1 / 27

Enhancing Financial Management

Mia_John
Download Presentation

Enhancing Financial Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Enhancing Financial Management Ethics, Accountability, and Internal Controls Part I Overall Flow: What is fiduciary? Who does it impact Why is it important? University ValuesOverall Flow: What is fiduciary? Who does it impact Why is it important? University Values

    2. 2 In the first half of our session today, we will learn about fiduciary responsibility in detail by exploring the following questions What it is? Who has it? Why it is important? What it means for you and your job at the University, And to whom you are accountable ? In the first half of our session today, we will learn about fiduciary responsibility in detail by exploring the following questions What it is? Who has it? Why it is important? What it means for you and your job at the University, And to whom you are accountable ?

    3. 3 Course Goals – Part I After this section, you will be able to: Explain the connection between ethics, accountability and enhancing financial management Explain what fiduciary responsibility means Identify ways the fiduciary role applies to your everyday work activities Know what resources are available to assist with your fiduciary responsibilities Identify and distinguish between conflict of commitment and conflict of interest These are individual learning objectives for the first half of this Course Explain the connection between ethics, accountability and enhancing financial management Understand the fiduciary and describe its importance Identify ways the that this applies to your everyday work life and finally Know what resources are available to assist with your fiduciary responsibilities COI/COC An overarching objective of this session is that we make the connection between our roles as fiduciaries and the impact that having this responsibility has on our daily work before we move into the course I would like to talk about the Conflict of Interest and Commitment Policy that all of you received already. I want to point out that there is also a copy in your course materials Conflict of Interest- may exists when an employee’s commitment to the University may be compromised by personal benefit. For example, you are working on an assignment with some outside consultants and they ask to you go to a Celtics game and dinner which they indicate is “ on the Company. This could be a conflict of interest. What should an employee do in this situation? Conflict of Commitment- may arise when a staff member undertakes outside activity which interferes with his/her primary obligations at work. Review the examples 1 & 4 in the FAS hand out Ask if they have any questions on the policies? These are individual learning objectives for the first half of this Course Explain the connection between ethics, accountability and enhancing financial management Understand the fiduciary and describe its importance Identify ways the that this applies to your everyday work life and finally Know what resources are available to assist with your fiduciary responsibilities COI/COC An overarching objective of this session is that we make the connection between our roles as fiduciaries and the impact that having this responsibility has on our daily work before we move into the course I would like to talk about the Conflict of Interest and Commitment Policy that all of you received already. I want to point out that there is also a copy in your course materials Conflict of Interest- may exists when an employee’s commitment to the University may be compromised by personal benefit. For example, you are working on an assignment with some outside consultants and they ask to you go to a Celtics game and dinner which they indicate is “ on the Company. This could be a conflict of interest. What should an employee do in this situation? Conflict of Commitment- may arise when a staff member undertakes outside activity which interferes with his/her primary obligations at work. Review the examples 1 & 4 in the FAS hand out Ask if they have any questions on the policies?

    4. 4 Unit 1: Fiduciary Responsibility

    5. 5 Question: What is fiduciary responsibility? Ask the students their opinions about what fiscal responsibility means. Collect answers on flip paper or white board. Spark discussion: Tell me more about it How might that affect you on a day-to-day basisAsk the students their opinions about what fiscal responsibility means. Collect answers on flip paper or white board. Spark discussion: Tell me more about it How might that affect you on a day-to-day basis

    6. 6 What is a Fiduciary? A person to whom property or power is “entrusted” for the benefit of another One who is entrusted or responsible for something A fiduciary is often referred to as a financial steward One who provides careful and responsible management of money or other assets entrusted to one's care One who ensures that University resources are appropriately used and further the University’s mission of education and research What does it mean to be entrusted? Something is in your care and you are responsible for it Share an example with a personal story I am a coach of a boys soccer team and am entrusted with their care. By that I know that their parents and our Town’s soccer club entrust me to provide for their care while they are under my supervision. Entrusted can also be seen through our: Travel credit card responsibilities- we are entrusted to spend responsibility and with the University’s best interests in mind OR Operating a motor vehicle- the state in which we have our Driver’s license entrusts us to operate vehicles safely obeying all traffic and safely laws Ultimately, our roles as Fiduciaries connects us to the support of the overall mission of excellence in research and education What does it mean to be entrusted? Something is in your care and you are responsible for it Share an example with a personal story I am a coach of a boys soccer team and am entrusted with their care. By that I know that their parents and our Town’s soccer club entrust me to provide for their care while they are under my supervision. Entrusted can also be seen through our: Travel credit card responsibilities- we are entrusted to spend responsibility and with the University’s best interests in mind OR Operating a motor vehicle- the state in which we have our Driver’s license entrusts us to operate vehicles safely obeying all traffic and safely laws Ultimately, our roles as Fiduciaries connects us to the support of the overall mission of excellence in research and education

    7. 7 What is Fiduciary Responsibility? Being entrusted with something Assets: tangible & intangible Information: confidential & proprietary Resources: human & financial Being legally or ethically accountable for our actions and conduct What are we being entrusted with? The assets and resources of the University. There are a variety of assets under our care- Computers, office equipment, buildings- TANGIBLE ASSETS There are also INTANGIBLE ASSETS which we don’t always think of as assets, but they are some of the most valuable assets to the University We could say that one of our intangible assets is the vital and innovative research that is being conducted in the labs throughout the FAS which is our equivalent of R&D Another example of intangible assets our reputation as one of the finest in Higher Education which is our BRAND. Our brand is one of our most significant assets which has been built on 350+ years of excellence. The people who work for the University, the human resources are also assets, perhaps some of the most valued So what do we mean when we say that a fiduciary is accountable what do we mean? RESPONSIBLE or ANSWERABLE for our actions and conduct in the work placeWhat are we being entrusted with? The assets and resources of the University. There are a variety of assets under our care- Computers, office equipment, buildings- TANGIBLE ASSETS There are also INTANGIBLE ASSETS which we don’t always think of as assets, but they are some of the most valuable assets to the University We could say that one of our intangible assets is the vital and innovative research that is being conducted in the labs throughout the FAS which is our equivalent of R&D Another example of intangible assets our reputation as one of the finest in Higher Education which is our BRAND. Our brand is one of our most significant assets which has been built on 350+ years of excellence. The people who work for the University, the human resources are also assets, perhaps some of the most valued So what do we mean when we say that a fiduciary is accountable what do we mean? RESPONSIBLE or ANSWERABLE for our actions and conduct in the work place

    8. 8 Types of Accountability For the discharge of one’s specific responsibilities For the quality of one’s total performance For meeting one’s commitments For recognizing and responding to circumstances that could result in harm to Harvard’s staff, students, resources, or reputation WE’VE INTRODUCED THE CONCEPT OF ACCOUNTABILITY Let’s explore it in more detail. These are some broad examples of ways in which we are accountable to the institution. We are accountable to not only perform our duties and the overall quality of our work, but to also recognize and respond when we see situations that could harm the University. What does this might this mean in the context of your workplace- being responsible to recognize and respond to situations that could result in harm to the University?WE’VE INTRODUCED THE CONCEPT OF ACCOUNTABILITY Let’s explore it in more detail. These are some broad examples of ways in which we are accountable to the institution. We are accountable to not only perform our duties and the overall quality of our work, but to also recognize and respond when we see situations that could harm the University. What does this might this mean in the context of your workplace- being responsible to recognize and respond to situations that could result in harm to the University?

    9. 9 Discussion Case Study Part 1 We’ll explore the concept of the Fiduciary and our related responsibilities in this first case studyWe’ll explore the concept of the Fiduciary and our related responsibilities in this first case study

    10. 10 Question Who has fiduciary responsibilities? Ask Class for Examples What are some of your fiduciary responsibilities? Ask Class for Examples What are some of your fiduciary responsibilities?

    11. 11 Who has Fiduciary Responsibilities? All university employees… Have a responsibility to act in the best interest of the university All university employees with financial management and/or transactional responsibilities… Have a responsibility to safeguard the university’s financial assets, information and resources Have a responsibility to serve as financial stewards At the very least all employees are responsible to act in the best interest of the University. Others, including all of you have enhanced fiduciary responsibilities which include being accountable for the care the University’s assets under your discretion and to serve as a financial steward or “agent” of the University. Remember as a Steward you are responsible for the careful and appropriate use of University Resources At the very least all employees are responsible to act in the best interest of the University. Others, including all of you have enhanced fiduciary responsibilities which include being accountable for the care the University’s assets under your discretion and to serve as a financial steward or “agent” of the University. Remember as a Steward you are responsible for the careful and appropriate use of University Resources

    12. 12 Examples of Fiduciary Roles Sponsored Programs Administrator Department Administrator Financial Analyst Financial Aid and Admissions Officer Librarian Lab Administrator Curator Grants and Contract Specialist Staff Assistant Business/Systems Analyst Financial Assistant Coach and Assistant Coach HR Administrator Principal Investigator Let’s look at some examples of jobs that have fiduciary roles. What do you notice about them? The answer we’re leading them to is that every job has some element of fiduciary responsibility, even when the job title has nothing to do with finance. In addition to financial managers, faculty and staff assistants are all responsible to make sure that “assets” aren’t being wasted. What other unexpected roles have fiduciary responsibilities? Let’s look at some examples of jobs that have fiduciary roles. What do you notice about them? The answer we’re leading them to is that every job has some element of fiduciary responsibility, even when the job title has nothing to do with finance. In addition to financial managers, faculty and staff assistants are all responsible to make sure that “assets” aren’t being wasted. What other unexpected roles have fiduciary responsibilities?

    13. 13 Unit 2: Importance of the Fiduciary Role In this unit we’ll focus on the importance of the role and the impact of carrying out our responsibilitiesIn this unit we’ll focus on the importance of the role and the impact of carrying out our responsibilities

    14. 14 Question Why is fiduciary responsibility important? Ask for student input and collect their responses. Ask for student input and collect their responses.

    15. 15 The Fiduciary Role is Important for… Minimizing Financial Losses and Significant Penalties I would like to share an experience which highlight risk and realities of neglecting fiduciary responsibilities I was part of an team of auditors assigned to audit a federal grant where there was fraudulent activity that had been going on for several years. I recall many things from this nearly year long project especially my meeting with the Dept. Administrator where I presented her with overwhelming evidence about misappropriations. I wanted to know how this could have happened when she was a well trained and intelligent employee. She felt that she had no control over her situation or a place to turn for counsel when the PI of the grant had instructed her to misuse money. Neither the Admin or the PI did not fully comprehend the importance of their roles as a fiduciary. They were entrusted to act in Harvard's best interest and clearly did not Ultimately both she and the PI were let go for neglect of these important duties. This incident pointed out a number of weaknesses including the lack of empowerment felt by some employees in fiduciary roles. This unfortunate situation led to a number of positive changes but the expense was great both in a financial and HR and reputation sense. In the end the University ended up paying double damages on this award and two promising careers were hurt. The University's reputation for honesty and integrity was also damaged and we received a considerable amount of negative publicity. This story is real and it could have happened in any dept. I would like to share an experience which highlight risk and realities of neglecting fiduciary responsibilities I was part of an team of auditors assigned to audit a federal grant where there was fraudulent activity that had been going on for several years. I recall many things from this nearly year long project especially my meeting with the Dept. Administrator where I presented her with overwhelming evidence about misappropriations. I wanted to know how this could have happened when she was a well trained and intelligent employee. She felt that she had no control over her situation or a place to turn for counsel when the PI of the grant had instructed her to misuse money. Neither the Admin or the PI did not fully comprehend the importance of their roles as a fiduciary. They were entrusted to act in Harvard's best interest and clearly did not Ultimately both she and the PI were let go for neglect of these important duties. This incident pointed out a number of weaknesses including the lack of empowerment felt by some employees in fiduciary roles. This unfortunate situation led to a number of positive changes but the expense was great both in a financial and HR and reputation sense. In the end the University ended up paying double damages on this award and two promising careers were hurt. The University's reputation for honesty and integrity was also damaged and we received a considerable amount of negative publicity. This story is real and it could have happened in any dept.

