Office of the Controller and Internal Controls

Jim CorkillControllerOffice of the ControllerSeptember 2014

Abbreviated Organization Chart

Henry T. Yang Chancellor

Jim Corkill,Controller, Business &

Financial Services

Robert TarsiaDirector,

Audit and Advisory Services

Sheryl VaccaSenior Vice

President/Chief Compliance and Audit

Officer, UCOP

Peggy ArrivasAssociate Vice President

and Systemwide Controller - Financial Accounting,

UCOP

Pam LombardoAssociate Vice Chancellor,

Administrative Services

Distinct and Complimentary Roles

Office of the Controller• Provide leadership in a campus-

wide effort to ensure effective controls and accountability practices.

• Assist management in assessing their control environment and the effectiveness and efficiency of operations.

• Ensure that campus financial policies and procedures are clear, adequate, and current.

• Evaluate systems and participate in system development to ensure proper controls are implemented and compliance with policy.

Audit and Advisory Services• Independent evaluation of

systems of accountability and control.

• Investigate reported cases of alleged improper financial activities.

• Serve as the liaison between the University community and external audit agencies.

UCSB Control Initiative

Business Officer Institute (BOI)

Campus Financial Mgmt. Training

& Manual

Departmental Control Self- Assessments

Campus Wide Process Risk Assessment

Departmental Process Risk Assessment

Control Advisory Committee

(CAC) Financial Risk Assessment

· BOI Feedback· Common Audit

Findings

Assessments

Departmental Control Self Assessments Departmental Process Risk Assessment Campus Wide Process Risk Assessment

Office of the Controllerhttp://www.bfs.ucsb.edu/controller/welcome

Jim Corkill Controller

Director, Business & Financial Servicesx5882jim.corkill@bfs.ucsb.edu

Vacant Associate Director of Controls x7667

Liz Molina Budget Analyst x8593

liz.molina@bfs.ucsb.edu

Alexandra CugnierFinancial & Payroll Assistantx8593alexandra.cugnier@bfs.ucsb.edu

Internal Controls

What are Internal Controls?• Definition• COSO Model• Examples

Why are They Important? Who is Responsible for Internal Controls?

Internal Control - A definition

Internal Control is a process, effected by a college or university’s governing board, administration, faculty and staff, designed to provide reasonable assurance regarding achievement of objectives in the following areas:

• Effectiveness and efficiency of operations• Reliability of financial reporting• Compliance with applicable laws and regulations

Internal Control Concepts & Applications, 1992, Committee of Sponsoring Organizations of the Treadway Commission

COSO Internal Control Model

COSO stands for Committee of Sponsoring Organizations.

Committee was formed to develop a common definition of internal controls and provide guidance on judging its effectiveness.

COSO is referred to as an Internal Control Model or framework.

COSO Internal Control Model

Officially adopted by the University of California

A tool for departments to use in evaluating their internal controls.

COSO Internal Control Model

There are five components of internal control in the COSO Model: Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

Control Environment

Control Environment The “tone at the top” set by people in positions of

authority

Based on attitudes and habits of those in authority An element in establishing the organizational culture

Control Environment

Control Environment Factors: Integrity and Ethical Values Commitment to Competence Management’s Philosophy and

Operating Style Assignment of Authority and

Responsibility

Risk Assessment

Risk - Anything that gets in the way of meeting your goal/objective

Risk Assessment - The identification and analysis of relevant risks associated with achieving business goals/objectives

Risk Assessment

Why is a risk assessment important? Risks impact an organization’s ability to

meet its objectives such as:• Positive Public Image• Providing Excellent Customer

Service• Reducing Overdrafts

Control Activities

Control Activities• Policies and procedures that help ensure management

directives are carried out and necessary actions are taken to address risks

Control Activities - Specific Examples

Segregation of Duties Transaction Reviews Reconciliations

Control Activities – Specific Examples

Financial Performance Reviews Systems Controls Physical Controls

Information and Communication

The information system must provide data that is:

• Relative to established objectives• Accurate and in sufficient detail• Understandable and in a usable form

This information must be provided to the right people in time to allow appropriate action

Information and Communication

Communication• Up and down the organization• Across organizational lines

Communication Examples• Employee duties and control

responsibilities should be clearly communicated

• Ability to report suspected problems, without fear of repercussions

Monitoring

Monitoring A process that assesses the quality of an internal control

system’s performance over time

Monitoring

Monitoring Activity Examples Management

• Review of actual expenditures vs. budgeted

• Comparison of various reports with physical assets

Separate evaluations• Assessment of internal controls by

Audit and Advisory Services• External auditors reviews

The department has a documented PPS plan. This is an example of what type of control in the COSO model?

1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring

The department evaluates all options before making a financial decision.

1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring

The Chair/MSO reviews monthly budget reports comparing actual expenditures to budgeted.

1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring

PricewaterhouseCoopers, the University’s external auditors, audit the campus on a yearly basis.

1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring

The department performs and annual inventory

1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring

Internal Controls

Why are They Important? Who is Responsible for Internal Controls?

Internal Controls and SAS 112

SAS 112: Statement of Accounting Standards

Auditors will be reviewing not only the transactions and ensuring the numbers are correct, but also the controls in place to ensure those numbers are correct.

Controls must be documented – or they are not considered controls.

Questions??