Internal Control Responsibilities

Achieving your objectives with internal controls

Internal controls are the methods an organization uses to help ensure its objectives are met. Good internal controls can include practices such as:

  • Providing written guides to staff for consistent operations
  • Following university IT and cybersecurity policies and practices
  • Closely monitoring the use of procurement cards
  • Requiring locked offices to discourage theft
  • Reviewing monthly account statements to verify that transactions are reasonable

IU policies assign university leadership (vice presidents to fiscal officers to staff) with the responsibility to ensure a system of internal controls that support operations, reporting, and compliance.

Types of internal controls

Designed to prevent errors, fraud, and other irregularities from occurring
Designed to identify errors, fraud, or other irregularities after they have occurred

Operational Management

Department management is the first line of defense for effectively managing risk. Each unit, school, or department has responsibility for:

  • Establishing and overseeing systems of internal controls
  • Implementing good business practices
  • Monitoring for compliance with established practices

Campus and University Support Offices

The second line of defense includes offices with a broad oversight for risk management, policy development, and compliance. This includes offices such as:

  • Campus Finance and Administration
  • Office of the University Controller
  • University Treasurer's Office
  • Public Safety and Institutional Assurance
  • University Compliance Office
  • University Information Security Office

Internal Audit

As the third line of defense, Internal Audit provides an independent assessment to determine if internal controls developed by management are operating as intended. Auditors perform evaluations and make recommendations for improvements that strengthen the university's controls.

Learn more about internal controls

Read IU’s policy