The Board of Trustees recognizes the need for, and the value of, a strong system of internal controls. Internal controls comprises methods and procedures adopted by the University, the State of Colorado, and the accounting profession.
Internal controls are intended to:
- safeguard assets
- ensure the accuracy and reliability of financial
and other data
- promote operational efficiency
- ensure adherence with applicable laws, policies and procedures
Internal controls consists of the following five interrelated components:
- control environment
- risk assessment
- control activities
- information and communication
Most every individual within the University has some role in effecting proper internal controls. The roles vary depending on the level of responsibility and the nature of the involvement of the individual. The Board of Trustees and the President set the "tone at the top" by ensuring the presence of integrity, ethics, competence, and a positive control environment. Senior managers, who are in charge of various campus units, have oversight responsibility for the internal controls within their units. Mid level managers and supervisory personnel are responsible for executing control policies and procedures at the detail level within a specific unit. Each individual within a unit should be cognizant of proper internal control procedures associated with his/her job responsibilities.
The role of Internal Auditing is to examine the adequacy and effectiveness of the various internal control systems on-campus and make recommendations in those areas where control improvements are needed. Since Internal Auditing must remain independent and objective, the internal audit function does not have the primary responsibility for establishing or maintaining the internal control systems. However, through the reviews performed and recommendations made by Internal Auditing, the effectiveness of the internal controls are enhanced.
Internal controls rely on the principle of checks and balances in the workplace. Examples of some of the controls which are used everyday include: signatory approval on a time sheet or departmental purchase order, the segregation of duties, the use of computer passwords to restrict access to unauthorized users, and the locking of file drawers and cabinets. These actions, along with other controls, protect the University from losses by limiting the presence of risk.