What is internal auditing and what are internal controls?
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit evaluates whether a process leading to the identification of risks is working well, checks whether internal controls already in place are working according to the way they are intended to, and evaluates an organization’s governance system and process.
Internal controls are made up of procedures, policies and measures designed to make sure that an organization meets its objectives, and that risks that can prevent an organization from meeting its objectives are mitigated. While the Internal Audit function is performed by internal auditors, Internal Control is the responsibility of operational management functions. Internal controls are designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations.
- Reliability of financial reporting.
- Compliance with applicable laws and regulations.
What can my department do?
Control activities include, but are not limited to, the following:
Segregation of Duties: Implement segregation of duties where duties are divided, or segregated, among different people to reduce risk of error or inappropriate actions. No one person has control over all aspects of any financial transaction.
Authorizations: Make sure transactions are authorized by a person delegated approval authority when the transactions are consistent with policy and funds are available.
Reviews and Reconciliations: Ensure records are routinely reviewed and reconciled, by someone other than the preparer or transactor, to determine that transactions have been properly processed.
Physical Security and Accountability: Make certain that equipment, inventories, cash and other property are secured physically, counted periodically, and compared with item descriptions shown on control records.
Training: Provide employees with appropriate training and guidance to ensure they have the knowledge necessary to carry out their job duties, are provided with an appropriate level of direction and supervision, and are aware of the proper channels for reporting suspected improprieties.
Policies and Procedures: Make sure university and departmental level policies and operating procedures are formalized and communicated to employees. Documenting policies and procedures and making them accessible to employees helps provide day-to-day guidance to staff and will promote continuity of activities in the event of prolonged employee absences or turnover.
