Upload
arlene-walker
View
230
Download
0
Tags:
Embed Size (px)
Citation preview
Internal Control: Identifying and Minimizing Risks
For Governmental Entities
1
2
Comptroller Justin Wilson likens Memphis to a recovering alcoholic
State Comptroller Justin Wilson has penned an op-ed piece in the Commercial Appeal that compares governments to alcoholics – and pronounces Memphis on the road to recovery. An excerpt:
The individual knows he is drinking too much and the government recognizes that its finances are precarious, but hey, it’s not that serious, I’ll change tomorrow or next year. Besides, getting drunk makes me happy and providing services and benefits we don’t pay for today keeps the voters happy.
3
The downward spiral progresses until the individual or the government hits bottom. That happens with the realization that the pain caused by the substance abuse or the financial irresponsibility outweighs the pleasure derived from the behavior.
4
…Most alcoholics still struggle with temptation, and there is always the danger of falling off the wagon. But if Memphis continues on its road to recovery, and continues to make good financial decisions, there is no reason to compare it to Detroit. Rather, Memphis will find its rightful place among the world’s most vibrant cities.
5
State of TennesseeJustin P. Wilson, State Comptroller
For Immediate Release: June 19, 2014Three Quarters of a Million Dollars’ Worth of Stolen Public Money Remains
Uncollected
Although county officials across Tennessee have made strides in recovering money stolen from public coffers, $775,221.12 remained uncollected at the end of the last fiscal year. That was one of the key findings of the 2013 Report of Cash Shortages, which was released today by the state Comptroller’s office.Each year, the Comptroller’s office prepares the report detailing the status of money stolen from county governments in Tennessee. The report includes information compiled from annual financial reports for the 89 counties audited by the Comptroller’s office and six counties audited by private accounting firms, as well as investigations and special reports issued by the Comptroller’s office. The new report provides a snapshot of each county’s cash shortages as of June 30, 2013. There is information in the report not only about money stolen during the year, but also in previous fiscal years that remains unrecovered.
The state’s 95 counties began the last fiscal year with $563,372.50 in cash shortages
that had not been recovered. During the year, $449,624.04 worth of new shortages was detected. Counties were able to recover $237,775.42 through restitution payments, insurance claims or other means. That left a net unrecovered shortage of $775,221.12 at the end of the fiscal year. “While it’s encouraging that county officials have been able to recover substantial amounts of the money that has been taken from them, it’s discouraging that the amount of new thefts discovered in the fiscal year outpaces the recovered amounts,”
Comptroller Justin P. Wilson said. “I hope people will read through this report and realize how widespread the theft of public funds is in our state. I urge local government officials to follow the steps recommended by our auditors to safeguard against the fraud, waste and abuse of public money.” Blake Fontenay, Communications Director, (615) 253-2668 or [email protected]
A Personal Decision
What is it worth to you?Would you throw away your integrity?Give up your good reputation?Lose the good name you have worked your entire life to build?
How much would it take????
Dennis Dycus once said…
“If you think theft or fraud is not happening where you work, you are probably wrong”.
