Title: Office of the Controller and Internal Controls
1Office of the Controller and Internal Controls
- Sandra Featherson
- Associate Director of Controls
- Office of the Controller
- February 2008
2Abbreviated Organization Chart
Patrick Reed University Auditor, UCOP
Anne Broome Vice President, Financial Management,
UCOP
Henry T. Yang Chancellor
Donna Carpenter Vice Chancellor, Administrative
Services
Jim Corkill, Controller, Accounting Services and
Controls
Peter Cataldo Acting Director, Audit and
Advisory Services
3Distinct and Complimentary Roles
- Office of the Controller
- Provide leadership in a campus-wide effort to
ensure effective controls and accountability
practices. - Assist management in assessing their control
environment and the effectiveness and efficiency
of operations. - Ensure that campus financial policies and
procedures are clear, adequate, and current. - Evaluate systems and participate in system
development to ensure proper controls are
implemented and compliance with policy.
- Audit and Advisory Services
- Independent evaluation of systems of
accountability and control. - Investigate reported cases of alleged improper
financial activities. - Serve as the liaison between the University
community and external audit agencies.
4UCSB Control Initiative
5Assessments
- Departmental Control Self Assessments
- Departmental Process Risk Assessment
- Campus Wide Process Risk Assessment
6Office of the Controllerhttp//controller.ucsb.ed
u
- Jim Corkill
- Controller
- Director of Accounting Services and Controls
- x5882
- jim.corkill_at_accounting.ucsb.edu
- Sandra Featherson
- Associate Director of Controls
- x7667
- sandra.featherson_at_accounting.ucsb.edu
- Vacant
- Administrative Analyst
- x8593
- Neil Clark
- Administrative Assistant
- x8593
- neil.clark_at_accounting.ucsb.edu
7Internal Controls
- What are Internal Controls?
- Definition
- COSO Model
- Examples
- Why are They Important?
- Who is Responsible for Internal Controls?
8Internal Control - A definition
- Internal Control is a process, effected by a
college or universitys governing board,
administration, faculty and staff, designed to
provide reasonable assurance regarding
achievement of objectives in the following areas - Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
Internal Control Concepts Applications, 1992,
Committee of Sponsoring Organizations of the
Treadway Commission
9COSO Internal Control Model
- COSO stands for Committee of Sponsoring
Organizations. - Committee was formed to develop a common
definition of internal controls and provide
guidance on judging its effectiveness. - COSO is referred to as an Internal Control Model
or framework.
10COSO Internal Control Model
- Officially adopted by the University of
California - A tool for departments to use in evaluating their
internal controls.
11COSO Internal Control Model
- There are five components of internal control in
the COSO Model - Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
12Control Environment
- Control Environment
- The tone at the top set by people in positions
of authority - Based on attitudes and habits of those in
authority - An element in establishing the organizational
culture
13Control Environment
- Control Environment Factors
- Integrity and Ethical Values
- Commitment to Competence
- Managements Philosophy andOperating Style
- Assignment of Authority andResponsibility
14Risk Assessment
- Risk - Anything that gets in the way of meeting
your goal/objective - Risk Assessment - The identification and
analysis of relevant risks associated with
achieving business goals/objectives
15Risk Assessment
- Why is a risk assessment important?
- Risks impact an organizations ability to meet
its objectives such as - Positive Public Image
- Providing Excellent CustomerService
- Reducing Overdrafts
16Control Activities
- Control Activities
- Policies and procedures that help ensure
management directives are carried out and
necessary actions are taken to address risks
17Control Activities - Specific Examples
- Segregation of Duties
- Transaction Reviews
- Reconciliations
18Control Activities Specific Examples
- Financial Performance Reviews
- Systems Controls
- Physical Controls
19Information and Communication
- The information system must provide data that is
- Relative to established objectives
- Accurate and in sufficient detail
- Understandable and in a usable form
- This information must be provided to the right
people in time to allow appropriate action
20Information and Communication
- Communication
- Up and down the organization
- Across organizational lines
- Communication Examples
- Employee duties and control responsibilities
should be clearly communicated - Ability to report suspected problems, without
fear of repercussions
21Monitoring
- Monitoring
- A process that assesses the quality of an
internal control systems performance over time
22Monitoring
- Monitoring Activity Examples
- Management
- Review of actual expenditures vs. budgeted
- Comparison of various reports with physical
assets - Separate evaluations
- Assessment of internal controls by Audit and
Advisory Services - External auditors reviews
23Internal Controls
- Why are They Important?
- Who is Responsible for Internal Controls?
24Internal Controls and SAS 112
- SAS 112 Statement of Accounting Standards
- Auditors will be reviewing not only the
transactions and ensuring the numbers are
correct, but also the controls in place to ensure
those numbers are correct. - Controls must be documented or they are not
considered controls.
25Questions??