1.0 Introduction and Background

I. Introduction and Background

The main purpose of this document is to provide guidelines (in sections 2-3) for the monthly review of detail transactions in MIT's Departments, Laboratories, and Centers (DLCs). The approach described is risk based. Section 1 below provides some background information about internal controls and risk.

Section 4 gives information about the different electronic tools available for reviewing financial transactions. Some additional financial review and control procedures for administrative and fiscal officers are described in section 5.

What is the Internal Control Environment?

MIT's internal control structure consists of all controls employed by MIT to achieve its objectives (including physical barriers, organizational design, policies & procedures, and electronic systems). Internal controls can be central or local, preventive or detective. For more on the concept of internal controls, see Appendix A.

Centrally maintained controls over financial transactions apply to all of MIT. These central control structures are described by transaction type in section 3 on " Specific Guidelines by Transaction Type".

Internal control systems local to DLCs also play an important role in helping to achieve MIT's objectives (including the objective that financial transactions be accurate, timely, complete, and properly documented).

These guidelines recommend that the administrative officers look at their local internal control systems and procedures periodically, to ensure that they are well designed and working properly.

An Internal Control Questionnaire (ICQ) is included as Appendix B. The questionnaire is designed to assist DLCs in performing a self-review of controls over financial systems and activities.

The Institute Audit Division is an additional resource available to assist DLCs in this process.

What is Financial Review and Control?

In this context, Financial Review and Control (FRC) represents one aspect of the internal control environment. FRC is a collection of policies and procedures for performing DLC monthly financial review.

FRC guidelines aim to take advantage of existing central controls, including electronic controls provided by SAP, MIT's integrated purchasing and accounting system.

Relationship between Controls and Risk

Controls are employed to manage risk. Can we ever have too many controls? Yes, because all controls have associated costs. The cost of implementing controls, whether measured in terms of cash outlay or staff time and effort, should not exceed the expected benefits.

Thus, these guidelines provide an assessment of financial risk by transaction type (see section 3 on " Specific Guidelines by Transaction Type").

Updated 5/22/12