1 / 85

Finance Forum

Finance Forum. 28 November 2012. Welcome & Overview. David Sturgiss. Overview . Welcome and Overview David Sturgiss Update: F&BS Review David Sturgiss ANU Risk Management and Assurance services Leslie Hyland Morning tea Chart of Accounts Review Peter Shipp

topper
Download Presentation

Finance Forum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Finance Forum 28 November 2012

  2. Welcome & Overview • David Sturgiss

  3. Overview • Welcome and Overview David Sturgiss • Update: F&BS ReviewDavid Sturgiss • ANU Risk Management and Assurance services Leslie Hyland • Morning tea • Chart of Accounts Review Peter Shipp • AFS 2012 Rachelle Conry • 2013 Budget Melissa Abberton • Travel transactions - descriptions Ron Robertson & Marg E • LAFHA – Update Luke Beckett

  4. Update: F&BS Review The response from F&BS to the 2012 review can be found at: • About ANU, Administration reviews website or • accessed directly at: Implementation Plan (PDF, 134KB)

  5. F&BS Implementation Plan • F&BS has responded to all 16 recommendations; • The plan outlines the review recommendations, tasks associated with achieving the recommendations and identifies timeframes, Task/Project Manager, and Performance Indicator/progress. • The Implementation Plan is a high level summary of the actions that require implementation over the next six to twelve months.

  6. F&BS 2013 Operational Plan Specific details of related projects can be found in the F&BS 2013 Operational Plan which will be available on our website early next week at: Finance & Business Services » About F&BS (Projects specifically in response to review recommendations are numbered 1 -16/IP)

  7. Expected Outcomes of the Implementation Plan • Improved financial management reporting with greater data integration and enhanced utility by consistency in both reporting content and presentation; • Improved finance administrative management functionality and expertise across campus as a result of ensuring appropriate staff are recruited and placed in finance management positions with consistent Position Descriptions and Statement of Expectations and the delivery and engagement in the practice leadership program including staff rotations;

  8. Expected Outcomes of the Implementation Plan (cont) • Clarity around roles, responsibilities and delegations between Colleges and the Division; • Improved measurement in the outcomes of F&BS activities; • Financial benefits/savings to the University generally through the implementation of standardised service and product providers of basic commodities; • Improved communication strategy both within the Division and the University community more generally; and • By our engagement with the EDAP an improved and integrated whole of University framework for technology enabled business processes.

  9. ANU Risk Management and Assurance services • Leslie Hyland

  10. Risk Management & AuditPresentation to Finance Forum Presented by: Leslie Hyland Director of Risk Management and Audit, Office of the Vice-Chancellor November 28 2012

  11. Objectives 1. The ANU Risk Awareness Framework— Enterprise Risk Management 2. The ANU Audit Program – Assessing Risk Management & Control Frameworks 3. ANU Governance – Risk Management and the Tone at the Top • Fraud Risk— ANU Fraud Control Framework • ANU ERM: Risk Management & internal Controls Integrated Framework & TEQSA : Next Steps

  12. The ANU Risk Awareness Framework— Enterprise Risk Management 1.1 What is Enterprise Risk Management (ERM)? 1.2 ANU Risk Awareness Framework 1.3 Understanding the Three Categories of Risk 1.4 What is our Approach 1.5 Developing a Risk Management Plan – AS/NZS ISO 31000:2009

  13. 1.1 What is Enterprise Risk Management (ERM)? This is a structured and disciplined approach aligning strategy, process, people, technology and knowledge for the purpose of evaluating and managing uncertainties that the entity faces as it creates value. “This is one small step for man, one giant leap for mankind”. Neil Armstrong, Apollo 11 first moon walk, July 21 1969

  14. 1.2 ANUs Risk Awareness Framework ERM is not about being more risk averse. It is about being more risk aware. Risk Awareness Principles Optimise Opportunities Ensure stability Protect against unforeseen loss RISK = THREAT RISK = UNCERTAINTY RISK = OPPORTUNITY Category 3 Risk = External Risks Category 1 Risk = Preventable Risks Category 2 Risk = Strategic Risks

