Internal Controls & Risk Assessment

Why do we need strong Internal Controls?

Internal Controls, though often thought of as a necessary evil, are designed to protect yourself as well as your employees.  The goal of internal controls is to protect assets from the time they are received to the point at which they are booked and also to the point at which they are removed from the books. 

The USG Compliance Program states, “All members of the USG community should contribute to the success of the USG in a manner consistent with their duties and responsibilities.  Effective internal controls are one method that can be employed to assist the USG in achieving its mission. Internal controls are the processes employed at all levels to help ensure that USG business is carried out in accordance with BOR policies and procedures, institutional policies and procedures, applicable laws and regulations and sound business practices. Good internal controls promote efficient operations, accurate financial reporting, safeguarding of assets and responsible fiscal management” (Section 8.2.20.6).

Components of Internal Control

1. Control environment - establishes the foundation for the internal control system by providing fundamental discipline and structure

2. Risk assessment - involves the identification and analysis by management—not the internal auditor—of relevant risks to achieving predetermined objectives

3. Control activities - the policies, procedures, and practices that ensure management objectives are achieved and risk mitigation strategies are carried out

4. Information and communication - a component that supports all other control components by communicating control responsibilities to employees and by providing information in a form and time frame that allows people to carry out their duties

5. Monitoring - covers the external oversight of internal controls by management or other parties outside the process, or the application of independent methodologies, such as customized procedures or standard checklists, by employees within a process

For more examples of risks and related controls please view the GA Department of Audits and Accounts.