What is an Internal Control Program? 

Internal controls are the operating practices, reporting relationships, policies, and procedures adopted by the University to help achieve our goals and objectives. Within an internal control system, the most important element is the overall control environment: the organization’s ethical values, integrity, competence, and operating philosophy.  

An Internal Control Program is the integration of the activities, plans, attitudes, policies and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its objectives and mission. Review a 2024 memo on internal control practices and procedures more information.

All New York State agencies, including SUNY campuses, are required by law to have an internal control program in place.

UAlbany’s Internal Control Program

Upholding internal control compliance for the campus is a community effort. All UAlbany employees and students share responsibility for creating and maintaining a proper internal control environment. Maintaining proper internal controls is an ongoing task with new challenges and threats emerging every day. 

All employees should routinely exercise judgment and act to protect the University and its resources from loss, waste or damage as well as ensure the accuracy and reliability of financial and other key data. All employees are expected to exhibit ethical values and integrity in their daily activities, seeking areas for improvement and acting in the best interests and protection of the University and the public. 

Our office’s Internal Control Coordinator works with each campus unit to assess its vulnerability to risks, train employees on internal controls and review the internal controls in place. 

Enterprise Risk Management & Internal Control Steering Committee

To underscore managerial ownership of the University's system of internal controls and to ensure broad coordination of the campus' internal control program, oversight of the program is rested in the Enterprise Risk Management and Internal Control Steering Committee.  

The following is an excerpt from the initial charge to the Committee:

Since the internal control plan is ubiquitous to the campus and is everyone's responsibility, particularly that of management, a successful internal control program needs broad buy-in. This can best be accomplished by directly involving a small group of highly placed personnel with a broad knowledge of campus operations and policy and strategic plan objectives, and the ability to effect change.  The committee role is to assist in shaping all aspects of the campus approach to the internal control program, including organizing, educating, testing and reporting, and to champion the ideals of a strong internal control program in its representative areas. 

Committee Chair: Anette Lippold, Chief Enterprise Risk Management & Compliance Officer

Committee Members:

  • Weisu Ampansiri, Internal Control Officer

  • Jim Bole, Chief Information Security Officer  

  • Steve Galime, Associate Vice President for Academic Affairs  

  • Chris Losavio, Corporate Controller for the University at Albany Foundation  

  • Amanda Maleszweski, Chief Campus Counsel

  • Rick McGinn, Chief Financial Officer for the University at Albany Foundation  

  • Cynthia Riggi, Assistant Vice President for Student Affairs 

  • Fardin Sanai, Vice President of University Advancement 

  • MO Schifley, Senior Director of Administration for University of Auxiliary Services 

  • Jon St. Clair, Deputy Controller

  • Brian Stephenson, College of Arts & Sciences  

  • Travis Wilson, Associate Athletic Director for Business  

Related State Laws & Regulations
State Law 

In 1987, the Legislature enacted a law entitled the New York State Governmental Accountability, Audit and Internal Control Act to formalize a system of productivity and accountability in all state agencies. The Act was updated and made permanent in Chapter 510 of the Laws of 1999. 

Under the Act, all state agencies are required to institute a formal internal control program. This program is meant to enhance the integrity of operations, provide oversight to ensure that funds and resources are used efficiently and effectively, and give reasonable assurance that funds and resources are appropriately protected and managed. 

State Regulations 

The New York State Division of Budget (DOB) issued the Budget Policy and Reporting Manual Item B-350, Governmental Internal Control and Internal Audit Requirements, which requires all state agencies to perform certain internal control responsibilities and annually certify to DOB that they comply with those requirements.  

The internal control responsibilities required by DOB are: 

  • Establish and maintain guidelines for a system of internal controls. 

  • Establish and maintain a system of internal controls and a program of internal control review. 

  • Make available to each employee a statement of the policies and standards with which they are expected to comply, emphasizing the importance of internal controls and the responsibility of each employee for effective internal controls. 

  • Designate an Internal Control Officer to implement and review the internal control program. 

  • Implement education and training efforts to ensure that employees have adequate awareness and understanding of internal control standards. 

  • Periodically evaluate the need to maintain an Internal Audit function. 

The Office of the New York State Comptroller has published Standards for Internal Control in New York State Government

SUNY Policy also includes Internal Control Program Guidance

Employee & Manager Responsibilities 

A successful internal control program depends on the participation of all employees at every level. Competence and professional integrity are essential components of a sound internal control program. 

All employees should be aware of the University's mission and goals and their roles in attaining those goals. Being aware of your responsibilities as an employee can help provide reasonable assurance that the University's internal control systems are adequate and operating in an efficient manner. 

Employee Responsibilities

All employees are responsible for the following:

  • Fulfilling the duties and responsibilities established in their job description and meeting applicable performance standards 

  • Taking all reasonable steps to safeguard University assets and resources against waste, loss, damage, unauthorized use, or misappropriation 

  • Reporting breakdowns in internal control systems or suggesting improvements to their supervisor 

  • Refraining from using their position to secure unwarranted privileges 

  • Attending education and training programs as appropriate to increase awareness and understanding 

Manager Responsibilities

In addition to the above employee responsibilities, managers have these responsibilities: 

  • Documenting policies and procedures that are to be followed in performing unit functions 

  • Maintaining a work environment that encourages employees to understand the purpose of policies and procedures and that supports the maintenance of a positive internal control environment 

  • Identifying the objectives for the unit and implementing cost effective internal controls designed to meet those objectives 

  • Regularly testing the internal controls implemented to determine if they are functioning as intended 

  • Listening to employee suggestions concerning the internal control systems 

Making internal controls a consistent priority helps foster positive employee attitudes, which improve job performance and, in turn, the quality of internal controls. And, since internal controls are designed to improve operational and management efficiency, the internal control process should be one of continuous improvement. 

Internal Control Resources