Internal Control Program

 The New York State Governmental Accountability, Audit and Internal Control Act of 1987 requires all State operated campuses of the State University of New York to establish and maintain a system of internal controls and an ongoing internal control program.

The University at Albany's Internal Control Program helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending, or other actions inconsistent with policy or in violation of law. The specific objectives of the University at Albany's Internal Control Program are to ensure:

  1. The successful achievement of the University's mission;
  2. The accurate capture, maintenance and dissemination of institutional data;
  3. The assets are safeguarded;
  4. The programs and operations remain effective, efficient, and economical;
  5. The University is in compliance with applicable law, regulations, policies, and guidelines.

The University's Internal Control Program provides for a formal evaluation of the effectiveness of these systems and their individual control mechanisms. Where gaps or non-effective controls exist, they are identified and addressed on a reasonable timetable. The status of all recommendations is monitored and updated on a semi-annual basis as part of the University's Internal Control Program.

These are many major internal control systems that support the University's planning and operational processes. Some examples of the University's major internal control systems follow:

  • Education and other applicable law, policies, and regulations
  • Administrative procedure manuals
  • Policy handbooks and memoranda
  • Organization charts and decision-making hierarchies
  • Budget development and approval process
  • Chart of accounts
  • Internal audit activity
  • Equipment inventory system
  • Institutional data coordination
  • Position descriptions
  • Formal statements and policies governing hiring procedures

The University at Albany's Internal Control Program incorporates the following processes:

  1. Classifying the program and administrative functions necessary for the University to carry out its mission. Functions identified through this process are called "assessable units" and provide the framework for the program.
  2. Using assessable unit risk assessment surveys, the University constantly monitors and evaluates its susceptibility to conscious or unintended abuses, accounting or reporting errors, and reduced operational efficiencies. The surveys are evaluated and assigned a rating of low, average or high risk and are considered when prioritizing the scheduling of internal control reviews. Surveys will be conducted at least once every five years for each assessable unit.
  3. Internal control reviews analyze the activities of an assessable unit to see if procedures and policies are functioning as intended and that they assure the successful completion of the unit's objectives and goals. Examples of procedures and policies that may be reviewed include planning activities, program evaluations, and the budget cycle. Internal control reviews will be performed at least once every two years on assessable units that receive a high risk rating. All other assessable units will be reviewed at least once every five years.
  4. Internal controls are the responsibility of all employees. Managers are responsible for the development, maintenance, documentation and supervision of internal control systems. Likewise, each employee is responsible for adhering to established internal controls. 

    Training is an ongoing component of the University's Internal Control Program. The University provides training in several formats, including formal training sessions, written guidelines and memoranda, training films, and reference materials.