Main Page Content
- What is Internal Control?
- What are the basic premises of Internal Controls?
- What is the purpose of Internal Controls?
- Why is Internal Control important?
- Why does the College have an Internal Control Program?
- What is the purpose of a formal Internal Control Program?
- What are the components of Internal Controls?
- Who is responsible for Internal Control?
- What are the roles and responsibilities of Internal Control at the campus level?
- What are the SUNY Internal Control requirements?
- What are the five required elements of Internal Control?
- Why do campuses certify?
- What happens if a campus does not certify?
- If my area is selected for an Internal Control Review, will this reflect negatively on me as a manager/supervisor?
- Do I have to implement the recommendations from an Internal Control Review?
- How is fraud/theft reported?
Internal Control or an Internal Control Program is essentially a program of review. The Program helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending or other actions inconsistent with policy or in violation of the law. Simply stated, the College’s Internal Control Program is designed to review, critique and strengthen our existing systems and procedures.
Internal controls impact every aspect of an organization: all of its people, processes and physical structures. It is a basic element that permeates an organization – not a feature that is added on. It incorporates the qualities of good management. Internal controls are dependent upon people, and will succeed or fail depending on the attention people give to it. Internal controls are effective when all people and the surrounding environment work together and provide a level of comfort to an organization; controls do not guarantee success. Internal controls help an organization achieve its mission.
- To promote orderly, economical, efficient and effective operations and to produce quality products and services consistent with the organization’s mission
- To safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud
- To ensure adherence to laws, regulations, contracts and management directive, and
- To develop and maintain reliable financial and management data, and to accurately present that data in timely reports.
- Complying with laws and policies;
- Accomplishing the agency’s mission; collecting and maintaining
- Relevant and reliable data; is
- Economical by ensuring the efficient use of resources; and
- Safeguards assets.
An Internal Control Program is not just a good idea, it is the law set forth in the New York State Governmental Accountability, Audit and Internal Control Act, Chapter 510 of the Laws of 1999, which requires that all state agencies institute a formal internal control program.
To assure that the College and its departments/units meet their mission; the accomplishment of objectives and goals; the promotion of operational efficiency and economy; the safeguarding of assets; and encouraging adherence to laws, regulations and prescribed policies and procedures.
Organization, control environment, communication, assessing and managing risks, control activities, evaluation and monitoring are the key components of Internal Controls. Please access the Internal Control Definitions web page for additional information on these components.
Internal Controls are the responsibility of all employees. Everyone in the organization has responsibility for ensuring the internal control system is effective. The Chancellor has the ultimate responsibility and is required to establish and maintain guidelines for a system of internal controls and a program of internal control review, while System Administration monitors and reports on the status of campus programs. The College has primary responsibility to take actions to implement the Internal Control Act with the greatest amount of the responsibility being placed on the department/unit managers.
The College president sets the “tone at the top.” The Internal Control Officer is responsible for implementing, maintaining and reviewing internal controls. The Internal Control Coordinator and staff are responsible for the ongoing program reviews. Departmental Managers are responsible for the development, maintenance, documentation and enforcement of internal control systems; each supervisor is responsible for disseminating applicable internal control information and expectations to their direct reports. Each employee is responsible for adhering to established internal controls and all applicable management policies and standards issued by the State of New York, SUNY System or the SUNY College at Brockport.
SUNY policy outlines six required elements of the internal control program, of which only five are applicable to SUNY Brockport. System Administration has a March 31 deadline for New York State certification reporting requirements and a June 30 deadline for System-wide reporting requirements. The New York State certification and the System-wide reporting are self-assessments of the campus’ internal control program.
- Establish and maintain guidelines for a system of internal controls.
- Establish and maintain a system of internal controls and a program of internal control review which is designed to identify weaknesses and actions needed to correct these weaknesses.
- Make available to each employee a clear and concise statement of the University’s/campus’ generally applicable management policies and standards with which each employee will be expected to comply.
- Designate an internal control officer at the University and campus levels to implement and review the University’s/campus’ Internal Control Programs.
- mplement education and training efforts to ensure employee awareness and understanding of internal control standards and evaluation techniques.
These five required elements are certified each year by campus presidents.
Campuses certify to SUNY System Administration by policy and the compilation of these campus certification responses are provided to New York State by law.
The campus must submit a work plan outlining processes in order to become compliant. The campus most likely will lose procurement contract flexibility until certification is made.
If my area is selected for an Internal Control Review, will this reflect negatively on me as a manager/supervisor?
No, these are “friendly reviews” that are meant to ensure proper functioning and to assist in continuous improvement of operations. Unless deliberate fraud or similar activities are uncovered, these will not reflect negatively on the manager/supervisor.
Yes, it is required to implement recommendations from and Internal Control Review. Failure to make reasonable attempts to comply, or to provide alternative solutions, is not acceptable.
You may report fraud or theft to the Internal Control Officer via e-mail at email@example.com, or by accessing the SUNY website at http://www.suny.edu/universityauditor/reportfraud.cfm and using the Fraud Hotline. You will remain anonymous.
Managing Internal Controls, David R. Hancox, CIA, CGFM, Director, State Audit Bureau, New York State Comptroller's Office
New York State's Internal Control Program, Tom Lukacs, Division of Budget
Louis M. Spiro, Vice President for Administration and Finance, SUNY College at Brockport