1 / 60

raining

C B T. T. he. raining. T. P. ost. An Educational Computer Based Training Program. Effectively Controlling Risk. UT Southwestern General Compliance Training. Effectively Controlling Risk.

brupert
Download Presentation

raining

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CBT T he raining T P ost An Educational Computer Based Training Program

  2. Effectively Controlling Risk UT Southwestern General Compliance Training

  3. Effectively Controlling Risk In order to achieve the goals of providing the highest levels of medical education, biomedical research and patient care, UT Southwestern must have effective internal controls. There needs to be an appropriate balance between controls and risks is necessary to provide reasonable assurance that the medical center’s operations will be effective,efficient and in compliance with laws and regulations.

  4. Effectively Controlling Risk • What is the purpose of this training? • Why is it necessary? • What is internal control? • What are the components of internal control? • Where can I learn more?

  5. Provide employees with the training and tools to evaluate internal control at the activity, process and department levels. Two tools available to achieve this goal are the: Risk and Control Self-Assessment Guideline Risk Assessment and Control Activities Worksheet Effectively Controlling RiskWhat is the purpose of this training?

  6. Highly publicized frauds at other public institutions have caused concerns among UT System and component administrators. What was determined to bethe problem? WEAK INTERNAL CONTROLS Effectively Controlling RiskWhy is it necessary?

  7. Effectively Controlling RiskWhat is internal control? • Internal control is a process, effected by UT Southwestern’s governing board, administration, faculty, and staff, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations, • Reliability of financial reporting, and • Compliance with applicable laws and regulations. :

  8. Effectively Controlling RiskInternal Control Process 5 Components • Establish Control Environment • Perform Risk Assessment • Implement Control Activities • Communicate Information • Monitor Performance

  9. Internal Control ProcessEstablish Control Environment • The control environment is the control consciousness of an organization. • The control environment includes the integrity and ethical values of its people, their competence, and the way they do business.

  10. Standards of Conduct Guide Regents’ Rules, Business Procedures Memorandums, etc. Department standards of conduct Human resources policies and procedures Department policies and procedures Conflicts of interest--disclosure forms Ethics Guide Honesty Zero tolerance Internal Control ProcessElements of the Control Environment

  11. Internal Control ProcessPerform Risk Assessment • Risk assessment is the identification and analysis of risks associated with achieving your objectives. • Risk assessment helps to form a basis for determining how to manage identified risks.

  12. Internal Control ProcessWhat is our risk? With internal controls, RISK is . . . • The possibility that the organization will NOT: • Achieve its goals • Operate effectively and efficiently • Protect itself from loss • Provide reliable financial data (reports) • Comply with applicable laws, regulations, policies, and procedures RISK

  13. Components and Departments must define their goals and objectives in relation to their: Mission, Operations, Financial reporting, Compliance, and Significant activities or processes. Then, they must identify and analyze potential risks by asking certain questions: What could go wrong? What must go right? What is the significance of our risks? What is the likelihood of occurrence? Internal Control ProcessPerform Risk Assessment

  14. Internal Control ProcessPerform Risk Assessment Questions employees should consider: • What business are you in? • Who are your customers? • What do they need and want? • What does that say about what you are trying to accomplish? • How will you know you have been successful?

  15. Internal Control ProcessPerform Risk Assessment • A risk is ANYTHING that could jeopardize the achievement of a goal or objective. • For each goal or objective, identify your risks. • Be comprehensive, by considering external and internal factors.

  16. For each identified risk, estimate the potential significance (cost, safety, institutional image) and likelihood of occurrence. Focus on the major risks, and determine how those risks should be managed and minimized to acceptable levels. Internal Control ProcessPerform Risk Assessment

  17. Internal Control ProcessImplement Control Activities • Control activities are the policies and procedures that help ensure that actions identified as necessary to manage risks are carried out properly and in a timely manner. • Control activities should be proactive, value-added, and cost effective.

  18. Risks Controls Internal Control ProcessImplement Control Activities Properly balancing risks and controls makes good business sense!

  19. Internal Control ProcessImplement Control Activities Examples of Control Activities at UT Southwestern: • Approvals, authorizations, and verifications • Having written policies and procedures and limits to authority • Reconciliations • Explanations of the difference between two sets of data AND taking corrective action

  20. Internal Control ProcessImplement Control Activities Examples of Control Activities at UT Southwestern, continued. . . • Reviews of performance • For components, departments, and individual employees • Security of Assets • Limiting access, keeping records, and making periodic counts to compare to our records

  21. Internal Control ProcessImplement Control Activities Examples of Control Activities at UT Southwestern, continued . . . • Segregation of Duties • Make sure no one person can initiate, approve, record and reconcile transactions • Controls over Information Systems • General controls over access and development, as well as specific controls within applications

  22. Internal Control ProcessCommunicate Information • Reliable and relevant information, from both internal and external sources, must be identified and communicated to employees. • Information should be processed and communicated in a timely manner and in a form that is usable.

