E-1-4 Internal Control
I. Purpose
To provide reasonable assurance regarding the safeguarding of University assets and the achievement of operational, financial reporting, and compliance objectives.
II. Definitions
- Internal control: a process adopted by an organization’s Board of Trustees, administration, employees and others who are responsible for handling University transactions, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- efficiency and effectiveness of operations
- reliability and integrity of financial reporting
- compliance with applicable laws, regulations and policies
- safeguarding of assets
- Components of internal control:
- Control environment: the “tone at the top” that is the foundation for all other components of internal control, including such factors as the administration’s integrity, ethical values, operating style, and commitment to competence
- Risk assessment: the identification of relevant threats to the achievement of the University’s objectives
- Control activities: the policies and procedures, approvals, reconciliations, physical controls, segregation of duties, and other processes used to ensure the administration’s internal control objectives are carried out and risks addressed
- Information and communication: information systems used to identify, capture, process and report data that, along with other internal and external communications, provides the administration with reports on performance
- Monitoring: the process that assesses the quality of internal control activities as a part of regular administrative and supervisory responsibilities, including corrective actions when the system does not perform as intended
- Generally accepted accounting principles (GAAP): the standard framework of guidelines for financial accounting
- Cost object: a 10 or 12-digit number within the University’s accounting system where revenue, expense, balance sheet data, and/or other productivity measures for an organizational unit or project are recorded
- Clearing or suspense account: a temporary holding account used to house funds until an appropriate financial transaction can be recorded or an appropriate cost object can be created
- Financial reporting: summarization of financial data usually prepared at the end of an accounting period and used to assess the performance of an entity
- Costing practice: system of computing the cost of running a business by allocating expenses to various operations
III. Policy
- The Board of Trustees, President, executive and administrative officers, including but not limited to the Provost, executive vice presidents, vice presidents, Treasurer, Controller, associate/assistant vice presidents, associate/assistant provosts, deans and directors, area fiscal officers, appointed by the President, Provost, and executive vice presidents, chairs, directors, and others functioning as heads of units or projects, departmental unit administrators or equivalents, and those functioning as departmental business administrators (irrespective of job classification) are responsible for setting a tone of accountability and high ethical standards.
All employees are expected to:
- Comply with the requirements outlined in Governing Regulation, Part XIV, Ethical Principles and Code of Conduct, A01-005 UK HealthCare Code of Ethics, AR7:2 Research Conflict of Interest and Financial Disclosure Policy, and AR 7:9 Institutional Conflicts of Interest Involving Research; and
- Maintain a strong internal control environment for the University as defined in Business Procedure E-1-3 Fiscal Roles and Responsibilities in accordance with their roles.
- All units must have the control activities listed in Section IV (below) in place.
IV. Control activities
- Compliance with Policies and Procedures
All units must:- Reinforce the regulations as outlined in Governing Regulation, Part XIV, Ethical Principles and Code of Conduct, A01-005 UK HealthCare Code of Ethics, AR7:2 Research Conflict of Interest and Financial Disclosure Policy, and AR 7:9 Institutional Conflicts of Interest Involving Research, and identify and eliminate or manage conflicts of interest or conflicts of commitment within the meaning of the University’s rules;
- Comply with all aspects of contractual agreements for purchasing or providing goods and services;
- Comply with all University and unit-level policies and procedures including, but not limited to, the Governing Regulations (GR), Administrative Regulations (AR), Human Resources Policy and Procedure Manual, Business Procedures Manual (BPM); and University of Kentucky Information Technology policies;
- Follow the steps outlined in the appropriate Exit Checklist when an employee leaves the unit or the University; and
- Record all fiscal transactions including revenues, expenses, assets, and liabilities in the appropriate accounting period as required by generally accepted accounting principles and University policies.
- Approvals
All units must:- Delegate any signatory or approval authority only as permissible pursuant to Administrative Regulation 8:3 Contract and Transaction Approval Authority. The responsible officer retains responsibility for all transactions executed by the delegate; and
- Obtain proper approval before making a purchase based on procurement policies of the University.
- Reconciliations
All units must, in accordance with Business Procedure E-1-3 Fiscal Roles and Responsibilities, Section V, and E-17-6 Reconciliation and Review of Financial Transactions, reconcile monthly financial statements (ledger sheets) to the related supporting information in a timely manner per policy. Additionally, employees with reconciliation responsibilities are required to complete the Account Reconciliation web based training as part of the University’s Finance and Administration Specialized Training (FAST) Program. The reconciliation must include:- Ensuring there are no un-reconciled differences or material clearing account items; and
- Performing variance analysis to compare actual operational and/or financial data to planned performance targets.
- Safeguard University assets
All units must:- Physically secure and periodically count equipment, vehicles, inventories, cash and other assets as required by University and departmental policies;
- Properly record all types of property assets and related transactions including acquisition, disposal, and transfer;
- Ensure Off-Campus Equipment forms are completed when required;
- Write off obsolete inventories in accordance with E-10-2 Fiscal Year-End Closing - Inventories;
- Report lost and stolen items to the appropriate University officer and General Accounting as required by BPM E-12-4 Property Disposition.
- Maintain appropriate segregation of duties
- Distribute the functions of authorizing and recording transactions, performing reconciliations, and the physical control of related assets among several people or departments. Cash operations, payroll, purchasing (including procurement card management), and receiving are examples of areas where separation of duties is essential.
- In a small office where separation of duties is difficult, it is imperative that the supervisor review and approve all activity.
- Other Activities
All units must:- Take investigative and corrective actions when needed;
- Perform periodic self-audits of unit transactions to identify accounting errors, omissions and/or irregularities and to ensure understanding of policies; and
- Report any of the following fraudulent, ethical, or compliance-related issues to one of the appropriate University officials identified in “i” below:
- Violations or possible violations of applicable laws or regulations
- Allegations of fraud or suspected fraud reported by employees, former employees, or others
- Violations of Human Resources or payroll policies and procedures
- Any ethical or compliance-related issues, including conflicts of interest
- Any misuse of University assets or funds
- Communications from regulatory agencies concerning material noncompliance or deficiencies in financial reporting or costing practice
- Transactions or agreements that do not comply with policies
- Any significant deficiencies in the design or operation of internal control over financial reporting that are likely to adversely affect the University’s ability to record, process, summarize, and report financial data
- University employees should report suspected misappropriation of University assets to Internal Audit (IA) in one of the following ways:
- In-person at 1648 McGrathiana Pkwy Suite 340, Lexington, KY 40511
- By completing the anonymous contact form on UKIA’s webpage
- Emailing the Chief Accountability Officer and Audit Executive
- Calling UKIA's mainline 859-257-3126
- Calling the UK Anonymous Reporting Service at 877-898-6072
Revision Date