• Skip to Content
• Accessibility Policy
• Site Map

• AS Home Page
• Aztec Center
• Aztec Recreation (ARC)
• Viejas Arena
• Open Air Theatre
• Cultural Arts and Special Events (CASE)
• Mission Bay Aquatic Center (MBAC)
• Photo Gallery
• SDSU Children's Center
• Student Government
• Employment
• AS Administrative

Section 9 – Auditing and Internal Control

Section 9.1 – Internal Control

Date: 10/2/06 — Approved: Finance Board

Internal control procedures are to be an integral part of the financial and business processes and are not a superimposed set of requirements. The financial and business processes of the AS are to be developed and operated under a system of internal control that:

• Safeguards AS assets
• Checks the accuracy and reliability of accounting data
• Promotes operational efficiency and effectiveness
• Protects AS personnel
• Ensures adherence to prescribed managerial policies
• Ensures compliance with applicable policies and regulations

DEVELOPMENT AND IMPLEMENTATION

Directors, who have the responsibility for developing, operating, and supervising financial systems, also have the responsibility for developing and implementing adequate internal control systems. All internal control procedures are subject to the review of the AS Controller or delegate.

All internal control systems are to conform to generally accepted characteristics. These characteristics are:

• Organizational plans that provide appropriate segregation of functional responsibilities.
• Authorization and record-keeping procedures that give reasonable accounting control over assets, liabilities, revenues, expenses, and other changes in the balance of funds.
• Sound practices that insure a high degree of compliance with approved authorization and record-keeping procedures.
• Employees with capabilities sufficient to execute their prescribed responsibilities.

ORGANIZATIONAL PLAN

Responsibility, authority, operating policies, and procedures are to be clearly defined. Operating, custodial, accounting, and internal auditing functions are to be independent of each other. Ancillary records existing outside an AS division may serve as a control over AS divisions' activities.

Most transactions originate in service, and other areas outside the business office. They provide a separation of responsibilities that should be fully utilized in designing internal control system safeguards. The safeguards are designed to discourage or disclose fraudulent schemes and errors. Through checkpoints in the day-to-day operations and through regular reports produced, areas of concern and weaknesses should be highlighted and identified so prompt and corrective action is taken.

AUTHORIZATION AND RECORD-KEEPING

Appropriate records, forms, and reports are to be maintained, as well as a logical flow of record-keeping and approval procedures. Appropriate records include:

• Control accounts and subsidiary ledgers
• Meaningful classification of transactions
• Documented accountability where it serves a useful purpose

Policies and instructions regarding these operations are to be documented in procedural write-ups or manuals.

SOUND PRACTICES

Practices adopted should enhance the integrity of authorizations, recordings, and custody. Sound practices include a continuous review or internal check of routine transactions, whereby the work of one person is proved independent of or complementary to the work of another. Where feasible, there should be a division of duties and responsibilities so no person has complete control over all aspects of a financial transaction.

GUIDELINES FOR INTERNAL CONTROL OF ASSETS

Following are general guidelines for safeguarding assets:

• Assign responsibility and accountability for control of AS assets to two or more employees (for example, responsibility for ordering, receiving, and inventorying assets should be separated so that the same employee does not have all these responsibilities).
• Develop and distribute detailed division operating procedures that implement and are consistent with A.S. policy and procedures.
• Ensure that individual employees aware of the controls, boundaries, procedures, and practices.
• Regularly verify the continued maintenance of established controls and remedy violations through prompt, effective, and fair actions.

EMPLOYEE RESPONSIBILITY

A properly functioning internal control system depends on the selection of AS division heads and supervisors with ability and experience. The operating personnel must be capable of carrying out prescribed procedures efficiently and economically. Employees are to be trained in the position they will perform, and the necessity of adhering to outlined procedures and controls should be stressed to them. The employee's work should be carefully reviewed to determine if procedures are being followed. If not, corrective measures should be taken to correct the problems.

EXCEPTION TO CONTROL PROCEDURES

All internal controls are to be considered in the light of their economic utility, practicability, and protection of personnel. In instances where the cost of protection would far outweigh possible losses, or proposed controls would cause gross inefficiencies, it may be decided that certain controls are not feasible and another alternative may be more advisable.

REVIEW

Responsibility does not end with the implementation of control procedures initially considered necessary. The system of internal control must be under constant review by directors and supervisors at all levels to determine that:

• Prescribed policies are being interpreted properly and are being carried out.
• Changes in operating conditions have not made the procedures cumbersome, obsolete, or inadequate.
• Corrective measures are taken promptly when system breakdowns appear.

RISK ASSESSMENT

Risks, which could impact the achievement of AS, and division objectives, are to be identified and analyzed. Management should then use this information as a basis for deciding how these risks are managed and controlled.

SCOPE OF CONTROL

Appropriate processes are to be in place in all offices to provide reasonable assurance that operations are effective and there is compliance with applicable policies and regulations.

Need something else? Go back to the Table of Contents.