The New York State Governmental Accountability, Audit and Internal Control Act of 1987 requires all State-operated campuses of the State University of New York to establish and maintain a system of internal controls and an ongoing internal control program. SUNY Brockport has adopted the State University of New York’s Internal Control Guidelines.
The College’s Internal Control Program is essentially a program of review which helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending, or other actions inconsistent with policy or in violation of the law. Simply stated, the College’s Internal Control Program is designed to review, critique, and strengthen our existing systems and procedures.
What are Internal Controls?
Internal controls are the steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations, and related policies and procedures. They are the methods used to successfully organize and manage daily operations. Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.
WHAT TYPES OF INTERNAL CONTROLS ARE THERE?
- Preventive: Designed to discourage errors or irregularities from occurring.
- Detective: Designed to find errors or irregularities after they have occurred.
- Corrective: Designed to ensure that remedial action is taken to reverse undesirable outcomes.
WHAT ARE THE RISKS RELATED TO INTERNAL CONTROLS?
Risk is anything that could negatively impact the College’s ability to meet its objectives. There are several types of risk:
- Strategic: A risk that could prevent an area from accomplishing its objectives or meeting its mission.
- Financial: A risk that could result in a negative financial impact to the College such as a waste or loss of assets.
- Compliance and Regulatory: A risk that could expose the College to fines or penalties from a regulatory agency due to noncompliance with laws and regulations.
- Reputational: A risk that could expose the College to negative publicity.
- Operational: A risk that could prevent areas of the College from operating in the most effective and efficient manner or be disruptive to other areas of the College operations.
What is Your Responsibility?
Depending upon your position at the College, you may be designated as a respondent to the risk assessment survey, actively involved in the review process (e.g. answering questions, reviewing the draft report ,and providing feedback), or marginally involved by assisting your supervisor by gathering and providing documentation/data.
WHAT YOU CAN DO TO HELP
- Follow the policies and procedures in place for your job.
- Always secure your office or workspace when your leave.
- Use College resources only in support of College goals, objectives, and programs.
- Keep documents containing confidential or sensitive data in secure files.
- Shred documents containing confidential or sensitive data when no longer needed.
- Communicate problems with current procedures or suggestions for improvement to your supervisor.
- Report any suspicious persons or activities to your supervisor and/or University Police.
- Do not share or post computer passwords.
- Always secure your computer when you leave which also applies to alternative work locations and when telecommuting.
- Look for opportunities to reduce waste and improve efficiencies.
RISK CATEGORIES THAT MIGHT APPLY TO YOU
- Waste/abuse/misuse of institutional resources
- Time abuse
- Disclosure of confidential information
- Intellectual property infringement
- Credentials misrepresentation
- Improper giving/receiving of gifts
- Improper supplier/contractor activity
- Malicious/inappropriate use of technology
- Falsification of or unauthorized signing of contracts/reports/records
- Donor stewardship
- Data privacy/integrity
- Employee benefits abuse
You can access the Fraud Hotline on the SUNY website.