Docstoc

Internal Controls

Document Sample
Internal Controls Powered By Docstoc
					                                 INDIANA UNIVERSITY




                     Risks, Controls, & Ethics
                    Financial Administrator Development Series




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                          Session Objectives

• Understand and apply INTERNAL
  CONTROL concepts to accomplish your
  organization’s objectives

• RISK Assessment and Management

• ETHICAL VALUES and CONDUCT


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                           What are Internal Controls and why
                                     should I care ?




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                      Why should you care?


      Internal Controls
    minimize the RISKS to
     your Organization!!!


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                           RISKS your Organization faces

•   Financial Reporting
•   Compliance
•   Operational
•   Loss of Assets




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                      Why should you care?


IT’S YOUR
 JOB TO
 CARE


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                            Financial Institutional Policy I-1

Role of Fiscal Administrator, Account Manager,
 and Account Supervisor.
• Account Supervisor has a leadership or
  executive role.
• Account Manager has an operational
  role.
• Fiscal Officer has an oversight role.


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                   It’s your Job



    Financial Institutional Policy I-1
    “…trained and hired for the purpose of
     providing fiscal, policy, and internal
     control management of all funds...”
    “…responsible for ensuring that processes
     and related controls have been
     established to achieve the mission and
     objectives of their organization(s). “

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                     What is Internal Control

Internal control is a PROCESS of specific policies
and procedures designed to provide reasonable
assurance that organization’s objectives will be met
    –   Provide reliable financial reporting
    –   Promote efficient and effective operations
    –   Helps ensure compliance with policy
    –   Protect University Assets




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                      Control Environment

TONE AT THE TOP
    – Integrity, ethical values, and behavior of
      management
    – Management’s control consciousness
    – Management’s commitment to competence
It’s the way you do Business
    – Organization structure
    – Assignment of authority and responsibility
    – Policies and practices


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                     What do we mean by
                                       “Tone at the Top” ?
• Promote ethical                                 • Full disclosure
  values & conduct                                • Fix problems
• Walk the walk                                   • Equal treatment for
• Lead by example                                   equal offenses
• Be approachable                                 • Reward things that
• Compliance w/Policy                               are done right
• Don’t circumvent rules                          • Hug your Auditor




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                     Questions

• Which attributes of a Super Fiscal
  Officer can be useful in exhibiting
  a strong “Tone at the top”?
• When should you be
  demonstrating a strong “Tone at
   the top”?

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                      What are Ethics?




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                          Defining Ethics?


    eth·ic Pronunciation: 'e-thik Function:
     noun from Greek Éthos, Date: 14th
     century

       1 the discipline dealing with what is good
       and bad and with moral duty and
       obligation
       2 a: a set of moral principles or values
       b : the principles of conduct governing an
       individual or a group <professional
Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                          Defining Ethics?



         ”Doing the right thing”




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                              What’s the Right Thing?




           “What are the Rules”



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                Ethical Rules?

• Is it legal and in compliance with IU
  policy?
• Is it fair?
  – Honest, truthful, responsible,
    trustworthy, respect individual
• Would it pass the newspaper test
  (or the Mom test)?


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                Why Ethics are important to your
                                        Organization?

Responsibility

Regulatory requirements

Return on integrity (the other ROI)




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                            Return on integrity (the other ROI)


     Good Ethics = Good Business
       – Better employee decision making
       – Greater employee commitment to the
         organization
       – Reduced unethical or illegal behavior
       – Better work environment
       – Better reputation and image for IU



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                       ETHICS




                     Closing Thoughts




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                Silence is NOT Golden


  • Speak out!

  • Be outraged!

  • Silence implies your consent!!



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                              Important to talk

• Transparency
• Get other perspectives/input
• Hopefully Consensus




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                      Who you going to call?

•   Supervisor
•   Human Resources
•   Purchasing
•   Accounting
•   University Legal Counsel
•   Internal Audit
•   Police


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                 Causes of Ethical Failures

1.    NO “Tone at the Top”
2.    NO Consistency
3.    Train Wrecks
4.    Fear of Retaliation
5.    No Reporting Mechanisms
6.    No Education, Communication or Tools



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                   QUESTION

           What specifically are you
           going to do to promote a
               strong ethical
           environment in your
              organization?

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                             Written goals and objectives?

• Internal control is pointless without goals
  and objectives.
• Written goals and objectives focus efforts
  toward desired outcomes.
• Written goals and objectives provide a
  rationale for resource allocation.
• Written goals and objectives are evidence
  of thoughtful management.

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                             What objectives do we need?

•   Mission statement.
•   Operations objectives.
•   Financial reporting objectives.
•   Compliance objectives.
•   Objectives for all significant activities.




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                              What are risks?


