1 / 36

INTERNAL CONTROLS

INTERNAL CONTROLS. 2/2/2012 – Mt. Laurel 2/7/2012 – Rockaway 2/9/2012 – Robbinsville . Internal Control Guide. State of New Jersey Office of the State Comptroller A. Matthew Boxer, State Comptroller November 2011 Report of Fraud Toll Free Hotline 1-866-OSC-TIPS Link

badrani
Download Presentation

INTERNAL CONTROLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTERNAL CONTROLS 2/2/2012 – Mt. Laurel 2/7/2012 – Rockaway 2/9/2012 – Robbinsville

  2. Internal Control Guide • State of New Jersey • Office of the State Comptroller • A. Matthew Boxer, State Comptroller • November 2011 • Report of Fraud Toll Free Hotline 1-866-OSC-TIPS • Link • http://www.nj.gov/comptroller/doc/internal_control_guide_nov_2011.pdf

  3. Management of Organization Four Basic Functions • Planning • Organizing • Leading • Controlling

  4. Effective Management Allows Managers to: • Delegate responsibilities to staff • Have comfort that expectations will be realized

  5. What is Internal Control COSO (Committee of Sponsoring Organizations) A process…designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial and management data • Compliance with applicable laws and regulations • Safeguard resources against loss

  6. Internal Control System • Integral part of managing any organization • To meet goals and objectives system includes: • Plans • Methods • Procedures • First line of Defense in safeguarding assets • Preventing and detecting errors and fraud

  7. IMPORTANCE • Keeps organization on course • Protects organization by catching small mistakes • Protects organization by mitigating opportunities for innocent mistakes or internal fraud • Impacts organization’s people, processes, and physical structure

  8. Fundamental Concepts • Internal Controls will change with organizational changes • Degree of control employed is a business judgment • Cost should not exceed benefit derived

  9. Fundamental Concepts • Considerations of Weaknesses • Increase supervision • Institute additional or compensating controls • Accept the risk inherent with the control weakness

  10. Fundamental Concepts • Organizational Self Regulation • Affects every aspect including staff, processes and operations • Integrated into day-to-day operations and responsibilities • Incorporates the qualities of good management • Depends upon people • Must make sense within each unique environment

  11. LIMITATIONS • Human errors and poor judgments • Controls can be circumvented by collusion • Management can intentionally override controls • Excess costs can prevent management from implementing ideal controls • More controls are not always better • Balance between risk and controls • Proactive • Value-added • Cost effective • Decrease exposure

  12. Design Considerations • Organizational size • Organizational structure • Nature of business operations • Diversity and complexity of operations • Method of transmitting, processing, maintaining and accessing information • Applicable legal and regulatory requirements ONE SIZE DOES NOT FIT ALL!

  13. FRAMEWORK COMPOENENTS • Control Environment • Risk Assessment • Control Activities • Information & Communication • Monitoring

  14. Control Environment • Integrity and Ethical Values • Commitment to Competence • Organizational Structure • Organizational Structure • Delegation of Authority and Responsibility • Relationship with Oversight Agencies • Human Resources Policies and procedures

  15. Risk Assessment • Risk Identification • Change in operating cycle • New employees • New or enhanced technology systems • New programs • New and revised laws and regulations • Questions to Ask • What could go wrong • What is worst case scenario • What would cause us to fail • What areas are we most vulnerable • What assets do we need to safeguard

  16. Risk Assessment • Methods • Periodic management conferences • Executive round tables • Forecasting • Strategic planning • Consideration of findings from audits • Other assessments • Risk Management • Accept the risk and not institute further controls • Share the risk • Reduce the risk by instituting controls • Avoid the risk by avoiding the function

  17. Control Activities – Specific Policies and Procedures • Security Assets • Segregation of Duties • Authorization of Activities • Approval, Verification and Reconciliation • Adequate Documentation • Information Processing • Independent Performance Review

