Internal Controls - Applications

Internal Controls - Applications PowerPoint PPT Presentation


  • 153 Views
  • Uploaded on
  • Presentation posted in: General

1/9/2008. Internal Auditing Department - CSU System. AGENDA . IntroductionDefine Internal ControlsInternal Control ComponentsTypes of Internal ControlsReporting Internal Control BreakdownsFraud!!!Discussion

Download Presentation

Internal Controls - Applications

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. Internal Controls - Applications Presented by the CSU System Department of Internal Auditing

2. 1/9/2008 Internal Auditing Department - CSU System AGENDA Introduction Define Internal Controls Internal Control Components Types of Internal Controls Reporting Internal Control Breakdowns Fraud!!! Discussion – Controls in Your Department Conclusion

3. 1/9/2008 Internal Auditing Department - CSU System OVERVIEW OF INTERNAL AUDITING DEPARTMENT

4. 1/9/2008 Internal Auditing Department - CSU System INTERNAL AUDITING DEPARTMENT Established at CSU in 1967 Reports directly to the Board of Governors Audit Committee Reports administratively to the Chancellor of the CSU System

5. 1/9/2008 Internal Auditing Department - CSU System

6. 1/9/2008 Internal Auditing Department - CSU System PURPOSE: To assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing provides analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. Provide the Board and Management with information about the adequacy and effectiveness of the University’s system of internal controls and the quality of performance.

7. 1/9/2008 Internal Auditing Department - CSU System STAFF MEMBERS Allison Horn, Director Auditors Melody Johnson Tom Locashio Stephanie Wolvington Destiny Halpin (CSU-Pueblo) Barbara Biegel (Student Intern)

8. 1/9/2008 Internal Auditing Department - CSU System OBJECTIVES OF TRAINING: Understand what internal controls are Understand the importance of internal controls Be able to identify types of internal controls Recognize the internal controls in place within your department Implement effective internal controls in your area of responsibility Know how to report breakdowns in internal controls

9. 1/9/2008 Internal Auditing Department - CSU System WHAT ARE INTERNAL CONTROLS?

10. 1/9/2008 Internal Auditing Department - CSU System DEFINITION: Internal controls are a system of processes, effected by management, designed to provide reasonable assurance that the organization’s objectives are achieved in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Internal controls are NOT merely more “red tape”

11. 1/9/2008 Internal Auditing Department - CSU System WHY SHOULD YOU CARE? EVERYONE in the University has some responsibility for internal control We are each responsible for good stewardship of the resources of the State of Colorado Internal controls are effected by people. They are not merely policy manuals or forms, but people functioning at every level of the University. Effective internal controls make our jobs easier and help us do our jobs better

12. 1/9/2008 Internal Auditing Department - CSU System HOW DO INTERNAL CONTROLS MAKE MY JOB EASIER AND BETTER? Policies and procedures are established Authority and responsibility are clearly defined Things are done right the first time Expectations are clear The risk that our goals will not be achieved is minimized We will know that we are doing the right things the right way

13. 1/9/2008 Internal Auditing Department - CSU System RELATIONSHIP AMONG INTERNAL CONTROL COMPONENTS

14. 1/9/2008 Internal Auditing Department - CSU System COMPONENTS OF INTERNAL CONTROL Control Environment The foundation for all other components of control Risk Assessment Identifying and analyzing relevant risks to achieving objectives Control Activities Mechanisms needed to provide reasonable assurance that organization objectives will be accomplished

15. 1/9/2008 Internal Auditing Department - CSU System COMPONENTS OF INTERNAL CONTROL (Continued) Information & Communication Helps ensure employees and other constituents are aware of information they need to do their job and accomplish the organization’s goals and objectives Monitoring Assess quality and facilitates continuous improvement

16. 1/9/2008 Internal Auditing Department - CSU System EXAMPLES OF INTERNAL CONTROLS IN EACH COMPONENT

17. 1/9/2008 Internal Auditing Department - CSU System CONTROL ENVIRONMENT A control conscious environment is an environment that supports ethical values and business practices. A control conscious environment conveys an attitude of honesty and accountability at all levels. It is a preventative control. This preventative control is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include: Integrity and ethical values – Code of Ethics, Conflict of Interest Policy, Commitment to Excellence - Leadership philosophy and operating style

18. 1/9/2008 Internal Auditing Department - CSU System CONTROL ENVIRONMENT (Continued) Way management assigns authority and responsibility, and organizes and develops its people Competence of workers Training Skill Sets Our most basic internal control is hiring good people If effective, it can make other controls easier If ineffective, it is difficult for other controls to compensate

19. 1/9/2008 Internal Auditing Department - CSU System RISK ASSESSMENT “Getting up in the morning requires a tremendous leap of faith”…author unknown Risks impact the organization’s ability to maintain financial strength, a positive public image, and product or service quality. Risk cannot be eliminated entirely Establish departmental objectives (what are the goals?) Identify external and internal risk to achieving those objectives Evaluate and prioritize risks Establish a plan for managing those risks Assess effectiveness Remember: The cost of the safeguards must be weighed against the impact of the threats. The benefit of an internal control must outweigh the costs of implementing that control.

