Home
Internal Control Responsibilities

Internal Control Responsibilities

Achieving your objectives with internal controls

Internal controls are the methods an organization uses to help ensure its objectives are met. Good internal controls can include such practices as:

Providing written guides to staff for consistent, efficient operations
Adhering to university IT and cybersecurity policies and practices
Closely overseeing the use of procurement cards
Requiring locked offices to discourage theft
Reviewing monthly account statements to verify that transactions are reasonable

IU policies assign university leadership (vice presidents to fiscal officers to staff) with the responsibility to ensure a system of internal controls that support operations, reporting, and compliance.

Types of internal controls

Preventive: Designed to prevent errors, fraud, and other irregularities from occurring
Detective: Designed to identify errors, fraud, or other irregularities after they have occurred

Risk management: the three lines of defense

A common internal controls strategy includes three lines of defense to support effective risk management within an organization. This model helps ensure that operating information is reliable and university resources are secured and used effectively. IU's implementation of the three lines of defense are below.

Operational Management

Department management is the first line of defense for effectively managing risk. Each unit, school, or department has responsibility for:

Establishing and overseeing systems of internal controls
Implementing good business practices
Monitoring for compliance with established practices

Campus and University Support Offices

The second line of defense includes offices with a broad oversight for risk management, policy development, and compliance. This includes offices such as:

Campus Finance and Administration
Office of the University Controller
University Treasurer's Office
Public Safety and Institutional Assurance
University Compliance Office
University Information Security Office

Internal Audit

As the third line of defense, Internal Audit provides an independent assessment to ensure that internal controls developed by management are operating as intended. Auditors perform evaluations and make recommendations for improvements that strengthen the university’s controls.

Learn more about internal controls

Read IU’s policy