Internal Controls

Internal Control Standards

Internal Control Standards

Internal controls must meet basic standards to ensure that adequate internal control systems are established and maintained. There are two types of internal control standards: general and specific. General internal control standards describe what we want to achieve while specific internal control standards tell us how to achieve those objectives. Below are examples of general and specific internal control standards. Each example is followed by a brief explanation.

General Standards

Reasonable Assurance: Internal control systems should provide reasonable assurance that the objectives of the organization will be accomplished.
Supportive Attitude: Managers and employees should maintain and demonstrate a positive and supportive attitude toward internal controls at all times.
Competent Personnel: Managers and employees should have personal and professional integrity and maintain a level of competence that allows them to accomplish their assigned duties, as well as understand the importance of developing and implementing good internal controls.

Control Objectives: Internal control systems should help to assure compliance with laws and that the campus meets its goals and objectives.

Control Techniques: These are the means to accomplishing the objectives of the internal control systems (i.e. Specific Internal Control Standards).

Specific Standards

Documentation: Adequate records of all internal control systems, transactions and events should be maintained.

Records: All transactions and events should be recorded promptly and accurately.

Authorization: All transactions and events should be authorized and executed by persons within the scope of their authority.

Structure: Key duties and responsibilities in authorizing, processing, recording and reviewing transactions should be separated.

Supervision: Adequate supervision must be provided to ensure that internal control objectives are achieved.

Security: Access and accountability to assets and records should be limited to authorized individuals.

» Basic Definition
» Internal Control Program
» Internal Control Foundations
» Segmentation
» Risk Assessment
» Preventative and Detective Controls
» Internal Control Standards
» Who's Responsible and For What?
» Training
» Summary
» Related Informational References