Internal Control Self-Assessment Checklist

Unit management throughout the University is responsible to establish internal controls to keep their unit on course toward its financial goals, to help it achieve its mission, to minimize surprises and risks, and to allow the organization to successfully deal with change. Internal controls are defined as activities undertaken to increase the likelihood of achieving management objectives in three areas:

  • Efficiency and effectiveness of operations
  • Reliability of financial reporting
  • Compliance with laws and regulations

Some internal controls are established at the institutional level; others are established by unit management. To achieve success, unit management needs to (1) be knowledgeable about, and support, institutional controls, and (2) implement practical and effective internal controls specific to the particular unit. The following checklist is provided to facilitate a self-assessment of internal controls by management of individual departments.  It is intended to address general aspects of internal controls, and does not include specific controls applicable to individual units. Organization of the checklist is consistent with the five interrelated components of internal control defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). We encourage department heads and other unit management to use this self-assessment checklist to evaluate internal controls in their areas of responsibility.  Management should also add to the checklist other controls that apply specifically their units. Internal Audit would be pleased to consult on methods to improve your internal controls.

Internal Control Components

1. Control Environment

  • Integrity and Ethical Values
  • Commitment to Competence
  • Management's Philosophy and Operating Style
  • Organizational Structure
  • Assignment of Authority and Responsibility
  • Human Resource Policies and Practices

 2. Risk Assessment

  • Organizational Goals and Objectives
  • Risk Identification and Prioritization
  • Managing Change

 3. Control Activities

  • Written Policies and Procedures
  • Control Procedures
  • Controls over Information Systems

 4. Information and Communication

  • Access to Information
  • Communication Patterns

  5. Monitoring

  • Management Supervision
  • Outside Sources
  • Response Mechanisms
  • Self-Assessment Mechanisms