May 28, 2026
Internal controls are everywhere; you’re already using them
The third in a series from the SIU System Office of Internal Audit, Compliance and Ethics provides more information about internal audits and how they benefit SIU.
Before you lock your office door tonight, consider this: that's an internal control. So is requiring two people to approve a large purchase. So is the password on your university laptop, the locked cabinet in the mailroom, and the receipt to include when you submit a travel reimbursement.
Internal controls are the everyday structures that protect people, assets, and information from being lost, misused, or misrepresented — whether intentionally or not. They don't exist because anyone thinks you're dishonest. They exist because well-designed systems don't rely on any single person's good intentions.
"Good controls protect the university. They can also protect you from being blamed for something that wasn't your fault."
When a process has clear controls, it's easier to prove what happened, recover from errors, and demonstrate accountability to external auditors, accreditors, or regulators. Weak controls, by contrast, leave everyone exposed, which includes the employees working in good faith within a flawed process.
Part of Internal Audit’s role helps departments recognize which controls they already have that are working well, identify where there are gaps, and design practical solutions that don't make anyone's job harder than it needs to be.