Skip Navigation

The College at Brockport

 

INTERNAL CONTROL PROGRAM
2011-2012

TO ALL FACULTY AND STAFF:

The New York State Governmental Accountability, Audit and Internal Control Act of 1987 requires all State-operated campuses of the State University of New York to establish and maintain a system of internal controls and an ongoing internal control program.

The College at Brockport has adopted the State University of New York’s Internal Control Guidelines. This brochure is an abbreviated version of those Guidelines and references specific aspects of the College’s Internal Control Program.

The College at Brockport’s Internal Control Program is essentially a program of review. The program helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending or other actions inconsistent with policy or in violation of the law. Simply stated, the College’s Internal Control Program is designed to review, critique and strengthen our existing systems and procedures.

As stewards of public funds and the education of our citizens, it is the responsibility of all College employees to ensure that we are as efficient and effective as possible within the confines of existing laws, policies and procedures. In that way, not only will we meet our internal control responsibilities, but we will be promoting our primary goal of student success.

Sincerely,

John R. Halstead, PhD
President

Louis M. Spiro
Vice President for Administration and Finance
Internal Control Officer


INTERNAL CONTROLS ARE THE RESPONSIBILITY OF ALL EMPLOYEES

Each College at Brockport employee is responsible for adhering to established internal controls and all applicable management policies and standards issued by the State of New York, SUNY System Administration or The College at Brockport.

WHAT ARE INTERNAL CONTROLS?

Internal controls are the steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations, and related policies and procedures. They are the methods used to successfully organize and manage daily operations. Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.


INTERNAL CONTROL REQUIREMENTS

The Internal Control Act requires that all state agencies, including SUNY, institute a formal internal control program. Each agency shall:

  1. Establish and maintain guidelines for a system of internal controls.
  2. Establish and maintain an internal control system and internal control review process.
  3. Make a clear and concise statemetn of managerial policies and standards available to all employees.
  4. Designate an internal control officer.
  5. Provide internal control education and training.

WHAT ARE THE TYPES OF RISK?

Risk is anything that could negatively impact the College’s ability to meet its objectives. There are several types of risk:

Strategic:

A risk that could prevent an area from accomplishing its objectives or meeting its mission.

Financial:

A risk that could result in a negative financial impact to the College such as a waste or loss of assets.

Compliance and Regulatory:

A risk that could expose the College to fines or penalties from a regulatory agency due to noncompliance with laws and regulations.

Reputational:

A risk that could expose the College to negative publicity.

Operational:

A risk that could prevent the areas of the College from operating in the most effective and efficient manner or be disruptive to other areas of the College operations.


WHAT TYPES OF CONTROLS ARE THERE?

Preventive:

Designed to discourage errors or irregularities from occurring.

Detective:

Designed to find errors or irregularities after they have occurred.

Corrective:

Designed to ensure that remedial action is taken to reverse undesirable outcomes.

WHATIS THE INTERNAL CONTROL PROCESS AT THE COLLEGE AT BROCKPORT?

Assessing Risk:

A risk assessment survey is administered to the college community every three years.  The Internal Control Team analyzes the responses for topics such as general control environment, business continuity, cash management, records retention, and information security. A determination is made on the level of risk – low, moderate or high – an individual department may exhibit based on responses to the risk assessment.

Planning:

Once areas of risks have been determined, areas for review will be identified. A customized risk assessment will be administered to these selected areas to evaluate established controls.

Site Review:

Depending upon the area being reviewed, a site review may be as short as one day or as long as one week. Selected areas will be notified in advance that they have been chosen for a site review and will be instructed on how to prepare. Areas selected can anticipate the Team requesting access to files, software programs, offices, equipment, etc.

Feedback:

In the weeks following the site review, the area reviewed will be provided with a copy of the draft report for review and feedback. The Review Team will make edits to the draft report as appropriate

Final Report:

At the completion of the review process, the final report including recommendations for control improvements, is prepared and disseminated to the reviewed area. The report is retained by the Internal Control Program, and will be referred to during the next cycle of review (normally every three years). Information gathered from the site review will be reported on the annual certification required by SUNY and New York State.


WHAT DOES THE INTERNAL CONTROL PROCESS MEAN TO ME?

While every employee has the responsibility to help ensure that internal controls are effective by following policies and procedures and reporting problems or suggesting improvements, the executive staff, deans, directors and department managers have the greatest amount of responsibility.

Depending upon your position at the College, you may be designated as a respondent to the risk assessment survey, actively involved in the review process, i.e., answering questions, reviewing the draft report and providing feedback, or marginally involved by assisting your supervisor by gathering and providing documentation/data.  

RESOURCES

Internal Control Team

The Internal Control Team is comprised of the Internal Control Officer, Internal Control Coordinator, representation from the Offices of Budgeting, Student Accounts and Accounting, and Procurement and Payment Services.

Advisory Committee

The Internal Control Advisory Committee is comprised of the Internal Control Team and representation from all divisions of the College. This group is responsible for oversight of the Internal Control Program and educating members of the College community. Members from the Advisory Committee will be assigned as appropriate to assist with site reviews.

Training

The College developed three training approaches including online, printed materials, and presentations.  Management level staff must complete online training, and ensure their departmental employees complete an abbreviated version.

Online employee training materials can be viewed at http://brockport.edu/q/5ZB.

Online Resources

Access www.brockport.edu/intcontrol for additional online resources and information.


MORE INFORMATION

For more information regarding The College at Brockport’s Internal Control Program, please contact: 

Louis M. Spiro
Internal Control Officer
720 Allen Administration Building
(585) 395-2129
E-mail: lspiro@brockport.edu

The Public Officers Law is accessible at www.dos.state.ny.us/corps/oath.html.

Ethics Lawwww.nyintegrity.org/law/ethics.html.

To report fraud or theft, e-mail icontrol@brockport.edu or access the Fraud Hotline on the SUNY website at www.suny.edu/universityauditor/reportfraud.cfm. You will remain anonymous.


end bar

Click here for a printable (.pdf) version of the Internal Control Program brochure.