20. 1/9/2008 Internal Auditing Department - CSU System CONTROL ACTIVITIES Policies and procedures that help ensure management directives are carried out and necessary actions are taken to address risks Authorization Approvals Segregation of duties Access to assets Security Reconciliations Reviews Documentation

21. 1/9/2008 Internal Auditing Department - CSU System INFORMATION & COMMUNICATION Encompasses the entire control environment Information systems must provide data that is: Relative to established objectives Accurate and sufficient in detail Understandable and in a usable form Timely Knowledge of applicable laws Information must be provided to the right people in time to allow appropriate action

22. 1/9/2008 Internal Auditing Department - CSU System INFORMATION & COMMUNICATION (Continued) Communication must flow up and down the organization and across organizational lines Employee’s duties and responsibilities are effectively communicated There are channels to report suspected improprieties Employee suggestions for improvement are encouraged

23. 1/9/2008 Internal Auditing Department - CSU System INFORMATION & COMMUNICATION (Continued) How can information be communicated? In person: meetings, discussions, one-on-one Technology: websites, e-mail, conferencing Through computer programs (systems or applications) Reporting or viewing via live applications General ledger, human resources Manipulating data to make it more user-friendly Microsoft Word, Excel, Access, etc.

24. 1/9/2008 Internal Auditing Department - CSU System INFORMATION & COMMUNICATION (Continued) What controls protect information? Physical controls Locks on file cabinets and doors Document shredders Securing laptops and external data devices Technology-based controls Appropriate access authorization Passwords Data backup and recovery Anti-virus software

25. 1/9/2008 Internal Auditing Department - CSU System MONITORING A process that assesses the quality of performance over time and aids in identifying losses, errors, or irregularities Ongoing monitoring activities Management review of operating and financial reports Review and analysis of complaints from external sources Comparison of reports with physical assets Evaluation of trends Internal audits Separate evaluations Self assessment External reviews

26. 1/9/2008 Internal Auditing Department - CSU System MONITORING (Continued) Monitoring should be a constant in the application of internal controls Effective procedures can become less effective due to: Departure of personnel Lack of training and supervision Time and resource constraints Additional pressures

27. 1/9/2008 Internal Auditing Department - CSU System TYPES AND LIMITATIONS OF INTERNAL CONTROLS

28. 1/9/2008 Internal Auditing Department - CSU System TYPES OF INTERNAL CONTROLS Directive Designed to establish desired outcomes Laws Policies Procedures Manuals Preventative Control mechanism that occurs before a transaction or action is performed Training Pre-authorizations Physical control over assets System access controls

29. 1/9/2008 Internal Auditing Department - CSU System TYPES OF INTERNAL CONTROLS Detective Control mechanisms that occur after a transaction or action is performed Reviews and comparisons Reconciliations Physical counts of inventories Manual An individual is responsible for taking a specified action Review for accuracy and compliance prior to entering in the financial system

30. 1/9/2008 Internal Auditing Department - CSU System TYPES OF INTERNAL CONTROLS Information Technology (Electronic) Controls Technology allows or prohibits actions Passwords, backups, anti-virus (User-based) Restricted access to systems, testing, rejection of invalid entries, calculations (Application-based) Application development, change control (IT-based) Compensating Controls placed in a different area than the ideal position to make up for an inability to place controls where desired Having only one staff member in a department, so entries are reviewed and approved by someone in another department.

31. 1/9/2008 Internal Auditing Department - CSU System TYPES OF INTERNAL CONTROLS Soft Controls “Tone at the top” Performance evaluations Training programs Hard Controls Segregation of duties Secondary review and approval Reconciliations

32. 1/9/2008 Internal Auditing Department - CSU System LIMITATIONS OF INTERNAL CONTROLS Judgment – Decisions are made humans, often under pressure and time constraints, based on information at hand Breakdowns – Employees may not understand instructions or may simply make mistakes. Errors may result from new systems and processes Management Override – High-level personnel may be able to override prescribed policies and procedures Collusion – Two or more individuals, working together, may be able to circumvent controls

33. 1/9/2008 Internal Auditing Department - CSU System REPORTING INTERNAL CONTROL BREAKDOWNS ALL employees have a duty to report fiscal misconduct (FPI J-3) Fiscal Misconduct includes: Embezzlement Misappropriation of goods, services, or resources Conflict of interest situations that result in financial loss Violation of University fiscal policies & procedures for personal gain

34. 1/9/2008 Internal Auditing Department - CSU System REPORTING INTERNAL CONTROL BREAKDOWNS One of the following should promptly be notified: One’s immediate supervisor CSU System Internal Auditing Department Office of the General Counsel University Police Department Human Resources Department Appropriate Vice President Department of Business & Financial Services Silence is NOT Golden Speak out! Be outraged! Silence implies your consent!!

35. 1/9/2008 Internal Auditing Department - CSU System Fraud Triangle

36. 1/9/2008 Internal Auditing Department - CSU System Red Flags of Fraud Common Personality Traits of Fraudsters Common Sources of Pressure Changes in Behavior

37. 1/9/2008 Internal Auditing Department - CSU System Internal Control Breakdowns Leading to Fraud Examples: Medical College of Georgia (A/P Fraud) Mistaken $2 Million Check Created Kansas University Medical Center, Improper Spending Lost U.S. Weapons in Enemy Hands? De-Frauding the Halls of Academe

38. 1/9/2008 Internal Auditing Department - CSU System DEPARTMENTAL DISCUSSIONS What internal controls are in place in your department for the following processes? Payroll A-Cards Cash Handling Financial Transactions Health & Safety Others What types of controls are they? Preventive, directive, detective, manual, IT, etc?

39. 1/9/2008 Internal Auditing Department - CSU System QUESTIONS? What specific control concerns can we help you with?

  • Login