Internal Control

[1] Internal Control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

Key Concepts of Internal Control

Internal control is a process. It is a means to an end, not an end in itself. The goal is reliable financial reporting, effective and efficient operations, and compliance with laws and regulations.

Internal control is affected by people. It is not merely policy manuals and forms, but people's actions at every level of the organization.

Types, Objectives & Components

Consequences of Internal Control Failures

  • Errors or fraudulent activity
  • Inaccurate financial statements
  • Misappropriated assets
  • Audit findings and cost disallowance
  • Loss of grants and contracts
  • Lawsuits
  • Criminal/civil/administrative penalties
  • Negative publicity and damage to reputation
  • Loss of students and faculty members

Code of Conduct

The State of Arizona has established a Code of Conduct for employees engaged in accounting, financial and budgeting activities. According to the State of Arizona Accounting Manual, this code of conduct applies to all state employees at all state agencies. For University purposes, this includes anyone who:

  • Prepares, approves, or processes documents that result in a transaction in any University financial or accounting system
  • Obligates the University by entering into an agreement or other contract, purchase order, PCard transaction, etc.
  • Uses, analyzes, prepares reports or takes action based on accounting, financial or budgeting data from any University source
  • Has review or approval responsibilities for state, local or grant fund revenues or expenditures
  • Has responsibility for implementing or assuring the effective workings of internal control activities

Resources

1 Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (Executive Summary, May 2013), pg. 3.