Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing Good Internal Control

Published byDonna Hart Modified over 6 years ago

Similar presentations

Presentation on theme: "Developing Good Internal Control"— Presentation transcript:

1 Developing Good Internal Control
North central Florida FGFoa chapter Presented By: Donna Collins Milestone professional services

2 Developing Good Internal Control
Objectives of this Session: Discuss a possible framework for developing excellent internal control Overview of the COSO Framework Highlight two I/C principles often overlooked Fraud Risk Assessment Well Developed Monitoring Controls Limitations of Internal Control Practical Applications for creating excellent I/C Identify red flags that expose potential control issues Review some thoughts on auditor’s expectations regarding the internal control environment

3 Developing Good Internal Control
Overview of the COSO framework

4 Overview of the Framework
COSO (Committee of Sponsoring Organizations) of the Treadway Commission released its original guidance, Internal Control – Integrated Framework, in 1992. The document was recognized as leading framework for designing, implementing and conducting internal control and assessing the effectiveness of internal control. It was updated in 2013.

5 Overview of the Framework
The original framework defined internal control as: “… a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations”

6 Overview of the Framework
The original framework contained: Five components of internal control (Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities) Three categories of Objectives (Operations, Financial Reporting and Compliance) A discussion of fundamental concepts that were vital to a properly functioning internal control structure The standard for internal control guidance on development and assessment for 20 years

7 Overview of the Framework
Why update the model? Expectations for governance oversight Globalization of markets and operations Changes and greater complexities in business Demands and complexities in laws, rules, regulations and standards Expectations for competencies and accountabilities Use of, and reliance on, evolving technologies Expectations relating to preventing and detecting fraud

8 What has not Changed and What has
What has changed Core definition of I/C Three categories of objectives and five components of I/C Each of five components are required for effective I/C Role of judgment in designing, implementing and conducting I/C and in assessing its effectiveness Changes in business and operating environments considered Operations and reporting objectives expanded Codification of fundamental concepts into 17 principles Additional approaches and examples relevant to operations, compliance and non-financial reporting objectives added

9 What has not Changed and What has
The New COSO Framework defines internal control: “Internal Control is a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” Thus, I/C does not provide absolute assurance, is affected by people, and geared toward the achievement of objectives of the organization Objective setting is integral to I/C

10 What has not Changed and What has
Some of the more significant changes Fundamental concepts in original framework now codified into 17 principles in the new model. Framework expanded to include other types of reporting such as non-financial and internal reporting. Original framework focused only on financial reporting. Certain key areas of concern are specifically addressed such as fraud and the role of technology. Significant business model changes such as joint ventures and out-s0urcing of key areas and their impact on the internal control structure are addressed.

11 Internal Control Principles
Each of the five components of internal control now has principles that articulate effective control for that component. Each principle must be present and functioning for the related component to be considered present and functioning. Present – relevant principles exist in the design and implementation of the system of I/C to achieve specified objectives Functioning – relevant principles continue to exist in the conduct of the system of I/C to achieve specified objectives

12 Internal Control Principles
The characteristics of the principles are outlined in 83 related Points of Focus. Points of Focus are an evaluation tool and may not all be applicable to each principle. Documentation related to I/C must address each of the 17 principles and whether they are present and functioning but does not have to touch on each Point of Focus

13 Internal Control Principles
Control Environment: 1) Demonstrates commitment to integrity and ethical values 2) Exercises oversight responsibility 3) Establishes structure, authority and responsibility 4) Demonstrates commitment to competence 5) Enforces accountability

14 Internal Control Principles
Risk Assessment: 6) Specifies relevant objectives 7) Identifies and analyzes risk 8) Assesses fraud risk 9) Identifies and analyzes significant change

15 Internal Control Principles
Control Activities: 10) Selects and develops control activities 11) Selects and develops general controls over technology 12) Deploys through policies and procedures

16 Internal Control Principles
Information and Communication: 13) Uses relevant information 14) Communicates internally 15) Communicates externally

17 Internal Control Principles
Monitoring Activities: 16) Conducts ongoing and/or separate evaluations 17) Evaluates and communicates deficiencies

