Internal Controls Glossary of Terms.
Internal Controls |
The rules, and procedures implemented by an organization to ensure the integrity of financial and accounting information, promote accountability, and prevent fraud. |
COSO |
Stands for the Committee of Sponsoring Organizations of the Treadway Committee. It is a nationally recognized organization dedicated to is to helping organizations improve performance by developing thought leadership that enhances internal control, risk management, governance and fraud deterrence. |
Control Environment |
The set of standards, processes, and structures that provide a basis for carrying out internal control across the organization. |
Risk assessment |
The identification of circumstances that may impede the organization's ability to achieve its objectives, and the procedures in place to mitigate those risks. Steps for assessing risk include identifying threats, determining the severity and likelihood of a threat, and creating a risk management plan. |
Control activities |
the specific policies and procedures that help an organization identify priorities, achieve department goals, report reliably, meet compliance regulations, and protect University resources. |
Preventive controls |
Controls that work to stop improper transactions before they are processed. Examples of preventive controls include segregation of duties, security of assets, proper authorization, adequate documentation, policies and procedures, and training. |
Detective controls |
Controls that look for both fraudulent and unintentionally improper transactions after the fact. Examples of detective controls include reconciliations, variance analyses, physical inventories, audits, and continuous monitoring through data analytics. |
Corrective Controls |
The specific policies and procedures that help an organization identify priorities, achieve department goals, report reliably, meet compliance regulations, and protect University resources. |
Separation of duties |
A preventive control that divides the tasks of a transaction amongst different people. |
Authorization and Approvals |
A preventive control that ensures transactions are approved by someone with appropriate delegated approval authority.
|
Security and Access |
A preventive control that ensures equipment, inventories, cash, and other University property is safeguarded from loss or unauthorized use. |
Documentation |
A preventive control. The control that keeps track of the control decisions made by the university. |
Policies and Procedures |
A preventive control. Details the policies and procedures of the university. |
Training |
A preventive control. Provides employees with appropriate guidance to ensure they have the knowledge necessary to carry out their job duties and are provided with an appropriate level of supervision. |
Review and Reconciliation |
The process of routinely comparing transactions and activity to supporting documentation by someone other than the preparer or processor of the transaction. |
Ledger Review |
The process of analyzing a department's ledger transactions to provide reasonable assurance that the charges and credits are valid. |
Analytical Ledger Review |
A mandatory monthly review that can only be completed by Fiscal Officers. Intended as an analytical review of transactions that show trends as opposed to a line-by-line review. |
Management Ledger Review |
A monthly analytical review of transactions to be completed by MSOs, CAOs, or managers. |
Dean/VC Quarterly Ledger Review |
A quarterly analytical review to be completed by a member of the Dean or Vice Chancellor’s Office. The report itself can be reviewed by an Assistant Dean, Associate Vice Chancellor, Dean, Vice Chancellor Budget Analyst, or BIA Analyst. |
Physical Inventory Count |
The process of physically counting the university’s assets and comparing those amounts to the assets on record. |
User Access Review |
A detective control to periodically verify that only legitimate users have access to applications or infrastructure. |
Minimum Necessary Data Access |
The practice of ensuring data can only be accessed by authorized employees who have a legitimate reason to access it. |
Financial audit |
A review financial records to check for accuracy and completeness. |
Operational audit |
A review of an organization’s management practices. |
Compliance audit |
A review of an organization’s compliance with policies and laws. |
Information Technology Audit |
A review of an organization’s data security and integrity. |
Internal auditor |
Individuals who work for the university as internal employees to examine records and help improve internal processes such as operations, internal controls, risk management, and governance.
|
External auditor |
Individuals who come from outside the organization to examine financial records and processes and provide an independent opinion. |
Monitoring |
Assesses how internal controls perform over time. |
Fraud Risk Assessment |
A process for identifying and assessing the fraud risks of an organization. |
Management override |
The ability of management and/or those charged with governance to override internal controls.
|