SUNY Delhi utilizes vulnerability assessments to evaluate risk and organize the planning cycle incorporating the following process:

Segmentation

Segmentation is the process of identifying the program and administrative functions necessary for the College to carry out its mission. Functions identified through this process are called “assessable units” and provide the framework for the implementation of the College’s Internal Control Program.  These units are reviewed at least annually and updated as deemed necessary.

Delhi’s assessable units

Vulnerability Assessment Surveys

Through the use of vulnerability assessment surveys, the College monitors and evaluates its susceptibility to conscious or unintended abuses and reduced operational efficiencies.
Completed surveys are evaluated and a rating of low, moderate, or high risk is assigned to each assessable unit. These ratings are considered when scheduling internal control reviews.

Internal Control Reviews

An internal control review analyzes polices and procedures to ensure they are functioning as intended and that they assist each unit in meeting its objectives and goals. Examples of policies and procedures which may be reviewed include planning activities, program evaluations, the budget cycle, personnel transactions, information systems, cash activities, contract management, and capital programs.

Corrective Actions

Based upon results of an internal control review, possible recommendations to a unit’s policies and procedures may be made to improve operations or reduce identified risks.  These suggestions are made to assist the unit in achieving optimum efficiencies in meeting objectives and goals.

Follow-Up

The final component in the internal control process is follow-up. This step is performed to verify that recommended actions have been properly implemented and that the unit continues to function as intended.