Internal Controls Training - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

Internal Controls Training

Description:

... like a list of 'thou shalt happen the first time, and every ... Conflicts of Interest. Controls may appear to be well-designed and still lack substance. ... – PowerPoint PPT presentation

Number of Views:2169
Avg rating:3.0/5.0
Slides: 29
Provided by: patric133
Category:

less

Transcript and Presenter's Notes

Title: Internal Controls Training


1
Internal Controls Training
RIT
Steven Morse, CPA, Executive Director Patrick
Didas, CPA, CFE, Associate Director July 21, 2009
2
IACAs Mission
  • Institute Audit, Compliance Advisement promotes
    a strong internal control environment by
    objectively and independently assessing risks and
    controls evaluating business processes for
    efficiency, effectiveness, and compliance
    providing management advisory services and
    offering training to the University community.
    We focus on preserving the resources of the
    University for use by our students as they
    prepare for successful careers in a global
    society.

RIT
2
3
Objectives
  • What you should know after this class
  • five types of business risk
  • examples of internal controls and their
    components
  • who relies on RITs internal controls
  • who is responsible for RITs internal controls
    maintenance and oversight

RIT
3
4
What is any organization concerned with?
  • Risks

RIT
4
5
What is Risk?
  • Anything that could negatively impact the
    Institutes (Departments) ability to meet its
    business objectives.

RIT
5
6
Types of Risk
  • Strategic risk that would prevent an area from
    accomplishing its objectives. (meeting its
    mission).
  • Financial risk that could result in a negative
    financial impact to the Institute. (waste or loss
    of assets).
  • Regulatory (Compliance) risk that could expose
    the Institute to fines and penalties from a
    regulatory agency due to non-compliance with laws
    and regulations.
  • Reputational risk that could expose the
    Institute to negative publicity.
  • Operational risk that could prevent the
    department from operating in the most effective
    and efficient manner or be disruptive to other
    Institute operations.

RIT
6
7
What Does an Organization Do To Mitigate Those
Risks?
  • Implement

Internal Controls
RIT
7
8
What are Internal Controls?
  • Internal control is a process, effected by
    people, designed to provide reasonable assurance
    regarding the achievement of objectives in the
    following categories
  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with laws and regulations

RIT
8
9
Internal Control Types
  • Operational promotes operational effectiveness
    and efficiency as well as adherence to policies
    and procedures.
  • Examples
  • Employee Performance Evaluations
  • Project Goals/Milestones, Key Performance
    Indicators,
  • Publishing Policies and Guidelines
  • Physical Asset Controls
  • System Access Controls Exception Reports
  • Management Oversight 3rd Party Verification
  • Job Rotation, Cross Training

RIT
9
10
Internal Control Types
  • Financial designed to safeguard assets and
    ensure completeness, accuracy and reliability of
    financial records.
  • Examples
  • Ledger Account Reconciliations
  • Budget to Actual Reviews
  • Oracle Reports
  • Fixed Asset Inventory List
  • Authorizations and Approvals
  • Segregation of Duties
  • Trend Analysis

RIT
10
11
Internal Control Types
  • Compliance ensures compliance with applicable
    laws and regulations.
  • Examples
  • Public Safety Crime Reports
  • Human Subjects Research Review
  • Research Sponsor Agreements and regular review of
    adherence
  • Material Safety Data Sheets

RIT
11
12
Components of Internal Control
Source The Committee of Sponsoring Organizations
of the Treadway Commission
Monitoring
Information Communication
Control Activities
Risk Assessment
Control Environment
The COSO Model
RIT
12
13
Control Activity Descriptors
  • Soft Controls ethics and competency - Tone at
    the Top
  • Hard Controls - segregation of duties (assignment
    of authority responsibility) limiting access to
    cash
  • Preventive Controls controls to prevent an
    undesirable situation, for example Policies
    Procedures, Authorization and Approvals
  • Detective Controls - controls to detect when an
    undesirable condition occurs (after the fact)-for
    example reconciliation of ledger account
    activity

RIT
13
14
Controls Are Everybodys Business
Myth Fact Internal control starts with
a strong Internal control starts with a
strong
set of policies and procedures
control environment Internal control
thats why we have Management is the owner of
the internal auditors.
internal control. Internal control is a
finance thing. Internal control is
integral to every
We do what the
controllers office aspect of the
business.
tells us to do. Internal
controls are essentially Internal
control makes the right things
negative, like a
list of thou shalt happen the first
time, and every time.
nots.
RIT
14
15
Controls Are Everybodys Business (continued)
Myth Fact Internal controls are a
necessary Internal controls should be
built into, not
evil. They take time away
from our not onto, business processes.

