1 / 44

Internal Control and NPC Accounting

Internal Control and NPC Accounting. Presented by: Nonprofit Program Office VHA Office of Research and Development. NPCs Growth. Over the last seven years, from 2005 through 2012: Governmental revenues (NIH, DoD , etc.) are up by………………………………………………………………. + 54%

brandig
Download Presentation

Internal Control and NPC Accounting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Control andNPC Accounting Presented by: Nonprofit Program Office VHA Office of Research and Development

  2. NPCs Growth Over the last seven years, from 2005 through 2012: Governmental revenues (NIH, DoD, etc.) are up by………………………………………………………………. + 54% Non-governmental revenues (CRADAs, private grants, & other) are down by……………………… - 28% Total revenues are $263,000,000 for 2012 and are up by a net of…………………………………………… +16%

  3. NPPO Reports To: • Nonprofit Program Oversight Board (NPOB) • VHA CFO and CFO’s audit staff • Office of Research and Development • Occasionally as required, to the Secretary

  4. What NPPO does • Performs audits and reviews • Prepares Annual Report to Congress • Follow-ups on NPC audit action items • Consults with and gives advice to NPCs • Provides training and education • Drafts VHA Handbook 1200.17

  5. Why audits and reviews? • OIG Report No. 07-00564-121 dated May 5, 2008 • Recommendation No. 4 • “We recommended that the Under Secretary for Health develop and implement oversight procedures to perform substantive reviews of NPC financial and management controls to ensure NPCs fully comply with Federal laws, VHA policies, and control standards.”

  6. NPPO Audits and Reviews • Routine reviews of the NPCs are done in triennial cycles • First triennial cycle was F2011 through F2013 • A Review Report is written for each review • Recommendations and suggestions are made • The first triennial cycle resulted in 585 recommendations and 219 suggestions • Objectives of the triennial reviews are to improve operations and improve internal controls

  7. Definition of Internal Control “Internal control is a process effected by an entity’s Board of Directors, management and other personnel designed to provide reasonable assurance regarding the achievement of the entity’s objectives.”

  8. Objectives of Internal Control • 1.Effectiveness and efficiency of operations (including risk assessment and the need to monitor risk) • 2. Reliability of financial reporting • 3. Compliance with applicable laws and regulations

  9. Safeguarding of Assets Is a subset of each of the 3 objectives • Internal control should provide assurance that assets are safeguarded from: • Ineffective or inefficient use • Unauthorized acquisition, use, disposal, or theft (fraud) • Illegal use

  10. Who sets the IC standards? • Committee of Sponsoring Organizations of the Treadway Commission (COSO) • Developed Internal Control – Integrated Framework in 1992 (COSO Framework) • Since then the COSO Framework has been universally adopted, both in Government and the Private Sector

  11. The Federal Government & COSO • Federal Managers Financial Integrity Act of 1982 • Empowered Office of Management and Budget (OMB) to set IC standards for the Executive Branch • OMB published Circular A-123, Management’s Responsibility for Internal Control • Circular A-123 requires the COSO Framework for the U.S. Government’s Executive Branch

  12. Components of Internal Control • Control environment • Risk assessment • Control activities • Information and communication • Monitoring

  13. 1. Control Environment • Integrity and ethical values of management, i.e., the • “Tone at the Top” • Commitment to competence and training • Board oversight and interaction with auditors • Management philosophy regarding risk • Supportive attitude toward internal controls • Organizational structure • Assignment of authority and responsibility • Human resource policies • Documentation of policies and procedures

  14. 2. Risk Assessment • Organization’s identification and analysis of relevant • risks in relation to the achievement of objectives, such as: • Vulnerability of assets, risk of loss • Changes in regulatory environment • New personnel • New systems or technology • Rapid growth or downsizing • New programs, grants, and services • New types of transactions • Changes in the economy, interest rates, etc.

  15. 4. Information and communication • Methods and records used to record, process, summarize, and report transactions and to maintain accountability over assets, liabilities, and net assets: • Communication of employee duties and responsibilities • Accounting records • Accounting processes • Financial and budget reporting process • Disaster recovery

  16. 5. Monitoring • Ensure that internal control continues to operate effectively over time • Identify deficiencies before they materially affect the achievement of the organization’s objectives • Assess the quality of internal control performance over time, including taking corrective action using: • Internal audit (NPPO and your own) • External audit • Special assessments of internal controls • Input from employees • Input from third parties, such as, donors, grantors, vendors, etc.

  17. THE FIVE INTERRELATED COMPONENTS OF INTERNAL CONTROL CONTROL ENVIRONMENT RISK ASSESSMENT INFORMATION AND COMMUNICATION CONTROL ACTIVITIES MONITORING

  18. Application of Internal Controls • Each of the five inter-related components have application to each of the three objectives of internal control: • Operations • Financial reporting • Compliance with laws and regulations • Each of the five components may apply on an organization-wide basis or may differ by: • Location • Function • Department, division, unit, or program

  19. Deficiencies in Internal Control • Deficiency in the design of internal control • Deficiency in the application of internal control (A subset of this may be deficiencies in the documentation of internal controls) • Intentional over-ride of internal control

  20. Four Types of Internal Controls • Preventive controls • Designed to prevent errors, inefficiencies, noncompliance, or illegal acts from being committed before the fact, such as, by requiring two signatures on checks.

  21. Four Types of Internal Controls • Detective controls • Designed to detect errors, frauds, inefficiencies, noncompliance, or illegal acts after the fact while allowing for corrective action in a timely manner, such as, monthly bank reconciliations or quarterly financial statement reviews.

  22. Four Types of Internal Controls • Directive controls • Proactive controls that cause or encourage a desirable event to occur, such as, incentive programs, training, and providing written policies and procedures.

  23. Four Types of Internal Controls • Mitigating or compensating controls • Controls that compensate for the lack of an expected control and lessen the severity of a weakness in controls, such as, independent review of cancelled checks instead of having two check signers.

  24. Segregation of Duties • Try to separate incompatible duties as much as possible • For example, if one person makes a mistake, another person is in a position to identify and correct the mistake. • One important goal is to make it impossible for a single person to both commit and conceal a fraud • For example, functions involved in the handling of funds should be separated from those involved in the recording of the funds transactions in the accounting records.

  25. Segregation of Duties in Small NPCs • Segregate the most essential detective duties • For example, have the Board or Audit Committee review the quarterly financial statements in detail. • May need to involve an individual Board member • For example, have the monthly bank statements mailed directly to a board member for his or her review prior to returning them to the bookkeeper.

  26. Polices and Procedures • Internal controls should be documented in the form of written policies and procedures. • They should be made conveniently available throughout the organization. • Model NPC policies are available from NPPO.

  27. Policy • A statement of an organization’s approach to a particular issue • It is a guide or governing principle • Rules that govern either: • the organization taken as a whole, or • individual departments or functions

  28. Procedure • Each procedure should be linked to a policy • Describes the detailed implementation of a policy: • Who, What, When • Describes the exact steps that are expected to be taken in order to properly implement and comply with the policy • Procedures may also indentify the forms, if any, used in connection with a procedure and policy

  29. Why do we need policies and procedures?

  30. Purposes of Policies & Procedures • Facilitates training of staff • New staff • Fill-ins while staff is away on vacation • Job rotation • Temporary workers • Demonstrates commitment to sound internal controls • Reduces organizational risk in the event of harm to third parties or noncompliance with laws, regulations, or grant provisions

  31. Purposes of Policies & Procedures • Help us to get organized and to stay organized • Provide a clearer audit trail for purposes of audits, investigations, etc. • Increase consistency • Decrease error rates • Simplify access to information • Facilitate replication and growth • Demonstrate conformity with IRS expectations and VHA and other compliance requirements

  32. 12 Key Financial P&P for Every NPC • Control Environment (Code of ethics, conflict of interest policy, importance of maintaining internal controls) • Financial Reporting (periodic financial statements compared to prior periods for the board at least quarterly, project reports to P.I.s at least quarterly) • Budgeting (budget approved in detail by the board and periodically compared to actual with explanations of major variances) • Cash Receipts (segregation of duties) • Accounts Receivable (follow-up to collect) • 6. Purchasing/ Accounts Payable/ Cash Disbursements

  33. 12 Key Financial P&P for Every NPC Continued….. • Human Resources and Payroll (including Employee Handbook) • Capital Assets (tangible assets useful for at least one year) • Computer Security (Controlled access and disaster plan) • Investments (U. S. securities or U.S. insured) • Tax Compliance (Annual Form 990 and year-end 1099’s) • Records Retention • Please note: In our on-site reviews, NPPO will look for all of these policies and procedures

  34. Other Important NPC P&P • Whistleblower Protection • Use of IPA assignments • Project residual funds disposition • Transfers-out of project funds • Hiring and supervision of related parties • Please note: In our on-site reviews, NPPO will look for all of these policies and procedures

  35. P&P and the Control Environment • A strong control environment is established through both policies and procedures and through behavior, that is, by maintaining the right “Tone at the Top” and ethical behavior throughout the organization

  36. Test your Policies and Procedures and Your Internal Controls • Use NPPO’s self-assessment questionnaire, available on NPPO Web-site at: http://www.research.va.gov/programs/nppo • Consider having employees check and verify each others’ work periodically. • Compare your policies with NPPO’s model policies

  37. NPC Accounting Must be accurate and transparent, keeping all of the following adequately informed: • Board of directors • Management • Principal investigators • External auditors • NPPO • IRS

  38. Management • Accounting system should provide up-to-date information regarding cash balances, other assets, and liabilities and be readily available for management purposes. • Must permit management to have current information regarding project account balances. • Should make it easy for management to determine that it is operating within budgeted amounts.

  39. Principal Investigators • Each project must have an individual account. • Statements of each project account must be given to the PI’s at least quarterly, or better monthly. • Project accounts should never be allowed to become overdrawn. • Details of the amounts in project accounts should be made readily available to the PI’s if requested. • PI’s should understand that the funds belong to the NPC for the benefit of the PI’s conduct of the research.

  40. External Auditors • Will usually require complete financial statements at year-end, including footnotes, from the NPC. • Need reconciliations of detail amounts of assets and liabilities to the general ledger balances. • May need to confirm receivables and bank balances. • Will note and report upon internal control weaknesses and deficiencies. • Audit expense can be minimized by your doing as much of the audit work for the auditors as possible.

  41. NPPO • We will need a completed NPC Annual Report in Excel format emailed to us by June 1 for the prior year. • Also send us your audited financial statements, auditors’ management letter(s), Form 990 tax return, and signed certifications page by June 1. • Be prepared to explain what has been done to correct any internal control weaknesses, deficiencies, or auditor recommendations. • In on-site reviews, be able to provide all records and documents requested.

  42. IRS • Be aware that IRS has, in fact, audited one of our NPCs and may want to audit others in the future. • File your Form 990 Annual Information Return with IRS on a timely basis. • Be sure you can show evidence that each member of the Board of Directors had an opportunity to review the Form 990 prior to filing. • Most of the NPCs have their external auditors or an outside accountant prepare the annual Form 990.

  43. NPC Accounting Systems • Most of our NPCs use the QuickBooks accounting system which has many advantages. • The accounting system should be kept on the VA IT system so that security and daily backups are assured. • Limit access to the accounting system to those who have a real need to use it.

  44. Questions, Comments, Feedback?

More Related