Internal Control: SUNY Brockport

To all Faculty and Staff,

The New York State Governmental Accountability, Audit and Internal Control Act of 1987 requires all State- operated campuses of the State University of New York to establish and maintain a system of internal controls and an ongoing internal control program.

SUNY Brockport has adopted the State University of New York’s Internal Control Guidelines. This brochure is an abbreviated version of those Guidelines and references specific aspects of the University’s Internal Control Program.

As stewards of public funds and the education of our citizens, all employees of SUNY Brockport have a responsibility to ensure that we are as efficient and effective as possible within the confines of existing laws, policies and procedures. In that way, not only will we meet our internal control responsibilities, but we will be promoting our primary goal of student success.

SUNY Brockport’s Internal Control Program is essentially a program of review which helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending or other actions inconsistent with policy or in violation of the law. Simply stated, the University’s Internal Control Program is designed to review, critique and strengthen our existing systems and procedures.

Sincerely,
Heidi R. Macpherson, PhD, President

Internal Control

SUNY Brockport is a public university with funding coming from student fees and from taxpayer dollars through state appropriation. As a public university, we are accountable to the State of New York and its taxpayers. We are held to the highest standards of accountability and conduct. SUNY Brockport has several internal controls policies that are intended to protect the University and its employees. It’s important that you understand these policies and their application to your daily work. In short, internal control is everyone’s job.

What are Internal Controls?

Internal controls are the steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations, and related policies and procedures. They are the methods used to successfully organize and manage daily operations. Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.

WHAT TYPES OF INTERNAL CONTROLS ARE THERE?

Preventive: Designed to discourage errors or irregularities from occurring.
Detective: Designed to find errors or irregularities after they have occurred.
Corrective: Designed to ensure that remedial action is taken to reverse undesirable outcomes.

WHAT ARE THE types of RISKS RELATED TO INTERNAL CONTROLS?

Risk is anything that could negatively impact the University’s ability to meet its objectives. There are several types of risk:

Strategic: A risk that could prevent an area from accomplishing its objectives or meeting its mission.
Financial: A risk that could result in a negative financial impact to the University such as a waste or loss of assets.
Compliance and Regulatory: A risk that could expose the University to fines or penalties from a regulatory agency due to noncompliance with laws and regulations.
Reputational: A risk that could expose the University to negative publicity.
Operational: A risk that could prevent areas of the University from operating in the most effective and efficient manner or be disruptive to other areas of the University operations.

What is Your Responsibility?

Depending upon your position at the University, you may be designated as a respondent to the risk assessment survey, actively involved in the review process (e.g. answering questions, reviewing the draft report ,and providing feedback), or marginally involved by assisting your supervisor by gathering and providing documentation/data.

WHAT YOU CAN DO TO HELP

Follow the policies and procedures in place for your job.
Always secure your office or workspace when your leave.
Use University resources only in support of University goals, objectives, and programs.
Keep documents containing confidential or sensitive data in secure files.
Shred documents containing confidential or sensitive data when no longer needed.
Communicate problems with current procedures or suggestions for improvement to your supervisor.
Report any suspicious persons or activities to your supervisor and/or University Police.
Do not share or post computer passwords.
Always secure your computer when you leave which also applies to alternative work locations and when telecommuting.
Look for opportunities to reduce waste and improve efficiencies.