18 Point of Focus Example Control Environment Component (Principle 1)
The organization demonstrates a commitment of integrity and ethical values. Points of Focus: Sets the Tone at the Top Establishes Standards of Conduct Evaluates Adherence to Standards of Conduct Addresses Deviations in Timely Manner

19 Point of Focus Example Control Environment Principle 1
-Points of Focus may not be suitable or relevant and others may be identified. -Points of Focus may facilitate designing, implementing and conducting internal control. -There is no requirement to separately assess whether Points of Focus are in place. -In this example you are looking to demonstrate integrity and ethical values as priority. In the absence of documented and monitored policies, this may be difficult to establish.

20 Point of Focus Example Risk Assessment Component
(Principle 8) The organization considers the potential for fraud in assessing risks to the achievement of objectives. Points of Focus: Considers various types of fraud Assesses incentives and pressures Assesses opportunities Assesses attitudes and rationalizations

21 Point of Focus Example Risk Assessment Principle 8 – Fraud Risk Assessment -The requirement to perform a fraud risk assessment is not new but its emphasis here should be noted. -Fraud is more than misappropriation of assets or fraudulent financial reporting. Non-financial data can be modified to enhance safety reporting, show milestones needed for pay raises or to allow unauthorized use or disposal of assets. - The presence of anti-fraud controls is effective at reducing fraud loss but the risk cannot be completely eliminated.

22 What types of exposure to fraud risk does your government face?

23 Fraud Detection (2016 Report to the Nations, ACFE )

24 Fraud Detection (2016 Report to the Nations, ACFE)

25 Fraud Detection

26 Point of Focus Example Control Activities Component (Principle 11)
The organization selects and develops general control activities over technology to support the achievement of objectives Points of Focus Determines dependency between use of technology and GITC Establishes relevant technology infrastructure Establishes relevant security management process control activities Establishes relevant technology acquisition, development and maintenance process control activities

27 Point of Focus Example Control Activities Principle 11 – Technology
-Technology is essential to support the entities’ objectives -Framework uses technology to refer to computer systems, including software applications and operational control systems -Technology creates both opportunities and risk -The framework principles do not change with the application of technology -Environments vary in size, complexity and extent of integration Article in May 2014 Jof Accountancy – How to Use COSO to Assess IT Controls discusses Principle 11 and application

28 Point of Focus Example Monitoring Activities Component (Principle 16)
The organization selects, develops and performs… evaluations of I/C Points of Focus Considers mix of ongoing and separate evaluations Considers Rate of Change Establishes Baseline Understanding Uses Knowledgeable personnel Integrates w Business Process Adjusts Scope and Frequency Objectively Evaluates

29 Point of Focus Example Monitoring Activities Principle 16 – Performs Evaluations of I/C -Monitoring can be done two ways -How the organization is changing and what the original baseline should be considered -Having informed personnel to perform the monitoring is key -Monitoring should be part of the business process -Risk will determine the frequency and scope -Results must be evaluated to result in improvement Article in May 2014 Jof Accountancy – How to Use COSO to Assess IT Controls discusses Principle 11 and application

30 Monitoring Why is Monitoring important?
Unmonitored controls tend to deteriorate over time Personnel changes Entity structure changes Automation enhancements Properly designed monitoring controls can: Identify and correct I/C problems on timely basis Help produce more accurate and timely financials

31 Monitoring Ongoing monitoring occurs in the normal course of operations Supervisory reviews of reconciliations, reports and processes Periodic monitoring covers a select period or group of transactions Internal audit sampling Annual reviews of high risk business processes

32 Monitoring One of the simplest monitoring controls is a thorough review of the monthly general ledger activity as compared to expected trends Review of trial balance amounts Unusually large or small transaction amounts Comparison to budget to determine expected purchases

33 Developing Good Internal Control
Characteristics and Limitations of internal control

34 Internal Control Myths and Fact
Starts with strong set of policies and procedures. Internal auditors are responsible for internal controls. It’s an accounting thing: we do it because they tell us to. Takes time away from our core activities. Strong controls will present fraud. Starts with a strong control environment. Management is the owner of internal control. It’s everyone’s responsibility and should be an integral part of operations. Should be built into, not onto business processes. Controls provide reasonable, but not absolute assurance.

