VIEWS: 63 PAGES: 46 CATEGORY: Non-Profit Organizations POSTED ON: 8/1/2012
Presentation from Charles Tate, Tate & Tryon about the risk issues non profits need to manage.
Managing Risk In Nonprofit Organizations Charles F. Tate, CPA Managing Partner Tate & Tryon, CPAs and Consultants Washington, DC January 13, 2012 What We’ll Discuss Today 1. Overview of COSO and Publications 2. COSO’s ERM 3. COSO’s Internal Control 4. Relationship of COSO to Auditing Standards 1. Overview of COSO and Publications COSO is the Acronym For: A. Class of Service Overrides B. Combat Oriented Supply Operations C. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission” What is the Treadway Commission? A. Governmental Commission B. Presidential Commission C. Congressional Commission D. All of the Above E. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative Which Organization is not Part of the Private Sector Initiative (i.e., a Sponsoring Organization)? A. American Accounting Association (AAA) B. American Institute of CPAs (AICPA) C. Association of Financial Professionals (AFP) D. Financial Executives International (FEI) E. Institute of Internal Auditors (IIA) F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee COSO Publications COSO Publications Which Prominent Accounting Firm Authored a COSO Publication? A. Price Waterhouse Coopers (PWC) B. Grant Thornton (GT) C. Tate & Tryon (T&T) D. Coopers & Lybrand (C&L) E. Both A. and D. F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication COSO’s Definitions and Objectives A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: ERM Internal Control 1. Strategy setting 1. Effectiveness and 2. Identify & manage efficiency of operations. potential events 2. Reliability of financial 3. Manage risks to be reporting. within its risk appetite 3. Compliance with laws and regulations. Which Individual Did Not Influence SOX Legislation? A. B. C. D. Answer D: Michael M. Tryon Had No Influence on SOX 2. COSO’s ERM COSO Enterprise Risk Management – Integrated Framework Components unique to ERM COSO Internal Control – Integrated Framework Comparison of COSO IC and ERM Relationship of COSO Objectives Internal Control Enterprise Risk Internal Control Over Financial Management (1992) Reporting (2004) (2006) • Strategic • Operations • Operations • Compliance • Compliance • Financial • Financial • Financial Reporting Reporting Reporting ERM Expands on Internal Control Adding Three Components Control Environment ERM Objective Control Activities Setting ERM Event Identification Monitoring ERM Risk Information & Response Communication Risk Assessment ERM Expands on Internal Control Objective Setting • Strategic Objectives–high level • Related Objectives–operations, reporting, & compliance • Achievement of Objectives–reasonable assurance • Risk Appetite–guidepost in strategy setting • Risk Tolerances–acceptable levels of variation Forming Risk Appetite (Exhibit 3.5 ERM Guidance) ERM Expands on Internal Control Event Identification • Events can be positive, negative impact, or both • Events are interdependent–not isolated • Events are driven by external and internal factors Implementation – Event Identification External Factors External Internal • Economic • Infrastructure • Natural Environment • Personnel • Political • Process • Social • Technology • Technological COSO Components & Principles–ERM Risk Response • Avoidance, reduction, sharing, acceptance • Evaluation of risk likelihood and impact • Assessing costs versus benefits • Opportunities in response to options • Portfolio view Implementation – Risk Response Avoidance Sharing • Disposing of a program • Buy insurance • Deciding not to engage in • Joint venture/outsource new initiatives/activities • Hedging risks Risk Response Reduction Acceptance • Diversifying/rebalance • Self insure • Limits/processes • Accept risk that conforms to risk tolerance Simplified Process For ERM Strategy & Objectives Event Identification & Likelihood Risk Response & Quantification Financial Model Financial Impact of Key Scenarios Major Annual Increase Potential Scenario Probability Activity (H-M-L) Amount (Decrease) (in millions) • Terrorist or political uprising H 100 Donations 1,000 • Donation mismanagement L -20 Biomedical • Virus M -400 2,400 Services • War, natural disaster H -600 Fundraising • Weather L 50 -0- Events • Pandemic L Government • Economic downturn H -40 60 Grants • Contract mismanagement M -0- Investments • Financial meltdown M -30 90 & other • Fraud (Madoff or Stanford) M -10 Total 3,600 -1,000 3. COSO’s Internal Control COSO Components–Internal Control Control Environment Risk Assessment Control Activities Information & Monitoring Communication COSO Internal Control Components & Principles Environment Principles • Management Philosophy • Board of Directors • Integrity and Ethical Values • Commitment to Competence • Organizational Structure • Assignment of Authority and Responsibility • Human Resource Standards • Risk Appetite Control Environment/Internal Environment is the Foundation of the 5 Components COSO Internal Control Components & Principles Risk Assessment Principles • Specify objectives • Risk identification & analysis • Inherent and residual risk Risk Assessment Matrix Characteristics As % Entity- Impact Fraud Overall Balance Sheet Account of Business wide on F/S Account Risk Rating Total Process Factors ASSETS Cash & cash equivalents 5% L M L H L L Pledges receivable 15% M H H M M H Investments 40% H H H L L H Property & equipment 35% H M M H M M Prepaid & other assets 5% L L L L L L Total Assets 100% LIABILITIES Accounts Payable 5% L M M H M M Deferred Revenue 20% H H H L H H Mortgage (IRB) 25% H H L L M M Pension & post retirement 10% M H H L H H Total Liabilities 60% Net Assets 30% H M L L L L Total Liabilities and Net Assets 100% Implementation – Risk Assessment Significant Assertions Significant Assertions Balance Sheet Account Valuation or Rights & Presentation Existence Completeness Allocation Obligations & Disclosure Cash & cash equivalents Pledges receivable Investments Property & equipment Prepaid & other assets Accounts Payable Deferred Revenue Mortgage (IRB) Pension & post retirement Net assets COSO Internal Control Components & Principles Control Activities Principles • Integration with risk assessment • Selection and development of control activities • Controls over information systems/technology • Policies and procedures are communicated COSO Internal Control Components & Principles Information & Communication Principles • Quality of information • Internal & external communication • Means of communication • Strategic and integrated systems COSO Internal Control Components & Principles Monitoring Principles • Ongoing monitoring activities • Reporting deficiencies 4. Relationship of COSO to Auditing Standards Auditing Standards – Risk Assessment Identifying risks through considering: The entity and its environment, including its internal control Classes of transactions, account balances, and disclosures Relating the identified risks to what could go wrong at the relevant assertion level Intersection of COSO and the Auditor’s Responsibilities COSO (2004) • Broader Objectives Enterprise Risk • More than Internal Control Management COSO (1992) • Operations • Financial Reporting Internal Control • Compliance with Integrated Framework Laws/Regulations COSO (2006) Internal Control over • Financial Reporting Financial Reporting SAS 109 • Understand Five Components Understanding of the • Focus on Controls Relevant Entity & Environment to Financial Reporting Summary of Risk Assessment Standards No. Concept Expands the definition of “reasonable assurance” as a “high” level of 104 assurance “Internal control” is replaced by “the entity and its environment, 105 including its internal control” Use of management’s assertions in obtaining audit evidence – 106 recognition, measurement, presentation and disclosure Reduce audit risk to a low level that is, in the auditor’s professional judgment, 107 appropriate for expressing an opinion on the financial statements 108 Adequately plan the work and must properly supervise any assistants Sufficient understanding of the entity and its environment, including 109 its IC, to assess the risk of material misstatement Sufficient appropriate audit evidence to afford a reasonable basis for an 110 opinion 111 Enhanced guidance on tolerable misstatement Auditor’s Assessment of Material Misstatement – SAS 106 Classes of Presentation and Account Balances Transactions Disclosures Occurrence/Rights and Occurrence Existence obligations Completeness Rights and obligations Completeness Classification and Accuracy Completeness understandability Cutoff Valuation and allocation Accuracy and valuation Classification GAAS & COSO Use of Financial Statement Assertions to Assess Risk GAAS COSO Risk Assessment Standards Internal Control Over Financial SAS 106 Reporting/1. Existence Existence or Occurrence Occurrence Completeness Completeness Rights and Obligations Valuation and Allocation Rights and Obligations Accuracy Cutoff Valuation or Allocation Classification Presentation and Disclosure Understandability /1. Source: SAS 31, Evidential Matter prior to amendment by SAS 106 Audit Risk Assessment and COSO Financial Statements Investments & Receivables & Real Estate & Payables & Deferred Net Assets & Income Revenue Debt Expenses Revenue Restrictions Assertions Rights & Presentation & Completeness Existence Valuation Obligations Disclosure Risks Processes Competency IT Infrastructure Fraud Risk Entity-Wide Factors Control Objectives Appropriate Statements Classification Reflect Transactions Reflect Materiality Accounting Informative Appropriate Entity-Wide Controls Process-Level Controls Preventive or Detective Manual or Automated Adapted from an article by Michael Ramos CPA, entitled Risk-Based Audit Practices, Journal of Accountancy, Dec., 2009 COSO is the Acronym For: A. Class of Service Overrides B. Combat Oriented Supply Operations C. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission” What is the Treadway Commission? A. Governmental Commission B. Presidential Commission C. Congressional Commission D. All of the Above E. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative Which Organization is not Part of the Private Sector Initiative (i.e., a Sponsoring Organization)? A. American Accounting Association (AAA) B. American Institute of CPAs (AICPA) C. Association of Financial Professionals (AFP) D. Financial Executives International (FEI) E. Institute of Internal Auditors (IIA) F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee Which Prominent Accounting Firm Authored a COSO Publication? A. Price Waterhouse Coopers (PWC) B. Grant Thornton (GT) C. Tate & Tryon (T&T) D. Coopers & Lybrand (C&L) E. Both A. and D. F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication
Pages to are hidden for
"Managing Risk in a Non Profit Organization"Please download to view full document