MANAGEMENT INTERNAL CONTROL CONCEPTS AND APPLICATIONS - PowerPoint PPT Presentation

1 / 42

About This Presentation

Title:

MANAGEMENT INTERNAL CONTROL CONCEPTS AND APPLICATIONS

Description:

Technology: websites, e-mail, conferencing. Through computer programs ... General ledger, human resources. Manipulating data to make it ... HEADLINES ... – PowerPoint PPT presentation

Number of Views:89

Avg rating:3.0/5.0

Slides: 43

Provided by: destiny8

Category:

more less

Transcript and Presenter's Notes

Title: MANAGEMENT INTERNAL CONTROL CONCEPTS AND APPLICATIONS

1
MANAGEMENT (INTERNAL) CONTROL CONCEPTS AND
APPLICATIONS

Presented by the CSU System Department of
Internal Auditing

2
AGENDA

Introduction
Define Internal Controls
Examples of Internal Controls
Video
Headline Case Studies
Discussion
Reporting Internal Control Breakdowns
Conclusion

3
HISTORY OF INTERNAL AUDITING DEPARTMENT AND
REPORTING STRUCTURE
4
INTERNAL AUDITING DEPARTMENT

Established at CSU in 1967
Reports directly to the Board of Governors Audit
Committee
Reports administratively to the Chancellor of the
CSU System

5
(No Transcript)
6
PURPOSE

To assist members of the organization in the
effective discharge of their responsibilities.
To this end, internal auditing provides analyses,
appraisals, recommendations, counsel, and
information concerning the activities reviewed.
Provide the Board and Management with information
about the adequacy and effectiveness of the
Universitys system of internal controls and the
quality of performance.

7
STAFF MEMBERS

Rich Tusa, Vice Chancellor/Director
Auditors
Allison Horn
Stephanie Wolvington
Tom Locashio
Destiny Halpin
Melody Johnson
Pablo Machado

8
OBJECTIVES OF TRAINING

Understand what internal controls are
Understand the importance of internal controls
Be able to identify types of internal controls
Recognize the internal controls in place within
your department
Implement effective internal controls in your
area of responsibility
Know how to report breakdowns in internal controls

9
WHAT ARE INTERNAL CONTROLS?
10
DEFINITION

Internal controls are a system of processes,
effected by management, designed to provide
reasonable assurance that the organizations
objectives are achieved in the following
categories
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
Internal controls are NOT merely more red tape

11
WHY SHOULD YOU CARE?

EVERYONE in the University has some
responsibility for internal control
We are each responsible for good stewardship of
the resources of the State of Colorado
Internal controls are effected by people. They
are not merely policy manuals or forms, but
people functioning at every level of the
University.
Effective internal controls make our jobs easier
and help us do our jobs better

12
HOW DO INTERNAL CONTROLS MAKE MY JOB EASIER AND
BETTER?

Policies and procedures are established
Authority and responsibility are clearly defined
Things are done right the first time
Expectations are clear
The risk that our goals will not be achieved is
minimized
We will know that we are doing the right things
the right way

13
RELATIONSHIP AMONG INTERNAL CONTROL COMPONENTS
14
COMPONENTS OF INTERNAL CONTROL

Control Environment
The foundation for all other components of
control
Risk Assessment
Identifying and analyzing relevant risks to
achieving objectives
Control Activities
Mechanisms needed to provide reasonable assurance
that organization objectives will be accomplished

15
COMPONENTS OF INTERNAL CONTROL (Continued)

Information Communication
Helps ensure employees and other constituents are
aware of information they need to do their job
and accomplish the organizations goals and
objectives
Monitoring
Assess quality and facilitates continuous
improvement

16
TYPES OF INTERNAL CONTROLS

Directive
Designed to establish desired outcomes
Laws
Policies
Procedures
Manuals
Preventative
Control mechanism that occurs before a
transaction or action is performed
Training
Pre-authorizations
Physical control over assets
System access controls

17
TYPES OF INTERNAL CONTROLS

Detective
Control mechanisms that occur after a transaction
or action is performed
Reviews and comparisons
Reconciliations
Physical counts of inventories
Manual
An individual is responsible for taking a
specified action
Review for accuracy and compliance prior to
entering in the financial system

18
TYPES OF INTERNAL CONTROLS

Information Technology (Electronic) Controls
Technology allows or prohibits actions
Passwords, backups, anti-virus (User-based)
Restricted access to systems, testing, rejection
of invalid entries, calculations
(Application-based)
Application development, change control
(IT-based)
Compensating
Controls placed in a different area than the
ideal position to make up for an inability to
place controls where desired
Having only one staff member in a department, so
entries are reviewed and approved by someone in
another department.

