1 / 24

2008 Financial Management Institute of Canada – Manitoba Chapter  Professional Development Day

2008 Financial Management Institute of Canada – Manitoba Chapter  Professional Development Day. Management's Responsibility for Internal Controls Does anyone get it?. Presented by: David R. Hancox, CIA, CGFM Co-Author: Government Performance Audit in Action

Leo
Download Presentation

2008 Financial Management Institute of Canada – Manitoba Chapter  Professional Development Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2008Financial Management Institute of Canada – Manitoba Chapter Professional Development Day Management's Responsibility for Internal Controls Does anyone get it? Presented by: David R. Hancox, CIA, CGFM Co-Author: Government Performance Audit in Action Faculty: Siena College and USDA Graduate School, Washington DC Director of Audits: NYS Comptroller’s Office

  2. Five Components • Control Environment • Risk Assessment • Control Activities • Information & Communication • Monitoring AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  3. Scrap Your Thinking About Control • Controls over people aggravate them • The more you control someone – the more they rebel • Strong Controls – But the Wrong Controls AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  4. Control Environment Competence • Characteristic of people who have the skill, knowledge, ability and tools to perform a task • Management must ensure that staff possess the knowledge, skills, and ability necessary to do their jobs • Management must ensure that staff have what they need – such as equipment, software and policy and procedure manuals AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  5. Control Environment Competence • Management should reflect a commitment to: • Establishing levels of knowledge and skill required for every position • Verifying the qualifications of job candidates • Hiring and promoting only those with the required knowledge and skills • Establishing training programs that help employees increase their knowledge and skills AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  6. Control Environment Morale The attitude people have about their work, as exhibited by their confidence, their discipline, enthusiasm and their willingness to perform tasks AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  7. Control Environment Morale • Management is responsible to maintain good Morale • Staff should have a sense that: • Their opinions and contributions are welcomed, valued and recognized • The organization is willing to help improve their level of competency • There is opportunity for continuous improvement • They have a stake in the mission, goals and objective of the organization • The lines of communication are open AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  8. Control Environment Supportive Attitude • Executive management should set a tone that emphasizes the importance of internal controls, including: • Ongoing education to ensure everyone understands the internal control system and their role in it • An openness to control self evaluations and internal and external audits of controls • Responsiveness to issues raised as the result of the evaluations and audits • Minimal and guarded use of control overrides AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  9. Components of Internal Controls Assessing and Managing Risk • Risks are events that threaten the accomplishment of objectives • There are both internal and external risks • Examples of risks include: • Human error • Fraud • System breakdowns • Natural disasters AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  10. Assessing and Managing Risk • Identify each risk in terms of: • Likelihood • Significance or impact • Cause • You don’t know, what you don’t know! Risk Assessment Process AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  11. Risk Assessment Process Likelihood The probability that an unfavorable event would occur if there were no internal controls or limited internal controls AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  12. Risk Assessment Process Significance or Impact • A measure of the magnitude of the effect on an organization if the unfavorable event were to occur • Inherent Risk • Innate to the program, function or activity • Evaluated by the ultimate harm that may be done or the opportunity that may be lost AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  13. Risk Assessment Process The Reason why an unfavorable event may occur Cause AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  14. Evaluating Risk High LIKELIHOOD Judgment Required Low Low Impact High AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  15. Risk Assessment Process Risk Assessment Considerations • How to manage risk • How to prevent or reduce risk • How to schedule the frequency of internal control system evaluations • How to manage risk during change AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  16. Risk Assessment Process Managing Risk • Accept the risk: Do not establish control activities • Prevent or reduce the risk: Establish control activities • Avoid the risk: Do not carry out the function AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  17. Risk Assessment Process Preventing or Reducing Risk • What is the cause of the risk? • What is the cost of control vs. the cost of the unfavorable event? • What is the priority of this risk? AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  18. Risk Assessment Process Managing Risk During Change • New processes • New systems • Changes in job responsibilities • Reorganizations • Changes in personnel AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  19. Control Activities Control Activity Considerations • The cost of the control activity should not exceed the cost incurred if the undesirable event occurred • Build control activities into business processes and systems as the processes and systems are being designed • The distribution of resources among the control activities should be based on the significance and likelihood of the risk it is preventing or reducing AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  20. Control Activities Categories • Preventive • Approvals, authorizations • Detective • Reconciliation’s, audits AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  21. Diminishing Control Activities Commonly Used Control Activities • Documentation • Approval and Authorization • Separation of Duties – in many cases AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  22. Important Control Activities • Verification • Supervision • Safeguarding Assets • Reporting AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  23. The glue that holds it all together • Information & Communication • Communication channels in many organizations flow top down. • What’s the top know? AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

  24. Monitoring • Should exist at all levels • Staff should be able to monitor their own work • Management should monitor operations and results • Internal auditors bring accountability AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM

More Related