• A risk is anything that could jeopardize the
  achievement of your organization’s objective.
   – Operate effectively and efficiently and achieve
     our goals
   – Provide reliable financial data
   – Comply with applicable laws, policies, and
     procedures
   – Protect the university’s assets from loss

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                           Risk Assessment is a process to


  •  Identify significant risks
  •  Assess risks
    – What is the likelihood of occurrence?
    – What is the potential impact?
  • Manage these risks through
    • Avoidance
    • Acceptance and Sharing (Insurance)
    • Mitigate with Controls


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                  How do we identify risks?

• You know your risks.
• For each objective, ask yourself:
    – What could go wrong?
    – What assets do we need to protect?
    – How could someone steal from us?
    – What is our greatest legal exposure?
    – What else?



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                 Assess Risks

• Likelihood – probability of occurrence
• Impact – effect on IU/your organization
    – Loss of resources
    – Loss of public trust
    – Violation of policies, laws, regulations
    – Bad publicity
    – Decreased enrollment
    – What else?



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                             Control Activities

• The policies and procedures that help
  ensure that actions identified as necessary
  to manage risks are carried out properly
  and in a timely manner
    – must be implemented thoughtfully, conscientiously,
      and consistently
    – unusual conditions identified must be investigated and
      appropriate corrective action taken
    – Should be proactive, value added, and cost effective




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                             Control Activities

• Approvals, Authorizations, and
  Verifications
    – Having written policies and procedures and
      limits to authority
• Reconciliations
    – Explanations of the differences between
      two different sets of data




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                             Control Activities

• Reviews of Performance
    – For programs, departments, and individual
      employees
• Security of Assets
    – Limiting access, keeping records, and making
      periodic counts to compare to our records




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                             Control Activities

• Segregation of Functions
    – The approval, recording/reconciling, and
      custody functions should be segregated


• Controls over Information Systems
    – Application and development, controls within
      applications, security of data and machines




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                             What control activities do I need?


• Enough to help ensure that you are managing
  your significant risks.
• Actions should be taken and control activities
  should be performed to mitigate significant risks
  to acceptable levels.
• An action to manage a risk can be anything.




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                  What needs to be approved?

• Per policy, all financial transactions must
  be approved by the dept Financial
  Administrator.
    – Financial Administrator can delegate
      signature authority
• What to approve and what to delegate?
• It depends on the risk assessment.
• Generally, the higher the risk activities
  the higher level of approval/authorization.

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                   What needs to be reconciled?

• It depends on the risk assessment. Information
  about high risk activities should be reconciled
  to ensure its accuracy and completeness.
• Monthly operating reports must be reconciled to
  departmental records.
• Payroll voucher reports should be reviewed and
  compared to departmental records.
• What else?



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                           What activities should be reviewed?

   • It depends on the risk assessment
   • Information about high risk activities must be
     reviewed by management.
   • Generally, the Chair/Director/PI should review
     reports which compare budget to actual
      – To measure performance.
      – To detect problems.
   • Performance reviews of staff
   • Management’s review should be documented.

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                        What assets need to be secured?

    • It depends on the risk assessment
    • Liquid assets, assets with alternative uses,
      dangerous assets, vital documents, critical
      systems, and confidential information need to
      be secured.
    • Access to these assets should be restricted.
    • Perpetual records should be maintained;
      periodic physical counts should be performed--
      differences should be checked.


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                           What duties need to be segregated?


• It depends on the risk assessment
• The approval, accounting/reconciling, and
  asset custody functions should be
  segregated.
• Generally, duties related to cash receipts,
  payroll and purchases are high risk and
  should be segregated.



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                            How do we control our computers?

• It depends on the risk assessment
• If critical or confidential information then both the
  information and the computer need to be
  controlled.
• Basic controls are
   – Password protecting information.
   – Backing-up information.
   – Virus Scanning
   – Practicing safe computing
   – What else?


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                          Information and Communication

• Communicate policies and procedures
    – Supervisors and employees understand
      objectives and job responsibilities
•   Get the information you (and staff) need
•   Do performance evaluations
•   Measure customer satisfaction
•   Open door policy
    – Hear the good and the bad news



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                        Monitor Performance

• Evaluating your Internal Controls to
  determine
    – Adequately designed
    – Properly executed, and
    – Effective


• How can we KNOW?



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                        Monitor Performance


  • Internal Controls are effective if you know:
        – The extent to which your organization’s goals
          and objectives are being achieved
        – In compliance with relevant policies, etc.
        – Financial records are reliable
        – Assets are safeguarded
        – Resources are use to advance organization’s
          mission

Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                Who is Responsible for Control?


   •EVERYONE
   • Management is responsible for establishing a
    controlled environment.
   • Faculty and staff are responsible for carrying
    out internal controls by following policies and
    procedures.
   • Internal Audit, in an advisory/consultant role, is
    responsible for evaluating whether appropriate
    controls have been implemented and if they are
    functioning as intended.
Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                      Internal Control

  • Is a Process
  • Designed to provide reasonable assurance
    that organization’s objectives will be met
     – Provides reliable financial reporting
     – Promotes efficient and effective operations
     – Helps ensure compliance with policy
     – Protects university Assets



Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                 Why Internal Controls fail?

