Upload
sienna-presson
View
236
Download
3
Tags:
Embed Size (px)
Citation preview
Definition of Internal Control Internal control is a process, effected by an
entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations.
Benefits of Internal Control Having controls in place minimizes embezzlement
and/or misappropriation of funds. The temptation to steal assets from the church is lessened once steps have been taken to put checks and balances in place. These controls would help to promote ethical behavior.
There is also a reduction in the need to accuse and confront employees. The internal controls would provide accurate information that would be used to detect illegal behavior and also to make reporting easier.
The internal controls minimize the embarrassment of the church because of negative publicity from the media should inappropriate behavior occurs. It is a good practice to try and prevent the image of the church from being damaged in any way. Fraud in the headlines is a strike against any organization.
External/regulatory oversight Unlike corporations which provide quarterly
financial statements to the SEC and hold quarterly conference calls with outside analysts, the church is subject to almost no recurring outside financial scrutiny
Since many churches and dioceses are not required by law to be transparent and accountable in their finances, they choose to keep their finances private.
Canon Law and Other Guidelines Canon law contains a number of provisions
directed at good management and financial practices. The primary diocesan institution to monitor
diocesan finances is the diocesan finance council (DFC). According to canon law, each diocese is required to establish a DFC, to be presided over by the bishop or his delegate.
In addition to canon law, the United States Conference of Catholic Bishops (USCCB) has established recommended guidelines for diocesan financial management. But they are just that - guidelines
5 Elements of the IC Process Control Environment Risk Assessment Control Activities Information and Communication Monitoring
Control Environment The core of any business is its people - their
individual attributes, including integrity, ethical values, and competence and the environment in which they operate. Clear lines of authority and accountability that
emphasize the importance of internal controls A documented code of conduct/ethical standards A formal budget process and prompt variance
analysis. A plan to attract and retain competent personnel. An effective audit committee and internal audit
functions. More on the Control Environment later
Risk Assessment The entity must be aware of and deal with the
risks it faces. It must set objectives, integrated with the sales, production, marketing, financial, and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze, and manage the related risks. Clear objectives regarding operating, financial
reporting, and law compliance functions. An entity-wide review to assess and evaluate risk
(discussed later)
Control Activities Control policies and procedures must be
established to ensure that management's responses to risks are effectively carried out. Segregation of duties: collections of cash
contributions counted by two or more people. Independent counting and/or confirmation of
investments. Controlled access to electronic data processing
operations and adequate back-up (disaster recovery) in place.
Information and Communication Information and communication systems
surround all of these activities. They enable people to capture and share the information needed to conduct, manage, and control operations. Management support for developing and
maintaining effective financial management information systems.
The sharing of information on emerging risk issues with other dioceses.
Channels of communication for employees and church workers to report suspected irregularities or illegal acts.
Monitoring. The entire process must be monitored, and
modifications must be made as necessary. In this way, the system can react dynamically, changing as conditions warrant. Regular receipt and prompt acting on reports of
problems in internal controls (from external/internal auditors, etc.).
Prompt follow-up on unusual variances from budget. Periodic comparison of physical inventories of saleable
items (textbooks, cemetery lots, etc.) and permanent assets (sacred vessels, historical treasures, office equipment) to accounting records and the reconciliation of differences.
Limitations of IC Mistakes and human errors in applying the
established policies and procedures. Circumvention of controls by collusion of two
or more people (e.g., an employee and a vendor).
Intentional disregard of controls (e.g., management override, falsifying documents, forgery, etc.).
Discussed in more detail later
People and IC Bishop Finance Officers Internal Auditors Other Diocesan Personnel Volunteers Committees Finance Council
Audit committee Financial/project review committee Properties committee Investments committee
External Auditors
Key Business Cycles Financial planning and control Cash management (includes the revenue
cycle) Payroll Purchasing
Elements of IC Honest Employees
Require vacations Bonding when appropriate Awareness of conflict of interest policies “know” your employees Background checks on all potential hires
Separation of duties Recordkeeping, custodianship, authorization
Appropriate policies and procedures over transactions
Suitable documents and accounting records Physical control over assets Independent verification of performance
Financial Planning and Control Cycle Monthly Comparative Financial
Statements Chart of Accounts Policy and Procedures Manuals.
Cash Management Cycle Proper Control over:
Bank accounts Cash disbursements Cash receipts Petty cash Marketable securities Receivables Payables Payroll
Payroll Cycle Personnel Administration and
Employment File Maintenance Timekeeping and Payroll Preparation Payment of Payroll Preparation of Payroll Tax Returns and
Payment of Taxes
Purchasing Cycle Authorization of Purchase Processing Purchase Orders Receiving Goods and Services Recognizing the Liability Processing and Recording Cash
Disbursements
Guidelines for an IC Review Risk Assessment and Evaluation Suggested Steps
A project committee should be established (perhaps a subcommittee of the diocese's finance council) composed of, at a minimum:
The committee should be charged with undertaking and documenting a study of the diocesan internal control process and making recommendations for improvement. Its chair should regularly report to the bishop on progress. (Items 3-8 refer to the study/review.)
The committee should assess the overall control environment The committee should divide the entity into natural business cycles The committee should review the flow of transactions through these cycles to
understand each processing system and its controls. The committee should determine whether control techniques in place in each cycle
achieve the defined internal control objectives Where objectives are not met, the committee should assess the resultant risks and
make specific recommendations to improve internal controls at a cost below the value of the related benefit to be attained.
The committee should draft a report summarizing the project and detailing the recommendations.
