1 / 37

Financial Risk & Compliance

Financial Risk & Compliance. Risky Business Boot Camp. TEAM MEMBERS. Arranna Bennett – Department of Recreation Sports - Sponsor Sophia Stewart – Division of Information Technology - Team Leader Andrea Johannes – Residence Life and Housing

simoned
Download Presentation

Financial Risk & Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Financial Risk & Compliance Risky Business Boot Camp

  2. TEAM MEMBERS • Arranna Bennett – Department of Recreation Sports - Sponsor • Sophia Stewart – Division of Information Technology - Team Leader • Andrea Johannes – Residence Life and Housing • Mary Kalafatis – Department of Recreation Sports • Tammy Louther - Department of Information & Operations Management • Cherise Morgan – Departmental Accounting Services • Hillary Motal – Student Activities • Tracy Young – Dean of Education • Paige Rod – Division of Information Technology - Graphic Designer • Collaboration with Peggy Zapalac and Tammy Hoskens - Office of Risk, Ethics and Compliance

  3. LEARNING OUTCOMES Once you have completed this training you will be able to: • Identify types of Financial Risks • Understand the Three Aspects of the Fraud Triangle • Understand Risk Mitigation • Understand Internal Controls and the Internal Control Framework • Become Aware of the Consequences of Risks • Learn how to Handle/Report Misconduct, Abuse, Fraud, etc. • Understand Audits As employees of Texas A&M University, there is a lot of information on how to incorporate risk mitigation in our processes in various places. There are many other trainings available to explain how to incorporate these processes in our daily operations. The purpose of this training is to promote understanding of why we are required to follow all of these rules and SAP’s (Standard Administrative Procedures).

  4. WHAT ARE THE FINANCIAL RISKS IN HIGHER EDUCATION?

  5. WHY DO WE CARE OR NEED FINANCIAL RISK AND COMPLIANCE TRAINING? Howard University Financial Aid Staff https://www.insidehighered.com/quicktakes/2018/03/29/6-howard-employees-fired-fraud University of Florida Housing Director https://youtu.be/0t_5Cgzg_SM

  6. PROTECTION FOR YOU, THE EMPLOYEE Compliance with University Rules and System Regulations keep the finger from being pointed at YOU, the employee. Understanding and following compliance rules helps to keep honest people honest. Lack of compliance can lead to errors, mistakes, irregularities and ultimately… FRAUD

  7. THE FRAUD TRIANGLE (Source: State Auditor’s Office) Opportunity Rationalization/Attitude An attitude, character, or set of ethical values that allow an individual to justify committing a dishonest act. Circumstances provide an opportunity for fraud to be committed. SAS 99 Paragraph 7 Three conditions generally are present when fraud occurs Management or other employees may have an incentive or be under pressure to commit fraud. Incentive/Pressure

  8. FRAUD RED FLAGS: EMPLOYEES • Key employee with too much control • Ideal employee with excellent attendance record • Comes to work even when very sick, never takes a vacation, willing to stay late and work weekends, does job extremely well, willing to take on additional responsibilities, indispensable employee, etc. • An employee living beyond his or her means • Financial pressure on employee • High personal debts, great financial losses, extensive gambling • Associations with vendors outside of normal working relationships • Developing outside businesses closely associated with main employment • Marked personality changes

  9. FRAUD RED FLAGS: TRANSACTIONS Rising or unexplained department expenses (overtime, travel, etc.) Large and/or past due working funds Increases in accounts receivable Unauthorized transactions or procard purchases Multiple payments to one vendor Changes in purchasing norms (new vendors) Missing receipts or invoices Excessive or unexplained voids

