Coso and risk control self assessments
Download
1 / 44

f-Assessments - PowerPoint PPT Presentation


  • 502 Views
  • Updated On :

COSO and Risk/Control Self-Assessments Charles G. Chaffin, CPA, CIA Director of Audits and David B. Crawford, CPA, CIA Audit Manager The University of Texas System Objective To provide a detailed explanation of how:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'f-Assessments' - andrew


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Coso and risk control self assessments l.jpg

COSO and Risk/Control Self-Assessments

Charles G. Chaffin, CPA, CIA

Director of Audits

and

David B. Crawford, CPA, CIA

Audit Manager

The University of Texas System


Objective l.jpg
Objective

To provide a detailed explanation of how:

  • The University of Texas (UT) System adopted COSO and the techniques used to implement it.

  • The Risk/Control Self-Assessment Process at UT System

  • Self-Assessment Uses and Critical Success Factors


Introduction l.jpg
INTRODUCTION

  • 13 Billion

  • 5 Billion

  • 1.6 Billion

  • 2.1 Million

  • 170,000

  • 75,000

  • 15


U t system l.jpg

Academic

UT Austin

UT San Antonio

UT Dallas

UT El Paso

UT Brownsville

UT Pan American

UT Tyler

UT Permian Basin

UT Arlington

Medical

UT Medical Branch at Galveston

UT HSC Houston

UT HSC San Antonio

UT HSC Tyler

UT Southwestern

UT M. D. Anderson Cancer Center

U.T. System


It could be you l.jpg

It Could Be You

The Lynn Deer Case

U.T. Austin, 1994

10


1994 action plan l.jpg
1994 Action Plan

  • Awareness

    • Statements of Philosophy/Responsibility

    • Internal Control Training/Handbook

  • Accountability

    • Job Descriptions/Performance Evaluations

    • Disciplinary Action

  • Audit Committees

    • Membership/Frequency of Meetings


Statement of philosophy l.jpg
Statement of Philosophy

Employees of The University of Texas ___________ owe a responsibility to the people of Texas in the performance of their duties. High personal and professional standards are critical in fulfilling this responsibility. Employees will be held accountable for their action (or failure to act) and such accountability cannot be delegated to others. All employees of The University of Texas ___________ agree to abide by a Code of Ethics which provides reasonable assurance that the employee will not personally benefit or accept or give favors as a result of his/her position as an employee of The University of Texas ___________. (The “Code of Ethics” is published in the Rules and Regulations of the Board of Regents, Part One, Section 4.0).


Slide8 l.jpg

E

FFECTIVELY

C

ONTROLLING

R

ISKS

A Balancing Act


Internal control l.jpg
Internal Control

is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives in the following categories:

  • Effectiveness and efficiencies of operations,

  • Reliability of financial reporting, and

  • Compliance with applicable laws and regulations.


Slide10 l.jpg

Risk & ControlSelf-Assessment Guideline

The Process


Internal control training l.jpg
Internal Control Training

  • Over 4,000 U. T. employees trained in 1995.

  • Central message to Chairs and Directors: “You are responsible for internal controls.”

  • Complete Risk Assessment and Implementation Plan for Financial and Administrative Activities.

    • Copy to applicable Vice President

    • Copy to Internal Audit


1996 action plan l.jpg
1996 Action Plan

1. Annual Statement of Philosophy

2. Annual Statement of Responsibility and Accountability

3. Disciplinary Action

4. Require membership in Internal Audit Committee (IAC)

5. Require Quarterly IAC meetings.


Slide13 l.jpg

1996 Action Plan (cont.)

6. Regular Internal Control Training (Video & Internet Program)

7. Update Management Responsibilities Handbook

8. Amend Job Descriptions

9. Amend Performance Evaluations

10. Offer Reconciliation Training


Slide14 l.jpg

1996 Action Plan (cont.)

11. Newsletters to Highlight Internal Controls

12. Complete Risk Assessment and Implementation Plans

13. Statement of Responsibility for Researchers

14. Internal Audits of all Departments (3 to 5 years)

15. Internal Audits of all Key Financial Information


Slide15 l.jpg

1996 Action Plan (cont.)

16.** Offer Control Self-Assessment Workshops

17.** Develop Model CSA Workshop Manuals

18. All Departments Perform a Control Self-Assessment

19. Report on Internal Control


Control self assessment l.jpg
Control Self-Assessment

Any activity where the people responsible for a business area, task, or objective using some demonstrable approach analyze the status of control and risk to provide additional assurance related to the achievement of one or more business objectives


Control self assessment workshop process l.jpg
Control Self-AssessmentWorkshop Process

  • Meet with Chair/Director before session #1.

  • 2 auditors/facilitators.

  • Sessions #1, 2 hours - control process.

