1 / 65

Managing Internal Controls

Introduction

floyd
Download Presentation

Managing Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Managing Internal Controls Presented By: David R. Hancox, CIA, CGFM Director of Audits & State Expenditures

    2. Introduction & Importance In order to succeed, government must manage its operations effectively Provide reasonable assurance that the programs meet established goals and objectives Decrease the risks to the organization NYS Governmental Accountability, Audit & Internal Control act of 1987

    3. Introduction & Importance Internal control definitions pre-date 1992 and have their roots in the accounting literature SAS 55 SAS 78

    4. Introduction & Importance Internal Controls – Integrated Framework issued in September 1992 by the Committee of Sponsoring Organizations of the Treadway Commission (commonly referred to as COSO) Guidance on Control issued in November 1995 by the Canadian Institute of Chartered Accountants (commonly referred to as COCO)

    5. Introduction & Importance Guidelines for Internal Control Standards issued in June 1992 by the International Organization of Supreme Audit Institutions Report by the Committee on Financial Aspects of Corporate Governance issued in December 1993 (commonly referred to as the Cadbury Report)

    6. Introduction & Importance Internal controls or an internal control system is the integration of the activities, plans, attitudes, policies, and efforts of the people of an organization working together to provide reasonable assurance that the organization will achieve its mission.

    7. Basic Premises of Internal Controls Impact every aspect of an organization: all of its people, processes and physical structures A basic element that permeates an organization – not a feature that is added on Incorporated the qualities of good management Are dependent upon people, and will succeed or fail depending on the attention people give to it

    8. Are effective when all of the people and the surrounding environment work together Provide a level of comfort to an organization; Controls do not guarantee success Help an organization achieve its mission Basic Premises of Internal Controls

    9. What Is the Purpose of Internal Controls? To promote orderly, economical, efficient and effective operations and to produce quality products and services consistent with the organization’s mission To safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud To ensure adherence to laws, regulations, contracts and management directive To develop and maintain reliable financial and management data, and to accurately present that date in timely reports

    10. Who Has a Role in Internal Controls? Everyone!

    11. Who Is Responsible for Internal Controls? Everyone in an organization has responsibility for ensuring the internal control system is effective The greatest amount of responsibility rests with the managers Top executive has the ultimate responsibility

    12. Internal Control System

    13. Components of Internal Controls Helps people focus in a way that brings their various functions together into an orderly, functional and structured whole.

    14. Organization Strategic Plans The courses of action that will enable an organization to achieve its mission, objectives and goals Mission The organization’s reason for existing Objectives The organization’s desired outcomes

    15. Organization Goals Are objective translated into specific, measurable targets Operational Plans Used to determine the priority and timing of objectives, to resolve conflicts between objectives, to establish the organization’s policies and procedures, and to help set budgets, schedules and resource assignments

    16. Organization Structure The framework in which the organization’s plans are carried out Assessable Units Segments of the organization which perform a distinct function

    17. Internal Control System

    18. Components of Internal Controls The atmosphere created by the people of an organization Has a pervasive influence on all the decisions and activities of an organization, and on the control consciousness of its people The foundation for all the other components

    19. Control Environment Guide employees when they make decisions on the job Form the Frame work for employee conduct

    20. Control Environment Examples: Commitment to honesty and fairness Recognition of an adherence to laws and policies Respect for the organization Commitment to excellence Respect for authority Respect for employees’ rights Conformance to professional standards

    21. Control Environment Management encourages integrity by: Setting the example Establishing and publishing a code of conduct Complying with the organization’s ethical values and code of conduct Rewarding employee commitment to the organization’s ethical values Establishing methods for reporting ethical violations Consistently enforcing disciplinary practices for all ethical violations

    22. Control Environment Actions reflect management’s basic beliefs regarding how the people and activities of an organization should be managed There are many styles and philosophies None are inherently right or wrong Some may be more effective than others

    23. Control Environment Elements affecting the entity’s philosophy and style The degree to which management is wiling to accept risks The degree of economic or regulatory control imposed by others Attitudes toward reporting (both financial and programmatic) and accountability

    24. Control Environment Characteristic of people who have the skill, knowledge, ability and tools to perform a task Management must ensure that staff possess the knowledge, skills, and ability necessary to do their jobs Management must ensure that staff have what they need – such as equipment, software and policy and procedure manuals

    25. Control Environment Management should reflect a commitment to: Establishing levels of knowledge and skill required for every position Verifying the qualifications of job candidates Hiring and promoting only those with the required knowledge and skills Establishing training programs that help employees increase their knowledge and skills

    26. Control Environment The attitude people have about their work, as exhibited by their confidence, their discipline, enthusiasm and their willingness to perform tasks

    27. Control Environment Management is responsible to maintain good Morale Staff should have a sense that: Their opinions and contributions are welcomed, valued and recognized The organization is willing to help improve their level of competency There is opportunity for continuous improvement They have a stake in the mission, goals and objective of the organization The lines of communication are open

    28. Control Environment Executive management should se a tone that emphasizes the importance of internal controls, including: Ongoing education to ensure everyone understands the internal control system and their role in it An openness to control self evaluations and internal and external audits of controls Responsiveness to issues raised as the result of the evaluations and audits Minimal and guarded use of control overrides

    29. Internal Control System

    30. Components of Internal Controls The exchange of information between and among people and organizations

    31. Communication A communication system consists of methods and records established to identify, capture and exchange useful information

    32. Communication Timely information is provided when the user needs it. Sufficiently detailed information to help the user achieve his or her objectives. Information should be tailored to the user.

