Jump to Navigation ▼

Internal Controls

Joan Trimuel
619 Clark Street, Room 102
Evanston, IL 60208
Phone: (847) 467-4805
Email: j-trimuel@northwestern.edu

With the changing regulatory climate and changing University environment, the Board and senior management embraced the idea of enhancing compliance by formalizing the University's internal control efforts.  The Internal Controls Office (ICO) was established to facilitate the development of effective internal controls within the University business processes including software application systems and general computer controls.  Specifically, the ICO documents business processes that are directly responsible for development of the elements of the University's financial statements.  

Documentation surrounding internal controls used by the University to assist compliance:

  • Statement of Auditing Standards 112 (SAS 112) - SAS 112 relates to the external auditors' communication of deficiencies in an organization's internal controls over financial reporting.  This implies that an internal control structure must be in place in order for the auditors to appropriately analyze the financial statements. 
  • Office for Management & Budget A-133 is applicable to governments or organizations that expend $500,000 or more in federal awards during the fiscal year.  The guidance specifies that organizations must maintain internal controls for federal programs.
  • Sarbanes-Oxley Act of 2002 (SOX) is required guidance for publicly traded companies; however, it is considered a business best practice.  The legislation promotes improved governance and transparency and ensures that management has the right information.  In order to achieve these goals, an effective internal control environment must be in place. Section 404 of the regulations specifically requires management to have mechanisms in place to adequately assess the organization's internal control environment.