Risk Management Standards

Internal controls must meet basic standards to ensure that adequate internal control systems are established and maintained.

There are two types of internal control standards:

  1. General Internal Control Standards: Describe what we want to achieve.
  2. Specific Internal Control Standards: Tell us how to achieve those objectives.

General Standards

Reasonable Assurance: Internal control systems should provide reasonable assurance that the objectives of the organization will be accomplished.

Supportive Attitude: Managers and employees should maintain and demonstrate a positive and supportive attitude toward internal controls at all times.

Competent Personnel: Managers and employees should have personal and professional integrity and maintain a level of competence that allows them to accomplish their assigned duties, as well as understand the importance of developing and implementing good internal controls.

Control Objectives: Internal control systems should help to assure compliance with laws and that the campus meets its goals and objectives.

Control Techniques: These are the means to accomplishing the objectives of the internal control systems (i.e., Specific Internal Control Standards).

Specific Standards

Documentation: Adequate records of all internal control systems, transactions and events should be maintained.

Records: All transactions and events should be recorded promptly and accurately.

Authorization: All transactions and events should be authorized and executed by persons within the scope of their authority.

Structure: Key duties and responsibilities in authorizing, processing, recording and reviewing transactions should be separated.

Supervision: Adequate supervision must be provided to ensure that internal control objectives are achieved.

Security: Access and accountability to assets and records should be limited to authorized individuals.