University of Pittsburgh

Internal Controls Defined

Internal controls are broadly defined as processes, affected by the board of trustees, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  1. Reliability and integrity of financial and operational information.
  2. Effectiveness and efficiency of operations and programs.
  3. Safeguarding of assets.
  4. Compliance with laws, regulations, policies, procedures, and contracts.

Internal Audit assists the University in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement as part our internal auditing and consulting activity.

Below is a list of typical best business practices in maintaining an effective control environment:

  1. Set a strong example for the expectation of ethical behavior, compliance with laws/policies, and communicate your expectations routinely to your unit's personnel.
  2. Never sign something you do not understand.
  3. Limit signature authority and do not let anyone sign your name (an employee should sign their own name). Never use a signature stamp.
  4. If something does not make sense ask questions about it until it does. Pay attention to what your employees are doing.
  5. Be familiar with University policies and procedures. Be willing to call and ask questions.
  6. Consider unique risks your unit may have (i.e. cash collections, contracts and grants, etc.) and ensure additional oversight is provided.
  7. Ensure level reports are reconciled monthly and review this reconciliation for any unusual transactions.
  8. Do not let one employee have complete control of any process.
  9. Keep offices and labs locked to protect property, data, and other resources. (Remember to shred paper documents with identifying information.)
  10. Ensure University assets are used for University business.
Cathedral Images