Internal Control Policies
Alfred University has adopted this internal control plan to safeguard the assets of the Alfred University. The University's assets include cash, supplies and materials, inventories, capital assets, and enterprise resource planning systems and related electronic databases. Capital assets are comprised of tangible items such as moveable equipment, infrastructure, buildings, and facilities and intangible assets including patents, royalties, copyrights, and discoveries.
Other assets include dedicated and talented faculty to carry out the instruction, research and extension programs. Administrative and support staff manage the financial and logistical services necessary to maintain a motivated and trained workforce and to manage finances and the physical facilities.
The University’s reputation is depended on its integrity and the image projected by its employees. A viable internal control plan can contribute toward the protection of its reputation and assets.
What are internal controls?
Internal controls are an integrated system to assess risks, determine how to mitigate those risks, and protect resources. An internal control plan is a system of checks and balances and includes established ways to prevent and detect intentional and unintentional errors. Controls can be designed to be preventive or detective. Everyone at the University is responsible to conduct University business according to the provisions of its internal controls.
An internal control system, no matter how well conceived and operated, can provide only reasonable – not absolute – assurance to management and the Board regarding achievement of an entity’s objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems. These include the realities that judgments in decision-making can be faulty and that breakdowns can occur because of simple errors or mistakes. Additionally, controls can be circumvented by the collusion of two or more people, and management has the ability to override the system. Another limiting factor is that the design of an internal control system must reflect the fact that there are resource constraints and the benefits of controls must be considered relative to their costs.
An internal control plan can be viewed as an effort to ensure employees, including management, conduct business in an effective and efficient manner to safeguard the University’s assets and interest, to avoid waste, abuse, and fraud, to maintain an ongoing and viable entity, to maintain records and a general ledger that support accurate financial reporting and to prevent illegal activity.
Why have internal controls?
Internal controls are a factor in assuring the continuation of the University as an on-going concern. By following an internal control plan, the University community can prevent waste, abuse, and fraud and ensure resources are available to carry out the University’s mission. Internal Controls contribute to good business practices that protect economic resources and enhance the University’s reputation and good will.
Financial reporting. An internal control plan includes transaction controls to ensure personnel and financial activity is properly recorded in the general ledger. An accurate general ledger supports the preparation of the University’s financial statements. Complete and accurate financial statements prepared in accordance with U.S. generally accepted accounting principles convey the University’s financial health to federal awarding agencies, banks and the general public. Procedures and responsibilities are established and maintained to facilitate a timely review of external financial statements prior to audit. Any required adjustments are made promptly to ensure the auditor can issue an unmodified opinion on the statements.
Compliance. The University receives awards which support its research program and is part of the financial aid to the students. Awards have requirements which must be met to fulfill the terms of the awarding agencies and individual award documents. An internal control plan includes practices and procedures to ensure the University meets the conditions stipulated by the awarding agencies.
The Board of Trustees is responsible for setting the institutional expectations for internal control, ensuring management is aware of those expectations, requiring the upward communication channels are open through all levels of management, and evaluating management’s effectiveness toward monitoring the control environment and implementing sound control policies and procedures.
Individuals with delegated approval authority, e.g. vice presidents, deans, directors and department chairs, are responsible for establishing, maintaining, and supporting a system of internal controls within their areas of responsibility and for creating the control environment that encourages compliance with university policies and procedures.
- Adequate supervision is necessary to monitor that internal controls are operating as intended, and to help ensure the reliability of accounting and operational controls by pointing out errors, omissions, exceptions and inconsistencies in procedures.
- Faculty and staff in leadership roles are responsible for the application of this policy and the design, development, implementation and maintenance of systems of internal controls focusing on the effectiveness of operations and the safeguarding of assets within their respective areas of responsibility.
- All levels of management and supervision are responsible for strengthening internal controls when weaknesses are detected. Department managers should periodically review departmental procedures to ensure that the general principles of internal control are being followed.
The Controller’s Office has the primary responsibility for internal control over financial reporting and compliance with applicable laws, rules and regulations. The Controller is the University source for information and assistance to faculty and staff leadership on this topic and will make resources available to any business function on campus to assist in administering this policy.
The Department of Human Resources is responsible for internal controls over employee recruitment, hiring, separation, promotion, job classification, employee rights, and salary administration. The Director of Human Resources is the University source for information and assistance to faculty and staff leadership on this topic and will make resources available to any business function on campus to assist in administering this policy.
Department managers are responsible for prompt corrective action on all internal control findings and recommendations made by internal and external auditors. The audit process is completed only after managers receive the audit results and take action to correct internal control weaknesses, improve systems, or demonstrate the management action is not warranted.
The University administration will establish and maintain a system of internal controls that satisfies the University’s objectives in the following categories:
- Risks are identified and effectively managed
- Safeguarding of University assets
- Reliability and integrity of financial information
- Compliance with University policies, plans, procedures, laws and regulations
- Economical and efficient use of University resources
- Meeting Established objectives and goals for University operations and programs
General internal control principles for campus units are:
- Separation of duties
- Duties are separated so that one person’s work routinely serves as a check on another’s work
- No one person has complete control over more than one key function or activity (e.g., authorizing, approving, certifying, disbursing, receiving, or reconciling)
- Authorization and approval
- Proposed transactions are authorized when proper and consistent with University policy and the department’s plans
- Transactions are approved by the person who has delegated approval authority, which is usually delegated on the basis of special competency or knowledge
- Custodial and security arrangements
- Responsibility for physical security/custody of University assets is separated from record keeping/accounting for those assets
- Unauthorized access to University assets and institutional data is prevented
- Timely and accurate review and reconciliation
- Departmental accounting records and documents are examined by employees who have sufficient understanding of the University accounting and financial systems to verify that recorded transactions actually took place and were made in accordance with University policies and procedures
- Departmental accounting records and documentation are compared with University accounting systems reports and financial statements to verify their reasonableness, accuracy, and completeness
- The general internal control principles should be applied to all departmental operations, especially accounting records and reports, payroll, purchasing/receiving/disbursement approval, equipment and supply inventories, cash receipts, petty cash and change funds, billing and accounts receivable.
All campus systems, processes, operations, functions and activities are subject to evaluations of internal control systems. The results of these evaluations provide information regarding the University’s overall system of control.
Information and communication – Information must be timely and communicated in a manner that enables people to carry out their responsibilities
- All personnel must receive a clear message from the University’s administration that control responsibilities are to be taken seriously. Failure to comply with established practices will subject the individuals to the terms of disciplinary action or dismissal described in University HR Policies.
- Employees must understand their own roles in the internal control system, as well as how individual activities relate to the work of others. To this end, on an annual basis all employees will receive the internal control training presentation and letter from the President.
- Employees must have a means of communicating significant information to the University’s administration.
- The University must communicate effectively with external parties, such as students, parents, funding providers, contractors, suppliers, regulators and other stakeholders.
- This policy is subject to revision as deemed necessary, without prior notice. The University shall give notice of any revisions using the approved method for communication.