2008 financial management institute of canada manitoba chapter professional development day
Download
1 / 24

- PowerPoint PPT Presentation


  • 217 Views
  • Uploaded on

2008 Financial Management Institute of Canada – Manitoba Chapter  Professional Development Day. Management's Responsibility for Internal Controls Does anyone get it?. Presented by: David R. Hancox, CIA, CGFM Co-Author: Government Performance Audit in Action

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - Leo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
2008 financial management institute of canada manitoba chapter professional development day l.jpg

2008Financial Management Institute of Canada – Manitoba Chapter Professional Development Day

Management's Responsibility for Internal Controls Does anyone get it?

Presented by: David R. Hancox, CIA, CGFM

Co-Author: Government Performance Audit in Action

Faculty: Siena College and USDA Graduate School, Washington DC

Director of Audits: NYS Comptroller’s Office


Five components l.jpg
Five Components

  • Control Environment

  • Risk Assessment

  • Control Activities

  • Information & Communication

  • Monitoring

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Scrap your thinking about control l.jpg
Scrap Your Thinking About Control

  • Controls over people aggravate them

  • The more you control someone – the more they rebel

  • Strong Controls – But the Wrong Controls

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control environment l.jpg
Control Environment

Competence

  • Characteristic of people who have the skill, knowledge, ability and tools to perform a task

    • Management must ensure that staff possess the knowledge, skills, and ability necessary to do their jobs

    • Management must ensure that staff have what they need – such as equipment, software and policy and procedure manuals

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control environment5 l.jpg
Control Environment

Competence

  • Management should reflect a commitment to:

    • Establishing levels of knowledge and skill required for every position

    • Verifying the qualifications of job candidates

    • Hiring and promoting only those with the required knowledge and skills

    • Establishing training programs that help employees increase their knowledge and skills

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control environment6 l.jpg
Control Environment

Morale

The attitude people have about their work, as exhibited by their confidence, their discipline, enthusiasm and their willingness to perform tasks

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control environment7 l.jpg
Control Environment

Morale

  • Management is responsible to maintain good Morale

    • Staff should have a sense that:

      • Their opinions and contributions are welcomed, valued and recognized

      • The organization is willing to help improve their level of competency

      • There is opportunity for continuous improvement

      • They have a stake in the mission, goals and objective of the organization

      • The lines of communication are open

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control environment8 l.jpg
Control Environment

Supportive Attitude

  • Executive management should set a tone that emphasizes the importance of internal controls, including:

    • Ongoing education to ensure everyone understands the internal control system and their role in it

    • An openness to control self evaluations and internal and external audits of controls

    • Responsiveness to issues raised as the result of the evaluations and audits

    • Minimal and guarded use of control overrides

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Components of internal controls l.jpg
Components of Internal Controls

Assessing and Managing Risk

  • Risks are events that threaten the accomplishment of objectives

  • There are both internal and external risks

  • Examples of risks include:

    • Human error

    • Fraud

    • System breakdowns

    • Natural disasters

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Assessing and managing risk l.jpg
Assessing and Managing Risk

  • Identify each risk in terms of:

    • Likelihood

    • Significance or impact

    • Cause

  • You don’t know, what you don’t know!

Risk Assessment Process

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process l.jpg
Risk Assessment Process

Likelihood

The probability that an unfavorable event would occur if there were no internal controls or limited internal controls

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process12 l.jpg
Risk Assessment Process

Significance or Impact

  • A measure of the magnitude of the effect on an organization if the unfavorable event were to occur

    • Inherent Risk

      • Innate to the program, function or activity

      • Evaluated by the ultimate harm that may be done or the opportunity that may be lost

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process13 l.jpg
Risk Assessment Process

The Reason why an unfavorable event may occur

Cause

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Slide14 l.jpg

Evaluating Risk

High

LIKELIHOOD

Judgment

Required

Low

Low

Impact

High

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process15 l.jpg
Risk Assessment Process

Risk Assessment Considerations

  • How to manage risk

  • How to prevent or reduce risk

  • How to schedule the frequency of internal control system evaluations

  • How to manage risk during change

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process16 l.jpg
Risk Assessment Process

Managing Risk

  • Accept the risk: Do not establish control activities

  • Prevent or reduce the risk: Establish control activities

  • Avoid the risk: Do not carry out the function

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process17 l.jpg
Risk Assessment Process

Preventing or Reducing Risk

  • What is the cause of the risk?

  • What is the cost of control vs. the cost of the unfavorable event?

  • What is the priority of this risk?

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Risk assessment process18 l.jpg
Risk Assessment Process

Managing Risk During Change

  • New processes

  • New systems

  • Changes in job responsibilities

  • Reorganizations

  • Changes in personnel

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control activities l.jpg
Control Activities

Control Activity Considerations

  • The cost of the control activity should not exceed the cost incurred if the undesirable event occurred

  • Build control activities into business processes and systems as the processes and systems are being designed

  • The distribution of resources among the control activities should be based on the significance and likelihood of the risk it is preventing or reducing

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Control activities20 l.jpg
Control Activities

Categories

  • Preventive

    • Approvals, authorizations

  • Detective

    • Reconciliation’s, audits

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Diminishing control activities l.jpg
Diminishing Control Activities

Commonly Used Control Activities

  • Documentation

  • Approval and Authorization

  • Separation of Duties – in many cases

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Important control activities l.jpg
Important Control Activities

  • Verification

  • Supervision

  • Safeguarding Assets

  • Reporting

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


The glue that holds it all together l.jpg
The glue that holds it all together

  • Information & Communication

    • Communication channels in many organizations flow top down.

      • What’s the top know?

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM


Monitoring l.jpg
Monitoring

  • Should exist at all levels

    • Staff should be able to monitor their own work

    • Management should monitor operations and results

    • Internal auditors bring accountability

AGA - Mid-Missouri PDC - 2007 David R. Hancox CIA CGFM