What are internal controls and why are they important?

Internal controls are the procedures put in place to help achieve the objectives of the university relating to financial, strategic, and academic initiatives. Good controls encourage efficiency, compliance with laws, regulations and university policies, and seek to eliminate fraud and abuse.

Some everyday internal control procedures include:

Most internal controls can be classified as preventive or detective. Preventive controls are designed to avoid errors or irregularities from occurring initially. A few examples are:

Detective controls are designed to identify an error or irregularity after it has occurred. These controls are performed on a routine basis to identify any issues that pose potential risks to the University on a timely basis.

Establishing effective internal controls can help a department operate more efficiently and effectively and provide a reasonable level of assurance that the processes and products for which it is responsible are adequately protected.

Employees' Role in Internal Controls

Everyone within the University has some role in internal controls. An individual’s responsibility depends mainly on the level of involvement at the university. The Board of Trustees, President and senior administrators establish the presence of integrity, ethics, competence and a positive control environment. The department directors and managers are responsible for establishing and maintaining internal controls within their departments. Other department personnel are responsible for executing control policies and procedures established by department heads.

The Internal Auditor’s function at the University is to examine the adequacy and effectiveness of the university internal controls and make recommendations where control improvements are needed. In order to objectively evaluate controls, Internal Auditors strive to maintain independence from daily operations; therefore, we usually do not create and maintain internal controls used by the departments. However, controls may be enhanced through the reviews performed and recommendations made by Internal Auditing.

What can jeopardize internal controls?

While many circumstances may compromise the effectiveness of your internal control structure, a few of the most common and serious of these warrant special mention:

Inadequate Segregation of Duties - (Our most common audit finding) - Separating responsibility for physical custody of an asset from the related record keeping is a critical control.

Inappropriate Access to Assets - Internal controls should provide safeguards for physical objects, restricted information, critical forms, and update applications.

Inadequate Knowledge of Marquette University Policies -The university is not a static environment -- new policies and policy revisions are a part of our continual evolution. All University Policies and Procedures are available at Managers must stay abreast of these changes and understand their responsibilities.

Form Over Substance - Controls can appear to be well designed but still lack substance, as is often the case with required approvals.

Control Override - Exceptions to established policies are sometimes necessary to accomplish a specific task, but can pose a significant risk if not effectively monitored and limited.

Inherent Limitations - There is no such thing as a perfect control system. Staff size limitations may obstruct efforts to properly segregate duties, which requires the implementation of compensating controls to ensure that objectives are achieved. A limitation inherent in any system is the element of human error (misunderstandings, fatigue, and stress).

How much do internal controls cost?

The cost of implementing a specific control should not exceed the expected benefit of the control.

Sometimes there is no out-of-pocket cost to establish an adequate control. A realignment of duty assignments may be all that is necessary to accomplish the objective.

A well-designed internal control structure can enhance operations by improving your department's overall efficiency and effectiveness, as well as, reducing the risk of loss or theft.

In analyzing the pertinent costs and benefits, managers should also consider the possible ramifications for Marquette University at large and attempt to identify and weigh the intangible as well as the tangible consequences.


Mission Statement

The Risk Unit is responsible for evaluating loss exposures, assessing liability, handling claims, promoting internal controls and developing effective safety and health programs. The corporate and student insurance plans are managed by this unit.