Departments

• Home
• Balancing Risks & Controls
• Balancing Risks and Controls

Balancing Risks and Controls

To achieve goals, management needs to effectively balance risks and controls. By performing this balancing act "reasonable assurance" can be attained. As it related to financial and compliance goals, being out of balance causes the following problems:

Excessive Risks Loss of Assets Poor Business Decisions Noncompliance Increased Regulations Public Scandals

Excessive Controls Donors or Grants Increased Bureaucracy Reduced Productivity Increased Complexity Increased Cycle Time Increase of Nonvalue Activities

Internal controls should be proactive, value-added, and cost-effective. In summary, properly balancing risks and controls makes good business sense.

Internal Controls

A process effected by a university's governing board, administration, faculty and staff designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.

Risk

The possibility that an organization will NOT:

• Achieve its goals.
• Operate effectively and efficiently.
• Protect itself from loss.
• Provide reliable financial data (reports).
• Comply with applicable laws/regulations and defined policies/procedures.

The university environment has some unique inherent risks that make the job of managing financial and compliance risks more challenging. Below are some of the inherent risks faced by university managers:

• Decentralized accounting and reporting system.
• Rotation of key management positions.
• Tight budgets.
• Managers with limited financial background.
• Intense public and journalistic scrutiny.

Reasonable Assurance

The objective is to attain a "reasonable" level of assurance that the organization's financial and compliance goals will be achieved. Trying to attain an "absolute" level of assurance is not possible due to the following reasons:

1. It is cost-prohibitive. The objective is to find an optimal level of controls for an acceptable level of risk.
2. Management can bypass or override the internal controls.
3. Employees may collude with each other.
4. Human error may occur.

Note: With a decentralized accounting system, controls cannot, by themselves, provide reasonable assurance that departments/colleges/schools are adequately controlled. Certain of these controls (authorization and approval process), if followed, will reduce the risk of loss. However, these controls are easily circumvented or ignored at the department level when adequate emphasis is not placed on internal controls and/or the controls are not being monitored to see that they are functioning properly.

Responsibility

Activities, goals, functions, actions, etc. that a person has to account for or be answered for. Part of the areas of responsibility is to provide reasonable assurance that organizational goals will be accomplished.

Accountability

By definition, if a person is responsible for an action, he/she is therefore also accountable for that action.

Responsibility and accountability are linked. In terms of the delegation of duties, management "can delegate some of the duties they are responsible for, but cannot delegate responsibility or accountability". A much stronger emphasis is currently being placed on responsibility and accountability than was in the past.

Duties and responsibilities must be carried out with the full knowledge and understanding of the implications of actions being taken by each employee at all levels within the organization.

 

Last Updated: November 17, 2008 (vm).