Download presentation
Presentation is loading. Please wait.
Published byAubrey Hoover Modified over 8 years ago
1
SUNY Maritime Internal Control Program
2
New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls. Establish and maintain guidelines for a system of internal controls. Establish and maintain a system of internal controls and a program of internal control review. Establish and maintain a system of internal controls and a program of internal control review. Make available to all a clear and concise statement emphasizing the importance of internal controls and the related responsibility of each employee. Make available to all a clear and concise statement emphasizing the importance of internal controls and the related responsibility of each employee. Designate an Internal Control Officer. Designate an Internal Control Officer. Implement training and education efforts to ensure all have adequate awareness and understanding. Implement training and education efforts to ensure all have adequate awareness and understanding. Periodically evaluate need for internal audit function. Periodically evaluate need for internal audit function.
3
SUNY Maritime’s Internal Control Program Internal Control (IC) Steering Committee Internal Control (IC) Steering Committee Internal Control Officer – Elizabeth Praetorius Internal Control Officer – Elizabeth Praetorius Segmentation of Campus or Assessable Units for IC Review (33 assessable units identified) Segmentation of Campus or Assessable Units for IC Review (33 assessable units identified) Vulnerability Assessments of All Units - Every 3 Years Vulnerability Assessments of All Units - Every 3 Years Internal Control Reviews and Follow-up Internal Control Reviews and Follow-up Annual IC Summary & Certification – Due end of March Annual IC Summary & Certification – Due end of March IC Program Training by Staff Level IC Program Training by Staff Level (Staff, Supervisors/ Managers, Executive Staff)
4
Internal Controls … Internal controls are the safeguards and management oversight designed to prevent, detect, and correct program and operational breakdowns and to ensure that goals are met. Internal controls are the first defense to prevent and to detect fraud. Internal controls are the first defense to prevent and to detect fraud. Are safeguards, but they do not guarantee success Are safeguards, but they do not guarantee success Reflect the qualities of management – good and bad Reflect the qualities of management – good and bad Will succeed or fail depending on the attention people give it Will succeed or fail depending on the attention people give it Are built into an organization, not an added feature – part of the culture Are built into an organization, not an added feature – part of the culture Impact every aspect of the organization Impact every aspect of the organization
5
Key Elements of Internal Control Well defined mission Well defined mission Accountability (at all levels) Accountability (at all levels) Communication Communication The purpose of internal control is to ensure we consistently do the right things the right way to achieve the right objectives, while managing risks that could prevent this. The purpose of internal control is to ensure we consistently do the right things the right way to achieve the right objectives, while managing risks that could prevent this.
6
COSO’s Internal Control Framework 9 Control Activities Policies/procedures that ensure management directives are carried out. Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. Monitoring Assessment of a control system’s performance over time. Combination of ongoing and separate evaluation. Management and supervisory activities. Internal audit activities. Control Environment Sets tone of organization-influencing control consciousness of its people. Factors include integrity, ethical values, competence, authority, responsibility. Foundation for all other components of control. Information and Communication Pertinent information identified, captured and communicated in a timely manner. Access to internal and externally generated information. Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. Risk Assessment Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives, forming the basis for determining control activities.
7
An Effective Control Environment Is a product of … Management’s philosophy, style and supportive attitude Management’s philosophy, style and supportive attitude Competence Competence Ethical values Ethical values Integrity Integrity Morale of the organization’s people Morale of the organization’s people Organizational structure Organizational structure Accountability relationships Accountability relationships
8
Management should: Lead by example to foster ethical values and integrity in the organization. Lead by example to foster ethical values and integrity in the organization. Communicate its commitment to Internal Controls. Communicate its commitment to Internal Controls. Establish training programs to support staff development. Establish training programs to support staff development. Foster positive employee morale and have a supportive attitude in the organization. Foster positive employee morale and have a supportive attitude in the organization.
9
Managing Risk Internal control is to a large extent about managing risks. Risks to the College can be categorized under five headings: 1. Strategic 2. Financial 3. Compliance 4. Reputational 5. Operational
10
Managing Risk The cost of internal control should not exceed the benefit derived. Costs Benefits Risk We must ensure each risk is assessed and handled properly.
11
How does the College manage risks? Plans Plans Policies Policies Procedures Procedures Standard operating practices Standard operating practices Guidelines Guidelines These, along with the positive attitudes and efforts of employees, help minimize risks to the College.
12
Risk Assessment Risk should be assessed at all levels of an organization. Risk measured in terms of likelihood and impact. Risks should be appropriately managed (accepted, controlled, or avoided). Corrective actions are essential to effective risk management.
13
Control Activities Control activities are tools or processes- both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the College's objectives and mission. Control activities are tools or processes- both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the College's objectives and mission. Management should establish control activities to effectively and efficiently accomplish the College's objectives and mission. Management should establish control activities to effectively and efficiently accomplish the College's objectives and mission.
14
Types of Control and Examples Documentation – Policies and procedures Documentation – Policies and procedures Records – Recording transactions & events Records – Recording transactions & events Authorization – Approving transactions Authorization – Approving transactions Structure – Separation of duties Structure – Separation of duties Supervision – Monitoring control objectives Supervision – Monitoring control objectives Security – Safeguarding resources Security – Safeguarding resources
15
Who Is Responsible For Internal Control? Who Is Responsible For Internal Control? EVERY ONE. Senior management assures appropriate controls are in place for all operations. Senior management assures appropriate controls are in place for all operations. Every employee follows controls and reports problems or improvements. Every employee follows controls and reports problems or improvements.
16
Responsibilities of Managers Maintaining an office environment that encourages the design of internal controls (Set the “Tone”). Maintaining an office environment that encourages the design of internal controls (Set the “Tone”). Ensure documentation of policies and procedures. Ensure documentation of policies and procedures. Identifying the control objectives for the functions and implementing cost effective controls designed to meet those objectives. Identifying the control objectives for the functions and implementing cost effective controls designed to meet those objectives. Regularly testing the controls to determine if they are performing as intended. Regularly testing the controls to determine if they are performing as intended.
17
Leadership Responsibilities Lead by example Lead by example Communicate and consult Communicate and consult Guide efforts towards mission Guide efforts towards mission Show commitment to internal control Show commitment to internal control Balance accountability and support Balance accountability and support Foster good morale Foster good morale Look for ways to improve Look for ways to improve
18
Why Are Internal Controls Important? Compliance with applicable laws/policies Compliance with applicable laws/policies Accomplishment of the mission Accomplishment of the mission Relevant and reliable data Relevant and reliable data Economical and efficient use of resources Economical and efficient use of resources Safeguard assets Safeguard assets Internal Control CARES!
19
Summary Management Sets the Tone Management Sets the Tone All Employees Have responsibility for Internal Controls All Employees Have responsibility for Internal Controls Internal Controls is a Part of Everyday Operations Internal Controls is a Part of Everyday Operations It’s the Law It’s the Law
20
THANK YOU….
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.