SUNY Brockport is a public university with funding coming from student fees and from taxpayer dollars through state appropriation. As a public university, we are accountable to the State of New York and its taxpayers. We are held to the highest standards of accountability and conduct. SUNY Brockport has several internal controls policies that are intended to protect the University and its employees. It’s important that you understand these policies and their application to your daily work. In short, internal control is everyone’s job.
What are Internal Controls?
Internal controls are the steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations, and related policies and procedures. They are the methods used to successfully organize and manage daily operations. Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.
WHAT TYPES OF INTERNAL CONTROLS ARE THERE?
- Preventive: Designed to discourage errors or irregularities from occurring.
- Detective: Designed to find errors or irregularities after they have occurred.
- Corrective: Designed to ensure that remedial action is taken to reverse undesirable outcomes.
WHAT ARE THE types of RISKS RELATED TO INTERNAL CONTROLS?
Risk is anything that could negatively impact the University’s ability to meet its objectives. There are several types of risk:
- Strategic: A risk that could prevent an area from accomplishing its objectives or meeting its mission.
- Financial: A risk that could result in a negative financial impact to the University such as a waste or loss of assets.
- Compliance and Regulatory: A risk that could expose the University to fines or penalties from a regulatory agency due to noncompliance with laws and regulations.
- Reputational: A risk that could expose the University to negative publicity.
- Operational: A risk that could prevent areas of the University from operating in the most effective and efficient manner or be disruptive to other areas of the University operations.
What is Your Responsibility?
Depending upon your position at the University, you may be designated as a respondent to the risk assessment survey, actively involved in the review process (e.g. answering questions, reviewing the draft report ,and providing feedback), or marginally involved by assisting your supervisor by gathering and providing documentation/data.
WHAT YOU CAN DO TO HELP
- Follow the policies and procedures in place for your job.
- Always secure your office or workspace when your leave.
- Use University resources only in support of University goals, objectives, and programs.
- Keep documents containing confidential or sensitive data in secure files.
- Shred documents containing confidential or sensitive data when no longer needed.
- Communicate problems with current procedures or suggestions for improvement to your supervisor.
- Report any suspicious persons or activities to your supervisor and/or University Police.
- Do not share or post computer passwords.
- Always secure your computer when you leave which also applies to alternative work locations and when telecommuting.
- Look for opportunities to reduce waste and improve efficiencies.
RISK CATEGORIES THAT MIGHT APPLY TO YOU
- Waste/abuse/misuse of institutional resources
- Time abuse
- Disclosure of confidential information
- Intellectual property infringement
- Credentials misrepresentation
- Improper giving/receiving of gifts
- Improper supplier/contractor activity
- Malicious/inappropriate use of technology
- Falsification of or unauthorized signing of contracts/reports/records
- Donor stewardship
- Data privacy/integrity
- Employee benefits abuse
You can access the Fraud Hotline on the SUNY website.