Office of Internal Control
Questions? Please contact the Internal Control team or our reporting hotline.
Questions? Please contact the Internal Control team or our reporting hotline.
Internal controls are the operating practices, reporting relationships, policies, and procedures adopted by the University to help achieve our goals and objectives. Within an internal control system, the most important element is the overall control environment: the organization’s ethical values, integrity, competence, and operating philosophy.
An Internal Control Program is the integration of the activities, plans, attitudes, policies and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its objectives and mission. Review a 2024 memo on internal control practices and procedures more information.
All New York State agencies, including SUNY campuses, are required by law to have an internal control program in place.
Upholding internal control compliance for the campus is a community effort. All UAlbany employees and students share responsibility for creating and maintaining a proper internal control environment. Maintaining proper internal controls is an ongoing task with new challenges and threats emerging every day.
All employees should routinely exercise judgment and act to protect the University and its resources from loss, waste or damage as well as ensure the accuracy and reliability of financial and other key data. All employees are expected to exhibit ethical values and integrity in their daily activities, seeking areas for improvement and acting in the best interests and protection of the University and the public.
Our office’s Internal Control Coordinator works with each campus unit to assess its vulnerability to risks, train employees on internal controls and review the internal controls in place.
To underscore managerial ownership of the University's system of internal controls and to ensure broad coordination of the campus' internal control program, oversight of the program is rested in the Enterprise Risk Management and Internal Control Steering Committee.
The following is an excerpt from the initial charge to the Committee:
Since the internal control plan is ubiquitous to the campus and is everyone's responsibility, particularly that of management, a successful internal control program needs broad buy-in. This can best be accomplished by directly involving a small group of highly placed personnel with a broad knowledge of campus operations and policy and strategic plan objectives, and the ability to effect change. The committee role is to assist in shaping all aspects of the campus approach to the internal control program, including organizing, educating, testing and reporting, and to champion the ideals of a strong internal control program in its representative areas.
Committee Chair: Anette Lippold, Chief Enterprise Risk Management & Compliance Officer
Committee Members:
Weisu Ampansiri, Internal Control Officer
Jim Bole, Chief Information Security Officer
Steve Galime, Associate Vice President for Academic Affairs
Chris Losavio, Corporate Controller for the University at Albany Foundation
Amanda Maleszweski, Chief Campus Counsel
Rick McGinn, Chief Financial Officer for the University at Albany Foundation
Cynthia Riggi, Assistant Vice President for Student Affairs & Enrollment
Fardin Sanai, Vice President of University Advancement
MO Schifley, Senior Director of Administration for University of Auxiliary Services
Jon St. Clair, Deputy Controller
Brian Stephenson, College of Arts & Sciences
Travis Wilson, Associate Athletic Director for Business
In 1987, the Legislature enacted a law entitled the New York State Governmental Accountability, Audit and Internal Control Act to formalize a system of productivity and accountability in all state agencies. The Act was updated and made permanent in Chapter 510 of the Laws of 1999.
Under the Act, all state agencies are required to institute a formal internal control program. This program is meant to enhance the integrity of operations, provide oversight to ensure that funds and resources are used efficiently and effectively, and give reasonable assurance that funds and resources are appropriately protected and managed.
The New York State Division of Budget (DOB) issued the Budget Policy and Reporting Manual Item B-350, Governmental Internal Control and Internal Audit Requirements, which requires all state agencies to perform certain internal control responsibilities and annually certify to DOB that they comply with those requirements.
The internal control responsibilities required by DOB are:
Establish and maintain guidelines for a system of internal controls.
Establish and maintain a system of internal controls and a program of internal control review.
Make available to each employee a statement of the policies and standards with which they are expected to comply, emphasizing the importance of internal controls and the responsibility of each employee for effective internal controls.
Designate an Internal Control Officer to implement and review the internal control program.
Implement education and training efforts to ensure that employees have adequate awareness and understanding of internal control standards.
Periodically evaluate the need to maintain an Internal Audit function.
The Office of the New York State Comptroller has published Standards for Internal Control in New York State Government.
SUNY Policy also includes Internal Control Program Guidance.
A successful internal control program depends on the participation of all employees at every level. Competence and professional integrity are essential components of a sound internal control program.
All employees should be aware of the University's mission and goals and their roles in attaining those goals. Being aware of your responsibilities as an employee can help provide reasonable assurance that the University's internal control systems are adequate and operating in an efficient manner.
All employees are responsible for the following:
Fulfilling the duties and responsibilities established in their job description and meeting applicable performance standards
Taking all reasonable steps to safeguard University assets and resources against waste, loss, damage, unauthorized use, or misappropriation
Reporting breakdowns in internal control systems or suggesting improvements to their supervisor
Refraining from using their position to secure unwarranted privileges
Attending education and training programs as appropriate to increase awareness and understanding
In addition to the above employee responsibilities, managers have these responsibilities:
Documenting policies and procedures that are to be followed in performing unit functions
Maintaining a work environment that encourages employees to understand the purpose of policies and procedures and that supports the maintenance of a positive internal control environment
Identifying the objectives for the unit and implementing cost effective internal controls designed to meet those objectives
Regularly testing the internal controls implemented to determine if they are functioning as intended
Listening to employee suggestions concerning the internal control systems
Making internal controls a consistent priority helps foster positive employee attitudes, which improve job performance and, in turn, the quality of internal controls. And, since internal controls are designed to improve operational and management efficiency, the internal control process should be one of continuous improvement.