Internal control is an ongoing process effected by the Board of Trustees, Chancellor and other personnel in the University, designed and implemented to provide reasonable assurance regarding the achievement of University objectives in the following categories:
- Effectiveness and efficiency of operations
- The reliability and integrity of financial reports
- Compliance with University bylaws, policies, procedures, contracts and regulations
It is not simply policy manuals and forms, but people functioning at every level of the University consistent with University policies, objectives, bylaws and regulations. Thus, internal controls are methods used to successfully organize and manage the University's operations and represent as an integral part of the operating procedures management used to reach University objectives and prevent undesired actions. Therefore, internal controls are the ultimate responsibility of management, which must design, implement and monitor the internal control processes.
Some examples of internal controls within the University are:
- Procedures used to adequately receive, record and deposit revenues
- Payroll processes to prevent the processing of fraudulent paychecks
- Security measures to prevent unauthorized access to buildings, University property files or information systems
- Accounting systems and data processing procedures used to accurately record information
- The University's decision-making structure to ensure appropriate levels of policy review and approval
The objective of internal controls is to minimize the potential exposure to risks, loss, misuse or unauthorized use of the University assets and resources.
The internal control framework at the University of Sharjah is based on the Committee of Sponsoring Organization (COSO) framework and consists of five interrelated components derived from University operations and administrative processes as follows:
Control Environment: The control conscience of the people is affected by the control environment, which represents the base for all other components of internal control. Control environment factors include the people attributes (integrity, ethical values and competence), the way management assigns authority and responsibility and organizes and develops people, and directions issued by the Board.
Risk Assessment: The University must be aware of any risks it faces. Objectives must be set to integrate key activities so that the University operates effectively. The University must also establish mechanisms to identify, analyze, and manage related risks.
Control Activities: The University must establish control policies and procedures and execute them to ensure that operations are performed properly so that the University's objectives may be effectively carried out.
Information and Communication: Information and communication systems surround activities. Those systems enable the University community to receive and exchange information needed to conduct, manage, and control operations.
Monitoring: All processes of the University must be monitored and modified as necessary.