Video – Dixon, ILVideo - Columbus
9
10
11
Reference Text:
Committee of Sponsoring Organizations of the Treadway Commission
Internal Control – Integrated Framework
Framework and Appendices
May 2013
COSO Model
12
13
The Committee of Sponsoring Organizations (COSO)
• Sponsored and funded by:– American Institute of Certified Public Accountants
(AICPA)– American Accounting Association (AAA)– Financial Executives Institute (FEI)– The Institute of Internal Auditors (IIA)– The Institute of Management Accountants (IMA)
• Publishes The Internal Control Integrated Framework, a standard for establishing internal controls
Definition
COSO defines internal control as:
“…a process, affected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
1) Effectiveness and efficiency of operations2) Reliability of financial reporting3) Compliance with applicable laws and objectives”
14
Five Components of the COSO Model
1. The Control Environment2. Risk Assessment3. Control Activities4. Information and
Communication5. Monitoring Activities
15
1. The Control Environment
• Sets the tone for the entire organization• Management leads by example• Integrity and ethical values• Commitment to competence• Organizational structure• Adherence to policies and procedures
16
17
New Control Environment
Principles
Control Environment – 5 Principles
1. Organizational commitment to integrity and ethical values
2. Governing bodya. Demonstrates independence from managementb. Exercises oversight of internal control
18
Control Environment – 5 Principles
3. Management establishes reporting lines, authorities and responsibilities
4. Organizational commitment to attract, develop and retain competent individuals
5. Organization holds individuals accountable for internal control responsibilities
19
2. Risk Assessment
• Present at every level of an organization• Define organizational objectives • Identify risks that may adversely impact
organization’s achievement of goals• Minimize the likelihood of occurrence
20
Risk Analysis
• Assess the frequency of the risk occurring
• Estimate the potential impact if the risk were to occur
• Determine how the risk should be managed
• Prioritize and manage significant risks
21
Reasonable Assurance
• Effective control system provides reasonable but not absolute assurance
• Appropriate balance between risk of a certain practice and level of control to ensure objectives
• Cost of a control should not exceed the derived benefit
22
23
Controls Out of Balance
Excessive Risks• Loss of Assets or Grants• Poor business decisions• Noncompliance• Public scandals
Excessive Controls• Increased bureaucracy• Reduced productivity• Increased complexity• Increase of no-value
activities
24
New Risk Assessment
Principles
Risk Assessment – 4 Principles
1. Objectives are specified to enable the identification and assessment of related risks
2. Risks to the achievement of the entity’s objectives are identified and analyzed to manage those risks
3. The potential for fraud is considered in risk assessment
4. The organization identifies and assesses changes that could significantly impact internal control
25
26
3. Control Activities
• Policies and procedures to mitigate risks• Appropriate response• Implementation• Conscientious• Consistent
• Types of Controls• Preventive controls – proactive • Detective controls – reveal what has occurred
Types of Controls
Preventive• Deter undesirable events• Help prevent loss• Examples• Emphasize quality• Proactive
Detective• Detect undesirable events• Provide evidence of loss• Do not prevent loss• Provide evidence that
preventive controls are functioning
27
28
New Control Activities
Principles
Control Activities – 3 Principles
1. Activities that contribute to the mitigation of risks to acceptable levels are selected and developed by the organization
2. General control activities over technology are selected and developed to support objectives
3. Control activities are deployed through policies and procedures
29
4. Information and Communication
• Essential at every level of an organization
• Clear understanding of expectations• Minimizes assumptions
30
Communicating
• Standard operating procedures– Strengthen communication channels– Decrease chance that a new administration will
arbitrarily change policies• Information overload results in employees
ignoring communication attempts
31
32
New Information and Communication
Principles
Information and Communication –3 Principles
1. Relevant and quality information is used to support the functioning of internal control
2. Information, including objectives and responsibilities, are communicated internally
3. Matters affecting the functioning of internal control are communicated to external parties
33
5. Monitoring Activities
• Ongoing evaluation• Activities functioning properly• Controls must change over time• Technologies evolve• Priorities change• New deficiencies emerge
34
35
New Monitoring Activities
Principles
Monitoring Activities - 2 Principles
1. Evaluations are developed to ascertain internal control components are present and functioning
2. Internal control deficiencies are communicated to those responsible for taking corrective action
36
37
Basic InternalInternal Controls
Checklist
Checklist1. Make sure that the following policies and procedures are
available in your municipality, either by hard copy or electronically:a. Administrative proceduresb. Financial and accounting manual (including at a minimum the
Comptroller requirements)c. Employee handbookd. Purchasing manual
2. Make sure that departments have well written ‐departmental policies and procedures manuals which address significant activities and unique issues. Employee responsibilities, limits to authority, performance standards, control procedure disciplinary action for not complying and organizational relationships should be clear.
Checklist3. Make sure that employees are well acquainted with the
municipality’s policies and procedures that pertain to their job responsibilities.
4. Discuss ethical issues with employees. If employees need additional guidance, consider departmental standards of conduct.
5. Communicate state laws related to conflict of interest; make sure employees understand how to disclose potential conflicts of interest.
6. Develop job descriptions; clearly state responsibility for internal control, and correctly translate desired competence levels into required knowledge, skills, and experience.
Checklist
7. Make sure that each employee has an adequate training program.
8. Conduct employee performance evaluations periodically. Good performance should be valued highly and recognized in a positive manner.
9. Most importantly, make sure appropriate disciplinary action is taken when an employee does not comply with policies and procedures or behavioral standards.
QUESTIONS ?MTAS and CTAS now working on model I/C policies and training
programs (and perhaps others are as well)
41