340 likes | 375 Views
Internal Control. Under the Microscope. Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke. Overview. Quiz Background Internal Control Defined Internal Control Framework Self Assessment Checklist. Quiz – Handout Pages 2-4.
E N D
Internal Control Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke
Overview • Quiz • Background • Internal Control Defined • Internal Control Framework • Self Assessment Checklist
Quiz – Handout Pages 2-4 “First, get your facts. Then you can distort ‘em as you please.” Mark Twain
Background A Rough Ride for Business • War on Terrorism / Natural Disasters • Economic downturn / Aftermath • Financial frauds / Business failures
Sarbanes Oxley Act “This law says to every dishonest corporate leader: you will be exposed and punished; the era of low standards is over.” George W. Bush
Sarbanes Oxley Act • Audit Committee organization and function • Companies must document and evaluate the effectiveness of internal controls • CEOs and CFOs must personally certify financial statement accuracy
Sarbanes Oxley Act • Outside audit reports must include a statement on the effectiveness of internal controls • Companies must have in place mechanisms for reporting and investigating wrongdoing (including anonymous reports)
Impact on U • Board of Regents Policy • Trustees Audit Committee • Level of Involvement • Scope of Oversight
Impact on U • Ethical Conduct Guidance • Ethics & Compliance Hotline 585-1593 hotline@admin.utah.edu
Core Process Assessments This assessment focused on internal controls for 15 business processes. 192 risks and related controls were evaluated.
Core Process Assessments Potential Risk: Unauthorized access to check stock and printing capability. Primary Control: A secured laser printer is used to print checks at the time they are issued.
College-Wide Reviews Reviewed 44 potential issues in each of the College’s 14 organizational units.
Audit Follow-Up Responsible Person: Peggy Halliday Completion Date: March 1, 2006
Internal Control Defined Activities undertaken to increase the likelihood of achieving management objectives in three areas: • Efficiency and effectiveness of operations • Financial accountability • Compliance with laws and regulations
Internal Control Defined “Internal control gets us where we want to go, with no surprises along the way. Internal control is everyone’s responsibility. . . . Internal control is me.” Cargill Corporation
Internal Control Framework Monitoring Information & Communication Information & Communication Control Activities Risk Assessment Control Environment Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Control Environment • Integrity and ethical values • Commitment to Competence • Management Operating Style • Organizational Structure • Assignment of Authority and Responsibility • Human Resource Policies and Practices
Risk Assessment • Organizational Goals and Objectives • Risk Identification and Prioritization • Managing Change
Control Activities • Written Policies and Procedures • Control Procedures • Controls over Information Systems
Information & Communication • Access to Information • Communication Patterns
Monitoring • Management Supervision • Outside Sources • Response Mechanisms • Self-assessment Mechanisms
Quiz • Internal control starts with a strong set of policies and procedures. False: Internal control starts with a strong control environment.
Quiz • Internal and external auditors are responsible to develop and monitor internal controls. False: While auditors play an important role, management is the owner of internal control.
Quiz • Internal controls are mostly concerned with control over assets, cash receipts, and cash disbursements. False: Internal control is integral to every aspect of business.
Quiz • Internal controls are essentially negative, like a list of “thou-shalt-nots.” False: Internal control makes the right things happen the first time.
Quiz • Internal controls take time away from core activities, such as serving faculty and students. False: Internal control should be built “into,” not “onto” business processes.
Quiz • When delegating authority and empowering employees, it is necessary to give up a certain amount of internal control. False: Decentralized decision-making requires different forms of control.
Quiz • If controls are strong, we can be assured employees will be prevented from committing fraud. False: Internal control provides reasonable, but not absolute assurance.
Quiz • What are some impediments to establishing effective internal controls? • Lack of knowledge and ‘ownership’ • Lack of creativity • Lack of interest
Links & Contact Information • Internal Audit Department http://www.utah.edu/InternalAudit/ • Ethics and Compliance Hotline 585-1593; hotline@admin.utah.edu • Ethical Standards and Code of Conduct http://www.hr.utah.edu/ethicalstandards/ • University of Utah Policies and Procedures http://www.admin.utah.edu/ppmanual/ • COSO http://www.coso.org/ • Randy.VanDyke@admin.utah.edu, 581-5988 • Chuck.Piele@admin.utah.edu, 581-6561 • Pamela.Mollner@admin.utah.edu, 585-3529