35 Internal Control – Daily Application
Very simply put, Internal Controls are a process to accomplish a goal. They require common sense and a healthy lack of trust. We use them every day: Lock the car and house when we leave Review a credit card statement Balance the checkbook Prepare a will Obtain a copy of our credit report

36 Internal Control Limitations
Internal Controls have limitations because They are affected by people and technology Only provide reasonable assurance They can be completely ineffective if staff do not see the benefit They are a process with a means to an end, not an end in themselves They must be evaluated against their cost

37 Internal Control Reminders
Things to remember: Controls and evaluation should not just be a financial process Operational controls should be evaluated utilizing the model Controls implemented to ensure legal and regulatory compliance should be evaluated using the model Use the model for internal and other periodic information reporting requirements Remember that out-sourced processes are still part of the internal control structure that the entity is responsible to control

38 Developing Good Internal Control
Nuts and Bolts – lets get practical

39 Practical Application
Prepare all fiscal policies and procedures in writing and obtain governing body approval. cash receipts cash disbursements payroll travel use of government assets (vehicles, computers, etc.)

40 Practical Application
Use a system of checks and balances to ensure no one person has control over all aspects of a financial transaction. Require purchases, disbursements and payroll transactions to be authorized . Separate receipt and recording functions. Separate purchasing and payable functions. Require approval for timesheets. Require all employees to take vacation.

41 Practical Application
Reconcile Bank Accounts timely. Reconciliation should be done by someone independent of recording and processing function. If not possible, have reconciliation reviewed and approved. Ensure that the reconciliation identifies items that need adjusted and does not carry forward a large “reconciling item” that is non-descript. Have independent third party receive and open bank statements.

42 Practical Application
Protect check stock. Keep unused checks in a locked location and limit access. Deface and retain voided checks. Ensure that signature stamps are properly secure and only authorized personnel have access.

43 Developing Good Internal Control
Red Flags

44 Red Flags Unjustified sole source Change order abuse Split purchases
Fictitious Vendors Vendor awards just below competitive bidding threshold Lack of original invoices Wild swings in revenues

45 Red Flags Excessive use of P-card or use over weekends and holidays
Cashiers working out of open cash drawers Significant inventory adjustments Employees living beyond their means Employee unwillingness to take vacation

46 Developing Good Internal Control
Auditor Expectations

47 Auditor Expectations Be mindful that risk assessment and monitoring activities are areas where most entities are lacking. Talk with your auditors regarding any non-financial statement areas that they may be looking to see compliance with the COSO Framework. As a very general rule, audit risk or compliance areas will dictate their areas of concern.

48 Auditor Expectations Internal Controls should be documented.
Documentation of internal controls should be correct. A timely review of controls in key areas should be performed: When key personnel turnover occurs At least annually

49 Auditor Expectations Key controls such as bank reconciliations should be performed timely. Journal Entries must be approved. Competitive bidding procedures should follow State Statue and the entity’s policies.

50 Sources of Guidance There are tools to assist you in this process.
Purchase the New COSO Framework through the AICPA (3 volumes plus compendium for financial statement application) Independent service providers can assist with this evaluation and transition. Most large audit firms have resources on their websites and offer services in transition. Journal of Accountancy has had several articles recently.

51 Developing Good Internal Control
Questions?

Download ppt "Developing Good Internal Control"

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.

INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Nature of an Integrated Audit

Nature of an Integrated Audit
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
Got Internal Controls? presented by South Texas College Business Office “Count on Satisfaction”

Got Internal Controls? presented by South Texas College Business Office “Count on Satisfaction”
Central Piedmont Community College Internal Audit.

Central Piedmont Community College Internal Audit.
Chapter 9: Introduction to Internal Control Systems

Chapter 9: Introduction to Internal Control Systems
Chapter 3 Internal Controls.

Chapter 3 Internal Controls.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.

Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google