General Internal Control Standards

This webpage is based off the brochure that has been posted around campus and is updated on an annual basis.

Main Page Content

To All Faculty and Staff

The New York State Governmental Accountability, Audit and Internal Control Act of 1987 requires all State-operated campuses of the State University of New York to establish and maintain a system of internal controls and an ongoing internal control program.

The College at Brockport has adopted the State University of New York’s Internal Control Guidelines. This brochure is an abbreviated version of those Guidelines and references specific aspects of the College’s Internal Control Program.

As stewards of public funds and the education of our citizens, all employees of The College at Brockport have a responsibility to ensure that we are as efficient and effective as possible within the confines of existing laws, policies and procedures. In that way, not only will we meet our internal control responsibilities, but we will be reinforcing our commitment to student success.

The College at Brockport’s Internal Control Program is essentially a program of review which helps to ensure that daily operating practices and procedures are sufficient to minimize the possibility of operational failure, overspending or other actions inconsistent with policy or in violation of the law. Simply stated, the College’s Internal Control Program is designed to review, critique and strengthen our existing systems and procedures.

Heidi R. Macpherson, PhD, President

Internal Controls are Everyone's Responsibility

The College at Brockport is a public university with funding coming from student fees and from taxpayer dollars through state appropriation. As a public university, we are accountable to the State of New York and its taxpayers. We are held to the highest standards of accountability and conduct. The College at Brockport has several internal control policies that are intended to protect the College and its employees. It’s important that you understand these policies and their application to your daily work. In short, internal control is everyone’s job.

What are Internal Controls?

Internal controls are steps taken by an organization to provide reasonable assurance that the organization functions in an efficient and appropriate manner consistent with its policy objectives, applicable laws, regulations, and related policies and procedures. They are the methods used to organize and manage daily operations successfully. Internal controls are an integral part of the operating procedures management uses to achieve its objectives and prevent undesirable results.

What is Your Responsibility?

Depending upon your position at the College, you may be designated as a respondent to the risk assessment survey, actively involved in the review process, e.g., answering questions, reviewing the draft report and providing feedback, or marginally involved by assisting your supervisor by gathering and providing documentation/data.

What are Some Risk Categories that Might Apply to Me?

  • Waste/abuse/misuse of institutional resources
  • Disclosure of confidential information
  • Intellectual property infringement
  • Time abuse
  • Improper giving/ receiving of gifts
  • Improper supplier/ contractor activity
  • Malicious/inappropriate use of technology
  • Falsification of or unauthorized signing of contracts/reports/records
  • Credentials misrepresentation
  • Donor stewardship
  • Cheating/plagiarism
  • Data privacy/integrity
  • Employee benefits

What are Some Things You Can Do?

  • Follow the policies and procedures in place for your job.
  • Always secure your office or workspace when you leave.
  • Use College resources only in support of College goals, objectives, and programs.
  • Keep documents containing confidential or sensitive data in secure files.
  • Shred documents containing confidential or sensitive data when no longer needed.
  • Communicate problems with current procedures or suggestions for improvement to your supervisor.
  • Report any suspicious persons or activities to your supervisor and/or University Police.
  • Do not share or post computer passwords.
  • Always secure your computer when you leave for the day.
  • Look for opportunities to reduce waste and improve efficiencies.

What are the Types of Risks Related to Internal Controls?

Risk is anything that could negatively impact the College’s ability to meet its objectives. There are several types of risk:

  • Strategic — A risk that could prevent an area from accomplishing its objectives or meeting its mission.
  • Financial — A risk that could result in a negative financial impact to the College such as a waste or loss of assets.
  • Compliance and Regulatory — A risk that could expose the College to fines or penalties from a regulatory agency due to noncompliance with laws and regulations.
  • Reputational — A risk that could expose the College to negative publicity.
  • Operational — A risk that could prevent areas of the College from operating in the most effective and efficient manner or be disruptive to other areas of the College operations.


Last Updated 10/27/20

Close mobile navigation