UNIVERSITY OF MINNESOTA

Administrative

INTERNAL CONTROL
Adopted: May 8, 1998
Amended: May 14, 2004; February 13, 2009

INTERNAL CONTROL

The control model for the University of Minnesota (University) is the Integrated Framework of Internal Control as promulgated by the congressionally established Committee of Sponsoring Organizations (COSO).

Subd. 1. Guiding Principles. The University's integrated framework of internal control and risk assessment practices shall ensure that:

(a) University activities and operations function effectively and efficiently;

(b) University activities and operations comply with laws, regulations, and University policies and standards;

(c) University processes result in accurate and reliable financial information and reports;

(d) University resources are adequately protected;

(e) traditional and emerging strategic, operational, financial, compliance, and reputational risks are properly identified and appropriately managed;

(f) all material risks facing the University are identified and assessed routinely at all levels and within all University functions;

(g) control activities and other mechanisms are proactively designed to address and manage significant risks;

(h) information critical to identifying risks and meeting the University's mission and strategic objectives is communicated through established channels throughout the University; and

(i) controls are monitored and identi¥ed problems are addressed in a timely manner.

Subd. 2. Delegation of Authority. The president or delegate shall establish the
foundation for sound internal control within the University through directed leadership,
shared values, and a culture that emphasizes accountability.

Subd. 3. Accountability. Notwithstanding any delegation made by the president to administer this policy, the president shall be responsible to the Board of Regents (Board) for the faithful execution of the integrated framework of internal control consistent with the policies of the Board and applicable law.