The Internal Control Act of the State of New York requires Buffalo State to communicate the following information on agency responsibilities and standards:
The internal control standards define the minimum level of quality acceptable for internal control systems in operation and constitute the criteria against which systems are to be evaluated. These internal control standards apply to all operations and administrative functions (both manual and automated), but are not intended to limit or interfere with duly granted authority related to development of legislation, rule making, or other discretionary policy making in an agency.
- Reasonable Assurance. Internal control systems are to provide reasonable assurance that the objectives of the systems will be accomplished.
- Supportive Attitude. Managers and employees are to maintain and demonstrate a positive and supportive attitude toward internal controls at all times.
- Competent Personnel. Managers and employees are to have personal and professional integrity and are to maintain a level of competence that allows them to accomplish their assigned duties, as well as to understand the importance of developing and implementing good internal controls.
- Control Objectives. Internal control objectives are to be identified or developed for each agency activity and are to be logical, applicable, and reasonably complete.
- Control Techniques. Internal control techniques are to be effective and efficient in accomplishing their internal control objectives.
- Continuous Monitoring. Agency heads are to establish and maintain a program of internal review designed to identify internal control weaknesses and implement changes needed to correct the weaknesses.
- Documentation. Internal control systems and all transactions and other significant events are to be clearly documented, and the documentation is to be readily available for examination.
- Recording of Transactions and Events. Transactions and other significant events are to be promptly recorded and properly classified.
- Execution of Transactions and Events. Transactions and other significant events are to be authorized and executed only by persons acting within the scope of their authority.
- Separation of Duties. Key duties and responsibilities in authorizing, processing, recording, and reviewing transactions should be separated among individuals.
- Supervision. Qualified and continuous supervision is to be provided to ensure that internal control objectives are achieved.
- Access to and Accountability for Resources. Access to resources and records is to be limited to authorized individuals, and accountability for the custody and use of resources is to be assigned and maintained. Periodic comparison shall be made of the resources to the recorded accountability to determine whether the two agree. The frequency of the comparison shall be a function of the vulnerability of the asset.
Audit Resolution Standard
Prompt Resolution of Audit Findings. Managers are to (1) promptly evaluate findings and recommendations reported by auditors, (2) determine proper actions in response to audit findings and recommendations, and (3) complete, within reasonable time frames, all actions that correct or otherwise resolve matters brought to management’s attention.