The university's policy on internal controls is IGP #133 - Internal Control. All employees are responsible for following good internal controls. The information below provides information about basic internal controls. Please use the Basic Internal Control Assessment to evaluate your department's compliance with the university's policies and good internal controls.
The goal of segregation of duties is to assign various steps of a process to different people. The intent is to prevent instances where someone could engage in theft or fraud by having an excessive amount of control over a process. An individual should not be in a position to initiate, approve, undertake and review the same action. The following general functions should be split among different people.
|Authorization||Authorization is normally performed by a supervisor, office manager, or department head. Examples include approving expenditures, approving budget transfers, approving time sheets and leave requests, and approving the disposition of inventory.|
|Record Keeping||Record keeping is normally performed by an administrative employee. Examples include preparing travel vouchers, maintaining expenditure files or revenue records, maintaining payroll files, and maintaining inventory records.|
|Asset Custody||Asset custody duties are performed by any individual having access to or control over any physical asset. Examples include access to any funds through collection of funds or processing of payments, maintaining inventories, access to safes, lock boxes, etc.|
|Reconciliation||The reconciliation function is the process of reviewing and verifying transactions to ensure they are valid, properly authorized, and recorded on a timely basis. Examples include comparing billing documents to billing summaries, collections to deposits, etc.|
|Management Override||A well-designed control system, if set aside at management's discretion, can be equivalent to no control in terms of risk.|
|Access to Assets||The best way to safeguard assets is to control access to them.|
|Substance over Form||Controls may appear to be well-designed and still lack substance.|
|Conflicts of Interest||When an employee's loyalties are divided, there is a distinct risk the employee will choose a course of action detrimental to the organization.|
|Failure to Anticipate Certain Risks||Management may fail to anticipate certain risks, and thus fail to design and implement appropriate controls.|
|Collusion||Two or more employees may agree to circumvent internal controls.|