Conducting a
First things first!
•
•
•
•
•
Please silence your cell phones
Feel free to ask questions and share ideas
Tara’s email address – tpritch3@uncc.edu
Tara’s phone number – 7-5694
Internal Audit website: internalaudit.uncc.edu
Who are you?
• Name
• Department
• Why did you sign up for this workshop?
Board of Trustees
Chancellor’s Cabinet
2nd Line of Defense
3rd Line of Defense
Department Admins
Business Managers
Chairs/Directors
RMSS
IT Security
Compliance
Internal
Audit
State
Auditors
1st Line of Defense
What we will do today:
 Discuss internal controls – what they are and
why they are important
 Discover what a Control Self Assessment is and
why it should be completed regularly
 Review the Control Self Assessment document
 Complete a Control Self Assessment workshop
with model departments within your group
Bottom Line Up Front
Internal controls are the tasks that
are in place to help address risks.
6
What is a control?
Internal Controls are steps within a process
designed to provide reasonable assurance
regarding the achievement of objectives:
• Effectiveness and Efficiency of Operations
• Reliability of Financial Reporting
• Compliance with applicable Laws,
Regulations, Policies & Procedures
Effectiveness and efficiency
• Can the job be completed to the intended result
in an easier, faster way?
• Can the job be done with more accurate results?
• Can the unit reach maximum productivity using
minimal resources?
Reliability of financial reporting
• Appropriated funds
• Foundation funds
• Discretionary funds
• Restricted funds
• Unrestricted funds
• Agency funds
Compliance
•
•
•
•
•
Federal laws
State laws
County/City laws
UNC System policies
UNC Charlotte policies
UNC Charlotte Compliance Director – Sue Burgess
compliance.uncc.edu
5 Components of Internal Control
How they apply to you
Control Environment – department head announcing
policy changes, how financial reporting is handled and
communicated, and how university standards are
discussed and enforced
Risk Assessment - considerations for security of cash
collected, evaluation of student worker access to
department files, and the information security
vulnerabilities posed by maintaining a set of laptop
computers for check-out by traveling faculty
Control Activities – authorizations, approvals,
verifications, reconciliations, business performance
reviews, and segregation of duties
Information and Communication - sharing and
validating requests for information when received,
then sharing and validating responses before their
release
Monitoring Activities - regular financial status reports
as well as progress reports for major department
initiatives
11
Types of Internal Controls
Preventive – prevent errors
from happening in the first
place
Preventive controls
• Training on policies
• Supervisor review prior to
submitting travel reimbursement
• Passwords
• Contract checklist review
• Card swipe door locks
Types of Internal Controls
Detective – find potential
errors after they happen
Detective Controls
• Reconciling invoices to ledger
(payments)
• Comparing packing list/order contents
with purchase order
• Reviewing card swipe logs for abnormal
entry times
• Review Banner access lists
Process Steps vs. Controls
“A process step is a task, activity… that
moves an input closer to the final
objective.”
– The department admin collects timesheets and files
them
– The office submits the reimbursements to the Travel
Office within 30 days
– Faculty members send an email requesting supplies,
and supplies are stored in a locked cabinet
16
Process Steps vs. Controls
“An internal control… is a critical step
within the process that leads to the
success of the entire process.”
– Supervisors review timesheet submissions monthly to
ensure they were completed on time
– Supervisors review and approve all travel
reimbursements for accuracy before submission to the
Travel Office
– Department admin staff matches the purchase order,
invoice and receiving slip before marking the supply as
received in 49er Mart
17
Process Step
– The department admin
collects timesheets and
files them
– The office submits the
reimbursements to the
Travel Office within 30
days
– Faculty members send
an email requesting
supplies, and supplies
are stored in a locked
cabinet
18
Control
– Supervisors review
timesheet submissions
monthly to ensure they
were completed on time
– Supervisors review and
approve all travel
reimbursements for
accuracy before
submission to the Travel
Office
– Department admin staff
matches the purchase
order, invoice and
receiving slip before
marking the supply as
received in 49er Mart
Process Steps vs. Controls
Test your knowledge!
? Takes inventory of office supplies
before submitting an order.
? Create a spreadsheet of all laptops,
desktop computers and printers in
the department.
? Verify the serial numbers on all
laptops, desktops and printers in
the department every 6 months. A
director signs off on the
spreadsheet.