  15. 1.3 Understanding the Three categories of Risk By Robert S. Kaplan & Anette Mikes, Harvard Business School

  16. 1.4 What is our approach? A consistent approach to risk management across the university and at all levels of operations • Enterprise wide view of risks facing the ANU: ANU Risk Profile • Risk profiles for ANU Colleges & Service Divisions • Risk profiles for Halls of Residences ANU Wide Risks College / Division Risks • Risks assessments as part of grant applications and project initiation documents Projects & Grants “Risk Management is not intuitive; it runs counter to many individual and organizational biases. Rules and compliance can mitigate critical risks but not all of them. Active cost-effective risk management requires managers to think systematically about the multiple categories of risks that they face so that they can institute the appropriate processes for each. These processes will neutralize their managerial bias of seeing the world as they would like it to be rather than as it actually is or could possibly become.” Robert S. Kaplan and Anette Mikes, Harvard Business School

  17. 1.5 Developing a Risk Management Plan – AS/NZS ISO 31000:2009 • Studies have found that people overestimate their ability to influence events, and that there is a tendency to be overconfident about the accuracy of forecasts and risk assessments and far too narrow in assessment of the range of outcomes that may occur. • Organizational biases also inhibit people’s ability to discuss risk and failure. There is a tendency to normalize deviations as people learn to tolerate apparently minor failures and defects and treat early warning signals as false positives. • Effective risk management must counteract the above biases. It must allow the establishment of a risk culture that enables people feeling comfortable thinking and talking about risk. • Effective risk management enables people to talk about strategy by challenging existing assumptions and debate risk information.

  18. 1.5 Developing a Risk Management Plan – AS/NZS ISO 31000:2009, continued • 4 Steps: • Risk Identification • Think broadly about the risks associated with the project, grant and/or activity . Elements include: Risk category, Risk description, Risk owner, Cause of risk. • ii. Risk Prioritisation • Using the risk rating criteria, assess the probability of the risk occurring (likelihood) and the consequence of the risk occurring (impact). • Start by assessing the current risk, then determine the residual risk. • The current risk is the risk facing the entity, project and/or grant at the moment, with operations running as ‘business as usual’ prior to being treated. • The residual risk is the risk remaining after all treatment strategies have been put in place.

  19. 1.5 Developing a Risk Management Plan – AS/NZS ISO 31000:2009, continued • Risk Response—What is being done to manage the Likelihood &/or Consequences of the risk (strategies, policies, procedures, reviews, inspections etc.) should be directed towards the previously identified cause(s) of that risk . The response could be: • Avoid – do something to remove the risk • Transfer – make someone else (e.g. vendor) responsible • Mitigate – take actions to lessen the impact or likelihood of risk occurring • Accept – stakeholders (including the appropriate delegate) may agree that the risk is at an acceptable level that the effort to take further action is not worthwhile • iv. Risk Monitoring—Establish an Action Plan to continually monitor risks to identify any changes in status and add/remove risks “Risk mitigation is painful, not a natural act for humans to perform.” Gentry Lee, Chief Systems Engineer, Jet Propulsion Laboratory (JPL), NASA. 19

  20. 1.6 Risk Management Plan Elements

  21. 2. The ANU Audit Program – Assessing effectiveness of operations, risk management, control and governance processes through the following activities: 2.1 Internal Audit –What we do and its relationship to ERM 2.2 External Audit– Value Proposition 2.3 Audit Follow-Up– Maturity of ERM 2.4 The ANU Audit & Risk Management Committee

  22. 2.1 Internal Audit • Conducted under the Professional Standards contained in the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors, and the Accounting Professional Ethical Standards Board. • Guided by a Charter • Systematic and disciplined approach • Risk-based annual Internal Audit Plan and audit engagements, including compliance-based assurance audits, performance improvement audits, advisory audits and comprehensive audits. • Internal Audit Plan topics are selected on the basis of interviews key University stakeholders and evaluation of prior year (s) audited topics and results. 22

