1 / 37

Internal Controls

Internal Controls. HRFIN102. Agenda. Background UM’s Internal Audit Function Why Internal Controls? Who is Responsible? Five Elements of Internal Control Basic Internal Control Assessment. UM’s Internal Audit Function.

Download Presentation

Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internal Controls HRFIN102

  2. Agenda • Background • UM’s Internal Audit Function • Why Internal Controls? • Who is Responsible? • Five Elements of Internal Control • Basic Internal Control Assessment

  3. UM’s Internal Audit Function • Committed to improving the University by maintaining a balance between: • Scheduled audits • External audit liaison • Special projects • Investigations • Training services • Our services focus on compliance, departmental, performance, information technology, and financial related controls that help ensure the excellence and integrity of the University's ongoing operations.

  4. UM’s Internal Audit Function • The Internal Audit role is to examine the adequacy and effectiveness of the University internal controls and make recommendations where control improvements are needed. • Internal Audit must remain independent and objective. • We cannot have the primary responsibility for establishing or maintaining internal controls. • The effectiveness of the internal controls are enhanced through the reviews performed and recommendations made by Internal Audit.

  5. UM’s Internal Audit Function

  6. Why Internal Controls? • Internal controls MUST be an integral part of theUniversity’s financial and business policies and procedures. • Internal controls consist of all the measures taken by the University for the purpose of: • Protecting its resources against waste, fraud, and inefficiency • Ensuring accuracy/reliability in accounting and operating data • Securing compliance with University policies and procedures • Evaluating the level of performance in all University units Internal controls are simply good business practice!

  7. Who is Responsible? • Everyone within the University has some role in internal controls. • The roles vary depending upon the level of responsibility and the nature of involvement by the individual. • The Montana Board of Regents, President, and senior executives establish the presence of integrity, ethics, competence, and a positive control environment.

  8. Who is Responsible? • The Deans/Directors/Chairs have oversight responsibility for internal controls within their units. • Managers and supervisory personnel are responsible for executing control policies and procedures at the detail level within their specific unit. • Each individual within a unit is to be cognizant of proper internal control procedures associated with their specific job responsibilities.

  9. Five Elements of Internal Control • Internal control systems operate at different levels of effectiveness. • Determining whether a particular internal control system is effective is a judgment resulting from an assessment of these five components: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring

  10. 1. Control Environment • The control environment, as established by the University’s administration, sets the tone and influences the control consciousness of its people. • Leaders of each department, area, or activity establish a local control environment. • Control environment factors include: • Integrity and ethical values • The commitment to competence • Leadership philosophy and operating style • The way management assigns authority/responsibility and organizes/develops its people

  11. 2. Risk Assessment • The process of identifying and analyzing risk is an ongoing process and is a critical component of an effective internal control system. • Attention must be focused on risks, at all levels, and necessary actions must be taken to manage. • After risks have been identified, they must be evaluated.

  12. 3. Control Activities • Control activities are the policies and procedures that help ensure management directives are carried out. • Control activities occur throughout the organization, at all levels, and in all functions. They include a range of activities such as: • Approvals • Authorizations • Verifications • Reconciliations • Reviews of operating performance • Security of assets • Segregation of duties • Control activities usually involve two elements: • Apolicy establishing what should be done • Procedures to effect the policy

  13. 4. Information and Communication • Pertinent information must be identified, captured, and communicated in a form and time frame that enables people to carry out their responsibilities. • Effective communication must occur in a broad sense, flowing down, across, and up the organization. • All personnel must receive a clear message from top management that control responsibilities must be taken seriously. • They must understand their own role in the internal control system as well as how individual activities relate to the work of others.

  14. 5. Monitoring • Internal control systems need to be monitored. • Need to assess the quality of the internal control system's performance over time. • The scope and frequency of separate evaluations depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. • Internal control deficiencies should be reported upstream, with serious matters reported immediately to top administration and governing boards.

  15. Components of the Control Activity • Personnel • Need to be competent and trustworthy, with clearly established lines of authority and responsibility documented in written job descriptions and procedures manuals. • Organizational charts provide a visual presentation of lines of authority and periodic updates of job descriptions ensures that employees are aware of the duties they are expected to perform.

  16. Components of the Control Activity • Authorization • Procedures need to include a thorough review of supporting information to verify the validity of transactions. • Approval authority should correspond with the nature and significance of the transactions and in compliance with University policy.

  17. Components of the Control Activity • Segregation of Duties • Reduce the likelihood of errors and irregularities. • An individual is not to have responsibility for more than one of the three transaction components: • Authorization • Custody • Record keeping • When the work of one employee is checked by another, and when the responsibility for custody for assets is separate from the responsibility for maintaining the records relating to those assets, there is appropriate segregation of duties.

  18. Components of the Control Activity • Physical Restrictions • Most important type of protective measures for safeguarding University assets, processes, and data.