  18. Security Assets • Unique user IDs and passwords • Physical security of tangible and intangible assets • Backup for computer records and programs – secure offsite facility • Disaster recovery plans • Performing periodic unannounced verifications

  19. Segregation of Duties • Prevent one person from performing incompatible duties • Require responsibility for operations be separate from related record-keeping • Ensure three functions of authorizing, recording, and maintaining assets are separate

  20. Authorization of Activities • Define parameters • Execution of transactions • Requirement of signature • Appropriate monetary thresholds • Documentation requirements adhered to

  21. Approval, Verification and Reconciliation • Identify activities or transactions that require supervisory approval • Require supervisory approval to ensure transaction has been validated and conforms • Prior to transaction review all supporting documentation

  22. Adequate Documentation • Concise and clear • Implementation of storage and retention policies • Documents periodically verified to ensure accountability and compliance

  23. Information Processing • Access within the computing environment controlled by unique user passwords • Change passwords on a periodic basis • Restrict Access

  24. Independent Performance Review • Periodic reconciliations performed • Comparison of different sets of data to identify differences • Implement necessary corrective actions • Management review of reports, statements, reconciliations • Comparison of information about current performance

  25. INFORMATION COMMUNICATION Relevant Reliable Timely

  26. Information and Communication • Written policies and procedures • Mission statements, goals and objectives • Organization charts • Job descriptions and performance evaluations • Training materials • Period reports measuring progress towards goals • Internal/external audit report • Financial reports

  27. Types of Communication • Performance and management systems • Information systems • Policy and procedure manuals • Management directives • Memos and e-mails • Internet and intranet • Speeches and briefings

  28. Characteristics of Effective Communication • Relevant information on operational performance • Current, accurate, complete and timely • Shared with appropriate staff at right time • Management receptive to employee recommendations • Appropriate channels

  29. MONITORING Assessment of Internal Control performance over time Self Assessments Peer Reviews Internal Audits

  30. Monitoring should focus on: • Control Activities • Mission • Control Environment • Communication • Risk and Opportunities

  31. Fraud Awareness Common Anti-fraud measures Three elements Present when Fraud Occurs Types of Fraud Examples

  32. Common Anti-Fraud Measures • External Audits • Internal Audits • Fraud Training • Surprise Audits • Establishment of hotline

  33. Three Elements Present • Opportunity • Caused by ability to circumvent internal controls or internal control weaknesses • Motive • Pressure or perceived pressure – financial • Greed • Revenge • Thrill Seeking • Rationalization • Excuse or perceived validation for action

  34. Types of Fraud • Management Fraud • Top management’s manipulation of financial statements • Employee Fraud • Embezzlement of assets • Vendor • Overcharging for goods • Shipping inferior goods • Not shipping goods but billed and payment received

  35. Examples of Fraud • Theft or misappropriation of assets • Fictitious revenues or disbursements • Check tampering • Fictitious refunds • Fictitious vendor or employee payments • False statements • False Overtime • Forgery or alteration of documents • Invoice Kickbacks • Bid Rigging • Unauthorized use of records • Falsification of Reports • Conflicts of interest • Inaccurate employment records • Authorizing or receiving compensation for hours not worked • Incurring obligation in excess of appropriate authority • Willful violation of laws, regulations, policies or contractual obligations

  36. Indicators of Fraud • Unsupported or unauthorized transactions • Missing or altered documents • Inconsistent, vague, or implausible responses • Denial of access to records • Unusual delays in providing requested information • Numerous complaints • Significant transactions involving related-parties • Inadequate or absent internal controls • Analytical anomalies • Unexplained inventory shortages • Purchases in excess of needs • Excessive voided transactions • Cash shortages • A CRITICAL COMPONENT IS PROPER EDUCATION OF EMPLOYEES CONCERING FRAUD AWARENESS • THE PERCEPTION OF THE POSSIBILITY OF DETECTION IS THE BIGGEST DETERENT

More Related