University of Illinois System
Policies & Procedures
Last item for navigation

9.1 Internal Control Responsibilities

Policy Statement

All employees are responsible for safeguarding system resources and assets to ensure that they are used only for authorized purposes. Unit heads are responsible for implementing systems of internal control and proper segregation of duties to avoid mismanagement, fraud, theft, or personal use of system resources and assets. All employees are responsible for reporting fraudulent activities or misconduct.

All internal control procedures are subject to the review of the Office of University Audits and the Office of the Chief Financial Officer, as well as external auditors such as those commissioned by the Illinois Auditor General and other state and federal agencies.

Reason for the Policy

Internal controls are intended to prevent errors or irregularities, identify problems, and ensure that monitoring and corrective action is taken.

Applicability of the Policy

Employees and units are responsible to comply with laws, rules, regulations, policies and procedures, and other internal control practices and structures related to the performance of their duties and operations.

Procedure

Internal control is a term used to describe a variety of procedures that prevent or detect unintentional misstatements (errors) or intentional misstatements (irregularities). There are four general types of internal controls:

  • Directive: Procedures to communicate what the rules are, or what should happen. For example, posted safety procedures or policies and procedures at the system, university, and unit levels are directive controls.
  • Preventive: Procedures to keep errors or irregularities from happening. For example, segregation of duties, and designation of approval authority and spending limits are preventive measures.

  • Detective: Procedures to identify errors or irregularities as they happen or shortly after they happen. For example, detailed account reconciliations and budget variance reports are detective controls.

  • Corrective: Procedures to correct any errors that are identified. For example, when an error is made, employees should follow whatever procedures have been put into place to correct the error, such as reporting the problem to a supervisor. Training to strengthen staff knowledge in areas where weaknesses are identified is another example of a corrective internal control.

Consult the Office of University Audits for additional information and training.

All employees are responsible for knowing the policies, procedures, and processes related to their position. Employees should be properly trained to correctly process transactions related to assigned duties and responsibilities. Employees should consult Job Aids and Training Materials for resources related to various business systems and processes.

Unit heads are responsible for establishing an operational environment that supports proper internal controls and segregation of duties as outlined in, 9.1.1 Unit Head Responsibilities for Internal Controls.

Reporting Fraud or Misconduct, Whistleblower Protection, and Investigations

Fiscal Control and Internal Auditing Act (FCIAA)
FCIAA (BusFin)
Office of University Audits

Last Updated: May 21, 2020 | Approved: Senior Associate Vice President for Business and Finance | Effective: December 2014