core activities making products,

making sales, and serving

customers. With downsizing and empower-
With downsizing and empowerment,
ment, we
have to give up a certain we need
different forms of control.
amount of control. If
controls are strong enough, we Internal
controls provide reasonable,
can be sure
there will be no fraud, but not absolute,
assurance that the
and financial
statements will be organizations
objectives will be
accurate. achieved.
RIT
15
16
Biggest threats to the Internal Control Structure
RIT
16
17
Who Relies On RIT Having a GoodSystem Of
Internal Controls?
  • Students, Parents, Alumni, Donors, Research
    Sponsors Is their money being converted into
    the best value and used in accordance with their
    intentions?
  • Financial Institutions, Rating Agencies RITs
    ability to meet its debt payments.
  • Middle States Is RIT managing resources to best
    ensure student interests are served?
  • Government Is RIT providing a value to the
    community, and in compliance with laws and
    regulations?
  • Faculty and Staff Do we work in a well
    controlled environment?
  • RITs Officers and Board Are they confident
    that all of the above is happening?

RIT
17
18
Who is responsible for Internal Controls
oversight?
  • YOU - all employees are risk managers
  • Check IACAs web site (forms link) to test your
    area of responsibility.
  • http//finweb.rit.edu/iaca

RIT
18
19
Your Role
  • Follow RIT policies and procedures they were
    designed with Internal Controls in mind
  • Identify areas in your departments operations
    where controls could be strengthened and develop
    controls to address the weakness.
  • Be a good steward of RITs assets
  • Use common sense

RIT
19
20
RIT Senior Managements Role
  • To enhance the control environment, the
    Institute is responsible for
  • Setting standards/policies
  • Defining expectations
  • Providing training
  • Stating its mission, vision, and core values
  • Supporting the design of systems to include
    built-in detective controls as well as data
    security controls
  • Planning, organizing, directing, controlling

RIT
20
21
Top Control Issues
  • The most popular controls weaknesses we find
  • Lack of adherence to procurement and travel
    policies
  • Lack of documented review of Oracle reports
  • Lack of thorough Oracle ledger documentation
  • Hourly employee block time reporting
  • Fixed asset inventories

RIT
21
22
A Common Result of Poor Internal Controls
  • Fraud definition
  • Intentional misrepresentation
  • Victim suffers monetary or property loss

RIT
22
23
Who Typically Commits Fraud and Why?
The Fraud Triangle
RIT
23
24
5 minute break
RIT
24
25
Video
  • Internal Controls for Colleges and Universities

RIT
25
26
Case Study 1 Missing Camera
Joe, the hard working staff assistant, is asked
to process a requisition to purchase a new 5,000
camera to be used by a Research Associate (RA)
who is working on a federal grant. Later, when
Joe conducts the annual physical inventory for
the department, as requested by the Property
Control Office, he is not able to locate the
camera in the department. Joe learns the RA was
given permission by the grant administrator to
take the camera home so that he could take photos
at his sisters wedding (that was 2 months ago).
When Joe talks to the department chair about it,
he is told not to worry since the camera wasnt
purchased with university funds (i.e., the grant
paid for it), it would be ok to check it off on
the inventory report even though it had been
removed from the premises.
RIT
26
27
Case Study 2 - The New TV
  • Jill, a senior staff assistant, is the
    departments procurement card holder. Her
    manager Anna, the departments budget authority,
    travels extensively so Jill occasionally uses a
    signature stamp to approve her procurement card
    statements. Jill went shopping for a new TV one
    weekend. While checking out, Jill mistakenly
    used her companys procurement card. On Monday
    she received an email from Paymentnet confirming
    the purchase when she realized her mistake.
  • Jill decided to wait until Anna returned from out
    of town to ask her advice. Jill was certain Anna
    would understand and help her straighten things
    out. The statement arrived a week later and Jill
    had Jack, the office assistant, approve the
    statement since Anna wasnt due back for another
    two weeks.
  • Upon Annas return, Jill had not saved enough
    money to repay the company for the TV. Since
    Anna had not seen the statement and it had
    already been processed by Accounting, Jill
    decided not to bring it up. She had been an
    exceptional employee for years and had seen many
    of her coworkers receive bonuses. She decided it
    was her turn. This would be her bonus. She had
    earned it.

RIT
27
28
To Summarize What Can You Do
  • Set the right tone your behavior influences
    others.
  • Be aware of your organizations objectives and
    risks.
  • Adhere to policies and procedures
  • Call IACA or the Controllers Office with
    internal control questions
  • Report violations

RIT
28
Write a Comment
User Comments (0)
About PowerShow.com