by:
- Maintaining a positive office environment that encourages internal controls through the “tone at the top,”
- Documenting policies and procedures that are to be followed in performing work functions;
- Encouraging and supporting employees who report concerns or opportunities for improvement;
- Ensuring employees attend education and training programs applicable to their jobs;
- Understanding all applicable regulations, policies and directives that impact the work functions;
- Identifying the control objectives for each function and implementing effective controls designed to meet those objectives, and
- Regularly testing the controls to verify they are performing as intended.
The Controller’s Office does not have the goal to make each person an expert in internal controls, but to increase awareness and understanding of why we need them and how to use them.
For questions, assistance or concerns, please do not hesitate to reach out to either Internal Controls and Quality Assurance (email@example.com, (352) 392-1321) or the Office of Internal Audit (firstname.lastname@example.org or (352) 392-1391).
01/31/2020: reviewed content
Internal Controls and Quality Assurance: (352) 392-1321