  10. FRAUD TRIANGLE ILLUSTRATION OPPORTUNITY INCENTIVE/PRESSURE RATIONALIZATION AND ATTITUDE Betty Grandma is the best employee. She’s been with the department for years. Always receives an outstanding rating on her annual reviews. Everybody loves her. She’s always staying late with no complaints. Half the time, she doesn’t submit the time as time worked. She just does it because she loves her job. Betty handles the petty cash, takes in other payments and reconciles the accounts. She completes the deposit and also records the deposits in the ledger. What her colleagues don’t know is that her grandson has cancer. Her daughter has just gotten divorced and is having trouble paying for treatment. Her daughter plans to sell her car, but in the meantime needs to buy medicine. Betty is trying to figure out ways to help her grandson. Betty knows that the car will be sold, so she figures that she will just borrow some of the cash and replace it when the car is sold. Unfortunately, the next month, the car isn’t sold. Betty figures the department owes her anyway for all of the overtime she’s worked without compensation, and besides, it’s for her grandson, she’s not out buying jewelry or anything like that. Because she both completes and records the deposit, she is able to fix the books so that no one knows the money has gone. Once she see’s how easy it is, and that nobody noticed she figures she can regularly help pay for her grandson’s bills.

  11. SO HOW DO WE HELP BETTY AVOID THAT PITFALL AND PREVENT LOSS FOR THE DEPARTMENT? ANSWER: B, D, E are a good start. What we want to do is institute policies and procedures to mitigate the risks involved. • Hold a fundraiser for Betty’s grandson • Implement Internal Controls • (Itemized numerical receipts) • Create a Go Fund Me account • Implement proper segregation of duties in conjunction with reconciliations • Have security cameras installed where cash is being handled manually

  12. RISK MITIGATION Risk mitigation strategies is a term to describe different ways of dealing with risks. These strategies include risk avoidance, transfer, elimination, sharing and reducing to an acceptable level. We have to keep in mind that there are always risks present in business operations. The fundamental question is not how to eliminate the risk but how to manage the risk in a way to reduce the probability of errors, mistakes, and fraud. What can we do about risks? What are the possible strategies? Risk Acceptance or risk retention - when we accept the identified risk and do not take any other action in order to reduce the risk because we can accept its impact - the possible consequences. We simply risk it. Risk Reduction - when we take some measures (countermeasure) to reduce the risk to an acceptable level. Ex. Safety cameras for those counting cash, numbered receipt(s) for payment, segregation of duties. Risk Transfer - when we transfer the risk to another person or entity. In practice, companies can for instance get an insurance (transfer of risk to an insurance agency) or can transfer the risk to another company by means of outsourcing. Risk Avoidance - when we decide not to realize our intention from which the risk arises, for example, it means that we will not launch our project or will not conclude a contract.

  13. INTERNAL CONTROLS Definition: A process designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations A broad concept, internal control involves everything that controls risks to an organization and sets the internal control environment (set of standards, processes, and structures). Examples include but are not limited to: Numbered cash receipts Physical Inventory Two step authentication Verification and reconciliation

  14. PURPOSE OF INTERNAL CONTROLS PREVENTATIVE • Attempt to deter or prevent undesirable events from occurring • Proactive controls that help to prevent a loss • Examples • Separation of duties, proper authorization, adequate documentation, and physical control over assets DETECTIVE • Attempt to detect undesirable acts, provide evidence that a loss has occurred (but does not prevent a loss from occurring) • Examples • Reviews, analyses, variance analyses, reconciliations, physical inventories, and audits

  15. LIMITATIONS OF INTERNAL CONTROL Judgment – managers can make bad decisions Breakdowns – people with control responsibilities may not carry them out effectively Supervisor/Management Override –a supervisor or manager may intentionally go outside established practices for illegitimate purposes Collusion–two or more people can collaborate to subvert controls Costs versus Benefits– resources are limited; managers accept a degree of risk when the cost of controlling that risk exceeds the benefit

  16. INTERNAL CONTROLS MODEL COSO-Committee of Sponsoring Organizations of the Treadway Commission This model has been adopted as the generally accepted framework for internal control and is widely recognized as the definitive standard against which organizations measure the effectiveness of their systems of internal control. 