  • Regularly communicate with department after Session #1 about control activities.

  • Session #2, Prioritize activities/processes if too many.

  • Homework after session #2 - Risk/Control worksheets.


Risk control worksheet l.jpg
Risk/Control Worksheet

Department: Prepared by:

Activity: Date prepared:


Final product l.jpg
Final Product

  • Self-Assessment Report on Internal Control to Senior Management.

  • Internal Auditors’ Review Report.

  • Departmental Audit Report (optional).

  • Significant findings go into tracking system.


Model participant s manual and presentation slides l.jpg
Model Participant’s Manual and Presentation Slides

  • Guides the facilitator through the workshop.

  • Designed to answer participant questions.


U t system program l.jpg
U.T. System Program

  • Types of Departments that have had CSA workshops.

    • Real Estate Office

    • University Lands Accounting Office

    • West Texas Operations

    • Office of Facilities Planning and Construction

    • Office of Information Resources

    • Office of Finance

    • Employee Group Insurance Program


U t system program22 l.jpg
U.T. System Program

  • Academic Departments

  • Physical Plant

  • Student Financial Aid

  • Performing Arts Center

  • Libraries

  • Research

  • Volunteer Services

  • Financial Services

  • Student Affairs


Impact on performance l.jpg
Impact on Performance

  • Better working relationship between audit and operations.

  • Better understanding of the business by all.

  • Better operational findings.

  • Better buy-in to planned corrective action.

  • More efficient audit process.


Implementation strategy l.jpg
Implementation Strategy

  • Walk before you run.

  • Develop a strategy based on management’s commitment to enhancing internal controls.

  • Work CSA workshops into existing audit plan; sell it as a way to improve audit results.

  • Pilot departments that work well with audit.

  • Constantly adapt and revise.

  • Take what you get and move on.




Uses of self assessment l.jpg
Uses of Self Assessment

  • Focus/Align

  • Evaluate

  • Document

  • Train

  • Monitor

  • Report Status

  • Measure Soft Control


Self assessment tools l.jpg
Self Assessment Tools

  • Survey

  • Questionnaire

  • Control Guide

  • Interviews

  • Workshops


Types of self assessments l.jpg
Types of Self Assessments

  • Control

  • Risk

  • Process

  • Objective

  • Problem

  • Perception


Control based l.jpg
Control-Based

  • Identify control structure

  • Compare to a model

  • Identify gaps


Risk based l.jpg
Risk-Based

  • Assess Risks

  • Choose Mitigation Strategy for each risk

  • Choose controls for each controlled risk


Process based l.jpg
Process-Based

  • Map process

  • Justify process steps

  • Identify additional steps

  • Identify steps to be eliminated


Objective based l.jpg
Objective-Based

  • Identify linkage

  • Inventory activities for each objective

  • Inventory risks for each activity


Problem based l.jpg
Problem-Based

  • Identify problem

  • Apply group knowledge to problem

  • Define group solution


Perception based l.jpg
Perception-Based

  • Identify attitudes and beliefs

  • Provide a baseline

  • Soft controls


Validating self assessment products l.jpg
Validating Self-Assessment Products

  • Benchmarking

  • Management Attestation

  • Auditor Involvement

  • Follow-up Audit

  • Traditional Audit


Internal audit uses of self assessment l.jpg
Internal Audit Uses of Self-Assessment


Replace traditional l.jpg
REPLACE TRADITIONAL

  • Preliminary Survey

  • Evaluation of Control Structure

  • Operational Audits

  • Low Risk Areas of Operation


Supplement to traditional auditing l.jpg
SUPPLEMENT TO TRADITIONAL AUDITING

  • Control Environment

  • Risk Assessment

  • Evaluation of Control Activity Efficiency

  • Communication and Information

  • Monitoring


Point to potential traditional audits l.jpg
POINT TO POTENTIAL TRADITIONAL AUDITS

  • Highlights high risk areas

  • Identifies problems or potential problem areas

  • Links traditional audits to operational needs



Critical success factors42 l.jpg
Critical Success Factors

  • Proper Beginnings

  • Spitting Image

  • Working Together

  • Absorbed in Daily Routine

  • Reinforce/Reward

  • Discipline through Doing

  • Learn by Falling


How do you insure self assessment success l.jpg
How Do You Insure Self Assessment Success?

  • Identify a Champion

  • Successful First Contact

  • Match to Corporate Culture

  • Align with Business Objectives

  • Institutionalize It

  • Reward the Participants

  • Use the Products

  • Be a Chameleon


Contact information l.jpg
Contact Information

  • Web site: www.utsystem.edu/aud/resources

  • E-mail: [email protected]

  • Phone: 512-499-4767

  • Fax: 512-499-4550

  • Address: 201 W. 7th ASH5, Austin, Texas 78701


ad