  23. 2.1 Internal Audit & ERM Core Internal Audit Roles Regarding ERM: Legitimate Internal Audit Roles with Safeguards: Giving assurance on the risk management processes Facilitating identification & evaluation of risk Giving assurance that the risks are correctly evaluated Coaching management’s response to risk Evaluating risk Management Processes Co-ordinating ERM activities Evaluating the reporting of key risks Consolidate report on risks Reviewing the management of key risks Maintain & develop ERM framework Roles that Internal Audit Should Not Undertake: Champion establishment of ERM Setting risk appetite Developing RM strategy for Council approval Imposing Risk Management Processes Management assurance on risks Taking decisions on risks responses Implementing risk responses on management’s behalf Accountability for risk management Source: Institute of Internal Auditors (IIA) 23

  24. 2.2 External Audit – Value proposition: Enhancing Sound Governance • Australian National Audit Office (ANAO) annual financial statement audit certification (provided in the form of the ANAO audit opinion)—the external audit provides independent assurance that University financial statements are properly prepared in accordance with set standards in all material respects. • Grant funding sponsors audit requirements: external auditors are engaged to evaluate the University’s compliance with set funding sponsors’ agreed-upon standards. The engagement is equivalent to that done through the Internal Auditor. The difference here is the oversight of the audit is done by an external audit manager. • Australian Commonwealth Government Entities’ Compliance Audits • The United States Government Financial and Compliance Audits • The European Commission Compliance Audits • Other entities funding ANU operations 24

  25. 2.3 Audit Follow-Up: Maturity of ERM • ANU is obligated to address/resolve audit-related findings in accordance with requirements set by the Australian National Audit Office (ANAO), Grant funding sponsors including the Australian Commonwealth Government Entities, The United States Government, The European Commission, other as appropriate • Progress towards resolution is monitored & reported to the Audit & Risk Management Committee and Council. • Audit findings are risk-rated per set risk rating guidelines endorsed by the Risk Management & Audit Office as it relates to “inherent risk” and “residual risk”. 25

  26. 2.4 The ANU Audit & Risk Management Committee (ARMC) • The Commonwealth Authorities and Companies Act 1997 (the CAC Act) obliges the University to have an Audit Committee. • The Audit and Risk Management Committee advises the University Council on the quality of audits conducted and the adequacy of administrative, operating and accounting controls and compliance with relevant legislation and policies. • The committee also oversees risk management planning and implementation. • The committee consists of five non-executive members, of which at least one is a member of Council. • The Audit and Risk Management Committee Charter outlines the roles and responsibilities of the committee, is approved by Council and reviewed annually. 26

  27. ANU Governance – • 3.1 Risk Management and the Tone at the Top • 3.2 Risk Management and Going beyond the basics 27

  28. 3.1 Risk Management and the Tone at the Top • The “tone at the top” plays a critical role in establishing and maintaining ethical and accountable work environments within an organization; • The tone at the top is the ultimate responsibility of the organization’s leadership, lead from the top, by giving consistent messages on the importance of quality, shared at every level. • The ANU Governance framework includes Legislation, Policies, Delegations that are overseen, managed and implemented through: • Council • Committees of Council ( Audit & Risk Management Committee, Finance Committee, Academic Board) • University Committees • University Management “An entity’s ability to weather storms depends on how seriously executives take risk management when the sun is shining and no clouds are in the horizon.” Robert S. Kaplan and Anette Mikes, Harvard Business School. 28

  29. 3.2 Risk Management and going Beyond the Basics • The Basics-- the ANU invests in rules-based risk management system that has worked well in aligning values, risks and controls • Going Beyond the Basics– • ANU by 2020, the Strategic Plan, is the vehicle by which the university has identified its overarching strategic goals • The ANU Operational Plans are the vehicle towards managing inherent strategic and operational choices and/or the risks that are posed by internal and external environments • Managing risk is very different from managing strategy; the former focuses on the negative, such as failures rather than opportunities and successes. It runs exactly counter to the “can do” culture most leadership teams try to foster when implementing strategy. “When Tony Hayward became the CEO of BP, in 2007, he vowed to make safety his top priority. Among the new rules he instituted were the requirements that all employees use lids on coffee cups while walking and refrain from texting while driving. Three years later, on Hayward’s watch, the Deep-water Horizon oil rig exploded in the Gulf of Mexico, causing one of the worst man-made disasters in history. A U.S. investigation commission attributed the disaster to management failures that crippled “the ability of individuals involved to identify the risks they faced an to properly evaluate, communicate, and address them.” Robert S. Kaplan and Anette Mikes, Harvard Business School. 29