    16. 16 The Fiduciary Role is Important for… Preserving the Harvard Brand and its Reputation Harvard and the FAS goes to great lengths to protect its reputation. As employees, we are all AMBASSADORS of the institution and play important roles in promoting and protecting its reputation Had the Dept. Admin and or the PI acted in accordance with their fiduciary responsibilities in the example I just shared, then we would not have suffered a significant blow to our reputation. The negative publicity adversely impacted our ability to retain and obtain research awards in this discipline for a period of time I want to introduce the concept of a Stakeholder - person or group of person with a vested interest. We’ll talk more about stakeholders later in this unitHarvard and the FAS goes to great lengths to protect its reputation. As employees, we are all AMBASSADORS of the institution and play important roles in promoting and protecting its reputation Had the Dept. Admin and or the PI acted in accordance with their fiduciary responsibilities in the example I just shared, then we would not have suffered a significant blow to our reputation. The negative publicity adversely impacted our ability to retain and obtain research awards in this discipline for a period of time I want to introduce the concept of a Stakeholder - person or group of person with a vested interest. We’ll talk more about stakeholders later in this unit

    17. 17 The Fiduciary Role is Important for… Preventing and Detecting Violations Which would you rather do- PREVENT OR DETECT? This might sounds daunting, but I assure you that you don’t need to be an internal auditor to prevent and detect violations The important take away message here is that we need to be knowledgeable about laws and policies and procedures and how they relate to our own actions as well as those of the people we work with. That said, it is not reasonable to expect you to have an encyclopedic knowledge of all University polices given the number and the frequency of the changes. It’s important to know enough so you can go to the best source if you need help with a situation or interpreting policies. One of the ways that we can do this is to know about internal controls and understand the role they play in helping us in our fiduciary responsibilities Most of you have probably heard of internal controls. The next section of our unit will focus in detail on Internal Controls. Internal controls are the methods employed to help ensure the achievement of an objective. They are tools used by managers everyday. What other ways might we prevent and detect violations?Which would you rather do- PREVENT OR DETECT? This might sounds daunting, but I assure you that you don’t need to be an internal auditor to prevent and detect violations The important take away message here is that we need to be knowledgeable about laws and policies and procedures and how they relate to our own actions as well as those of the people we work with. That said, it is not reasonable to expect you to have an encyclopedic knowledge of all University polices given the number and the frequency of the changes. It’s important to know enough so you can go to the best source if you need help with a situation or interpreting policies. One of the ways that we can do this is to know about internal controls and understand the role they play in helping us in our fiduciary responsibilities Most of you have probably heard of internal controls. The next section of our unit will focus in detail on Internal Controls. Internal controls are the methods employed to help ensure the achievement of an objective. They are tools used by managers everyday. What other ways might we prevent and detect violations?

    18. 18 Discussion Case Study Part 2 This next case study will emphasize the importance of diligently carrying out our fiduciary responsibilitiesThis next case study will emphasize the importance of diligently carrying out our fiduciary responsibilities

    19. 19 Unit 3: Fiduciaries & University Values Now we’ll move into the last unit where we will learn about the relationship between fiduciary responsibility and its connection to the University valuesNow we’ll move into the last unit where we will learn about the relationship between fiduciary responsibility and its connection to the University values

    20. 20 Ethics, Values, and Accountability: Yours, mine and ours … “Some of us make our contribution by engaging directly in teaching, learning, and research, others of us, by supporting and enabling those core activities in essential ways. Whatever our individual roles, and wherever we work within Harvard, we owe it to one another to uphold certain basic values of the community.” Ask the students their opinions about what fiscal responsibility means. Collect answers on flip paper or white board. Spark discussion: Tell me more about it How might that affect you on a day-to-day basis Personal impact vs. organizational impactAsk the students their opinions about what fiscal responsibility means. Collect answers on flip paper or white board. Spark discussion: Tell me more about it How might that affect you on a day-to-day basis Personal impact vs. organizational impact

    21. 21 University Statement of Values We are all responsible for working within the framework of Harvard’s values The best way to advance these values is to act on them. Let’s talk about what these values mean Respect- does not mean “anything goes” There is no reason or excuse for harsh or uncivil speech no matter the circumstances Integrity and honesty are sometimes in the eye of the beholder and one person’s “truth” might not another’s. Therefore we should be transparent in our dealings. What do I mean by transparent- our interactions should be free from and our motives easily understood. Our dealings should be characterized by their sincerity Excellence- Striving for a superior work in both the process- the way we do our work, and the end result or product of our work AND Lastly Accountability- and our responsibility to for our actions and behavior in the workplace? Any ideas for how we can act on these values in our everyday dealings? The best way to advance these values is to act on them. Let’s talk about what these values mean Respect- does not mean “anything goes” There is no reason or excuse for harsh or uncivil speech no matter the circumstances Integrity and honesty are sometimes in the eye of the beholder and one person’s “truth” might not another’s. Therefore we should be transparent in our dealings. What do I mean by transparent- our interactions should be free from and our motives easily understood. Our dealings should be characterized by their sincerity Excellence- Striving for a superior work in both the process- the way we do our work, and the end result or product of our work AND Lastly Accountability- and our responsibility to for our actions and behavior in the workplace? Any ideas for how we can act on these values in our everyday dealings?

