Internal Control Components
Roles & Responsibilities for the Development of Internal Control processes to manage Identified Risk
Control of Risk is everyone’s business
Board of Governors (BoG)
The Board of Governors approves Policy to manage significant areas of identified risk.
President & Vice-Presidents (PVP)
The President and Vice-President recommend Policy to the BoG for approval.
Vice-President (Administration) can approve administrative Procedures.
Senior Management (as identified)
Identified senior management are the owners of respective Policy and Procedures as identified on the P&P documents; they are responsible for the development and up-dating of their documents. P&P are generally based on some standard criteria or legislation.
Examples include Financial = Comptroller;
HR = Executive Director HR;
IST = Director IST;
Environmental Health and Safety = Director EHSO
Unit Management (Deans, Directors, Department Heads)
Unit management is responsible for maintaining an adequately designed and functioning system of internal control processes to manage centrally identified and Unit risks.
Unit Management may consult with Audit Services or external auditors when considering how to assess the effectiveness of their internal control processes. However, it remains management's responsibility to ensure the effectiveness of their internal controls in the management of their identified risks.
All Units should have Internal Control processes designed to:
Identify and control their Unit’s risk (Governance)
Identify and measure achievement of your Unit’s goals (Effectiveness)
Provide assurance of using minimum resources to equal maximum output/outcome (Efficiency)
Provide assurance of the integrity & reliability of your Unit’s financial & operational information (Accountability)
Provide assurance of your Unit’s compliance with University Policy & Procedure, laws, and regulations (Compliance)
Protect your Unit’s assets including information. (Asset safeguards)
All University staff is responsible for their compliance with Internal Control processes designed to control identified risks.
Audit Services' responsibility is “To provide the Board of Governors and University Administration with objective assurance and consulting services through the delivery of a comprehensive, risk-based internal audit plan."
To this end, Audit Services will assess the effectiveness of any Unit’s Internal Control Process.
The Office of Risk Management, established in 2009, is responsible for Enterprise Risk Management across the university community, the Emergency Management Program, business continuity, insurance and the development of university policies and procedures as they relate to risk management and emergency preparedness.
Risk Managements mission is “To create a culture of enterprise risk management and emergency preparedness across the university community and to continually enhance our organizational wide resilience in support of our students, faculties, management and staff”.
Three Levels of Internal Assurance:
First - Unit Staff - Procedures to provide assurance of compliance. (How do you know?)
Second - Senior Management develop policies and procedures.
Third - Audit Services - independent and objective 3rd Party Assessment.
190 Extended Education Complex
University of Manitoba, Winnipeg, MB R3T 2N2 Canada