  30. Fraud Risk— ANU Fraud Control Framework • 4.1 What is Fraud • 4.2 Types of Fraud --Examples • 4.3 Fraud Prevention • 4.3.1 Leadership and Culture –ANAO Better • Practice Guide • 4.4 Fraud Detection • 4.4 Responding to Detected Fraud 30

  31. 4.1 What is Fraud? The ANU has adopted the following definition of fraud as advocated by the Australian Commonwealth Government’s Fraud Control Guidelines 2011: “Dishonestly obtaining a benefit, or causing a loss, by deception or other means” “ The ANU will seek to prosecute those who perpetrate frauds against it.” Risk Management and Audit , Fraud Control Procedure, 2012 31

  32. 4.2 Types of Fraud—Examples Manipulation of records; Theft of inventory, plant and equipment; False invoicing by a staff member or a person external to ANU claiming payment for goods or services not delivered or exaggerating the value of goods or services delivered; Theft of cash or funds other than by false invoicing; Any form of cheating; Conflict of interest; Misappropriation or misdirection of remittances received from a debtor; Loan application to student made in a false name and false documentation; Theft of intellectual property; Falsification of research results; Financial fraud involving grant funds; Engaging in transactions of self interest rather than interests of the entity; Lack of employment screening controls; Nepotism and cronyism when employing personnel; Falsification of qualifications; Collusive tendering; Falsification of financial transactions; For additional examples please follow this link: http://policies.anu.edu.au/procedures/fraud_control/procedure 32

  33. 4.3 Fraud Prevention—Attitude to Fraud—Zero Tolerance • Elements in the ANU Fraud Prevention Framework: • Code of Conduct • ANU Fraud Control Plan & Procedure • Fraud Risk Profiling and Management Activities • Control Framework: ANU Policies, Procedures, Guidelines and Monitoring Activities conducted at all levels • Internal Audit • External Audit • Continuous Monitoring Program through computer assisted audit techniques • Fraud Control Booklet—”Protecting ourselves from Fraud” • http://risk.anu.edu.au/docs/Staff_Fraud_Booklet.pdf “A ‘top-down’ and ‘bottom-up’ approach to fraud control can help ensure an organisation’s policies, governance structures and processes for managing fraud risks are consistent and mutually reinforcing.” ANAO Better Practice Guide 33

  34. 4.3.1 Leadership and Ethical Culture • Key Points: • Strong executive leadership is integral to effective fraud control within organizations • If staff perceive that controls to respond to fraud are not robust or supported by management, they are much less inclined to report it • To keep astride of emerging fraud risks, the entity must embed fraud control prevention activities into its day-to-day activities at all levels • The establishment of an ethical culture is a key element of sound governance and plays an important role in preventing fraud and helping to detect it once it occurs “When it comes to leadership, we can take comfort that nobody is perfect but there are accepted norms to guide us.” Ian McPhee, Auditor General of Australia 34

  35. 4.4 Responding to Detected Fraud---Key Points • Fraud investigation and response are key to providing stakeholders with reasonable assurance that perpetrators of fraudulent acts are identified, and appropriate remedies are consistently applied. • Australian Government entities are required to comply with the Fraud Control Guidelines which meet minimum standards for investigations set out in the Australian Government Investigations Standards. • Under the Fraud Control Guidelines, entities are required to investigate minor and routine instances of fraud, irrespective of whether the outcome of the investigation results in an administrative remedy or is referred for prosecution consideration. • Matters involving serious and complex fraud must be referred to the Australian Federal Police. • Prosecutions are important in deterring future instances of fraud and in educating the public generally about the seriousness of fraud. • Entities should be committed to recovering financial losses caused by fraud through proceeds of crime and civil recovery processes or administrative remedies. “ Character is like a tree and reputation like a shadow. The shadow is what we think of it; the tree is the real thing”. Abraham Lincoln, President of the United States of America (1861-1865) 35

