Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Controls and Ethics

Similar presentations


Presentation on theme: "Internal Controls and Ethics"— Presentation transcript:

1 Internal Controls and Ethics
Katarina Bugariu – Associate comptroller How To Session August 10, 2018

2 Internal Controls Definition
Internal Control is the operating standards we use to prevent or uncover mistakes. It is a process designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: 1) Effectiveness and Efficiency of Operations. 2) Compliance with Laws and Regulations. 3) Reliability of Financial Reporting.

3 Real world Summary Why Internal Controls are Important
Provides management with confidence that the entity is operating according to standards which are monitored-someone is watching. Indicates to staff that what they are doing is important and that QUALITY is important. Sends a signal that certain behaviors will not be tolerated.

4 Internal Controls are Common Sense
What do you worry about going wrong? What steps have you been taken to assure it doesn’t? How do you know things are under control?

5 Risk and Internal Controls
Risk Assessment Departmental & College wide Asses Risk by the Likelihood of Occurrence Potential Impact Internal Controls Mitigate Risk identified

6 Conditions that Increase risk
Lack of segregation of duties Too much trust No Follow-up when things appear “questionable” or “not reasonable” Lack of control over cash/petty cash Lack of control over purchasing of materials/supplies Lack of knowledge of policies and procedures

7 Risks and Internal Controls
What can go wrong in your department? Fire breaks out Banner/Jagnet goes down Key employees call in sick Media becomes aware of P-card fraud Cash missing from departmental funds Faculty hires family member inappropriately

8 Key Risk Areas Federal Compliance – All types
Information Technology – Security, privacy and access Disaster Planning / Recovery Student / Faculty/ Employment Safety Facilities and Construction Management

9 Types of Internal Controls
Controls can either be automated or manual Automated Controls – Incorporated into applications logic/algorithms Example: System automatically searches for a matching PO before paying an invoice Manual Controls – Performed by individuals outside of the system or application Example: Supervisor’s signature on Expense Reports

10 Types of Internal Controls
Controls can either be preventive or detective

11 Types of Internal Controls - Preventive
Preventive Controls: Built into the process or system to avoid or minimize risk. Helps make process more efficient and can reduce cost of corrective actions. Discourage Fraud Access controls – Only individuals with approved access can perform transactions in Banner Access to equipment and inventories are restricted Segregation of duties for authorizing transactions (approval), recording transactions (accounting) and handling the related access (custody)

12 Types of Internal Controls - Detective
Detective Controls: Provide a process assessment to identify potential issues for further review Cash counts and bank reconciliations Review payroll reports (review your payroll statement) Review actual expenditure against budget Physical Inventories Audits

13 Components of Internal Control
To be effective, control activities must be: Appropriate Functioning consistently according to plan throughout the period Cost effective, comprehensive, reasonable; and Directly relate to the control objective

14 Why controls don’t always work
Inadequate knowledge of policies or governing regulations. Inadequate segregations of duties. Inappropriate access to assets. Form over substance. Control override. Inherent limitations. Inadequate knowledge of policies or governing regulations. “I didn’t know that” Inadequate segregations of duties. “We trust ‘A’ who does all of those things”. Inappropriate access to assets. Shared passwords, cash not secured… Form over substance. “You mean I’m supposed to do something besides initial/sign it?” Control override. “I know that’s the policy, but we do it this way.” “Just get it done, I don’t care how!” Inherent limitations. People are people and make mistakes. You cannot foresee or eliminate all risk.

15 What you can do! Economy and efficiency of operations…is there a better way to do the job? Make sure you have up-to-date policies and procedures; Ensure authorization limits are communicated within your department; Ensure all assets (especially cash) are safeguarded at all times; Establish document control (especially for spreadsheets); Ensure approval signatures are visible (legible) on all required documentation; Make sure data is only accessible by authorized personnel; Understand your department/function’s risks; Establish objectives and measures for your department/function and for major programs; and Track performance to evaluate your success!

16 Too much of a good thing More is not necessarily better
When looking at controls More is not necessarily better Controls that do not work together leaving holes Cost of duplicated or inefficient controls. Controls that do not align with the importance of the risks Complex and poorly implemented controls Not understood or followed Inconsistently applied Control effectiveness can degrade over time No value for money Controls cost money Duplication of ineffective controls do not provide benefits

17 Important Concepts Internal control is a process;
Internal control is effected by people; it’s not merely policy manuals and forms but people at every level of an organization. Internal control can be expected to only provide reasonable assurance, not absolute assurance.

18 Five Key Control Activities

19 1) Segregation of Duties
Divide responsibilities between different employees so one individual doesn’t control all aspects of a transaction. Reduce the opportunity for an employee to commit and conceal errors (intentional or unintentional) or perpetrate fraud.

20 2) Documentation Document & preserve evidence to substantiate:
Critical decisions and significant events...typically involving the use, commitment, or transfer of resources. Transactions…enables a transaction to be traced from its inception to completion. Policies & Procedures…documents which set forth the fundamental principles and methods that employees rely on to do their jobs.

21 3) Authorization and Approvals
Management documents and communicates which activities require approval, and by whom, based on the level of risk to the organization. Ensure that transactions are approved and executed only by employees acting within the scope of their authority granted by management.

22 4) Security of Assets Secure and restrict access to equipment, cash, inventory, confidential information, etc. to reduce the risk of loss or unauthorized use. Perform periodic physical inventories to verify existence, quantities, location, condition, and utilization. Base the level of security on the vulnerability of items being secured, the likelihood of loss, and the potential impact should a loss occur.

23 5) Reconciliation and Review
Examine transactions, information, and events to verify accuracy, completeness, appropriateness, and compliance. Base level of review on materiality, risk, and overall importance to organization’s objectives. Ensure frequency is adequate enough to detect and act upon questionable activities in a timely manner. Timing of reconciliations and monitoring

24 Ethics

25 Manual of Policies Policy 4000, Code of Ethics Policy Statement
Policy 4001, Code of Professional Ethics for the Administration, Faculty and Staff Policy 4204, Reporting Suspected or Known Fraud, Abuse and Other Improprieties Policy 4901, Standards of Conduct


Download ppt "Internal Controls and Ethics"

Similar presentations


Ads by Google