    33. Communication Management should have clear internal communication channels that Inform employees of their duties and responsibilities Report sensitive matters Enable employees to provide suggestions for improvement Provide the information necessary for all employees to carry out their responsibilities effectively Convey top management’s message that internal control responsibilities are important and must be taken seriously

    34. Communication Good communication channels should allow management the means to tell employees: About the organization’s goals, objectives, policies and plans About their job descriptions Including the purpose of their work How employee’s efforts are linked to the organization’s strategic plan How employees contribute to achieving the organization’s mission

    35. Communication Management should establish mechanisms for employees to report sensitive matters without retribution Improper acts Unethical behavior To preserve effective communication, be receptive to negative messages Employee complaints Unfavorable customer feedback

    36. Communication Assessing and Managing Risk Control Activities Monitoring Evaluation

    37. Internal Control System

    38. Components of Internal Controls Risks are events that threaten the accomplishment of objectives There are both internal and external risks Examples of risks include: Human error Fraud System breakdowns Natural disasters

    39. Assessing and Managing Risk Identify each risk in terms of: Likelihood Significance or impact Cause

    40. Risk Assessment Process The probability that an unfavorable event would occur if there were no internal controls or limited internal controls

    41. Risk Assessment Process A measure of the magnitude of the effect on an organization if the unfavorable event were to occur Inherent Risk Innate to the program, function or activity Evaluated by the ultimate harm that may be done or the opportunity that may be lost

    42. Risk Assessment Process The Reason why an unfavorable event may occur

    44. Risk Assessment Process How to manage risk How to prevent or reduce risk How to schedule the frequency of internal control system evaluations How to manage risk during change

    45. Risk Assessment Process Accept the risk: Do not establish control activities Prevent or reduce the risk: Establish control activities Avoid the risk: Do not carry out the function

    46. Risk Assessment Process What is the cause of the risk? What is the cost of control vs. the cost of the unfavorable event? What is the priority of this risk?

    47. Risk Assessment Process New processes New systems Changes in job responsibilities Reorganizations Changes in personnel

    48. Internal Control System

    49. Components of Internal Controls The tools - both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the organization’s mission

    50. Control Activities The cost of the control activity should not exceed the cost incurred if the undesirable event occurred Build control activities into business processes and systems as the processes and systems are being designed The distribution of resources among the control activities should be based on the significance and likelihood of the risk it is preventing or reducing

    51. Control Activities Directive Laws, regulations Preventive Approvals, authorizations Detective Reconciliation’s, audits Corrective Training, supervision

    52. Control Activities Documentation Approval and Authorization Verification Supervision Separation of Duties Safeguarding Assets Reporting

    53. Control Activities Backup and Disaster Recovery Input Controls edit checks key verification redundancy checks echo checks completeness checks

    54. Control Activities Output Controls changes made to the master file error listings distribution registers end-of-job markers a quality assurance review

    55. Internal Control System

    56. Components of Internal Controls The ongoing review of the organization's daily activities and transactions to determine whether controls are effective in ensuring that operations work as intended.

    57. Monitoring Staff Monitor own work to ensure it is being done properly Correct the errors they identify Detect problems with existing control activities Report changes in their immediate internal and external environments

    58. Monitoring Supervisors Monitoring focus should be on ensuring that control activities are functioning properly the unit is accomplishing its goals the unit’s control environment is appropriate communication is open and sufficient risks and opportunities are identified and properly addressed

    59. Monitoring Middle Management Monitoring responsibilities should cover the review of how well controls are functioning in multiple units within an organization, and how well the supervisors are performing monitoring in their respective units. These mangers’ focus should be similar to that of supervisors, but extended to cover all the units for which they are responsible.

    60. Monitoring Executive Management Focus is on major divisions of the organization More emphasis on monitoring the organization’s achievement of its goals Monitor for the existence of risks and opportunities in either the internal or external environment

    61. Internal Control System

    62. Components of Internal Controls The process management uses to assess whether an organization’s operations are effective in achieving its mission Provide reasonable assurance that: the organization will likely achieve its mission, plans, objectives and goals the elements of the organization’s system of internal control are functioning effectively they can identify both risks to the organization and opportunities for improvement

    63. Evaluation Monitoring involves performing daily or routine procedures - like supervision, transaction review and problem resolution - that help to ensure operations are in compliance with the organization’s system of internal control. Evaluation, on the other hand, involves doing periodic assessments of the organization's performance over time.

    64. Evaluation Self-assessments Independent assessments

    65. Internal Controls The people of an organization, functioning as a team, set the limits for how good an organization will be. Internal controls are those elements of our day-to-day work activities that help ensure success.

More Related