    22. 22 Question To whom are fiduciaries accountable?

    23. 23 To Whom are We Accountable? Internal Stakeholders: Individual Employee Department Faculty School Central Administration Corporation Students & Parents External Stakeholders: Government Agencies Research Sponsors Alumni & Other Donors Affiliate and Peer Institutions Community IRS Press Attorney General These are some of the stakeholders who have a vested interest in the way our organizations run Can you think of anyone else to whom your are accountable? In what ways are we accountable to these groups? Does this affect the way we approach our work? These are some of the stakeholders who have a vested interest in the way our organizations run Can you think of anyone else to whom your are accountable? In what ways are we accountable to these groups? Does this affect the way we approach our work?

    24. 24 Discussion Case Study Part 3 This will be the last case study of the unit we will consider how the fiduciary responsibility fits in with the University's valuesThis will be the last case study of the unit we will consider how the fiduciary responsibility fits in with the University's values

    25. 25 Fiduciary Responsibility Summary Comply with laws, regulations and University policies Support the university’s mission and departmental goals Adhere to professional standards and commit to excellence. Set a personal example Promote a work environment consistent with the university’s values and objectives Model appropriate behavior Recognize and apply internal controls These points summarize some of the actions that many of us are already doing in the support of our fiduciary responsibilities. Can you think of any others? Model appropriate behavior- you are an ambassador of the university and your dept. Your actions cause reflections both positive and negative These points summarize some of the actions that many of us are already doing in the support of our fiduciary responsibilities. Can you think of any others? Model appropriate behavior- you are an ambassador of the university and your dept. Your actions cause reflections both positive and negative

    26. 26 A Culture of Ethics and Values Do the right thing Set a positive example Recognize good performance Understand how you fit into the big picture. Help your staff understand their roles Recognize risks and know the facts We all have a role in creating and sustaining a culture which emphasizes our regards for the Ethics and Values the University promotes. Our actions cause reflections so setting a good example is the most proactive means for promoting an ethical and honest culture. We also want to create a culture of awareness not suspicion. Before assuming fraudulent or ill intent gather the facts and understand the situation. We all have a role in creating and sustaining a culture which emphasizes our regards for the Ethics and Values the University promotes. Our actions cause reflections so setting a good example is the most proactive means for promoting an ethical and honest culture. We also want to create a culture of awareness not suspicion. Before assuming fraudulent or ill intent gather the facts and understand the situation.

    27. 27 Challenge Yourself Ask yourself and encourage others to ask: Is the action legal? Does it meet university and professional standards? How would you explain the action to an auditor? How would you like to be treated? How would it look in the newspaper? Does it keep you up at night? Don’t assume; ask questions; understand expectations Being confident in your role means that you are comfortable asking questions. If you have any doubts about a situation ask your self these questions It’s important that you ask the right questions of the right people up and down the line from the employees that might report to you to those to whom you report If you have doubts, MOVE SLIDE FORWARD call Finance or HR first Being confident in your role means that you are comfortable asking questions. If you have any doubts about a situation ask your self these questions It’s important that you ask the right questions of the right people up and down the line from the employees that might report to you to those to whom you report If you have doubts, MOVE SLIDE FORWARD call Finance or HR first

    28. 28 University Resources

    29. Enhancing Financial Management End of Part 1

    30. Enhancing Financial Management Ethics, Accountability, and Internal Controls Part II Welcome and introductions Folks from Radcliffe, Business School, KSG, OSP, Treasury Level of knowledge about internal controls: Know some but not conversant Can talk about the controls from my area of resp. Proficient – know what controls should be in place for any function How many of you think you are important to the controls at the University?Welcome and introductions Folks from Radcliffe, Business School, KSG, OSP, Treasury Level of knowledge about internal controls: Know some but not conversant Can talk about the controls from my area of resp. Proficient – know what controls should be in place for any function How many of you think you are important to the controls at the University?

    31. 31 Fiduciary Responsibility Summary Comply with laws, regulations and University policies Support the university’s mission and departmental goals Adhere to professional standards and commit to excellence. Set a personal example Promote a work environment consistent with the university’s values and objectives Model appropriate behavior Recognize and apply internal controls Yesterday spent time talking about our responsibilities as a fiduciary and we talked about: risks what is entrusted to you accountability Who has responsibility – all You have a responsibility around internal controls. So to carry out that responsibility we want to spend some time discussing internal controls. Common knowledge base. We’ll go back to Rachel a bit. And instead of dealing with issues after the fact, we’ll be focusing on what could be in place to prevent the situations. E.g. controls SOX SAS 112 Yesterday spent time talking about our responsibilities as a fiduciary and we talked about: risks what is entrusted to you accountability Who has responsibility – all You have a responsibility around internal controls. So to carry out that responsibility we want to spend some time discussing internal controls. Common knowledge base. We’ll go back to Rachel a bit. And instead of dealing with issues after the fact, we’ll be focusing on what could be in place to prevent the situations. E.g. controls SOX SAS 112

    32. 32 Course Goals After completing this course, you will understand: What internal controls are Why internal controls are important How internal controls help us reach our objectives What your internal control responsibilities are Lighten it up_ my favorite subject! need a life. Hopefully, by the end of today you’ll have some appreciation of what internal controls are, why they are important and what they are not. I also hope you have some appreciation of your importance in having strong internal controls. Internal controls do not happen without each and every one of you. Broaden your thinking about them. Lighten it up_ my favorite subject! need a life. Hopefully, by the end of today you’ll have some appreciation of what internal controls are, why they are important and what they are not. I also hope you have some appreciation of your importance in having strong internal controls. Internal controls do not happen without each and every one of you. Broaden your thinking about them.

