Date Established: 5/11/2017
Date Last Updated:
Administration and Governance
Vice President for Finance and Administration
Be sure to disable the "shrink to fit" feature on your Internet browser's print dialog box.
This policy establishes a framework for a system of internal controls and communicates the university’s internal control objectives.
The University at Buffalo (UB, university) is committed to a strong system of internal controls focused on accountability and oversight of operations to reasonably assure that the university:
An effective system of internal controls is supported by best practices including, but not limited to:
The university’s internal control program is a system of accountability and includes all the plans and actions that assure reasonable control over university operations. Control activities, which occur throughout the organization at all levels and functions, help ensure that necessary actions are taken to address risk while achieving the university’s objectives. Internal controls are owned by the individuals performing the university’s operations and every employee is responsible for ensuring that the program is effective in achieving the university’s mission. Employee competence and professional integrity are essential components of a sound internal control program.
While internal controls, themselves, are owned by the employees responsible for the control, along with their managers or supervisors, the internal control program is supported at the highest levels of university management. Senior leadership provides guidance and the resources to maintain a successful program. The internal control program is enforced through thoughtful, risk-based assessments.
The university has adopted this policy in accordance with the State University of New York Internal Control Policy and the New York State Government Accountability, Audit and Internal Control Act. In addition, the university follows the Committee of Sponsoring Organizations (COSO) Integrated Framework.
An effective internal control system provides reasonable assurance that the university will achieve its mission. Reasonable assurance is a concept that recognizes the cost of internal controls should not exceed the benefits. Managers must use judgment and estimates to assess cost, benefit, and risk and develop controls that support achievement of department goals and adequately safeguard assets, provide reliable information, and meet compliance requirements.
This policy applies to all university entities.
Management-directed, -authorized, and -monitored performance, which includes periodically comparing actual with planned performance, and documenting these actions to provide reasonable assurance that organizational goals will be achieved.
The integration of the activities, plans, attitudes, policies, and efforts of the people of a department working together to provide reasonable assurance that the organization will achieve its objectives and mission.
Demonstrate behaviors that show a commitment to consistent and willing adherence to guidelines and policies as well as to ethical conduct in support of the mission of the university.
Errors and other deviations are kept to a tolerable level; for example, in the normal course of their assigned duties, employees will prevent errors or improper acts and will detect and correct them within a reasonable time, thereby mitigating their detrimental effects.
A probability or threat of damage, injury, liability, loss or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
(SMEs are identified across the university and specifically in high-risk areas including, but not limited to, Financial Management, Procurement Services, Human Resources, Information Technology, and Athletics)