  17. ROLE OF BUSINESS STAFF RELATIVE TO THE CUBE • Operations • Reconciliations/Verification • Cash Handling • Segregation of Duties • Purchasing • Reporting • Financial Statements • Aged Accounts Receivable Reports • Management Reports • Compliance • System Regulations • University SAPS • Office Procedures • Best Practices

  18. RISK ASSESSMENT Step 1: Identify hazards, i.e. anything that may cause harm. Step 2: Decide who may be harmed, and how. Step 3: Assess the risks and take action. Step 4: Make a record of the findings. Step 5: Review the risk assessment. The Office of Risk, Ethics, and Compliance has many tools for departments to use in completing their own risk assessment. https://urc.tamu.edu/enterprise-risk-management/risk-assessment-tools/ Dictionary of Financial Management Risks and Controls

  19. CONTROL ENVIRONMENT Control Environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The Vice President/Dean/Department Head and senior management establish the tone at the top regarding the importance of inter­nal control including expected standards of conduct. Management reinforces expecta­tions at the various levels of the organization. The control environment comprises the integrity and ethical values of the organization.

  20. CONTROL ENVIRONMENT Roles and Responsibilities Board of Regents - provides guidance and oversight, sets policy and regulations Management- directly responsible for internal controls, establish rules/SAPs and internal processes University Personnel- responsible for exercising due care in performing their duties reporting any control deficiencies or noncompliance (code of conduct, violations of policy or illegal actions) to appropriate management level (supervisor, manager, department head, etc.) Internal Auditors- evaluate the effectiveness of control systems, and contribute to ongoing effectiveness

  21. CONTROL ACTIVITIES • Represent responses to identified risks • Consist of 2 Aspects • Policy of what should be done • Procedures to accomplish policy • Categories of Control Activities

  22. CONTROL ACTIVITIES Examples POLICIES AND PROCEDURES • System Policy and Regs, University Rules and SAPS SECURITY (APPLICATION AND NETWORK) • Two Step Verification Process to access information • Individual Access (Cash Drawer/Computers) APPLICATION CHANGE MANAGEMENT BUSINESS CONTINUITY/BACKUPS • Cross Training OUTSOURCING • Armored Car Service for deposits • Efficiencies/Cost Savings gained through external providers i.e. SSC, Chartwells

  23. WHY SEGREGATION OF DUTIES? Segregation of Duties (SOD) is a basic building block of sustainable risk management and internal controls for a business. The principle of SOD is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. • Intended to prevent fraud (primary defense) and error • Having more than one person required to complete a task • No one person has sole control over the lifespan of a transaction • No one person should initiate/receive/handle; record; authorize; and reconcile a transaction

  24. SEGREGATION OF DUTIES CASH HANDLING • Receipt of funds • Preparation of Deposits • Reconciliation of Funds • Separate approvers/evaluations • https://fmo.tamu.edu/general-accounting/sales-receivables/docs/cash-handling-procedures// • Online Course 211172: Cash Handling - System Version CONTRACTING • Bid Process for certain thresholds • https://contracts.tamu.edu/forms/ INVENTORY OF FIXED ASSETS • https://fmo.tamu.edu/property/ PURCHASING • https://purchasing.tamu.edu/ PAYROLL • https://payroll.tamu.edu/

  25. INFORMATION & COMMUNICATION QUALITY OF INFORMATION • Ensuring accurate information in reporting • Excellent Customer Service • Surveys & Assessments of Customers and Employees EFFECTIVENESS OF COMMUNICATION • Make sure appropriate information is shared with end users on a timely regular basis • Ensure reports conveys useful information to the end users

  26. MONITORING ACTIVITIES • Ensures that the internal control system continues to operate effectively as planned • Effectiveness can be assessed through: • Ongoing monitoring activities such as regular management and supervisory activities (automated/manual reviews for accuracy (amount/account/documentation, etc.), evidenced by signature and date, oversight reviews for reasonableness/completeness, timing, trend analysis, etc.) • Periodic monitoring such as separate evaluations or self-assessments, spot-checks, or audits (internal/external) • Internal control deficiencies are reported to the appropriate management level to make changes

  27. MONITORING ACTIVITIES ONGOING MONITORING • Monthly Reconciliations • Regular Budget Reviews • Variance Analysis • Metrics Analysis • Survey Results Reviews SEPARATE EVALUATIONS • Preparer & Reviewer of Reconciliations • Billing & Accounts Receivable Reporting • Receipt of cash/payments • Internal Auditing within department/area REPORTING DEFICIENCIES • Account Balance Reviews • Revenue & Expense Recognition • Variance Analysis