    33. 33 Course Contents Overview of Internal Controls Components of Internal Controls Limits of Internal Controls Your role Asking Tough Questions Real Life Examples Yesterday some controls were mentioned – segregation of duties, vendor set up controls. Broaden your understanding of controls – not only the key components of internal controls but what they can’t do.Yesterday some controls were mentioned – segregation of duties, vendor set up controls. Broaden your understanding of controls – not only the key components of internal controls but what they can’t do.

    34. 34 Internal Controls Unit 1: Overview of Internal Controls

    35. 35 Question? What are internal controls? Ask the audience for the definition! Not examples of internal controls but the definition of internal controls? The reason we have them and why management pays big bucks to put them in. Ask the audience for the definition! Not examples of internal controls but the definition of internal controls? The reason we have them and why management pays big bucks to put them in.

    36. 36 Answer Internal Controls are processes that are put into place to provide reasonable assurance that business objectives will be achieved. Internal Control Keywords: “Processes” for “Assurance” that “Objectives” will be met. Processes – your all part of the food chain so to say. Someone may start, someone may end and there are steps along the way. Bring out the fact that controls are built into our processes to help perform functions correctly, prevent surprises, and minimize pitfalls. What are some school objectives? Internal Control Keywords: “Processes” for “Assurance” that “Objectives” will be met. Processes – your all part of the food chain so to say. Someone may start, someone may end and there are steps along the way. Bring out the fact that controls are built into our processes to help perform functions correctly, prevent surprises, and minimize pitfalls. What are some school objectives?

    37. 37 Concept of Controls (continued) Internal Control Keywords: “Processes” for “Assurance” that “Objectives” will be met. I use this since we all buy – either for the University or for our own purpose. Other business objectives: Hire skilled people who will support the ethics and values of the organization Attracting and educating the best academic talent in the world. POINT: Every one in the process is important to the control environment Internal Control Keywords: “Processes” for “Assurance” that “Objectives” will be met. I use this since we all buy – either for the University or for our own purpose. Other business objectives: Hire skilled people who will support the ethics and values of the organization Attracting and educating the best academic talent in the world. POINT: Every one in the process is important to the control environment

    38. 38 Concept of Controls Business Objective: Obtain quality goods or services in support of University business at the lowest price!

    39. 39 Concept of Controls (continued) Controls are put in place by management because they can’t be everywhere checking on every task performed. Controls manage the risks. Prevent, detect and corrective EX. Digital – budget, forecasting process that was based on objectives, had the right reports for tracking etc. Failed because of poor marketing strategy and times a changing. Controls are adequate and useful only if they are in support of a business objective.Controls are put in place by management because they can’t be everywhere checking on every task performed. Controls manage the risks. Prevent, detect and corrective EX. Digital – budget, forecasting process that was based on objectives, had the right reports for tracking etc. Failed because of poor marketing strategy and times a changing. Controls are adequate and useful only if they are in support of a business objective.

    40. 40 Missing Controls Risks to Operational Objectives Poor decision making Loss or theft of assets Duplication of effort Risks to Financial Objectives Misleading financial information False information being given to donors Poor cost recovery Risks to Compliance Objectives Large fines and penalties Disallowance of expenses charged to an award Non-renewal of awards Health and safety could be jeopardized Without controls, each objective faces a variety of potential risks. Examples include… After this overview, talk about the risk of poor decision making. Ask – How many of you have ever made a decision without all of the necessary information? Did that decision cause you anxiety and/or sleepless nights? Yesterday Tina talked about the settlements with a couple of High Profile Universities. Don’t you think there were people in those organizations that knew about the risk? Example of the investigation! Control weakness - clear expectations with recourse if issues arose. Training and tone at the top. Talk about impact of poor or missing controls (such as Qui Tam suits caused by misappropriation of funds) that could come about simply by ongoing coding errors.Without controls, each objective faces a variety of potential risks. Examples include… After this overview, talk about the risk of poor decision making. Ask – How many of you have ever made a decision without all of the necessary information? Did that decision cause you anxiety and/or sleepless nights? Yesterday Tina talked about the settlements with a couple of High Profile Universities. Don’t you think there were people in those organizations that knew about the risk? Example of the investigation! Control weakness - clear expectations with recourse if issues arose. Training and tone at the top. Talk about impact of poor or missing controls (such as Qui Tam suits caused by misappropriation of funds) that could come about simply by ongoing coding errors.

