Internal Controls

Internal Controls

Internal controls are used to mitigate risk, or anything that could negatively impact UVA’s ability to meet business objectives and realize our mission. Specifically, internal controls are implemented to:

  • Safeguard assets
  • Verify the accuracy and reliability of accounting data and other management information
  • Promote operational efficiency
  • Adhere to prescribed policies and compliance with federal and state regulations

Significant Fiscal Process

To test the effectiveness of control activities and document the results, a risk assessment is completed for each significant fiscal process. A fiscal process may be considered significant if it is associated with programs or activities that:

  • Consume a proportionally large share of agency resources
  • Have a high degree of public visibility
  • Represent areas of concern and high risk to mission-critical business processes for agency managers and stakeholders
  • Have a significant effect on general ledger account balances or the financial reporting process.

ARMICS & Internal Controls

  • Internal Controls Assessment:  Internal Controls Assessment at the Business Level.
  • ARMICS:  Internal Controls Certification on the State Level

Read more about ARMICS here. 

Internal Controls Assessment

 

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework

The COSO framework is the most broadly accepted standard for internal control in the United States and has been adopted by both federal and Commonwealth of Virginia agencies. The framework was established by a joint initiative of five private sector organizations and can be used to evaluate internal control systems. Please visit the Committee of Sponsoring Organizations (COSO) website for more information on the COSO Framework.

COSO Framework

 

 

 

 

 

 

 

 

 

 

 

Components of the COSO Framework

The COSO Framework is comprised of seventeen principles organized within five components.

Control Environment
  1. Demonstrates commitment to integrity and ethical values
  2. Exercises oversight responsibility
  3. Establishes structure, authority, and responsibility
  4. Demonstrates commitment to competence
  5. Enforces accountability
Risk Assessment

6. Specifies suitable objectives

7. Identifies and analyzes risk

8. Assesses fraud risk

9. Identifies and analyzes significant changes

Control Activities

10.  Selects and develops control activities

11.  Selects and develops general controls over technology

12.  Deploys control activities through policies and procedures

Information and Communication

13. Uses relevant information

14. Communicates internally

15. Communicates externally

Monitoring Activities

16. Conducts ongoing and/or separate evaluations

17. Evaluates and communicates deficiencies

 

Training

2023 Internal Controls Assessment for Business Units Survey Questions
Internal Controls Assessment for Business Units (Policies and Procedures)
more

FAQs

What is ARMICS (Agency Risk Management and Internal Control Standards)?
more

Forms

more

Policies

FIN-023: Reconciling Unit Accounting Records
FIN-021: Internal Control
more
Subscribe to Internal Controls