1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY
2 CONTROL OBJECTIVES Effective and efficient operations in achieving organizational goals Reliable financial reporting Compliance with applicable laws and regulations Protection of assets
3 COSO Internal Control is a process Its effectiveness depends upon the state of that process at one or more POINTS IN TIME Thus, it is an ongoing process that consists of 5 interrelated components
4 COSO’s FIVE COMPONETS Control Environment Risk Assessment Control Activities Information and Communication Monitoring
5 CONTROL ENVIRONMENT Does Management set the proper “TONE AT THE TOP”? Are there Code of Conduct and Conflict of Interest policies? Does the Board of Directors include members independent of management? Is there an effective Compliance Program in place?
6 RISK ASSESSMENT The identification and analysis of risks in achieving objectives, and how to manage those risks. Are the objectives clear? Have both internal and external risks been identified? Are entity goals communicated?
7 CONTROL ACTIVITIES Policies and procedures to implement management’s directives. Adequate separation of duties. Proper safeguarding of computer system hardware & software.
8 INFORMATION & COMMUNICATION Timely capturing & communicating of meaningful data needed to effectively carryout the entities’ objectives, policies and procedures. A formalized way to report improprieties and protect those that make such reports. Communication to vendors concerning the entities’ policies on ethics and gifts. Management follow-up on information received from various sources.
9 MONITORING The internal and external processes of evaluating and assessing Internal Controls. Accumulating evidence that controls are functioning. Responsiveness to recommendations for improvements.
10 WHAT CAN CONTROLS DO? Can help an entity achieve its objectives and prevent loss of assets. Can help ensure reliable financial reporting. Can help ensure compliance with laws and regulations and the entities’ policies and procedures. Can help an entity avoid damage to its reputation.
11 WHAT CAN CONTROLS NOT DO? Can only assist in the proper management of an organization—BUT CANNOT: Prevent management overriding controls Prevent faulty decisions or collusion Ensure organizational success or even its continued existence Internal Controls can provide only reasonable assurances—no absolutes!
12 IN SHORT Internal Control is everyone’s responsibility But ultimately, Management must take ownership of the Internal Control process
13 THE QUESTION: HOW DO YOU RELATE ALL THAT INFORMATION TO A DEPARTMENT DIRECTOR WHO HAS A LOT TO DO AND IS NOT BUISNESS ORIENTED?
14 INTERNAL CONTROLS Are Formal and Informal Policies and Procedures
15 Purpose Ensure Good Financial Management Safeguard Assets Ensure Compliance with Requirements
16 In Short, Internal Controls are intended to provide reasonable assurance that want you want to happen does indeed happen.
17 Good Internal Control also means that you are able to PREVENT PROBLEMS before they occur or DETECT PROBLEMS soon after they occur.
18 So what? The possible consequences of not having good controls
19 FUNDS DIVERTED TO A PRIVATE BANK ACCOUNT BECAUSE: NO RECONCILIATION OF TICKET SALES TO REVENUE COLLECTED ONE PERSON WAS ALLOWED COMPLETE CONTROL OVER TICKET SALES, DEPOSITS, AND ACCOUNTING WITHOUT ADEQUATE OVERSIGHT
20 LOSS OF FUNDS BECAUSE: MONEY TAKEN BEFORE EVER RECORDED IN DEPARTMENT’s ACCOUNTING SYSTEM ONE PERSON HAD COMPLETE CONTROL OF COLLECTIONS AND ACCOUNTING PROCESS WITHOUT OVERSIGHT
21 REVENUE NEVER DEPOSITED BECAUSE: NO RECONCILIATION OF REVENUE PER RECEIPT BOOKS TO FUNDS ACTUALLY DEPOSITED ONE PERSON ALLOWED COMPLETE CONTROL WITH NO OVERSIGHT
22 CHARACTERISTICS COMMON TO EMPLOYEE MISCONDUCT Motive Rationalization Opportunity
23 But I Trust my Employees Good Internal Control has nothing to do with not trusting people. The purpose of good administrative practices is to ensure that what you want to happen does indeed happen. A nice side benefit is that good controls are also the best defense against intentional misconduct.
24 So how do I achieve Good Internal Control? It Begins In the Departments!
25 Major Elements of INTERNAL CONTROL ATTITUDE AND INVOLVEMENT DOCUMENTATION TRAINING SECURITY SEPARATION OF DUTIES
26 MANAGEMENT ATTITUDE & INVOLVEMENT REQUIRE and SUPPORT POLICIES and PROCEDURES AUTHORIZE TRANSACTIONS REVIEW ACTIVITY REVIEW FINANCIAL REPORTS
27 DOCUMENTATION JOB DESCRIPTIONS DEPARTMENT POLICIES AND PROCEDURES (WORKFLOW) PRENUMBERED RECEIPTS
28 DOCUMENTATION TRANSFER OF FUNDS PROPER EXPENDITURE AUTHORIZATIONS FINANCIAL RECORDS & REPORTS
29 TRAINING TRAIN AND CROSS-TRAIN STAFF DOCUMENT DEPARTMENT POLICIES AND PROCEDURES
30 SECURITY SECURE CASH AND CHECKS DEPOSIT FREQUENTLY NO LOCAL BANK ACCOUNTS (WITHOUT APPROVAL)
31 SECURITY STAMP CHECKS “For Deposit Only” WHEN RECEIVED
32 SECURITY FIX CASH RESPONSIBILITY TO ONE PRESON AT A TIME ACCOUNT FOR and SECURE PROPERTY SECURE COMPUTER NETWORKS.
33 Separation of Duties Don’t Allow Any One Person Complete Control Over a Process or Activity Without Management Review or Oversight
34 THE BASICS FOR DEPT DIRECTORS Authorize the expenditure of department funds (purchases and employment). Check report of salaries paid on periodic basis. Review monthly financial reports.
35 Risk Categories per COSO Strategic - relates to high level goals of org. Operations - relates to effective and efficient use of resources. Reporting - relates to reliability of reports Compliance - relates to applicable laws, etc.
36 ERM ERM is Enterprise-wide Risk Management. Involves the systematic identification and prioritizing of all the risks that an organization faces in day-to-day operations. Best done by operating personnel using facilitators and tools to capture the information. Develop methods, including good internal controls, to address risks.
37 Dennis Moss University Director Internal Audit University of Kansas Phone: