1 / 43

Internal Controls & Risk Assessment

Internal Controls & Risk Assessment. Presented By: Donna Denker, CPA Donna Denker & Associates. Definition of Fraud. Per SAS 99 – (2002) – “An intentional act that results in material misstatement to the financial statements that are subject to an audit.”. Types of Fraud.

orsen
Download Presentation

Internal Controls & Risk Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Controls & Risk Assessment Presented By: Donna Denker, CPA Donna Denker & Associates

  2. Definition of Fraud Per SAS 99 – (2002) – “An intentional act that results in material misstatement to the financial statements that are subject to an audit.”

  3. Types of Fraud Financial Reporting Fraud Misappropriation of Assets External Fraud

  4. Common Misappropriation of Assets

  5. Stealing Cash which includes: Diverting cash receipts Lapping Stealing or forging checks Altering bank deposits Stealing petty cash

  6. Common Misappropriation of Assets (continued) • Creating fictitious vendors or overstating vendor accounts • Stealing inventory or equipment • Taking kickbacks • Abusing travel and entertainment reimbursements • Creating ghost employees or overstating hours worked

  7. Fraud Triangle

  8. COSO Report Defines internal controls Describes the components of effective internal controls Provides evaluation criteria for internal controls Guidance on management’s reporting of internal controls over financial reporting

  9. COSO Definition of Internal Controls A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objections in any of the following categories:

  10. COSO Definition (continued) Efficiency and effectiveness of operations Reliability of financial reporting Compliance with applicable laws and regulations

  11. COSO Components of Internal Control

  12. Control Environment – Foundation of People Integrity Ethical Values Competency

  13. Risk Assessment – Entity Activity Entity must be aware of and deal with risks it faces Entity must set objectives integrated with other activities so that the organization works together Entity must establish mechanisms to identify, analyze and manage the related risk

  14. Control Activities – Policies and Procedures Establishment of policies to ensure that risks are addressed Execution of policies to ensure they are carried out correctly and completely

  15. Information and Communication Systems to capture and exchange information

  16. Monitoring Monitoring all of the processes Allow modifications as necessary System should react dynamically by changing as conditions warrant

  17. Five Basic Financial Statement Assertions Existence or Occurrence Completeness Rights and Obligations Valuation and Allocation Presentation and Disclosure

  18. Board of Directors Role in Addressing the 5 Components Establish organization control environment Risk identification and analysis Communications Monitoring

  19. Inherent Limitations in Any Internal Control System Human judgment Breakdowns Management overrides Collusion

  20. Reasonable Assurancevs.Cost Benefit

  21. What should you be doing to address these requirements?

  22. Control Environment

  23. Integrity and Ethical Values Message from the board and management Ethics policy and repercussions for violations Conflict of Interest policies Recognizing temptations

  24. Commitment to Competence Hiring policies In-house or external training Outside consultants to supplement if needed Performance and skills evaluated periodically Board does performance and skills evaluations for management

  25. Oversight by Board or Council Understand your fraud risks Set the tone at the top – zero tolerance policy Oversee internal controls Retain outside experts when in doubt Ask questions and exercise skepticism Whistleblower program

  26. Management’s Philosophy Commitment to excellence All journal entries are authorized, supported and reviewed

  27. Organizational Structure Organizational chart Job descriptions Roles are supportive of financial reporting objectives

  28. Manner of Assigning Authority or Responsibility Considerations of segregation of responsibility Responsibilities are commiserate with authority Empowers employees

  29. Human Resources Policies and Procedures HR policies Job descriptions Pre-employment investigation Ensure appropriate training Regular performance evaluations Competency is considered Exit interview with staff

  30. Risk Assessments

  31. External Factors Funding agents and regulatory bodies Vendors Tribal Council Creditors Access to assets News media Changes

  32. Internal Factors Employees Technology Personnel practices Access to assets Changes

  33. Other Factors Previously identified failures Complexity of activities

  34. Activities Brainstorming sessions Regular management meetings to discuss issues Reacting to changes in a timely manner Education or training programs Supervision Personnel evaluations Segregation of duties Early identification of changes

  35. Control Activities • Physical Controls • Segregation of Duties • IT Controls • Management activities • Budget monitoring • Policy and procedures • Policies establish what should be done • Procedures establish how it should be done

  36. Information and Communication

  37. Internal Communications Staff to Staff Management to Staff Upward communication to Board

  38. External Communications Vendors Funding Agents Independent Auditors

  39. Forms of Communication Policies and procedures Management meetings Departmental meetings Financial Statements and Budget Reports External financial reporting Reports from External Auditors or Regulators

  40. Monitoring

  41. Management Activities Supervision of staff performance Budget to Actual expenditure comparisons Reconciliations and comparisons to physical assets Enforcement of policies

  42. Communications from Third Parties Bank and investment statements Vendors monthly statements Federal agencies communicating concerns External or internal auditors

  43. Questions?

More Related