•   Human Errors - Bad Judgment
•   Management Override
•   Collusion
•   Cost versus Benefit




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                               Internal Control components




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                      Define Organization’s
                                                      Goals and Objectives?
                      Organizational
                       Objectives


                        Identify &                          Define goals and
                       Assess Risks
                                                             objectives in relation to
                                                                Mission,
                     Identify Current                           Activities and
                        Controls                                 processes,
                                                                Financial reporting
                     Identify & Assess                           requirements, and
                      Residual Risks                            Compliance issues
     Action


                        Acceptable
              No
                                Yes

                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                        SMART Goals & Objectives


                                                      S pecific
                                                      M easurable
                                                      A ttainable
                                                      R ealistic
                                                      T imeframe
Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                  Identify and assess potential
                                                  RISKs by asking
                      Organizational
                       Objectives


                        Identify &
                                                     What Could Go WRONG ?
                       Assess Risks

                                                     What must go RIGHT?
                     Identify Current
                        Controls                     How likely is it that the risk will
                                                       happen?
                     Identify & Assess
     Action
                      Residual Risks                 What will be the impact) if it
                                                       happens?
                        Acceptable
              No
                                Yes

                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                    What controls are in place
                                                    to achieve your objectives ?
                      Organizational
                       Objectives

                        Identify &
                       Assess Risks                         Control Environment
                                                               Tone at Top
                     Identify Current
                        Control s                              Competence

                                                               Roles &
                     Identify & Assess
     Action
                      Residual Risks                            Responsibilities
                                                            Information &
                        Acceptable                           Communication
              No
                                Yes                         Control Activities
                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                      What could still go wrong
                                                      given existing controls ?
                      Organizational
                       Objectives


                        Identify &                          Look at your risks, and your
                       Assess Risks
                                                             existing controls to identify any
                                                             gaps.
                     Identify Current
                        Controls


                     Identify & Assess
                      Residual Risks
     Action


                        Acceptable
              No
                                Yes

                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                      Can you live with the
                                                      Residual Risk ?
                      Organizational
                       Objectives


                        Identify &                          Do your existing controls,
                       Assess Risks
                                                             provide reasonable assurance that
                                                             you will get achieve your
                     Identify Current                        objectives?
                        Controls                            Something's you can’t control
                                                             (changes in government
                                                             regulations, weather)
                     Identify & Assess
                      Residual Risks
     Action                                                 Risk acceptance decision will
                                                             depend on the culture of the
                        Acceptable                           organization
              No
                                Yes

                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                      Organizational                   Action Planning
                       Objectives


                        Identify &                          If the level of uncontrolled risk is
                       Assess Risks
                                                             too high/unacceptable then action
                                                             plans are developed to reduce the
                     Identify Current                        residual risk to an acceptable
                        Controls                             level.


                     Identify & Assess
                      Residual Risks
     Action


                        Acceptable
              No
                                Yes

                     Document Risk
                   Acceptance Decision


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                     QUIZ - Internal control is a


• PROCESS of specific policies and procedures
• Designed to provide reasonable assurance that
  organization’s objectives will be met
   –   Provide reliable financial reporting
   –   Promote efficient and effective operations
   –   Helps ensure compliance with policy
   –   Protect university Assets




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                               Who is Responsible for Control ?


   • In a word, everyone
   • Management is responsible for establishing a
    controlled environment.
   • Faculty and staff are responsible for carrying
    out internal controls by following policies and
    procedures.
   • Internal Audit, in an advisory/consultant role, is
    responsible for evaluating whether appropriate
    controls have been implemented and if they are
    functioning as intended.
Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                           QUIZ

• Name four Control Activities:
1.
2.
3.
4.




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                           QUIZ

 The most important Internal Control
    component is:
 1. Risk assessment/management process
 2. Hug your auditor
 3. Positive “Tone at the Top”
 4. Strong ethical climate
 5. Control environment with answers 3 & 4


Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                            Quiz

Risk Assessment/Management is:
1. Planning a surprise birthday party
2. A department at IU
3. A process to assess risks and controls
   as they impact on the achievement of a
   business objective




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                           QUIZ

Effective Internal Control Systems will:
1. Provide reasonable assurance that your
   organizations objectives will be met
2. Promote reliable financial reporting
3. Provide efficient and effective
   operations
4. Help ensure compliance with policy
5. Protect university assets
6. All of the above
Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                           Quiz?

• Short Definition of Ethics?



• What are the Rules?




Kuali Financial Systems – Financial Administrator Development Series – October 2006
                                                   Case Study

  • Identify 1- 3 SMART OBJECTIVES

  • Identify the 1- 3 possible RISKs that
    would prevent you from achieving your
    objectives

  • List the CONTROLS you would
    implement to mitigate these risks

Kuali Financial Systems – Financial Administrator Development Series – October 2006

				
DOCUMENT INFO