Internal Controls

What Are Internal Controls?

Internal controls are the policies, procedures, and practices that help our university operate effectively, protect our resources, and fulfill our mission to serve students and the public. In simple terms, they’re the everyday processes that ensure we do things the right way, every time.

Think of internal controls as the foundation that supports everything we do at the university. Whether you’re processing a purchase order, managing student records, handling funds, or overseeing facilities, internal controls help ensure these activities are carried out properly, ethically, and in compliance with applicable laws and regulations.

Why Internal Controls Matter in Higher Education

As a public university, we have a responsibility to be good stewards of public funds, student tuition and fees, and donor contributions. Strong internal controls help us:

  • Protect University Resources: Safeguard against fraud, waste, and misuse of funds and assets
  • Ensure Compliance: Meet federal, state, and institutional requirements for financial aid, research grants, and public accountability
  • Maintain Data Integrity: Protect sensitive student and employee information
  • Support Decision-Making: Provide accurate, reliable information for university leadership
  • Build Public Trust: Demonstrate responsible management to students, families, taxpayers, and donors
  • Achieve Our Mission: Enable effective operations that support student success and academic excellence

The Five Components of Internal Control

Our university’s internal control framework is built on five interconnected components:

1. Control Environment

This is the foundation of our control system—the culture and tone set by leadership throughout the university. It includes:

  • Ethical values and integrity demonstrated by all staff
  • Clear organizational structure and reporting lines
  • Commitment to competence and professional development
  • Accountability for performance and results

2. Risk Assessment

We regularly identify and analyze risks that could prevent us from achieving our objectives:

  • Financial risks (budget shortfalls, fraud, compliance violations)
  • Operational risks (technology failures, safety incidents)
  • Compliance risks (federal regulations, state requirements)
  • Reputation risks (data breaches, misconduct)

3. Control Activities

These are the specific policies and procedures that address identified risks:

  • Authorization and Approval: Ensuring proper authority for transactions and decisions
  • Segregation of Duties: Separating responsibilities to prevent errors and fraud
  • Documentation: Maintaining complete and accurate records
  • Physical Safeguards: Protecting assets and information
  • Performance Reviews: Monitoring and evaluating operations

4. Information and Communication

Reliable information must flow throughout the university to support decision-making:

  • Accurate and timely financial reporting
  • Clear communication of policies and procedures
  • Effective channels for reporting concerns
  • Regular updates on performance and compliance

5. Monitoring Activities

We continuously assess whether our internal controls are working effectively:

  • Ongoing monitoring by management
  • Independent evaluations by Internal Audit
  • Regular reviews of policies and procedures
  • Prompt correction of identified deficiencies

Internal Controls in Practice

Financial Controls

  • Budget Management: Regular monitoring of expenditures against approved budgets
  • Procurement: Following competitive bidding processes and vendor approval procedures
  • Cash Handling: Secure collection, recording, and deposit of university funds
  • Financial Reporting: Accurate and timely preparation of financial statements and reports

Academic Controls

  • Student Records: Protecting confidentiality and ensuring accuracy of academic records
  • Grade Management: Secure processes for recording and changing student grades
  • Degree Certification: Verification that students meet all graduation requirements
  • Grant Administration: Proper management of grants and compliance with sponsor requirements

Human Resources Controls

  • Hiring Processes: Fair and consistent recruitment and selection procedures
  • Background Checks: Appropriate screening for positions involving access to sensitive information or vulnerable populations
  • Payroll Processing: Accurate recording of time worked and proper authorization of pay changes
  • Performance Management: Regular evaluation and documentation of employee performance

Information Technology Controls

  • Access Management: Ensuring only authorized users can access systems and data
  • Data Backup: Regular backup and recovery procedures to protect critical information
  • System Security: Firewalls, antivirus software, and other protections against cyber threats
  • Change Management: Controlled processes for updating systems and software

Your Role in Internal Controls

Every member of the university community plays a vital role in maintaining effective internal controls:

For All Staff

  • Follow established policies and procedures
  • Complete required training and certifications
  • Report suspected violations or control weaknesses
  • Maintain confidentiality of sensitive information
  • Keep accurate and complete records

For Supervisors and Managers

  • Set a positive tone through your own actions
  • Ensure staff understand their responsibilities
  • Monitor compliance within your area
  • Address control deficiencies promptly
  • Support staff professional development

For Senior Leadership

  • Demonstrate commitment to ethical behavior
  • Provide adequate resources for control activities
  • Hold staff accountable for their responsibilities
  • Support the internal audit function
  • Ensure university-wide communication of control expectations

Continuous Improvement

Internal controls are not static—they must evolve as our university grows and changes. We regularly review and update our control procedures to address:

  • New regulations and compliance requirements
  • Changes in technology and business processes
  • Lessons learned from audits and assessments
  • Best practices from other higher education institutions

Contact Us

If you have questions about internal controls or need assistance with control-related issues in your department, please contact the Office of Internal Audit at ia@umw.edu or 540-654-1671.

Remember: Strong internal controls protect our university and enable us to better serve our students and community. Thank you for doing your part to maintain the integrity and effectiveness of our operations.