Types of Internal Controls

Preventative Controls

Preventative controls protect the University by eliminating problems before they happen.

  • Set the tone from the top regarding the importance of internal control and expected standards of conduct. Refer to the Control Environment.
  • Implement segregation of duties.
    • Divide duties among various people to reduce the risk of error and ensure that no one person has control over all aspects of a transaction. The same person should not prepare and approve a document.
    • Review and reconcile transactions on a regular basis, by someone other than the creator or approver of the transactions.
    • Segregate authorization, recording, and custody of cash handling functions.
  • Develop written policies and procedures for employees to follow as they carry out their job duties. These should be periodically reviewed and updated as necessary.
  • Ensure proper authorization and delegation of approval authority.
  • Enforce clear recordkeeping and documentation procedures.
  • Protect passwords and information.
  • Conduct pre-employment screening. Refer to the Pre-Employment Screening Policy for addition information and requirements.
  • Provide training to ensure employees understand their role in the internal control system and how their duties relate to the work of others.
    • Financial Services provides online tutorials, including Better Business Practices and Internal Controls, as well as in-person internal control training. Visit the Training & Tutorials webpage for additional resources and to request training.
  • Ensure employees know what to do if they suspect fraud or misuse of University assets. Refer to the policy on Misuse of University Assets.

Detective Controls

When preventative controls fail, detective controls can be used to identify potential errors and problems. The best use of these controls is to gauge how effective your preventative controls are and strengthen them, if possible.

  • Review financial statements and reports for irregularities. Reviews should be conducted at the manager, department and University level.
  • Review purchasing card statements for purchase appropriateness, allowability and/or proper allocation.
  • Employ monitoring procedures, such as exception reports, analytical reviews, budget to actual comparisons, current to prior period comparisons, trend analysis, and metrics monitoring. Investigate variances.
  • Secure access to physical equipment, cash, inventory, and supplies.
  • Conduct periodic counts of inventory, cash, and supplies and verify counts to records. Investigate differences.
  • Perform periodic physical inventory observations on assets and equipment and compare to asset records. Investigate differences.

Resources

If you need assistance or have questions on internal controls, contact us at compliance@fso.arizona.edu to schedule a time to discuss.

Financial Services Training and Tutorials
HR-401 Pre-Employment Screening Policy
Information Security Office (ISO)
Misuse of University Assets
University of Arizona Police Department Crime Prevention