  19. Components of the Control Activity • Documentation and Record Retention • Provide reasonable assurance that all information and transactions of value are accurately recorded and retained. • Records are to be maintained and controlled in accordance with the established retention period and properly disposed of in accordance with established procedures.

  20. Components of the Control Activity • Monitoring Operations • Essential to verify that controls are operating properly. • Reconciliations, confirmations, and exception reports can provide this type of information.

  21. Internal Control Limitations • There is no such thing as a perfect control system. • Often why Internal Audit says, “It depends!” • Staff size limitations may obstruct efforts to properly segregate duties, which requires the implementation of compensating controls to ensure that objectives are achieved. • A constraint in any system is the element of human error, misunderstandings, fatigue, and stress. • Encourage employees to take earned vacation time in order to improve operations through cross-training while enabling employees to overcome or avoid stress and fatigue.

  22. Internal Control Limitations • The cost of implementing a specific control should not exceed the expected benefit of the control. • Sometimes there is no out-of-pocket costs to establish an adequate control. • A realignment of duty assignments may be all that is necessary to accomplish the objective. • In analyzing the pertinent costs and benefits, managers also need to consider the possible ramifications for the University at large.

  23. Internal Control Limitations • Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not always a simple task and cannot always be accomplished through a short set of quick fixes.

  24. Basic Internal Control Assessment • Should take this self-assessment annually. • These basic internal controls are NOT all-inclusive. • If you have any questions, please contact the Internal Audit Office at 406.243.6417

  25. Organizational • The department has an organizational chart. • The department has a statement of mission and objective. • The department has current departmental policies and procedures and employee desktop manuals. • The department has a current website on the University website.

  26. Reconciliation of Accounts • Documentation (hard copy/electronic file) exists to support timely reconciliation of departmental accounts on a consistent basis. • Documentation exists to support that reconciliations are reviewed in a timely manner by the appropriate department head and/or signature authority.

  27. Cash Receipting/Handling • Documentation (hard copy/electronic file) exists to support that cash receipts/deposits are reconciled. • Duties related to receipting, depositing, and reconciliation of funds are adequately separated. • Checks are restrictively endorsed upon receipt. • A pre-numbered receipt, cash log, or register tape is used to document cash received. • The department receives payment by credit cards and is Payment Card Industry (PCI) compliant.

  28. Cash Receipting/Handling • Funds are adequately safeguarded until deposited at the Business Services - Treasury. • University Police escort is used for deposits over $1000. • Petty cash funds (if used by the department) are properly established. • Petty cash funds are periodically counted by custodian and confirmed by a witness to ensure the full amount is accounted for. • The department does NOT have an external bank account.

  29. Long Distance Phone Charges • The department signature authority or his/her designee reviews monthly long distance phone charges.

  30. Property Accounting • The department monitors and conducts in-house audits (verification) of their property. • Individuals assigned equipment have completed an inventory loan receipt. • The department has a University vehicle.

  31. Procurement and Travel • The department has reviewed the purchasing guidelines. • Requisition and invoice input, approval, and account reconciliation functions are separated within the department. • Procurement cards are stored in a secure location while not in use. • Department reconciles procurement card receipts in a timely manner.

  32. Procurement and Travel • The department employees have reviewed the procurement card policies and procedures. • All personnel that travel on University business prepare the necessary permission to travel documents and retain original receipts for reimbursement. • If the department's business requires them to incur certain entertainment expenses, the departmental personnel are aware of the entertainment policies and procedures. • If the department's business requires them to incur technology purchases, the departmental personnel are aware of the policies and procedures pertaining to technology purchases.

  33. Human Resources and Payroll • Leave usage is approved timely by department head/signature authority for exempt and non-exempt employees. • Time sheets are maintained by the department for all non-exempt employees. • Time sheets record actual hours worked, leave time, and compensatory time (non-exempt employees). • Time sheets are signed and dated by employee after the time period being reported (non-exempt employees). • Time sheets are signed and dated by supervisor after the time period being reported (non-exempt employees). • Documentation exists to support proper approval of overtime pay (non-exempt employees).

  34. Human Resources and Payroll • The department follows University overtime guidelines (non-exempt employees). • Documentation (hard copy/electronic file) exists to support monitoring, reconciliation, and approval of compensatory time and usage (non-exempt employees). • Documentation (hard copy/electronic file) exists to support that payroll reports are reconciled. • Departmental procedures are in place to help ensure that termination documents are processed, and appropriate personnel are notified in a timely manner. • Annual performance evaluations are conducted for all employees and results are submitted through proper channels.

  35. Technology • Department staff has read and understands the acceptable use policy for computers. • The department is aware of the procedures to surplus old computers/devices and remove them off of the department's inventory. • Employees have read and understand the email use policy. • Department employees have read and understand the password policy.

  36. Internal Audit Control Self Assessment • http://www.umt.edu/iaud/csa.php

  37. Contact Information Anta Coulibaly Director of Internal Audit University of Montana University Hall 018 Missoula, MT 59812-4032 406.243.2545 Anta.coulibaly@mso.umt.edu

More Related