Transcript INTERNAL CONTROLS - Topeka Chapter, Association of

INTERNAL CONTROLS
A PRACTICAL GUIDE
TO HELP ENSURE
FINANCIAL INTEGRITY
1
CONTROL OBJECTIVES
• Effective and efficient operations in
achieving organizational goals
• Reliable financial reporting
• Compliance with applicable laws and
regulations
• Protection of assets
2
COSO
• Internal Control is a process
• Its effectiveness depends upon the state of
that process at one or more POINTS IN
TIME
• Thus, it is an ongoing process that consists
of 5 interrelated components
3
COSO’s FIVE COMPONETS
•
•
•
•
•
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
4
CONTROL ENVIRONMENT
• Does Management set the proper “TONE
AT THE TOP”?
• Are there Code of Conduct and Conflict of
Interest policies?
• Does the Board of Directors include
members independent of management?
• Is there an effective Compliance Program in
place?
5
RISK ASSESSMENT
• The identification and analysis of risks in
achieving objectives, and how to manage
those risks.
• Are the objectives clear?
• Have both internal and external risks been
identified?
• Are entity goals communicated?
6
CONTROL ACTIVITIES
• Policies and procedures to implement
management’s directives.
• Adequate separation of duties.
• Proper safeguarding of computer system
hardware & software .
7
INFORMATION &
COMMUNICATION
• Timely capturing & communicating of meaningful
data needed to effectively carryout the entities’
objectives, policies and procedures.
• A formalized way to report improprieties and
protect those that make such reports.
• Communication to vendors concerning the
entities’ policies on ethics and gifts.
• Management follow-up on information received
from various sources.
8
MONITORING
• The internal and external processes of
evaluating and assessing Internal Controls.
• Accumulating evidence that controls are
functioning.
• Responsiveness to recommendations for
improvements.
9
WHAT CAN CONTROLS DO?
• Can help an entity achieve its objectives and
prevent loss of assets.
• Can help ensure reliable financial reporting.
• Can help ensure compliance with laws and
regulations and the entities’ policies and
procedures.
• Can help an entity avoid damage to its
reputation.
10
WHAT CAN CONTROLS
NOT DO?
Can only assist in the proper management of
an organization—BUT CANNOT:
• Prevent management overriding controls
• Prevent faulty decisions or collusion
• Ensure organizational success or even its
continued existence
Internal Controls can provide only reasonable
assurances—no absolutes!
11
IN SHORT
• Internal Control is everyone’s responsibility
• But ultimately, Management must take
ownership of the Internal Control process
12
THE QUESTION:
HOW DO YOU RELATE ALL
THAT INFORMATION TO A
DEPARTMENT DIRECTOR
WHO HAS A LOT TO DO AND
IS NOT BUISNESS ORIENTED?
13
INTERNAL CONTROLS
Are Formal and Informal
Policies
and
Procedures
14
Purpose
• Ensure Good Financial
Management
• Safeguard Assets
• Ensure Compliance with
Requirements
15
In Short,
Internal Controls
are intended to provide
reasonable assurance that want
you want to happen does indeed
happen.
16
Good Internal Control
also means that you are able to
PREVENT PROBLEMS
before they occur or
DETECT PROBLEMS
soon after they occur.
17
So what?
The possible
consequences
of not having good
controls
18
FUNDS DIVERTED TO A PRIVATE BANK
ACCOUNT BECAUSE:
• NO RECONCILIATION OF TICKET SALES TO
REVENUE COLLECTED
• ONE PERSON WAS ALLOWED COMPLETE
CONTROL OVER TICKET SALES, DEPOSITS,
AND ACCOUNTING WITHOUT ADEQUATE
OVERSIGHT
19
LOSS OF FUNDS BECAUSE:
• MONEY TAKEN BEFORE EVER RECORDED
IN DEPARTMENT’s ACCOUNTING SYSTEM
• ONE PERSON HAD COMPLETE CONTROL
OF COLLECTIONS AND ACCOUNTING
PROCESS WITHOUT OVERSIGHT
20
REVENUE NEVER DEPOSITED BECAUSE:
• NO RECONCILIATION OF REVENUE PER
RECEIPT BOOKS TO FUNDS ACTUALLY
DEPOSITED
• ONE PERSON ALLOWED COMPLETE
CONTROL WITH NO OVERSIGHT
21
CHARACTERISTICS COMMON
TO EMPLOYEE MISCONDUCT
Opportunity
22
But I Trust my Employees
• Good Internal Control has nothing to do
with not trusting people.
• The purpose of good administrative
practices is to ensure that what you want to
happen does indeed happen.
• A nice side benefit is that good controls are
also the best defense against intentional
misconduct.
23
So how do I achieve Good
Internal Control?
It Begins In the
Departments!
24
Major Elements of
INTERNAL CONTROL
•
•
•
•
•
ATTITUDE AND INVOLVEMENT
DOCUMENTATION
TRAINING
SECURITY
SEPARATION OF DUTIES
25
MANAGEMENT ATTITUDE &
INVOLVEMENT
• REQUIRE and SUPPORT POLICIES and
PROCEDURES
• AUTHORIZE TRANSACTIONS
• REVIEW ACTIVITY
• REVIEW FINANCIAL REPORTS
26
DOCUMENTATION
• JOB DESCRIPTIONS
• DEPARTMENT POLICIES AND
PROCEDURES (WORKFLOW)
• PRENUMBERED RECEIPTS
27
DOCUMENTATION
• TRANSFER OF FUNDS
• PROPER EXPENDITURE
AUTHORIZATIONS
• FINANCIAL RECORDS & REPORTS
28
TRAINING
• TRAIN AND CROSS-TRAIN STAFF
• DOCUMENT DEPARTMENT POLICIES
AND PROCEDURES
29
SECURITY
• SECURE CASH AND CHECKS
• DEPOSIT FREQUENTLY
• NO LOCAL BANK ACCOUNTS
(WITHOUT APPROVAL)
30
SECURITY
• STAMP CHECKS “For
Deposit Only” WHEN
RECEIVED
31
SECURITY
• FIX CASH RESPONSIBILITY TO ONE
PRESON AT A TIME
• ACCOUNT FOR and SECURE
PROPERTY
• SECURE COMPUTER NETWORKS.
32
Separation of Duties
Don’t Allow Any One Person Complete
Control Over a Process or Activity
Without Management Review or
Oversight
33
THE BASICS
FOR DEPT DIRECTORS
• Authorize the expenditure of
department funds (purchases and
employment).
• Check report of salaries paid on
periodic basis.
• Review monthly financial reports.
34
Risk Categories per COSO
• Strategic - relates to high level goals of
org.
• Operations - relates to effective and
efficient use of resources.
• Reporting - relates to reliability of
reports
• Compliance - relates to applicable
laws, etc.
35
ERM
• ERM is Enterprise-wide Risk Management.
• Involves the systematic identification and
prioritizing of all the risks that an organization
faces in day-to-day operations.
• Best done by operating personnel using facilitators
and tools to capture the information.
• Develop methods, including good internal
controls, to address risks.
36
Dennis Moss
University Director
Internal Audit
University of Kansas
Phone: 864-3975
Email: [email protected]
37