330 likes | 527 Views
Business Office F inancial I nformation S ervices C onnecting A nd L eading. 1. Internal Controls. SAS NO. 78 CONSIDERATION OF I/C IN A F/S AUDIT: AN AMENDMENT TO SAS NO.55. Definition of I/C:
E N D
Business OfficeFinancial Information Services Connecting And Leading 1. Internal Controls
SAS NO. 78 CONSIDERATION OF I/C IN A F/S AUDIT: AN AMENDMENT TO SAS NO.55 Definition of I/C: “Internal control is a process - effected by an entity’s board of directors, management, and other personnel - designed to provide reasonableassurance regarding the achievement of objectives in the following categories: a) reliability of financial reporting b) effectiveness and efficiency of operations, c) compliance with applicable laws and regulations.”
SAS NO. 78 CONSIDERATION OF I/C IN A F/S AUDIT: AN AMENDMENT TO SAS NO.55 Five components of I/C: 1) Control environment 2) Risk assessment 3) Control activities 4) Information and communication 5) Monitoring
Control Environment • This component includes the attitude ofmanagement at all levels toward operations in general and specifically the concept of controls. This includes: • ethics, • competence, • integrity, • a demonstrated interest in the wellbeing of the organization and • organization structure and management's policies and philosophy.
Risk Assessment • This component is and has been a part of progressive internal audit activity. It involves: • identifying the risks in all areas of the organization • establishing the vulnerability of the organization through evaluating the risks. • The objectives in all aspects of the operation must be considered so as to assure that all parts of the organization are operating in concert.
Control Activities • This component includes those activities that are traditionally associated with the concept of internal control. These activities include: • approvals, • responsibilities • authorities, • separation of duties, • documentation, • reconciliation, • competent and honest personnel, • internal check, • and internal auditing. • These activities should be risk evaluated throughout the entire organization considering the organization as a universe.
Information and Communication • This component is an essential part of the management process. Management cannot function without current intelligence. • The communication of information relative to the operation of internal controls provides substance on which management can form its evaluations as to the control process effectiveness and to manage its operations.
Monitoring • Monitoring is the provision of dynamic rational evaluation of the information supplied by the communication of information for the purpose of control management.
Benefits of Control • Controls are means of helping managers achieve objectives and goals.
Benefits of Control(Cont.) • Management looks at control as a means of integrating personal and enterprise objectives to help people meet their goal
Benefits of Control(Cont.) • They can also activate individuals to improve their performance not just get by with what they are doing.
Benefits of Control(Cont.) • For example, it is well accepted that three conditions must exist before a person will embezzle an employer's funds: • unusual need (actual or perceived), (motive) • opportunity and • rationalization, (incentive)
Benefits of Control(Cont.) • Management can do little about how an employee perceives his or her needs. But by adequate control, the opportunity or temptation to embezzle can be removed or diminished.
Business OfficeFinancial Information Services Connecting And Leading 2. Fraud Awareness
Fraudulent and Dishonest Acts • According to Statements on AuditingStandards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, management is responsible for • designing and implementing systems and procedures for the prevention and detection of fraud • and, along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior.
Fraudulent and Dishonest Acts (Cont.) • The key components of a fraudprevention and detection program consist of • a culture of honesty and ethics, • fraud risk assessment and properly designed (mitigating) controls • an appropriate oversight process.
Definition of Fraud • A fraud or dishonest act generally involves a deliberate act or failure to act with the intention of • obtaining an unauthorized benefit • destruction of property • or otherwise fraudulent behavior.
Definition of Fraud(Cont.) • The Association of Certified Fraud Examiners (ACFE) defines “fraud” as: “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources orassets” (Report to the Nation on Occupational Fraud Abuse, 1999).
Definition of Fraud(Cont.) • Occupational fraud and abuse encompasses a wide variety of conduct by employees, managers, and principals or organizations ranging from pilferage to sophisticated investment swindles.
Definition of Fraud(Cont.) • The key is that the activity : • Is clandestine (held or done in secrecy or concealment for purposes of deception) • Violates the employee’s fiduciary duties to the organization. • Is committed for the purpose of direct or indirect financial benefit to the employee • Costs the employing organizations assets, revenues and reserves.
Examples Fraud or dishonest acts include, but are not limited to the following. • Theft or misappropriation of funds, long distance telephone services, supplies, property, computer software, intellectual property, or other resources. • Fictitious disbursements • Check tampering such as forged endorsement, altered payee, or concealed checks.
Examples (Cont.) • Fictitious write-offs and refunds • Fictitious vendor or employee or student payments. • False statement • False overtime • Petty theft and pilferage • False request for reimbursement • Forgery or alteration of documents
Examples (Cont.) • Bribery or attempted bribery • Invoice kickbacks • Bid rigging • Illegal gratuities • Economic extortion • Unauthorized use of records or access to information systems, including unauthorized sharing of computer security clearances
Examples (Cont.) • Unauthorized alteration, manipulation, or destruction of computer files and data • Falsification of reports to management or external agencies • Conflicts of interest that pursue a personal benefit or advantage while compromising the public interest • Improper handling or reporting of financial transactions
Examples (Cont.) • Financial asset misappropriation such as asset/revenue overstatements or understatements, fictitious revenues, concealed liabilities and expenses and improper asset valuations • Inaccurate employment credentials • Authorizing or receiving compensation for goods not received or services not performed
Examples (Cont.) • Authorizing or receiving compensation for hours not worked • Incurring obligations in excess of appropriation authority, and willful violation of laws, regulations or policies, or contractual obligations when conducting STC business • Use of College property for personal benefit • Payroll and sick time abuses
Employee Responsibilities • An employee with a reasonable basis for believing fraudulent or other dishonest acts have occurred has a responsibility to report the suspected act in a timely manner.
Employee Responsibilities (Cont.) • Reports should be made to the employee’s immediate supervisor or manager or Director of Human Resources. The employee should report in writing the following: • Department where it is occurring • What is occurring • When it occurred • Who is involved • How is it occurring
Employee Responsibilities (Cont.) • An employee may also report the fraudulent or dishonest act by calling the Anonymous Fraud and EthicsHotline at the number posted on the College’s website or the State Auditor’s Office Fraud, Waste, and/or Abuse Hotline at 1-800-TX-AUDIT. Employees may choose to remain anonymous.
Business OfficeFinancial Information Services Connecting And Leading 3. Abuse Awareness
Abuse • Abuse is distinct from fraud, illegal acts, and violations of provisions of contracts or grant agreements. When abuse occurs, no law, regulation, or provision of a contract or grant agreement is violated.
Abuse (Cont.) • Rather, abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances.
Abuse (Cont.) • We should be alert to situations or transactions that could be indicative of abuse.