    41. 41 Common Misconceptions Lack of vendor/customer complaints is not an indicator that your controls are good Many controls does not mean good controls There are “false” controls Trust Luck – it’s never happened here What about lack of employee complaints? Love their work, don’t want to take vacations. Story about vendor fraud Issues with the employee never addressed PS – there were situations where certain people got paid twice. Do you think they came forward? Would you come forward? (fiduciary resp) Preventive and detective controls broke down TRUST – faculty and staff person had access to employee files – been there a number of years, hard worker. Submitted fraudulent TAP reimbursement forms What about lack of employee complaints? Love their work, don’t want to take vacations. Story about vendor fraud Issues with the employee never addressed PS – there were situations where certain people got paid twice. Do you think they came forward? Would you come forward? (fiduciary resp) Preventive and detective controls broke down TRUST – faculty and staff person had access to employee files – been there a number of years, hard worker. Submitted fraudulent TAP reimbursement forms

    42. 42 Your Obligations People bring about internal control Internal control is not merely policy manuals and forms, but people functioning at every level to make it happen Policies might specify who can authorize various types of transactions, which is a control activity, but it is the people who actually approve and monitor the transactions that execute the control People outside a process can observe the results Controls occur throughout the institution and should be viewed collectively Your role is important to the control environment Fiduciary resp. = what you do is important and what you see is important to a strong control environment. Bring up issues positively and with suggestions. Help others – especially in the schools understand their importance. While we are still high level in or discussion, I hope you can begin to see that we all have responsibilities for promoting a strong control environment. (tie back to Fiduciary Responsibility class) Individual staff members are the ones that apply these controls and make them happen It is very important to realize that what you do is important to the overall control process WEI SITUATION! Fiduciary resp. = what you do is important and what you see is important to a strong control environment. Bring up issues positively and with suggestions. Help others – especially in the schools understand their importance. While we are still high level in or discussion, I hope you can begin to see that we all have responsibilities for promoting a strong control environment. (tie back to Fiduciary Responsibility class) Individual staff members are the ones that apply these controls and make them happen It is very important to realize that what you do is important to the overall control process WEI SITUATION!

    43. 43 The University’s Obligations For people to feel empowered to enhance the control environment, the University is responsible for: Setting standards Defining expectations Training Stating values Support the design of systems to include built-in detective and monitoring controls as well as data security controls The University has extra responsibilities and obligations to set the tone and provide a clear message that these control systems are to be taken seriously Give an example of a built-in system control (e.g. Cost transfer process or Web Voucher procurement process) The University has extra responsibilities and obligations to set the tone and provide a clear message that these control systems are to be taken seriously Give an example of a built-in system control (e.g. Cost transfer process or Web Voucher procurement process)

    44. 44 Internal Controls Unit 2: Components of Internal Controls Some of the components you may feel don’t apply to you on a daily basis. But we hope the information will help you understand your role, your departments operations- why things are done, and give you a knowledge that can help you with your clients. I’ll try to relate specific examplesSome of the components you may feel don’t apply to you on a daily basis. But we hope the information will help you understand your role, your departments operations- why things are done, and give you a knowledge that can help you with your clients. I’ll try to relate specific examples

    45. 45 Components of Internal Control There are five interrelated components of internal control derived from basic operations and administrative processes. The control environment is at the bottom because it is the foundation for all the others. This model comes from COSO (the Committee of Sponsoring Organizations) If not covered previously, briefly talk about the background of COSO – Started in 1985 Treadway Commission (James Treadway formerly SEC) 5 Major Professional Organizations: AICPA, FEI, IIA, Institute of Mgmt. Acct., AAA Originally charged to study cause and effects of fraudulent financial reporting The base of the pyramid represents the individuals in the system and is where this all begins [Tone of the organization, hiring practices, training, assigning authority, etc.]This model comes from COSO (the Committee of Sponsoring Organizations) If not covered previously, briefly talk about the background of COSO – Started in 1985 Treadway Commission (James Treadway formerly SEC) 5 Major Professional Organizations: AICPA, FEI, IIA, Institute of Mgmt. Acct., AAA Originally charged to study cause and effects of fraudulent financial reporting The base of the pyramid represents the individuals in the system and is where this all begins [Tone of the organization, hiring practices, training, assigning authority, etc.]

    46. 46 Creating a Control Environment Tone at the top Management philosophy on ethics Ethics and importance to do the right thing Well communicated policies and procedures The tone of management influences how aware people are about internal controls Statement of Values What might you say about the department or the University tone at the top? Sally Smart Rachel ENRON Use real examples of the University’s current initiatives to put some of these components into place: Updating Central Policies and Procedures Increased Emphasis on Accountability Addressing Conflicts of Interest Developing a more robust Performance Development Process (and setting clearer expectations) The Statement of Values And… This Training ClassWhat might you say about the department or the University tone at the top? Sally Smart Rachel ENRON Use real examples of the University’s current initiatives to put some of these components into place: Updating Central Policies and Procedures Increased Emphasis on Accountability Addressing Conflicts of Interest Developing a more robust Performance Development Process (and setting clearer expectations) The Statement of Values And… This Training Class

    47. 47 Control Environment Elements Attention and direction provided by management/Board of Directors Competence of people Management’s operating style Assignment of responsibility & authority Development of people Consistent practice The base is key to a strong control environment. The components of the base are to ensure everyone is on the same page on the importance of internal controls. University has to set the tone but we have to support it and promote it in our daily work. For example, what if the JCI was informed that there are significant employees in the University who do not get performance evaluations and raises were based entirely on manager qualitative analysis. For the most part everyone gets 3% regardless of performance. If they yawned and said o.k., but how about the cash management issue. Doesn’t that give a strong message on employee management? And couldn’t that easily impact morale and lead to performance issues. Consistent practice is helped by University-wide standards. Yesterday someone mentioned the impact of seeing someone shopping on the computer. The base is key to a strong control environment. The components of the base are to ensure everyone is on the same page on the importance of internal controls. University has to set the tone but we have to support it and promote it in our daily work. For example, what if the JCI was informed that there are significant employees in the University who do not get performance evaluations and raises were based entirely on manager qualitative analysis. For the most part everyone gets 3% regardless of performance. If they yawned and said o.k., but how about the cash management issue. Doesn’t that give a strong message on employee management? And couldn’t that easily impact morale and lead to performance issues. Consistent practice is helped by University-wide standards. Yesterday someone mentioned the impact of seeing someone shopping on the computer.

