Home > Internal Controls > Definitions

Quick Reference Internal Control Dictionary

Adequate controls

Plans and organizational structures which provide reasonable assurance that organizational objectives can and will be achieved effectively and in an economically efficient manner.

Assessable Units

The result of segmenting the campus into areas that will be subjected to vulnerability assessments. The campus-wide inventory of these assessable units are broken down into categories based on a functional areas of the campus.

Internal Audit

An independent and objective assurance and consulting activity. It is intended to add value to an organizations operation as well making improvements at the same time. By the use of a systematic, disciplined approach to the evaluation and improvement of effective risk management, control, and governance processes, it helps organizations accomplish their objectives.

Internal Controls

Policies and procedures which help ensure that the Universities objectives and goals are met (as apposed to external controls which are regulations and laws.)

Internal Control Officer

This person has authority to act on behalf of the campus president. This person ensures the implementation and review of the campus Internal Control Program.

Internal Control Program

The Internal Control Program consists of two major processes which are the Internal Control Reviews, and the Vulnerability Assessments.

Internal Control Reviews

This is an ongoing and relatively in-depth activity. It identifies internal control weaknesses and the actions required to correct those weaknesses. Internal control reviews differ from audits in that they do not have to conform to Generally Accepted Accounting Standards (GAAS). They involve questionnaires, testing, flowcharts, and evaluation. They are conducted by the Internal Control Review Officer or Internal Control Coordinator.

Internal Control Systems

These are the major Policies, Laws, Regulations, Handbooks, Bulletins, Procedures, and Memoranda that the campus uses.

Subsequent Action

These are recommendations for action(s) derived from consideration of the vulnerability assessments. Once an overall vulnerability ranking is established for the assessable unit, the Internal Control Officer will use it along with his or her knowledge, experience, and judgment to make recommendations for subsequent actions to improve an area or unit.

Vulnerability Assessments

Sometimes called risk analysis, a vulnerability assessment is a systematic analysis done by management. The assessment will determine the relative risks posed to the campuses operations by a selected assessable unit. These assessable units can be operating facilities, buildings, programs or functions of the campus infrastructure. Once the assessment is completed by the departmental personnel using a questionnaire and pre-defined guidelines, they are submitted to the Internal Control Officer (ICO). The ICO will then review the results, determine the adequacy of controls, assess relevant risks, etc.. The ICO will request vulnerability assessments on a regular basis for review areas.