19
TYPES OF INTERNAL CONTROLS

Soft Controls
Tone at the top
Performance evaluations
Training programs
Hard Controls
Segregation of duties
Secondary review and approval
Reconciliations

20
LIMITATIONS OF INTERNAL CONTROLS

Judgment Decisions are made humans, often under
pressure and time constraints, based on
information at hand
Breakdowns Employees may not understand
instructions or may simply make mistakes. Errors
may result from new systems and processes
Management Override High-level personnel may be
able to override prescribed policies and
procedures
Collusion Two or more individuals, working
together, may be able to circumvent controls

21
EXAMPLES OF INTERNAL CONTROLS IN EACH COMPONENT
22
CONTROL ENVIRONMENT

Foundation of all internal controls
Sets the tone of an organization

Integrity and ethical values
Universitys Code of Ethics
Universitys Conflict of Interest Policy
Commitment to Excellence
Leadership philosophy and operating style
Tone at the top based on managements attitudes
and actions
Culture

23
CONTROL ENVIRONMENT (Continued)

Organizational structure
Competence of workers
Training
Skill Sets
Our most basic internal control is hiring good
people
If effective, it can make other controls easier
If ineffective, it is difficult for other
controls to compensate

24
RISK ASSESSMENT Getting up in the morning
requires a tremendous leap of faithauthor
unknown

Risks impact the organizations ability to
maintain financial strength, a positive public
image, and product or service quality.
Risk cannot be eliminated entirely
Establish departmental objectives (what are the
goals?)
Identify external and internal risk to achieving
those objectives
Evaluate and prioritize risks
Establish a plan for managing those risks
Assess effectiveness
Remember The cost of the safeguards must be
weighed against the impact of the threats. The
benefit of an internal control must outweigh the
costs of implementing that control.

25
CONTROL ACTIVITIES

Policies and procedures that help ensure
management directives are carried out and
necessary actions are taken to address risks
Authorization
Approvals
Segregation of duties
Access to assets
Security
Reconciliations
Reviews
Documentation

26
INFORMATION COMMUNICATION

Encompasses the entire control environment
Information systems must provide data that is
Relative to established objectives
Accurate and sufficient in detail
Understandable and in a usable form
Timely
Knowledge of applicable laws
Information must be provided to the right people
in time to allow appropriate action

27
INFORMATION COMMUNICATION (Continued)

Communication must flow up and down the
organization and across organizational lines
Employees duties and responsibilities are
effectively communicated
There are channels to report suspected
improprieties
Employee suggestions for improvement are
encouraged

28
INFORMATION COMMUNICATION (Continued)

How can information be communicated?
In person meetings, discussions, one-on-one
Technology websites, e-mail, conferencing
Through computer programs (systems or
applications)
Reporting or viewing via live applications
General ledger, human resources
Manipulating data to make it more user-friendly
Microsoft Word, Excel, Access, etc.

29
INFORMATION COMMUNICATION (Continued)

What controls protect information?
Physical controls
Locks on file cabinets and doors
Document shredders
Securing laptops and external data devices
Technology-based controls
Appropriate access authorization
Passwords
Data backup and recovery
Anti-virus software

30
MONITORING

A process that assesses the quality of
performance over time and aids in identifying
losses, errors, or irregularities
Ongoing monitoring activities
Management review of operating and financial
reports
Review and analysis of complaints from external
sources
Comparison of reports with physical assets
Evaluation of trends
Internal audits
Separate evaluations
Self assessment
External reviews

31
MONITORING (Continued)

Monitoring should be a constant in the
application of internal controls
Effective procedures can become less effective
due to
Departure of personnel
Lack of training and supervision
Time and resource constraints
Additional pressures

32
PRESENTATION OF VIDEOPrepared by the
Association of College and University Auditors
(ACUA)
33
CURRENT HEADLINESCASE STUDIES

COLLEGE PRESIDENTS GAINS OVERSHADOWED BY SCANDAL
Dateline Houston (AP) April 25, 2006

President of Texas Southern University
Accused of improperly spending
87,000 to furnish her home
138,000 on landscaping and exterior improvements
56,000 on security-related equipment and labor

34
CASE STUDY (Continued)

What control breakdowns could cause this to
happen?
Transactions not properly approved
Tone at the top
Inadequate oversight of senior management
Attitude of Thats the way things have always
been done
Others?

35
CURRENT HEADLINESCASE STUDIES

ARIZONA STUDENT GROUP SAYS ITS FORMER DIRECTOR
EMBEZZLED NEARLY 210,000
May 12, 2006

Director of Arizona Students Association
Accused of paying personal bills with student
funds by
Concealing personal expenses, ATM withdrawals,
and electronic transfers to his personal credit
card
Digitally altering bank statements
Presenting counterfeit bank statements to the
board for review

36
CASE STUDY (Continued)

What control breakdowns could cause this to
happen?
Lack of transaction review and account
reconciliation
Suspicious transactions went unnoticed until the
Director was on extended personal leave
Inadequate segregation of duties
Opportunity to alter bank statements
Opportunity to present altered bank statements to
the board
Others?

37
CURRENT HEADLINESCASE STUDIES

SECRETARY CHARGES 383,788, HAS NO RECEIPTS
Ex-boss says she was trustworthy, shopped for
eight departments
July 2, 2006

Dallas School District Secretary
Spent over 380,000 over 2 years and has few
receipts to substantiate the purchases
Made most of the purchases on the weekends
Spent over 100,000 at an Air Force base grocery
store and exchange post
Discarded credit card statements and receipts

38
CASE STUDY (Continued)