Internal Controls

Print Friendly, PDF & Email

University Policy Number 2103


Responsible Office: ,

Policy Procedure:

Related Law & Policy:


This policy applies to all George Mason University faculty, staff, and students who have authorized use of University financial resources, including all University locations, owned and leased.


The Code of Virginia section 2.2-803 requires that financial accounting and control be established through agencies of the Commonwealth.  The Comptroller of Virginia has directed that Agency Risk Management and Internal Control Standards (ARMICS) are the definitive source for internal control in the Commonwealth.  These standards require the University to annually certify that it has established, maintained and evaluated its internal control framework in order to effectively manage risk and maintain accountability.

In addition, the University is required to have written internal control policies and procedures and to conduct regular reviews of controls in place. The Associate Vice President and Controller is the principal accounting officer of the University and has authority over accounting employees and principal accounting records at all locations.  Internal Audit and Management Services independently identifies and assesses control risks and conducts audits of departments and processes to evaluate the adequacy and effectiveness of internal controls.


A. Heads of Departments and Activities

All heads of departments and activities are responsible for assessing risk and designing and operating the controls in the area for which they are responsible.  Controls should be designed to foster the following traditional objectives: safeguard assets; mitigate risk; ensure the proper recording of financial transactions; generate accurate and timely financial information; and promote operational efficiency.  The policies and procedures adopted to satisfy these requirements will be in writing.

B. Associate Vice President and Controller

The Associate Vice President and Controller will conduct an annual assessment of the functionality and cost-effectiveness of internal control systems, providing reasonable assurance of the integrity of all fiscal processes related to the submission of transactions to the Commonwealth’s general ledger, submission of financial statement directive materials, compliance with laws and regulations, and stewardship over the Commonwealth’s assets.

In order to maintain the accuracy and completeness of the University’s accounting records, Associate Vice President and Controller has the authority to:

  1. Require accounting or financial records be submitted by all employees within a reasonable time frame.
  2. Review departmental financial policies and procedures and require that they be revised.
  3. Review, test and revise departmental internal control activities.

C. Director, Internal Controls

The Director, Internal Controls will manage the University’s internal control program.  This includes documenting, evaluating and testing agency level controls across the five components of internal control:

  1. Control environment
  2. Risk assessment
  3. Control activities
  4. Information and communication
  5. Monitoring

The Director, Internal Controls will review and test documentation of transaction level controls applicable to significant fiscal processes. Corrective action plans will be developed and submitted to the Department of Accounts along with the ARMICS annual certification.

D. Director, Internal Audit and Management Services

The Director, Internal Audit and Management Services, will conduct periodic risk assessments, develop and implement audit plans to examine and evaluate internal controls, and provide reports to management and the Board of Visitors on the results of such audits.


The policies herein are effective August 1, 2007.  This Administrative Policy shall be reviewed and revised, if necessary, annually to become effective at the beginning of the University’s fiscal year, unless otherwise noted.


Maurice W. Scherrens
Senior Vice President

Peter N. Stearns

Date approved: August 9, 2007

Revised: January 9, 2013