  28. CONSEQUENCES OF WEAK INTERNAL CONTROLS Financial (fines, penalties and theft) Loss of programs or major funding source Increase in audits/external oversight Inefficient or ineffective processes (takes more time and personnel) Having to redo/rework and/or respond to external customers Replacement of equipment Impact on insurance premiums/deductibles Negative reputation (loss or decrease in donations, negative perception of integrity/accountability, decrease in student applications/acceptance)

  29. EXAMPLES

  30. SECO FRAUD CASE State Energy Conservation Office (SECO) “A former program administrator for the Texas comptroller’s office on Monday pleaded guilty …” https://www.statesman.com/news/20131126/ex-texas-comptrollers-employee-mary-jo-woodall-takes-plea-in-jonestown-energy-fraud-case

  31. REPORTING FRAUD, WASTE, ABUSE SYSTEM POLICY 10.02 • Every employee is responsible for reporting suspected fraud, waste or abuse observed by or made known to an employee. REPORTING SUSPECTED FRAUD, WASTE, AND ABUSE • TAMUS Risk, Fraud & Misconduct Hotline (can be anonymous) • By phone: (888) 501-3850 • On the web: https://secure.ethicspoint.com/domain/media/en/gui/20488/index.html • State Auditor’s Office Fraud, Waste or Abuse Hotline (can be anonymous) • By phone: (800) 892-8348 • On the web: http://sao.fraud.state.tx.us • Chief Auditor of System Internal Audit • System Ethics and Compliance Office • TAMU President • University Police Department • Anyone in the employee’s chain of command INCREASE IN PENALTIES • Texas Penal Code, Section 31.03 increases penalties to the next higher category of offense for thefts committed by public servants • Public servant at the time of the offense, and • Stolen property came into the person’s possession by virtue of the employee’s position

  32. INTERNAL AND EXTERNAL AUDITS SYSTEM INTERNAL AUDIT https://www.tamus.edu/iaudit/ Develops an annual audit plan using an appropriate risk-based methodology. The Board of Regents’ Audit Committee approvals the plan. Implements the annual audit plan and report results to the Board of Regents, Chancellor, and the University Presidents and Agency Directors. Reviews allegations of fraud or fraudulent actions according to System Policy 10.02 and System Regulation 10.02.01, Fraud, Waste and Abuse. Provides reports to the Audit Committee and Chancellor on the implementation status of prior audit recommendations. Acts as the A&M System’s general liaison with any external audit agency. Provides reports to the Audit Committee and Chancellor on any issues related to significant external audits, including audits conducted by the Texas State Auditor’s Office. Provides advisory and consulting services to assist management in meeting their objectives, including participating in the development or modification of major information systems. OTHER EXTERNAL AUDITORS Texas State Auditor’s Office: http://www.sao.texas.gov Federal Auditors: Single audits and other https://harvester.census.gov/facweb/

  33. RATING SYSTEM FOR INTERNAL AUDIT REPORTS * Audit Code 4 require President Young to report to the Board of Regents

  34. BENEFITS OF BEING AUDITED Improves the “control environment” of the organization/checks & balances Determine adequacy of internal controls Promote best practices for controls/process Improvement Ensure compliance with policies and regulations/review of process Identify operational inefficiencies and waste Review IT projects, systems, and technology Provide objective insight Assess efficient and responsible use of resources Identify potential cost savings Assist management in addressing complex, cross-functional issues Validity of financial statements

  35. OFFICE OF RISK, ETHICS, AND COMPLIANCE Chief Compliance Officer, Kevin McGinnis • Regulatory Compliance (ADA, Clery Act, Drug-Free Schools and Communities Act, etc.) • Civil Rights and Title IX • Enterprise Risk Management • Open Records • University Youth Programs • Privacy/HIPAA • Management Advisory Services/Consultations • Insurance/Risk Management • University Rules and SAPs • http://rules-saps.tamu.edu/ • https://www.tamus.edu/legal/policy/policy-and-regulation-library/ • Audit Liaison

  36. Questions?

More Related