In an effective control environment, competent people understand their responsibilities and the limits of their authority, and are knowledgeable, mindful, and committed to doing what is right.
The university has adopted an internal control methodology developed by the Committee of Sponsoring Organizations (COSO), in which internal control is defined as a process implemented by management that provides reasonable assurance that:
- Operations are effective and efficient.
- Financial and operational reports are reliable.
- Compliance with applicable laws, regulations, and internal policies and procedures has been achieved.
COSO Components of Internal Control (listed in order of importance and effectiveness)
- The control environment sets the tone for the organization. Factors such as integrity, ethical values, competency, management philosophy, and operating style form the foundation for other components of internal control, and for providing discipline and structure.
- Risk assessment represents the identification of circumstances which may impede the organization's ability to achieve its business objectives, and the procedures in place that mitigate the identified risks.
- Control activities are undertaken by the organization to ensure compliance with sound business practices, including the development of policies and procedures, the review and approval of transactions, the segregation of duties, and account reconciliation. Control activities should be documented, including follow-up activities.
- Information and communication comprise the transmittal of quality data to the right people at the appropriate time to ensure employees have adequate information to effectively discharge their responsibilities. Effective communication must also occur in a broader sense throughout the organization.
- Monitoring activities assure that processes are working as intended and actions are taken to address problems with the quality of performance. This includes regular monitoring, management and supervisory activities.
The above internal controls definition was developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) which is recognized by the Office of the University Auditor.