Internal Control Act
March 16, 2022
To all Stony Brook University faculty and staff,
The New York State Governmental Accountability, Audit and Internal Control Act of 1987 (Internal Control Act) requires state agencies and other organizations to promote and practice good internal controls, to establish internal control programs, and provide accountability for their activities. In 1999, the Internal Control Act was made permanent.
As president, I affirm my support for a strong system of internal controls at Stony Brook University.
Stony Brook University has been entrusted with significant resources from the public, students, patients, and donors to carry out our teaching, research, healthcare, economic development, and diversity missions. As we all work to fulfill these missions, we share a responsibility to maintain a system of internal controls to protect university resources and assets, and ensure the achievement of organizational goals and objectives; the effectiveness and efficiency of operations and performance; and the reliability of financial and operational reporting and compliance with relevant laws, rules, and regulations. An effective system of internal controls also helps promote integrity and ethical behavior; ensure responsible stewardship; prevent loss due to fraud, waste, error, or misuse; protect employees; and preserve the university’s reputation.
While individual roles in the system of internal controls vary greatly based on position,
responsibility rests with all personnel at every level of the organization. For the
internal control program to succeed, it must include staff, faculty, department heads,
and leadership personnel who understand their roles to:
Identify risks within their areas of responsibility
establish appropriate controls to mitigate risks
implement and adhere to policies and procedures to address risks
fulfill the duties and responsibilities established in position descriptions
understand and comply with applicable policies, procedures, laws, and regulations
take all reasonable steps to safeguard university assets
attend training to increase understanding of internal controls
continuously develop skills and abilities
report internal control breakdowns where observed
To strengthen our overall internal control efforts, I have established an enterprise risk management division that will focus on both risk and compliance matters, and work collaboratively with key stakeholders. Updated information on those efforts will be forthcoming shortly.
I encourage any university employee or other individual who is aware of or who suspects fraud, waste, unauthorized use of university resources, or other irregular activities to report them through the university’s fraud hotline at stonybrook.edu/commcms/audit/fraud.php. The university does not tolerate fraudulent or other dishonest behavior, and our institution will take appropriate action upon receiving such reports.
Should you have questions on internal control-related matters, please contact Doug
Panico, our internal control officer, at (631) 632-1439. I look forward to continuing
to work together to develop and improve Stony Brook’s system of internal controls.
I also encourage you to become familiar with Stony Brook’s Internal Control Program,
Strategic Vision, and Mission Statement, all of which can be found on the university’s