Internal Controls

1
Internal Controls

• University Of Miami
• Controllers Office

2
Internal Control Objectives

• Compliance with policies, plans, procedures, laws
  and regulations
• Promote operational efficiency
• Minimize misuse and waste

• Safeguard assets
• From theft, embezzlement kickbacks
• Reliable and accurate financial and operating
  reports
• Preventing material errors omissions

3
What Is Internal Control?

• A process of managing risks
• that could impact the organizations
  achievement of goals and objectives.

4
What Types of Controls Are There?

• Preventative
• Stop undesirable outcomes before they happen
• Processing vouchers only after signatures have
  been obtained from appropriate personnel
• Detective
• Identify undesirable outcomes after they happen
• Reviewing department Pcard charges for personal
  charges
• Corrective
• Ensure that remedial action is taken to reverse
  undesirable outcome
• Employee reimbursement of personal charges plus
  disciplinary action

5
Examples of Internal Controls

• Reviewing monthly department financial reports.
• Depositing cash receipts daily.
• Segregating job responsibilities.
• Keeping computer passwords secret.
• Verifying the accuracy of another staff members
  work.
• Locking the desk/office especially in public
  areas.

6
Why Are Internal Controls Important?

• Because adequate internal controls prevent
  against the following
• Waste of University assets
• Inaccurate or incomplete information
• Misuse of University assets
• Embezzlement and theft

7
Key Areas

• 1. Control environment
• 2. Risk Assessment
• Where does risk come from?
• Types of risk
• Conditions that increase risk
• 3. Control Activities
• 4. Monitoring
• 5. Information Communication

8
Key Area 1 Control Environment
Control environment is the foundation of internal
control and includes

• The integrity, ethical values, competence of
• management employees
• Employee training programs that provide
  information about the institution processes and
  raise expectations about performance
• The process for delegating authority and
  responsibility

9
Key Area 2 - Risk
Be Aware that Risk Exposure Arises

• from internal sources such as
• employees
• from external sources such as
• vendors, consultants, computer
• hackers.

10
Key Area 2 Risk (Contd)
Types of Risk

• Unintentional errors losses of assets

• Deliberate errors (fraud/theft)
• for personal gain
• to help Department, School, or University

• Theft of assets

• Breaches of security

11
Key Area 2 Risk (Contd)
Conditions that Increase Risk

• Lack of segregation of duties

• Too much trust

• Approval of documents without review

• Lack of verification of transactions after
• they have been entered in the accounting
  system

• Lack of reconciliation of accounting reports

12
Key Area 2 Risk (Contd)
Conditions that Increase Risk

• No follow up when things appear questionable
  or
• not reasonable

• Lack of control over
• revenues
• cash petty cash
• purchased materials services

• Lack of knowledge of policies procedures
• http//www.miami.edu/policies_procedures

13
Whats at Risk?

• Anything of value
• Identity (personal
• information)
• Grades
• Test Banks
• Clinical Drugs
• Cash
• Inventory
• Art Objects

14
Key Area 3 Control Activities

• Control activities
• Approvals
• Authorizations
• Verifications
• Reconciliation
• Reviews (of operating performance)
• Security (of assets)
• Segregation of duties

15
Key Area 4 - Monitoring
Monitoring

• Managers at all levels
• Are responsible for internal controls
• Should monitor report to Sr. Management
• /or Internal Audit /or Controller
• Operational problems
• Deviations from established standards
• Concerns about policy violations or illegal acts

16
Key Area 5 - Communication

• Communicate with your staff
• Stress the importance of internal control
  activities,
• Make sure that personnel you supervise understand
  their role in the control structure
• Include in job descriptions
• Communicate your expectations
• Assess effectiveness in annual evaluations

17
Internal Control by Functional Area

• Cash receipts, revenue, petty cash
• Procurement disbursements
• Payroll personnel
• Cost monitoring

• Capital equipment and physical safety/security
• Information systems
• Sponsored programs
• Tax matters

18
Cash Receipts, Revenue and Petty Cash

• Segregation of duties is a must
• Safeguard cash checks
• Deposit promptly
• Have procedures for cash receipt processing,
  ensure that all employees are trained
• Be familiar with the departments nature source
  of revenues if it falls below expectations -
  investigate, analyze, compare data
• Petty cash/Imprest fund reconcile often

19
Procurement and Disbursements

• Segregation of duties is a must
• Proper processing of disbursements
• Maintain approval levels
• Review employee reimbursements
• Must follow university policy
• Must include documentation

20
Payroll and Personnel

• Must have segregation of duties
• Time records, Overtime
• Supervisors review prevents problems
• Review labor distribution reports
• Monitor time off
• Become familiar with Human Resources policies
  procedures

21
Cost Monitoring

• Segregation of duties
• Custodian, transaction preparer, approver
  reconciler should be different individuals
• Review and reconciliation of budget statements
• Comparisons of budget to actual data should be
  performed on a monthly basis
• Variances should have valid explanations
• Validity of transactions

22
Capital Equipment Physical Safety/security

• Disposed equipment reporting
• Property records (financials, insurance)
• Existence of capital equipment
• UM tag
• Safeguarding of capital equipment
• Physical security

23
Information Systems

• Computing, networking policies procedures
• Protecting passwords
• Safeguarding networks
• Ensuring that terminated employees no longer have
  access to central and non-central systems

24
Sponsored Programs

• Government rules and regulations, agency
• specific guidelines restrictions UM
• policies and procedures require that
• expenditures
• Be reasonable, allowable allocable
• Have proper documentation approvals
• Include effort tracking and certification
• Adhere to University Sponsored policies at
• http//www.miami.edu/controller/ follow
  the link to
• the policies on the left

25
Tax Matters

• Sales tax reporting
• Sales of books, rental of facilities
• Unrelated business income tax (UBIT)
• Alumni, sales of products, advertising, revenues
  from net proceeds rather than gross proceeds
• Employee versus independent contractor
• Control work hours, job duties, how work will be
  performed, place where work will be done
  usually employee
• http//www6.miami.edu/controller/Taxes.doc

26
Internal Control Who Is Responsible?
?

• Board

?

?

• Upper
• management

?
Operating management
Internal Audit Dept
27
Internal Controls

• Board oversees internal control system

• Upper management sets the tone, plans, organizes
  directs the internal control system

Operating management implements executive upper
management plan
Internal Audit Department Examines evaluates
the internal control system reports results to
the Board
28
Internal Control Responsibility

• Senior administration is responsible for assuring
  that appropriate internal controls are developed
  and in place in all financial and administrative
  operations of the university, however
• Every staff member is responsible for assuring
  that established internal controls are followed
  and applied.

29
IC Tolerance Policy at UM

• ZERO TOLERANCE
• IC violators
• WILL BE PROSECUTED
• AND Restitution Will Be Sought in the Courts

30
Internal Controls
Whose job is it?
EVERYONES
AND IT STARTS WITH YOU !
31
Internal Controls Is Everyone's Business
Report unethical or fraudulent conduct at the
University

• Internal Audit Dept.
• 305-284-2605
• Controller
• 305-284-4877
• Compliance Hot Lines
• Medicare Medicaid Billing
• 305-243-HELP or 877-415 HELP
• Research Integrity Concerns
• VP for Research 305-243-6415
• Or University toll free compliance hotline
• 1-866-YOURCALL