1 / 44

Understanding Internal Controls

Understanding Internal Controls. Presented by Megan Gomez, Internal Auditor Audit & Specialized Accounting Division. Training Objectives. What you should know after this discussion Internal Control Myths & Facts Definitions Who needs it? Components of Internal Control Making it real

peyton
Download Presentation

Understanding Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Understanding Internal Controls Presented by Megan Gomez, Internal Auditor Audit & Specialized Accounting Division

  2. Training Objectives What you should know after this discussion • Internal Control • Myths & Facts • Definitions • Who needs it? • Components of Internal Control • Making it real • How you can help!

  3. Internal Controls Are… Actions taken by management, the board of supervisors, and other parties to enhance risk management and increase the likelihood that established objectives and goals will be achieved.

  4. Myths & Facts • MYTH #1: Internal Control – That’s the Internal Auditors’ job! • FACT #1: While Internal Auditors do play a key role in the system of control, management is the primary owner of internal control.

  5. Myths & Facts • MYTH #2: Internal Control starts with a strong set of policies and procedures. • FACT #2: Internal Control starts with a strong control environment.

  6. Myths & Facts • MYTH #3: Internal Control is a finance thing. • FACT #3: Internal Control is integral to every aspect of business.

  7. Myths & Facts • MYTH #4: Internal Controls are essentially negative, like a list of “thou-shalt-nots”. • FACT #4: Internal Control makes the right things happen the first time, and every time.

  8. Myths & Facts • MYTH #5: If controls are strong enough, we can be sure financial statements will be accurate. • FACT #5: Internal Control provides reasonable, but not absolute, assurance that the organization’s objectives will be achieved.

  9. Myths & Facts • MYTH #6: Internal Controls take time away from our core activities of making products and serving customers. • FACT #6: Internal Controls should be built “into”, not “onto”, business processes.

  10. Myths & Facts • MYTH #7: With budget cuts and downsizing, we have to give up a certain amount of control. • FACT #7: With budget cuts and downsizing, we need different forms of control.

  11. Internal Control “gets us to where we want to go, without surprises along the way. Internal Control is everyone’s responsibility… Internal control is me.” -From Cargill Corporations’ Internal Control Statement

  12. What Internal Controls do… • Communicate vision and objectives • Protect assets • Comply with laws and regulations • Provide boundaries • Utilize resources efficiently & effectively • Promote financial reliability and integrity • Monitor results • Provide feedback

  13. Examples of Internal Control Think about what you do…at home: • Lock your home and vehicle • Keep your ATM/debit card PIN number secure • Review bills and statements before paying them • Reconcile your bank statement • Don’t leave blank checks or cash lying around • Expect your children to ask permission before they do certain things

  14. Examples of Internal Control Think about what you do…at work: • Lock County vehicles, desk drawers • Change your computer passwords, keep secure • Check vendor invoices against source documents • Locked cash drawers, secure storage for warrants • Daily deposit of cash receipts • Authorization required for certain activities

  15. So… who needs it? • County Residents • Board of Supervisors • Financial Institutions • Rating Agencies • Granting Bodies • Government • Management and staff

  16. Components of Internal Control Who is responsible for Internal Control? Management

  17. Components of Internal Control Control Environment The foundation upon which everything rests

  18. Control Environment Key Factors - Management’s Attitude: “Tone at the Top” Individual Attributes: Integrity, ethical values, competence

  19. Components of Internal Control Risk Assessment

  20. What is Risk? Anything that could negatively impact the County’s ability to meet its operational objectives.

  21. Changes that Affect Risk Levels • Globalization • Organizational Ethics • Financial Demands • Technology • Consolidations and Alliances • Legislative Imperatives Risk cannot be avoided or ignored!

  22. How to Identify Risk • What could go wrong? • How could we fail? • What must go right to succeed? • What decisions require the most judgment? • What activities are the most complex? • What activities are regulated? • On what do we spend the most money? • How is related revenue collected? • On what information do we rely most? • What assets do we need to protect? • How could our operations be disrupted?

  23. 5 Types of Risk • Strategic • Financial • Regulatory (Compliance) • Reputational • Operational

  24. Conditions that Increase Risk • Lack of segregation of duties • Too much trust • Lack of follow-up • Lack of knowledge of Policies & Procedures • Lack of control over: • Cash • Purchasing of supplies/materials

  25. Components of Internal Control Control Activities

  26. Control Activities Actions supported by policies and procedures that help assure management directives that address risks are carried out properly and in a timely manner.

  27. Examples of Control Activities • Authorization and approval procedures • Review of operating performances • Supervision: assigning, reviewing/approving, guidance, training • Segregation of duties • Controls over access to resources and records • Reconciliations • Verifications • Reviews of processes and activities

  28. Types of Control Activities • Directive • Preventive • Detective • Corrective • Recovery Policies & Procedures Purchase Requisition Approval Procedures Passwords Data input validation Cash Counts Bank Reconciliations Payroll report review Compare statements to source documents Compare budget to actual spending

  29. Components of Internal Control Monitoring

  30. Monitoring Activities • Ongoing Monitoring • Covers each component • Action against deficiencies • Separate Evaluations • External auditors • Internal auditors • Findings reported to management

  31. Components of Internal Control Information & Communication

  32. Information & Communication • Management Decisions • Reliable Reporting • Effective Communication

  33. Quick Quiz! Which of the following best describes segregation of duties: • Split the work so no one has to work more than anyone else. • When you make sure you have one person reconciling all the transactions. • Procedures designed to ensure one individual cannot complete an entire transaction. • Something you can only achieve when you have at least five accounting personnel.

  34. Quick Quiz! Until deposited, cash receipts should be stored: • In a sealed Ziplock bag. • In a zippered bank bag in the Department Head’s desk drawer. • In a secured, locked location at the department/division. • By the Department Head in his/her home for safekeeping.

  35. Quick Quiz! Checks should be restrictively endorsed just prior to deposit. TRUE FALSE

  36. Case Studies “The Employee Bonus” “The Favored Vendor” Stories summarized from Internal Auditor magazine

  37. Recent Headlines September 23, 2008 Press Enterprise “Former Fire Department employee pleads guilty in $1.2 million embezzlement scheme” September 21, 2008 Personal Computer World “Downturn brings risk to the fore” September 21, 2008 The Washington Post “Financial titans’ fall promises big shifts ahead” December 6, 2007 Press-Enterprise “Redlands treasurer pleads not guilty; his attorney reports “bombshell: two sets of books” November 3, 2007 The Californian “Murrieta audit notes deficiencies” August 2006 GovPro.com “P-card transactions raise control concerns”

  38. Why Controls Don’t Always Work • Inadequate knowledge of policies or governing regulations • Inadequate segregation of duties • Inappropriate access to assets • Form over substance • Control override • Inherent limitations

  39. Control Awareness Can… • Create a culture in which every employee understands internal control. • Make internal control an integral part of everyone’s job responsibilities. • Effectively manage risk.

  40. How you can help! • Current policies and procedures • Communicate authorization limits • Safeguard assets and data • Document control • Visible/legible authorization • Understand your risks • Adhere to County policies and codes

  41. How you can help! • Establish Objectives and Measures • Track performance • Evaluate Success!

  42. How you can help! When thinking about controls, consider: • Propriety of transactions • Reliability/integrity of information • Compliance with policies & regulations • Safeguarding assets • Economy/efficiency of operations

  43. Internal Auditing Can Help Control self-assessment (CSA) program

  44. Questions ? ? ? ? ? ? ? ? ? ?

More Related