The implementation of the recommendations should be periodically reviewed to ensure the desired results are achieved and to promote the diocesan culture of appreciating and embracing the value of internal controls.
Ongoing Commitment
Fraud and Irregularities The fraud triangle
Opportunity, rationalization, pressure Types of fraud
Management override Collusion Lapping Theft Accounts Payable Fraud Payroll Ghosts and Unauthorized Pay Charges Kickbacks Supplies or Inventory Fraud
Detecting Fraud Changes in employee's lifestyle, spending habits,
or behavior
Inventory shortages
Ignoring of internal/external policies or audit recommendations
Unusual banking activities
Decline in employee morale/attendance
Exceedingly high expenses/purchases
Unexplained budget variances
Zech & West:Control environment The organizational structure of the firm (in the
Catholic Church, this involves questions such as is the diocese organized as a corporation sole?)
Oversight by the board (in the Catholic Church, this is the diocesan finance council, or DFC)
Management's philosophy and operating style Procedures for delegating responsibility and
authority Management's methods for evaluating
performance External influences (e.g., regulatory oversight)
Results of Zech and West Study: Part 1: Risk Factors (as cited by CFOs) CFO’s ranked the following risk factors in this
order (highest risk to lowest risk): Lack of expertise at the parish level Parish finances and controls Litigation Adequacy of insurance coverage Property management
Results of Zech and West Study: Part 2: Importance of DFC If the Diocesan Finance Council (or one of its
committees) is involved in reviewing the diocesan budget, there is less fraud detected (better prevention). The more frequently the DFC meets, the greater the amount of fraud detected (better detection)
Results of Zech and West Study: Part 3: Importance of CFO the tenure (years of the experience on the
job) of the CFO, whether the CFO had an accounting background, and if the CFO selects the auditors all seemed to imply better fraud prevention
However, in cases where the bishop or DFC feels capable of making the auditor selection, it seems appropriate that they do so, from at least an independence viewpoint
Results of Zech and West Study: Part 4: Internal Control Variables
Those dioceses with formal, written fraud policies experienced less embezzlement, presumably the result of better prevention.
A second variable that had a positive impact on fraud detection was the frequency with which parishes submit their
financial data. A third internal control variable that was significant is
difficult to interpret. Dioceses that presented comparative financial data in their monthly budget versus actual reports experienced more embezzlement. This control is really a financial reporting control. It is not a control that would typically be used to detect embezzlements. It is a control that would more likely be used to detect errors in financial reporting.
Results of Zech and West Study: Part 5: Audit Category the frequency of internal audits of parishes
was significant and positive, and, based on the value of the standardized coefficient, the most important factor in explaining the level of diocesan fraud. This seems logical in that more frequent internal audits result in more detected embezzlements. On the other hand, one could argue that more internal audits would be a deterrent to employees and less fraud and embezzlements should occur.
Recommended environment control policies (Zech and West) Implementation in every Catholic diocese of
the policies prescribed in the USCCB handbook Diocesan Financial Issues
The establishment of fraud policies in every diocese
Annual internal audits of parishes supplemented by external audits conducted at east every three years
Public disclosure of the names and professions of every member of the Diocesan Finance Council, along with their conflict of interest guidelines
Continued - Recommendations At a minimum, quarterly meetings of the DFC (or
one of its subcommittees) to monitor diocesan office, parish, and school financial reports
Selection of the diocesan auditor by someone (bishop or DFC) other than the diocesan CFO
At least annual (and preferably more frequent) submission of financial data by all parishes and high schools
Establishment of a uniform budgeting process and standardized software for all diocesan entities
Establishment of communication channels for church workers to report suspected irregularities or fraudulent activities while protecting their anonymity.
Recommendations from USCCB An annual letter from the parish to the bishop containing
The names and professional titles of the parish finance council members,
Dates when the council met in the preceding fiscal year and since the end of the fiscal year,
Date(s) when the approved (i.e. by the parish finance council) parish financial statements/budgets were made available to the parishioners during the preceding fiscal year and since the end of the fiscal year. A copy of the published financial statements/budgets should be provided to the bishop, it added.
A statement signed by the parish priest and the finance council members that they have met, developed, and discussed the financial statements and budget of the parish.
Thorough diocesan training for parish finance council members relative to their roles and responsibilities.
Establishment of diocesan policies to cover conflicts of interest, protection of whistleblowers, and a fraud policy which would include prosecution of all fraud cases in the diocese.
Completion of an annual internal control questionnaire by each parish with proper review and follow-up made by qualified diocesan personnel.
USCCB Recommendations - continued In longer-term recommendations, the
committee urged Development of a parish best practices manual,
similar to the Diocesan Financial Issues document, which has been developed for dioceses.
Integration of financial training into seminarian programs so students will be better prepared to handle parish financial matters.
Other General Recommendations A full audit
Expensive and time consuming, but very thorough “Agreed upon procedures” in which an outside firm will look at specific
areas of the church’s finances and then make a report with recommendations. firm can perform an internal control review or they can assist in the
compilation of the church’s financial statements Have a certified public accountant (CPA) review the church’s financial
procedures and issue a management letter noting weaknesses of the system and offering recommendations.
An “inside audit” done by a committee comprised by members of the church who have expertise in accounting and finance. These can be effective, but they do have limitations because they do not
have the independence of an outside auditor If churches have good financial policies and procedures in place, a full audit
may not be necessary. It is important to report the finances of a church on a regular basis in a
manner that can be understood easily; in a nutshell, be forthright about the church’s finances
Have a time for members to ask questions and to have someone on hand who can answer those questions
Use of an internal control checklist