Message From the President

Date: May 1, 2016

To: All Faculty and Staff

From: Robert J. Jones, President

Subject: Internal Controls

As we wind down another successful academic year, I want to take this opportunity to affirm my personal commitment to internal control awareness and proper risk management at the University at Albany and within our affiliated entities. Internal controls are the operating practices, reporting relationships, and policies and procedures adopted by the University to help achieve our goals and objectives. They help to ensure effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Internal Controls also help protect our valuable assets, data and other resources from breaches, theft and misuse.

Within an internal control system, the most important element is the overall control environment which is the organization’s ethical values, integrity, competence, and operating philosophy. The work undertaken by the University Office of Internal Controls tests the internal controls in each of the higher risk offices on campus on a regular basis. In addition, the Internal Control staff tries to keep proper internal controls on the minds of everyone here at UAlbany. However, in reality, each individual faculty and staff member and student here at the University at Albany and within our affiliated entities shares responsibility for creating and maintaining a proper internal control environment.

Maintaining proper internal controls is an ongoing task with new challenges and threats emerging every day. Therefore, it is simply not sufficient to attend internal control training once. Instead, regular reviews of our on-line internal controls training or a conversation with our internal control staff regarding new developments is always a good idea to make sure we are aware of our internal controls and data security challenges. The online internal control training presentations can be viewed 24/7/365 at http://www.albany.edu/internalcontrol/. In addition, access to a series of short training videos on data security awareness can be provided by contacting Assistant Internal Control Coordinator Weisu Fudge.

In addition, I ask each person on campus to do their part by properly securing personal or confidential information within their offices, avoiding the sharing of computer passwords or log-on information, turning off your office computer each night to reduce the threat of computer hacking and to allow for software security upgrades to be installed when you restart your computer, and to report any suspected breaches of proper internal control procedures, thefts, or misuse of information or assets to the University Internal Control Hotline at 518-437-4738. All calls to the Hotline are anonymous.

Over the upcoming year, I also request your full cooperation and attention as the campus undertakes a mandatory Payment Card Industry Data Security Standards (PCI compliance) review and certification. This critical certification is required in order for the University to continue to accept credit card payments and to protect the financial and personal information of our students, faculty, staff and other individuals making payments to the University via credit card.

Should you have questions about the University’s internal control program or want to schedule an office-wide training session or private consultation, please contact Kevin Wilcox our Campus Internal Control Officer or Jonathan St. Clair our Campus Internal Control Coordinator at 956-8120.

Thank you again for joining me in participating and cooperating in this important and ongoing endeavor.