Internal Control 101

Internal Control Do’s and Don’ts 

Do

Don’t

Review and approve for accuracy and compliance

Initiate and Approve – always have a second set of eyes

Document Procedures

Use pre-ordered signature stamps – could fall into the wrong hands

Deposit Cash Daily (if feasible)

Pre-sign blank checks

Secure funds at all times

Hire into a position that does not have a budget

Review Budget/Revenue reports for errors

Use restricted funds for purposes other than the intended purpose from the donor

Separate out duties (where feasible)

Let other’s sign your name

Keep access to confidential information limited

Share passwords or usernames

Submit Budget Amendments BEFORE spending the funds

Disburse funds without supporting documentation

Develop a plan when reorganizing

Do not destroy/shred un-cashed checks; return to Financial Services

 Internal Control – Myths & Facts  

Myth

Fact

Internal controls result from a strong set of policies and procedures (i.e., “If a policy does’t exist, we don’t have to do it”).

Internal controls are based on a strong control environment and solid business practices that, in most cases, will be supported by policies; however, lack of formal policies does not preclude good business practices.

Internal controls? That’s why we have internal auditors.

Management and departmental personnel are the owners of internal controls.

Internal controls are all about finance and accounting. We do what the USG or Department of Finance and Administration tells us to do.

Internal controls are integral to every aspect of business.

Internal controls are essentially negative, like a list of “thou shalt nots.”

Internal controls make the right thing happen the first time.

Internal controls are a necessary evil. They take time away from our core activities and responsibilities.

Internal controls should be built into, not onto, business processes.

If controls are strong enough, we can be sure that errors and irregularities will always be detected.

Internal controls provide reasonable, but not absolute, assurance that the organization’s objectives will be achieved.


Taken from https://www4.vanderbilt.edu/internalaudit/internal-control-guide/myths.php