Skip navigation

Office of the Controller

Internal Control


About Controls

Internal controls are practices that protect or make more efficient use of the University's assets. They are the kinds of things you already do because they are generally just good business practices. Internal controls can involve anything from protecting computer files with passwords to making sure that the door is locked when everyone has gone home for the night.

Internal controls should be designed to assist in the following:

  • Safeguard University assets - well designed internal controls protect assets from accidental loss or loss from fraud.

  • Ensure the reliability and integrity of financial information - Internal controls ensure that management has accurate, timely and complete information, including accounting records, in order to plan, monitor and report business operations.

  • Ensure compliance - Internal controls help to ensure the University is in compliance with the many federal, state and local laws and regulations affecting the operations of our business.

  • Promote efficient and effective operations - Internal controls provide an environment in which managers and staff can maximize the efficiency and effectiveness of their operations.

  • Measure accomplishment of goals and objectives - Internal controls system provide a mechanism for management to monitor the achievement of operational goals and objectives.


Administrative management is responsible for maintaining an adequate system of internal control but every employee is responsible for following and applying internal control practices. Management is responsible for communicating the expectations and duties of staff as part of a control environment. They are also responsible for assuring that the other major areas of an internal control framework are addressed.

Types of Internal Controls

Preventive controls

are designed to discourage or pre-empt errors or irregularities from occurring

  • A computer application which checks validity prevents the entry of an invalid account number.
  • Reading and understanding University Human Resource policy regarding work hours, helps prevent violations of the Federal Fair Labor Standards Act.
  • A manager's review of purchases for propriety and validity prior to approval prevents inappropriate expenditures.

Detective controls

are designed to search for and identify errors after they have occurred.

  • Recociliations of monthly detail reports to departmental records detect incorrect or invalid entries or transactions.
  • Periodic physical inventory counts compared to departmental inventory records identify stolen or missing assets.
  • The manager's review of long distance telephone charges will detect improper or personal calls that should not have been charged to the account.
Auditors evaluate the effectiveness of an operation's internal controls by first gathering information about how a unit operates, identifying points at which errors or inefficiencies are possible, and identifying system controls designed to prevent or detect such occurrences. Then, they test the application and performance of those controls to assess how well they work. You can evaluate controls in your department's operations by following the same process.

Framework for Internal Control

The framework of a good internal control system includes:

Control environment:

A sound control environment is created by management through communication, attitude and example. This includes a focus on integrity, a commitment to investigating discrepancies, diligence in designing systems and assigning responsibilities.

Risk Assessment:

This involves identifying the areas in which the greatest threat or risk of inaccuracies or loss exist. To be most efficient, the greatest risks should receive the greatest amount of effort and level of control. For example, dollar amount or the nature of the transaction (for instance, those that involve cash) might be an indication of the related risk.

Monitoring and Reviewing:

The system of internal control should be periodically reviewed by management. By performing a periodic assessment, management assures that internal control activities have not become obsolete or lost due to turnover or other factors. They should also be enhanced to remain sufficient for the current state of risks.

Information and communication:

The availability of information and a clear and evident plan for communicating responsibilities and expectations is paramount to a good internal control system.

Control activities:

These are the activities that occur within an internal control system.

Control Activities

Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. This is not an all-inclusive list, but here are some examples of common control activities:

Segregation of Duties

Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For instance, responsibilities for authorizing transactions, recording them, and handling the related asset are divided.

Physical Controls

Equipment, inventories, securities, cash, and other assets are secured physically, periodically counted, and compared with amounts shown on control records. Access is restricted to those with authority to handle them.


Comparisons are made between similar records maintained by different persons to verify transaction details.

Policies and Procedures

Established policies, procedures, and even job descriptions provide guidance and training to ensure consistent performance at a required level of quality.

Transaction and Activity Reviews

Managers running functions or activities review performance reports. They may relate different sets of data - operating or financial - to one another, together with analyses of the relationships.

Information Processing Controls

A variety of controls are performed to check accuracy, completeness, and authorization of transactions. Data entered are subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, file totals are controlled, and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.

Contact Us

Office of the Controller
Bond Hall 230
118 College Drive #5143
Hattiesburg, MS 39406

Hattiesburg Campus

Campus Map