1 / 42

The Importance of Internal Controls

The Importance of Internal Controls. LGC Resource April 2014. WHAT ARE INTERNAL CONTROLS?. Processes effected by an entity’s management and other personnel designed to provide assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

naava
Download Presentation

The Importance of Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Importance of Internal Controls LGC Resource April 2014

  2. WHAT ARE INTERNAL CONTROLS? Processes effected by an entity’s management and other personnel designed to provide assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

  3. COSO (Committee of Sponsoring Organizations) of the Treadway Commission

  4. ControlEnvironment • The control environment is the core of any system of internal control. • It sets the tone for the entire organization. • Factors include: • ethical values • competence of employees at all levels • managements’ operating style and attitude toward controls

  5. Risk Assessment • Risks are INTERNAL and EXTERNAL events that threaten the accomplishment of objectives. • Process of identifying, evaluating, and deciding how to manage these events….. What is the likelihood of the event occurring? What would be the impact if it were to occur? How do we reduce the risk? • Consideration of Fraud

  6. Control Activities • Control Activities consist of the specific policies and procedures put in place to mitigate the risk of error, noncompliance, and fraud. (physical inventory count, segregation of duties, authorization of activities, proper backup procedures)

  7. Communication & Information • Adequate information must be captured, identified, and communicated on a timely basis. • Just a reminder……. ACTIONS SPEAK LOUDER THAN WORDS

  8. Monitoring • Monitoring occurs in the course of everyday operations, it includes regular management & supervisory activities and other actions personnel take in performing their duties.

  9. Simple Definition • Internal controls are common sense procedures that address: • What could go wrong? • What steps should be taken to prevent those events from happening?

  10. Personal Internal Control System • Locking your car when you leave it in the parking lot • Comparing your receipts to your credit card statement • Keeping your banking PIN confidential

  11. Why are Internal Controls Important? • They can catch small mistakes before they become big problems. • They protect employees by removing opportunities for innocent mistakes or intentional fraud.

  12. Why are Internal Controls Important? • Protect the strong from temptation • Protect the weak from opportunity • Protect the innocent from false accusation From Once upon Internal Control by James Ulvog, CPA

  13. FRAUD TRIANGLE Opportunity Pressure Rationalization

  14. FRAUD $208,830 $202,345 $177,630

  15. FRAUD • Frauds discovered in the recent years. • Committed by one person • Trusted employee • Internal controls were either nonexistent or not monitored

  16. Effective IS Controls • Proper back-up procedures • Section 10-7-121, TCA, requires that records maintained electronically be copied to a storage media daily. Storage media more than one week old shall be stored at a location other than at the building where the original is maintained

  17. Effective IS Controls (cont.) • Proper back-up procedures • Daily backups should be stored in a secure location within the office. • Weekly backups should be rotated to a secure, fireproof off-site location. • A backup log documenting the location of all backups should be maintained. • Backups should be tested.

  18. Effective IS Controls (cont.) • Password Maintenance • All users should have a unique login and password. Shared logins should not be used. • Passwords should remain confidential. • Passwords should be changed every 90 days. • Passwords of former employees should be immediately disabled.

  19. Effective IS Controls (cont.) • Disaster Recovery Planning • Specific steps to follow to restore system • Emergency phone numbers of personnel and vendors • Backup storage location • Manual procedures to follow until the system is restored

  20. Effective IS Controls (cont.) • Virus/Spyware Prevention • Virus detection software should be used. • Virus definitions should be kept current. • All files, e-mail attachments, etc. should be scanned.

  21. Effective IS Controls (cont.) • Policies and procedures manual • Operating system and application security • Start-up/shut down procedures • Back-up procedures • Hardware software maintenance procedures • Daily, monthly, and year-end procedures • Output distribution list • Hardware disposal policy • Virus prevention policy

  22. Effective IS Controls (cont.) • Loading Operating System Updates • Restricting Physical Access to System • Proper Application Controls • Adequate audit trail exists. • Audit logs are maintained and reviewed.

  23. Audit Logs and Other Reports • TnCIS • Delete Log Report • Out-of Court Payments Report • Trustee • Audit Changes By Date Report • Unprorated Receipts Report • Maximum Posting Date Report • Fund Offices • Payroll Check Change Report • Maximum Posting Date Report

  24. Reasons why controls don’t always work: • Inadequate knowledge of policies or governing regulations. “I didn’t know that!” • Form over substance “You mean I’m supposed to do something besides initial/sign it?” • Inadequate segregation of duties “We trust ‘A’ who does all of these things”

  25. The “Trusted Employee” Per the ACFE’s 2012 Report to the Nations: • 87% of the fraudsters studied had never been charged or convicted of a fraud related offense • 84% had never been punished or terminated by an employer for fraud-related conduct

  26. What is Segregation of Duties? In general, the main incompatible duties to be segregated are: • Custody of Assets • Authorization or approval of related transactions affecting those assets • Recording or reporting of related transactions

  27. What is Segregation of Duties? • No employee should be in a position to both commit fraud or error and conceal it in their normal course of duties. • At least two sets of eyes are required for any transaction • Example: Movie Theater

  28. What if it’s not possible to properly segregate duties? Use Compensating Controls • Supervisory or other oversight procedures designed to reduce the risk of errors or fraud not being detected

  29. Compensating Controls by James Climer @ Climercomics.com

  30. EXAMPLES?

  31. Effective Controls- Cash Receipts and Deposits • Separate cash drawers • Prenumbered cash receipts- 9-2-103, TCA • Stamp checks “for deposit only” as soon as they are received • Drawer checkout procedures • Deposit timely- 3 day deposit law • Deposit Receipts Intact

  32. Effective Controls- Cash Receipts and Deposits (cont.) • Deposit slips should be itemized • Sign- “You must receive an official receipt or your transaction is not complete • Segregate Duties- Employees responsible for receipting should NOT also be responsible for posting receipts to the accounting records.

  33. Effective Controls- Disbursements • Disbursements by official prenumbered checks • Review documentation • Do not sign blank checks • Segregate duties between writing checks, signing, distribution, and posting to the accounting records

  34. Effective Controls- Bank Reconciliations • One employee should be responsible for opening the bank statement, reviewing it, and initialing. • A separate employee should reconcile the bank statement monthly • Bank reconciliations should be reviewed by an employee not responsible for reconciling the statement.

  35. Effective Controls- Procurement • Establish clear lines of authority for approving purchases before they occur • Purchase orders • Verify availability of appropriations before purchases are approved • Payments for purchases should only be made after documentation that the goods or services were received • Segregate duties between approval, payment and updating the accounting records

  36. Effective controls- Journal Entries (JE’s) • Use a standard journal entry form • Supervisory review and approval of all journal entries • Segregate duties between preparation of the JE, Approval of the JE, and posting to the records • Supervisory review that all JE’s were properly posted to the records

  37. More information? • Comptroller’s website has internal control checklists specifically designed for offices such as • Trustee • General Sessions and Circuit Court Clerk • Clerk and Master • Etc. www.comptroller.tn.gov

  38. www.comptroller.tn.gov

  39. INTERNAL CONTROL CHECKLISTS

  40. Questions?

  41. Penny AustinPenny.Austin@cot.tn.govAmy SosvilleAmy.Sosville@cot.tn.gov

More Related