    48. 48 What is Risk? Risk is anything that does not allow an organization to achieve its objectives Risk is inherent in any business External risks Economic changes Natural disasters New Federal and State regulations Internal risks New systems Untrained personnel Unexpected turnover Fraud Consider your department – what are risks that could impact the departments goals and objectives? Do you feel these risks are managed? How? Consider your department – what are risks that could impact the departments goals and objectives? Do you feel these risks are managed? How?

    49. 49 Risk Assessment & Controls Risk assessment is the evaluation of risk This is a function of everyone at the University, not just RMAS (Risk Management and Audit Services) Elements of risk evaluation Probability – How likely is the risk to occur? Impact – How severe would the consequences be if the risk occurred? People doing day to day activities know where the risks are. They know what can go wrong. What are some of the larger risks to the U.? Risk of student safety Compliance Power outage Disgruntled faculty - reputational Hurricane story.People doing day to day activities know where the risks are. They know what can go wrong. What are some of the larger risks to the U.? Risk of student safety Compliance Power outage Disgruntled faculty - reputational Hurricane story.

    50. 50 Who Does Risk Assessments? For activity objectives (e.g. procurement) All involved employees e.g. Department administrators, systems managers, central personnel For University objectives Department heads Senior Management Risk Management Committee Also: Monitoring is done by external and internal sources If you find a risk, how do you communicate it? What if your supervisor is the problem? EXAMPLE (For Transactions): Some transactions will be recorded inappropriately, how would they be found and fixed? Rachel should engage her staff in a discussion of objectives and risk.Also: Monitoring is done by external and internal sources If you find a risk, how do you communicate it? What if your supervisor is the problem? EXAMPLE (For Transactions): Some transactions will be recorded inappropriately, how would they be found and fixed? Rachel should engage her staff in a discussion of objectives and risk.

    51. 51 Summary We are not in the business of avoiding risk! The purpose of risk assessment is to understand, mange, and minimize risk; not to avoid it altogether. All business involves some level of risk and, to some degree, risk = opportunity.The purpose of risk assessment is to understand, mange, and minimize risk; not to avoid it altogether. All business involves some level of risk and, to some degree, risk = opportunity.

    52. 52 Control Activities Control activities = Activities that manage risk! Control activities are often defined in policies and procedures – management directives to manage risk Control activities s/b designed to manage a risk Mgt at the top is relying on the control activities for managing risks Control activities may overlap in managing risks in one of the three areas – financial, operational or compliance Monitoring spending on a fund - Review of detailed listing Controls happen at all levels of the organization Management – trend reports, budget to actuals for the entire operation Someone approving an invoice Reference checks Cash – log checks, stamp checks, bank reconciliations Budgets& monitoring Student diplomas – review of graduation requirements. Have they been met? Create diploma – check it for accuracy – name, degree earned etc. If you don’t understand the risk and impact of your doing something, it might not be a bad idea to discuss the approach with mgt. Control activities s/b designed to manage a risk Mgt at the top is relying on the control activities for managing risks Control activities may overlap in managing risks in one of the three areas – financial, operational or compliance Monitoring spending on a fund - Review of detailed listing Controls happen at all levels of the organization Management – trend reports, budget to actuals for the entire operation Someone approving an invoice Reference checks Cash – log checks, stamp checks, bank reconciliations Budgets& monitoring Student diplomas – review of graduation requirements. Have they been met? Create diploma – check it for accuracy – name, degree earned etc. If you don’t understand the risk and impact of your doing something, it might not be a bad idea to discuss the approach with mgt.

    53. 53 Question What can go wrong in your department/function that impacts the objectives? What are some common control activities in your department/function?

    54. 54 Common Control Activities I Review of actual performance Versus budgets Segregation of duties Information processing – Controls to check accuracy, completeness, and authorization of transactions Information security – Access restrictions Approvals, verifications, and reconciliations Ask the audience if they can relate to any of these control activities and how they work in their departments.Ask the audience if they can relate to any of these control activities and how they work in their departments.

    55. 55 Common Control Activities II Physical controls Equipment, securities, cash, and periodic inventory counts Performance indicators Monitoring usage of preferred vendors Turnaround time for travel vouchers Kick outs of transactions with incorrect account coding Training

    56. 56 COSO control framework COSO All of these Inter-relateAll of these Inter-relate

    57. 57 Information & Communication Processes and systems to provide timely and appropriate information for people to carry out their responsibilities Quality information is important Content is appropriate Information is timely and current Information is accurate Information is accessible Information is communicated to all appropriate parties Tough - Its all about people having the information to do their job. Appropriate, quality information is the key, not simply an overload of information Not just internal information but external information as well that could influence the control environment. New legislation. Information systems can support the delivery of information including operational information e.g. when progress reports are due. Stress the importance of having reports and running them regularly. FAD Overview; Diversity Council events; Training What does this mean to you? Let people know if you are not getting the right information to do your job!Tough - Its all about people having the information to do their job. Appropriate, quality information is the key, not simply an overload of information Not just internal information but external information as well that could influence the control environment. New legislation. Information systems can support the delivery of information including operational information e.g. when progress reports are due. Stress the importance of having reports and running them regularly. FAD Overview; Diversity Council events; Training What does this mean to you? Let people know if you are not getting the right information to do your job!