  36. 5. ANU ERM: Risk Management & Internal Controls Integrated Framework & TEQSA : Next Steps Photo source, NASA

  37. 5.0 TEQSA: Regulatory Risk Framework & Impact to the ANU Risk Management Framework • - TEQSA is being incorporated to the ANU Risk Management Framework, to acknowledge its existence • - Risk Management Policy, Procedures & Tools are being updated to reflect the existence of the TEQSA Framework • - ANU Internal Audit Planning Approach is being informed with TEQSA Regulatory Risk Framework & enable coverage in 2013 audit assurance activities, consistent with the ANU ERM approach 37

  38. 5.1 ERM View: Integration of Risk Management & Internal Controls: the COSO Integrated Framework • The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organizations dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. http://www.coso.org/ • COSO Integrated Framework assists U.S. entities (Governmental and Corporate) better control enterprise-wide operations. • The elements of the COSO framework are in all types of entities and therefore its applicability across sectors. • Integrated internal controls can help entities achieve its performance and profitability targets, and prevent loss of resources. Internal control cannot ensure the entities’ success, but can at the very least help achieve basic success and potentially its survival. There is a fourth dimension to the above representation of ERM: the data that informs, in an integrated way, every aspect of the organisation’s Strategic , Operational, Reporting and Compliance activities. Successful organisations are those that are “data rich and information rich”, as opposed to “data rich and information poor”. 38

  39. References: 1) ANU Risk Management & Audit website--http://risk.anu.edu.au/ • Managing Risks: A New Framework, by Robert S. Kaplan and Anette Mikes, Harvard Business Review, June 2012 • Australian National Audit Office (ANAO) Better Practice Guide: Fraud Control in Australian Government Entities, March 2011 • COSO Integrated Framework

  40. Morning Tea Recommence in 20 minutes

  41. Chart of Accounts Review • Peter Shipp Currently a review of some natural account codes is underway. College/Division Finance Managers are participating in this process. A small number of changes are anticipated for 2013.

  42. AFS 2012 • Rachelle Conry

  43. AFS 2012 • Year End Systems Timetable • Year End made easy

  44. AFS 2012 • http://fbs.anu.edu.au/reporting/financial-reporting/annual-financial-statement-basics • AFS Pack 2012 - Instructions • AFS Pack 2012 - Schedules • Year End journal rules • Accounting periods 2013 • Year End system dates 2012

  45. AFS 2012 – Systems Timetable • Friday 7 December: • Plant & Equipment Schedules • Store Stock Schedules • Last day for adjustments in Asset Management System • Friday 14 December: • Last day for Vendor Additions

  46. AFS 2012 – Systems Timetable • Wednesday 19 December: • Pay 26 to be sent • Last AP runs for 2012 (draft, chq & TT) • Last day for AR invoices • Last day for banking foreign drafts

  47. AFS 2012 – Systems Timetable • Thursday 20 December: • Last AP EFT run for 2012 • Last day for direct debits for Halls & Colleges • Last day for Courier Run • Pay 26 re-banks • Last opportunity to run Outstanding Encumbrances Report for 2012 data

  48. AFS 2012 – Systems Timetable • Thursday 20 December (cont.): • Last day for AP Vouchers for 2012 • Last day for entering ACTUALS, FINANCIAL & STD_BUDGET Journal • Access to ESP Financials closed at 5pm

  49. AFS 2012 – Systems Timetable • Friday 21 December: • All receipting points must be deposit listed by 11am • Access to One-Stop (Receipting) closed at 11am

  50. AFS 2012 – Systems Timetable • Wednesday 2 January: • One-Stop reopened after 10am • ESP Financials reopened after 12 noon • First day for Vendors & AR Invoices after 12 noon • Thursday 3 January: • First AP runs (EFT, TT, draft & chq)

More Related