  23. What information is relevant and reliable? Job responsibilities Goals and objectives Information to assess risks Policies and procedures Laws and regulations Performance indicators Customer feedback Performance evaluations Internal Control ProcessCommunicate Information

  24. How should we communicate? Methods include one-on-one, staff meetings, telephone calls, e-mail, memos, and reports ONLY communicate information to those who need it Communicate up, down, and across the organization Internal Control ProcessCommunicate Information

  25. Internal Control ProcessMonitor Performance • Monitoring involves evaluating internal control performance over time to determine whether controls are: • adequately designed, • properly executed, and • effective. • How do we know?

  26. Internal controls are adequately designed and properly executed if all five internal control components are present and functioning as designed: Control environment Risk assessment Control activities Information and communication Monitoring Internal Control ProcessMonitor Performance

  27. Internal controls are effective if administrators believe: They understand the extent to which the objectives of their operations are being achieved, Financial statements are reliable, and Laws and regulations are complied with. Internal Control ProcessMonitor Performance

  28. Internal Control ProcessMonitor Performance Monitoring Activities Include: • Managerial and supervisory monitoring • Self-assessments • Internal audits

  29. Effectively Controlling RiskSelf-Assessment What is a self-assessment? • A self-assessment is a “self-audit” of a department’s internal control components performed on a periodic basis.

  30. Steps in performing a self-assessment include: Evaluating your strengths and deficiencies Testing the strengths Documenting tests Disclosing weaknesses Developing an action plan to correct problems Summarizing and documenting results Effectively Controlling RiskPerforming a Self-Assessment

  31. What is a weakness? A material weakness is an internal control shortcoming which increases the risk of irregularities, illegal acts, errors, waste, ineffectiveness, or conflicts of interest above a REASONABLE level. Effectively Controlling RiskPerforming a Self-Assessment

  32. What does all this have to do with me? Internal control effectiveness is primarily determined by the knowledge and commitment of ALL UT Southwestern employees. By knowing the internal control policies and procedures and complying with all laws and regulations, YOU can help the medical center achieve its goals. This training is an internal control activity!! Effectively Controlling RiskSummary

  33. Effectively Controlling RiskWhere can I learn more? • UT Southwestern Internal Audit Department. • Ask your supervisor or a UT Southwestern Institutional Compliance Committee member.

  34. Test Your Knowledge Following are several questions to test your knowledge of the information presented. Answer all questions correctly to receive credit for the training.

  35. Question #1 The major problem which caused recent frauds at other Texas institutions was weak internal controls? TRUE FALSE

  36. Highly publicized frauds at other public institutions have caused concerns among UT System and component administrators. What was determined to bethe problem? WEAK INTERNAL CONTROLS Sorry, the correct answer is ...

  37. Question #1 The major problem which caused recent frauds at other Texas institutions was weak internal controls? TRUE FALSE

  38. Question #2 Which of the following are components of the internal control process? ESTABLISHING A CONTROL ENVIRONMENT PERFORMING A RISK ASSESSMENT BOTH OF THE ABOVE

  39. Sorry, the correct answer is ... 5 Components • Establish Control Environment • Perform Risk Assessment • Implement Control Activities • Communicate Information • Monitor Performance

  40. Question #2 Which of the following are components of the internal control process? ESTABLISHING A CONTROL ENVIRONMENT PERFORMING A RISK ASSESSMENT BOTH OF THE ABOVE

  41. Question #3 With internal controls, RISK includes the possibility that our organization will NOT achieve its goals and protect itself from loss? TRUE FALSE

  42. Sorry, the correct answer is ... With internal controls, RISK is . . . • The possibility that the organization will NOT: • Achieve its goals • Operate effectively and efficiently • Protect itself from loss • Provide reliable financial data (reports) • Comply with applicable laws, regulations, policies, and procedures RISK

  43. Question #3 With internal controls, RISK includes the possibility that our organization will NOT achieve its goals and protect itself from loss? TRUE FALSE

  44. Question #4 Control Activities should be . . . RESTRICTIONS ON AN EMPLOYEE’S AUTHORITY PROACTIVE, VALUE-ADDED, AND COST-EFFECTIVE BOTH OF THE ABOVE

  45. Sorry, the correct answer is … • Control activities are the policies and procedures that help ensure that actions identified as necessary to manage risks are carried out properly and in a timely manner. • Control activities should be proactive, value-added, and cost effective.

  46. Question #4 Control Activities should be . . . RESTRICTIONS ON AN EMPLOYEE’S AUTHORITY PROACTIVE, VALUE-ADDED, AND COST-EFFECTIVE BOTH OF THE ABOVE

  47. Question #5 Some examples of control activities at UT Southwestern include reconciliations and having written policies and procedures? TRUE FALSE

  48. The correct answer is ... Examples of Control Activities at UT Southwestern: • Approvals, authorizations, and verifications • Having written policies and procedures and limits to authority • Reconciliations • Explanations of the difference between two sets of data AND taking corrective action

  49. Question #5 Some examples of control activities at UT Southwestern include reconciliations and having written policies and procedures? TRUE FALSE

  50. Question #6 Which of the following is relevant information for UT Southwestern employees? JOB RESPONSIBILITIES POLICIES AND PROCEDURES CUSTOMER FEEDBACK ALL OF THE ABOVE

More Related