200 likes | 213 Views
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987. Establish and maintain guidelines for a system of internal controls. Establish and maintain a system of internal controls and a program of internal control review.
E N D
New York State Internal Control Act of 1987 • Establish and maintain guidelines for a system of internal controls. • Establish and maintain a system of internal controls and a program of internal control review. • Make available to all a clear and concise statement emphasizing the importance of internal controls and the related responsibility of each employee. • Designate an Internal Control Officer. • Implement training and education efforts to ensure all have adequate awareness and understanding. • Periodically evaluate need for internal audit function.
SUNY Maritime’s Internal Control Program • Internal Control (IC) Steering Committee • Internal Control Officer – Elizabeth Praetorius • Segmentation of Campus or Assessable Units for IC Review (33 assessable units identified) • Vulnerability Assessments of All Units - Every 3 Years • Internal Control Reviews and Follow-up • Annual IC Summary & Certification – Due end of March • IC Program Training by Staff Level (Staff, Supervisors/ Managers, Executive Staff)
Internal Controls … Internal controls are the safeguards and management oversight designed to prevent, detect, and correct program and operational breakdowns and to ensure that goals are met. • Internal controls are the first defense to prevent and to detect fraud. • Are safeguards, but they do not guarantee success • Reflect the qualities of management – good and bad • Will succeed or fail depending on the attention people give it • Are built into an organization, not an added feature – part of the culture • Impact every aspect of the organization
Key Elements of Internal Control • Well defined mission • Accountability (at all levels) • Communication The purpose of internal control is to ensure we consistently do the right things the right way to achieve the right objectives, while managing risks that could prevent this.
COSO’s Internal Control Framework Control Activities • Policies/procedures that ensure management directives are carried out. • Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. Monitoring • Assessment of a control system’s performance over time. • Combination of ongoing and separate evaluation. • Management and supervisory activities. • Internal audit activities. Information and Communication • Pertinent information identified, captured and communicated in a timely manner. • Access to internal and externally generated information. • Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. Control Environment • Sets tone of organization-influencing control consciousness of its people. • Factors include integrity, ethical values, competence, authority, responsibility. • Foundation for all other components of control. Risk Assessment • Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives, forming the basis for determining control activities.
An Effective Control Environment Is a product of … • Management’s philosophy, style and supportive attitude • Competence • Ethical values • Integrity • Morale of the organization’s people • Organizational structure • Accountability relationships
Management should: • Lead by example to foster ethical values and integrity in the organization. • Communicate its commitment to Internal Controls. • Establish training programs to support staff development. • Foster positive employee morale and have a supportive attitude in the organization.
Managing Risk Internal control is to a large extent about managing risks. Risks to the College can be categorized under five headings: 1. Strategic 2. Financial 3. Compliance 4. Reputational 5. Operational
Managing Risk We must ensure each risk is assessed and handled properly. Risk Costs Benefits The cost of internal control should not exceed the benefit derived.
How does the College manage risks? • Plans • Policies • Procedures • Standard operating practices • Guidelines These, along with the positive attitudes and efforts of employees, help minimize risks to the College.
Risk Assessment • Risk should be assessed at all levels of an organization. • Risk measured in terms of likelihood and impact. • Risks should be appropriately managed (accepted, controlled, or avoided). • Corrective actions are essential to effective risk management.
Control Activities • Control activities are tools or processes- both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the College's objectives and mission. • Management should establish control activities to effectively and efficiently accomplish the College's objectives and mission.
Types of Control and Examples • Documentation – Policies and procedures • Records – Recording transactions & events • Authorization – Approving transactions • Structure – Separation of duties • Supervision – Monitoring control objectives • Security – Safeguarding resources
Who Is Responsible For Internal Control? EVERY ONE. • Senior management assures appropriate controls are in place for all operations. • Every employee follows controls and reports problems or improvements.
Responsibilities of Managers • Maintaining an office environment that encourages the design of internal controls (Set the “Tone”). • Ensure documentation of policies and procedures. • Identifying the control objectives for the functions and implementing cost effective controls designed to meet those objectives. • Regularly testing the controls to determine if they are performing as intended.
Leadership Responsibilities • Lead by example • Communicate and consult • Guide efforts towards mission • Show commitment to internal control • Balance accountability and support • Foster good morale • Look for ways to improve
Why Are Internal Controls Important? • Compliance with applicable laws/policies • Accomplishment of the mission • Relevant and reliable data • Economical and efficient use of resources • Safeguardassets Internal Control CARES!
Summary • Management Sets the Tone • All Employees Have responsibility for Internal Controls • Internal Controls is a Part of Everyday Operations • It’s the Law