After the campus is segmented into assessable units, each unit's risk is assessed. This process may be done through a self assessment survey or a one-on-one discussion with the unit manager and the Internal Control Officer. By means of this evaluation, the campus evaluates its susceptibility to conscious or unintended abuses and reduced operational efficiencies. Some of the factors examined in the risk assessment are: inherent risk of the unit, management's attitude toward internal controls, physical location, frequency of review, and the rate of personnel turnover.
Upon completing a risk assessment, a rating of low, average or high risk is assigned to the assessable unit. These ratings are considered when scheduling internal control reviews.
Internal Control Review
The internal control review analyzes procedures and policies to insure they are functioning as intended and that they assist the unit in meeting its goals and objectives. Examples of procedures and policies that may be reviewed include, planning activities, program evaluations, the budget cycle, personnel transactions, and information systems, cash activities, contract management and capital programs.
Upon completion of the internal control review, recommendations may be made. The recommendations may require adding, deleting or changing internal controls or procedures for the unit. If recommendations are accepted, a timetable for implementation is agreed upon.
Follow-UpThe final component in the internal control process is follow-up. This step is performed to verify that the recommended actions have been properly implemented and that the unit continues to function as intended.
» Basic Definition
» Internal Control Program
» Internal Control Foundations
» Risk Assessment
» Preventative and Detective Controls
» Internal Control Standards
» Who's Responsible and For What?
» Related Informational References