Indiana University Seal

Internal ControlsFIN-ACC-I-470


All Indiana University units and employees.

Back to top

Policy Statement

The Board of Trustees and the President of Indiana University are committed to a solid structure of internal controls. The University considers internal controls to be crucial in providing reasonable assurance regarding the safeguarding of University assets and the achievement of operational, financial reporting and compliance objectives.

The Trustees, President, university and campus administrators, deans, department chairs, and directors are responsible for setting a tone of accountability, high ethical standards and business conduct expectations.

The Office of the Vice President and Chief Financial Officer (VPCFO) is responsible for insuring that an adequate internal control structure is in place. In this role the VPCFO’s office will insure that appropriate documentation and guidance exist in the form of Financial Policies and Standard Operating Procedures, that appropriate business rules and controls have been incorporated into financial systems, and that a tone of ethical behavior and compliance is maintained by senior financial administrators.

It is the responsibility of the vice-presidents, campus administration, deans, department chairs, directors, and the fiscal officers of the university to build and maintain an internal control environment at the responsibility center and department level. This responsibility includes requiring that staff are well trained, educated on university financial policies, and that a tone of ethical behavior and compliance is maintained by leadership of the responsibility center or department.

The Internal Audit Department is responsible for the independent review and assessment of the adequacy and effectiveness of internal controls at all levels of the University.

Back to top

Reason for Policy

To establish responsibility for internal controls and convey the importance of internal controls for an organization.

Back to top


Unit’s soliciting advice on financial and control procedures should contact Financial Management Services (FMS), their Responsibility Center Fiscal Officer, or their campus Vice Chancellor of Finance. Since the Internal Audit Department must remain independent and objective, they will not have any responsibility for establishing or maintaining the University internal control systems.

Back to top


Internal Controls: A system consisting of specific policies and procedures designed to provide management with reasonable assurance that the goals and objectives it believes important to the entity will be met.

Internal controls exist in order to promote operational efficiency and effectiveness, provide reliable financial information, safeguard assets and records, encourage adherence to prescribed policies and comply with regulatory agencies.

The basic concepts of internal controls would indicate that:

  • Management, not auditors, must establish and maintain the entity’s controls.
  • The internal control structure should provide reasonable assurance that financial reports are correctly stated.
  • No system can be regarded as completely effective.
  • Controls should be applied to manual and computerized systems.

The detailed objectives of internal controls are to insure that at the transaction level, the transactions are valid, properly authorized, recorded, properly valued, properly classified, recorded at the proper time, are in subsidiary records and are correctly summarized.

An internal control environment consists of management’s philosophy and operating style which includes the tone at the top that is set by the board and senior executives of an entity. It should also include:

  • The integrity and ethical values of the University’s employees.
  • An organizational structure that promotes separation of duties and decreases conflicts of interest.
  • The assignment of authority and responsibility so people understand their roles and responsibilities.
  • Competent, knowledgeable personnel who are informed of policies and procedures and have the proper training and ongoing development.
  • Communication of pertinent issues.
  • Information systems that have built-in business rules and controls.
  • An Internal Audit function.
  • External influences that include external auditors and an adherence to compliance guidelines and standards.

Back to top


This policy was established on December 1, 2004.

Back to top