Internal Control and Enterprise Risk Management Standards
Internal controls must meet basic standards to ensure that adequate internal control systems are established and maintained.
There are two types of internal control standards:
- General Internal Control Standards: Describe what we want to achieve.
- Specific Internal Control Standards: Tell us how to achieve those objectives.
Reasonable Assurance: Internal control systems should provide reasonable assurance that the objectives of the organization will be accomplished.
Supportive Attitude: Managers and employees should maintain and demonstrate a positive and supportive attitude toward internal controls at all times.
Competent Personnel: Managers and employees should have personal and professional integrity and maintain a level of competence that allows them to accomplish their assigned duties, as well as understand the importance of developing and implementing good internal controls.
Control Objectives: Internal control systems should help to assure compliance with laws and that the campus meets its goals and objectives.
Control Techniques: These are the means to accomplishing the objectives of the internal control systems (i.e., Specific Internal Control Standards).
Documentation: Adequate records of all internal control systems, transactions and events should be maintained.
Records: All transactions and events should be recorded promptly and accurately.
Authorization: All transactions and events should be authorized and executed by persons within the scope of their authority.
Structure: Key duties and responsibilities in authorizing, processing, recording and reviewing transactions should be separated.
Supervision: Adequate supervision must be provided to ensure that internal control objectives are achieved.
Security: Access and accountability to assets and records should be limited to authorized individuals.