1. What are internal controls?
Internal control comprises the plan of organization and all of the coordinate methods adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies. This definition...recognizes that a system of internal control extends beyond those matters which relate directly to the functions of the accounting and financial departments.
2. So, what really are internal controls?
The above definition is the textbook definition. Simply put, internal controls are anything we do to help us achieve our objectives. We believe everyone uses internal controls in their typical daily activities such as the following:
- Did you lock your doors at home before leaving for work?
Probably so because you wanted to protect the assets in your home from theft.
- Do you write your PIN number on your debit card?
Probably not because you know if you lose your card, you would also most likely lose your money.
- Do you balance your bank statement each month?
Hopefully, because it ensures you know the correct balance in your account, ensures no one has inappropriately accessed your funds, and ensures that the bank hasn’t made mistakes in their records.
These items noted above, among other things, make up what we refer to as your personal internal control system. These are things you do to achieve your objectives in your own business and life. Many of these are simply logical, common-sense things you do every day. Just as we apply these things to our personal internal control system, we want to apply relevant controls to the University’s business and operational processes.
3. What is the purpose of internal control?
As noted above, the primary purpose is to help us achieve our objectives. Typically internal controls are noted for having four primary purposes:
- (1) to protect the University’s assets,
- (2) to ensure records are accurate,
- (3) to promote operational efficiency, and
- (4) to encourage adherence to policies and procedures.
4. Are there different types of internal controls?
Yes, generally speaking there are two types: preventative and detective controls.
Preventative Controls are designed to discourage errors or irregularities from occurring. (Example: processing vouchers only after approval signatures have been obtained.)
Detective Controls are designed to find errors or irregularities after they have occurred. (Example: reconciling monthly account statements.)
5. How can I be sure my unit has appropriate controls?
- Perform a self assessment of your controls. Contact Internal Auditing for assistance in this process.
- Request an internal control training session. Internal Auditing performs training on internal controls and what we believe are minimum requirements. Contact CSU-P’s Internal Auditor or the Director of Internal Auditing if you would like us to present on this topic to your unit.