    58. 58 Monitoring Monitoring is continuous processes to determine the quality of the internal controls in place Monitoring is a control activity but it is also a means to looking at the entire control environment and understanding how it is measuring up. Monitoring can be done by ongoing activities e.g. reviewing pcard reports outside agencies However, some individuals do participate in this process by running detailed listings and other management reports Metrics also help by measuring if things are operating as expected. Talk about other monitoring toolsMonitoring is a control activity but it is also a means to looking at the entire control environment and understanding how it is measuring up. Monitoring can be done by ongoing activities e.g. reviewing pcard reports outside agencies However, some individuals do participate in this process by running detailed listings and other management reports Metrics also help by measuring if things are operating as expected. Talk about other monitoring tools

    59. 59 Internal Controls Unit 3: Limits of Internal Controls

    60. 60 Limits of Controls Internal controls provide only reasonable assurance that operational, financial, and compliance objectives were met. These assurances are not absolute. Even if Rachel sets the tone and has sanctions, effort reports may still be late and there will be a finding in the A-133 audit.Even if Rachel sets the tone and has sanctions, effort reports may still be late and there will be a finding in the A-133 audit.

    61. 61 Common Limitations Limitations inherent in internal control systems include: Breakdowns: Personnel may misunderstand instructions or simply make mistakes Judgment: Humans are fallible and sometimes make errors in judgment because of pressures Costs vs. Benefits: If the cost of control outweighs the benefit of implementing the control, management may decide to live with the risk Collusion: Two or more individuals acting together may alter financial information in a manner that results in control failure Provide one or two examples of cases where these were caught, preferably Cost vs. Benefit and CollusionProvide one or two examples of cases where these were caught, preferably Cost vs. Benefit and Collusion

    62. 62 Internal Controls Unit 4: Your Role in Achieving Sound Internal Controls

    63. 63 Your Role Set the right tone – your behavior influences others Be aware of your organizations objectives and risks Adhere to policies and procedures – you are part of a process Understand your responsibility and how to carry it out should you suspect violations Report violations You are important to your organization by: Working hard on getting the P&P’s in a place where they can be found and consistent so they can be understood. Details about these objectives are covered in depth in the Fiduciary Responsibility class.You are important to your organization by: Working hard on getting the P&P’s in a place where they can be found and consistent so they can be understood. Details about these objectives are covered in depth in the Fiduciary Responsibility class.

    64. 64 Asking Questions is Part of Your Role Promote an environment in which it is OK to ask questions By asking tough questions, you provide a valuable service to those you support by ensuring that they are in compliance with applicable laws, policies and regulations Tough questions will be in a hand out Yesterday there were comments about how to bring things up e.g. the xeroxing situation Pete Penniless and Debbie Dutiful ARE YOU SURE YOU WANT ME TOCOPY THESE MATERIALS USING UNIVERSITY PAPER? WOULD YOU APPROVE MY OVERTIME SO I CAN GET MY OTHER CHORES DONE? ALSO, IN YOUR FINANCIAL ANALYSIS, THE INCREASED PAPER COSTS ARE GOING TO RAISE CONCERNS WITH RACHEL WHO WILL BE ASKING FOR A BUSINESS EXPLANATION. Before continuing to the next slide… Make this an interactive exercise by asking the audience to come up with some examples of good questions they should be asking. Yesterday there were comments about how to bring things up e.g. the xeroxing situation Pete Penniless and Debbie Dutiful ARE YOU SURE YOU WANT ME TOCOPY THESE MATERIALS USING UNIVERSITY PAPER? WOULD YOU APPROVE MY OVERTIME SO I CAN GET MY OTHER CHORES DONE? ALSO, IN YOUR FINANCIAL ANALYSIS, THE INCREASED PAPER COSTS ARE GOING TO RAISE CONCERNS WITH RACHEL WHO WILL BE ASKING FOR A BUSINESS EXPLANATION. Before continuing to the next slide… Make this an interactive exercise by asking the audience to come up with some examples of good questions they should be asking.

    65. 65 Case study At 3:30 Rachel began reviewing the department’s detail listings. Rachel noticed that over the last month the department had made two $4,999.99 payments to one vendor, Jordon Banks Consulting. Rachel was not familiar with the vendor and was surprised by the amount of the payment. Rachel decided to review the department’s detail listings for the past four months. Rachel found that over the last two months, there had been four $4,999.99 payments to Jordan Banks Consulting. Who was this vendor and what good or service did they provide? Two months ago Lana Longhorn, Rachel’s predecessor, left the department. Lana had been the primary A/P Invoice transmitter for the department. What Rachel didn’t know was that Lana’s husband owned Jordan Banks Consulting. What steps do you need to take? Feel that I’ve covered many of the points once I get here Missing controls: - Vendor set up process – who approved the use of this vendor? Is there a process for approving vendors. Preparer & approver are the same No budget to actual review No purchase order process. Purchases are done without prior approval. Conflict of interest – Rachel should have made her relationship with this vendor known. What if someone in the department knew of the relationship? Added controls: PO system or other pre-approval approach Feel that I’ve covered many of the points once I get here Missing controls: - Vendor set up process – who approved the use of this vendor? Is there a process for approving vendors. Preparer & approver are the same No budget to actual review No purchase order process. Purchases are done without prior approval. Conflict of interest – Rachel should have made her relationship with this vendor known. What if someone in the department knew of the relationship? Added controls: PO system or other pre-approval approach

    66. 66 Essential Points Everyone has a responsibility for internal controls and ethical behavior. Policies are important to the control environment; your responsibility to carry out policy directives is essential Compliance with policy supports compliance with regulations Be aware of your environment – the risks and controls The University has training programs to help you learn and understand policies. Ask questions to help maintain a control environment. Having good internal controls will make your job easier!

    67. 67 Resource Hierarchy

    68. 68 Resources

    69. Enhancing Financial Management Thanks for Coming!

More Related