Business Policies and Procedures Manual
Chapter 10: Organization

Internal Control

BPPM 10.04

For more information contact:
    Finance and Administration


University management is responsible for establishing and maintaining an adequate system of internal control of University assets. Internal controls are necessary to ensure that University assets are not exposed to misappropriation or unauthorized access and use.

Internal Control

Internal control includes plans, methods, and procedures adopted by the University to safeguard University assets, check the accuracy and reliability of the accounting data, promote operational efficiency, and encourage adherence to applicable policies.

Internal control includes both internal accounting controls and administrative controls.

Internal Accounting Controls

Internal accounting controls are designed to ensure:

  • Obligations and costs comply with applicable laws, regulations, and policies.
  • Funds, property, and other assets are safeguarded against waste, loss, liability, unauthorized use, or misappropriation.
  • Assets, liabilities, equities, revenues, expenses, and budgetary transactions are properly authorized and recorded in order to prepare accurate accounts, reliable financial and statistical reports, and to maintain accountability over assets.
Administrative Controls

Administrative controls include all operational controls within the University. Their purpose is to ensure:

  • Economical, efficient, and effective compliance with University objectives;
  • Adherence to applicable laws, regulations, and policies;
  • Maintenance of reliable information for evaluating managerial and organizational performance.

Internal Control Officer

The Associate Vice President for Finance is the University’s Internal Control Officer. The Internal Control Officer is responsible for coordinating the University’s overall effort of evaluating, improving and reporting on internal controls.


Deans and area chief financial officers are responsible for internal control within their areas.

Annual Risk Evaluation

Each dean and area chief financial officer must sign and submit an annual Risk Evaluation to the Internal Control Officer.

Risk evaluations report the results of area compliance with internal control policy. Evaluations include:

  • Summary description of material internal control weaknesses, if any,
  • Brief, corrective action plan, and
  • Specific risk evaluation of asset and expense accounts, if required.

Basic Principles

Division of Duties

Ensure that no single individual has complete control over any type of asset in any University department. The work of employees handling University assets should be complementary to or checked by other employees. This practice provides a means for detecting errors and decreases the chance of fraud.

Fix Responsibility

Identify functions with individuals by using an organization chart.

Written Procedures

Supply employees with strict control procedures and ensure procedures are followed. Documented procedures ensure that operations continue if key personnel leave or take vacation.

Accounting Records

Maintain accurate accounting records in proper order.

Provide an authorization and record procedures system to ensure reasonable accounting control over assets, liabilities, revenues, and expenses. Include such forms as invoices, warrants, vouchers, and written receipts.

Current Records

Maintain current accounting records.

Rotation of Duties

Periodically rotate duties or have others perform the functions of vacationing employees. No single employee should continuously perform a function involving the control of University assets.

Other Sections

More specialized information regarding internal control is provided in other applicable BPPM sections.

Revisions:  Reviewed March 2007; September 1997 (new policy).