19
What we will do today:
 Discuss internal controls – what they are and
why they are important
 Discover what a Control Self Assessment is and
why it should be completed regularly
 Review the Control Self Assessment document
 Complete a Control Self Assessment workshop
with model departments within your group
What is a self – assessment?
Why have a Controls Self Assessment
workshop?
When is a Controls Self Assessment
recommended?
• If a CSA has never been conducted in your
department
• Within 6 months of coming into a department
• Within 12 months of the initial CSA to see if
controls have been implemented properly
• To prepare for a visit from Internal Audit
Choose
Facilitator
Follow Up
Pre- Workshop
Work
Implementation
Completing the
CSA Guide
Group
Discussion
First thing: the role of the facilitator
•
•
•
•
•
•
Be objective
Planning
Training on CSA process
Encourage discussion
Identify Issues and Resolutions
Keep workshop on task
Pre-workshop activities
• Establish the objective – MOST IMPORTANT
• Choosing the participants
• Who should participate?
• Initial meeting with participants
• Risk assessment
– Interviews and surveys (CSA guide)
• Schedule group discussion
The Controls Self Assessment Guide
Internalaudit.uncc.edu
The Controls Self Assessment Guide
The group discussion
• Review of CSA Guide responses
• Vote to discuss 3 or 4 critical processes
• What is critical?
• What controls can we put in place to fix the
issues chosen?
• When will we follow up?
Traps…
We cannot discuss issues that require
immediate attention
– Fraud
– Security issues
– Possible wrong-doing
If “immediate attention issues” arise in
discussion, the facilitator will note it
and refer it to the proper
professionals.
The conversation should be stopped
and redirected!
Implementation
• Establish a timeline for implementation
• Overall project timeline?
• Individual process/item timeline?
• What defines “successful implementation?”
• Evidence of implementation
Follow up
• Schedule meeting after implementation date
• Have controls been fully implemented?
– Are they working?
– Have the controls made life easier? More difficult?
– Is the objective of the department being met?
– What could be done differently?
What we will do today:
 Discuss internal controls – what they are and
why they are important
 Discover what a Control Self Assessment is and
why it should be completed regularly
 Review the Control Self Assessment document
 Complete a Control Self Assessment workshop
with model departments within your group
Workshop time!
• Review CSA Guide responses for two
departments
• Identify:
•
•
•
•
What good controls are in place?
What are a few areas that need improvement?
What controls can be put in place to fix these areas?
What is a reasonable timeline to implement these
changes?
• Discuss why some issues are more critical than others.
• Write selected responses on flipchart
• Need some help? Let us know!
•
•
•
•
•
Using the Table of Contents listed below:
What good controls are in place?
What are a few areas that need improvement?
What controls can be put in place to fix these areas?
What is a reasonable timeline to implement these changes
Discuss why some issues are more critical than others.
Ready to practice?
Assess First Model – 15 minutes
Switch! – 15 minutes
Discuss assessments – 15 minutes
•
•
•
•
•
Using the Table of Contents listed below:
What good controls are in place?
What are a few areas that need improvement?
What controls can be put in place to fix these areas?
What is a reasonable timeline to implement these changes
Discuss why some issues are more critical than others.
To recap:
• Controls are in place to help mitigate risks
• A Controls Self- Assessment is how an individual
or team in a department can look at the
processes in place and determine if there are
controls over the processes
• A CSA Workshop is a “meeting of the minds” to
identify weaknesses and implement controls to
mitigate the risks
• If you need help, you can always call Internal
Audit to help facilitate!
How to request help from Internal Audit
Internalaudit.uncc.edu
• Click “About Us” tab
• Click on “Services Offered”
• Complete a request form for a consultation
with Internal Audit
• We love to help – just ask!
Any questions?
Your Internal Audit
Team
Contact:
Raheel Qureshi
7-5698
Diana Hill
7-5695
Tara Pritchett
7-5694
Tom York
7-5693
Julie Earls
7-0049
Other Resources
Greg Verret
– Compliance Manager
– Phone: 704-687-5781
– Email: gverret@uncc.edu
Alicia Bartosch
– Business Process Analyst
– Phone: 704-687-0950
– Email: abartosch@uncc.edu
Lisa Dooley
– Business Process Analyst
– Phone: 704-687-5002
– Email: ldooley@uncc.edu
Please…
• Leave the department packets on the tables
• Remember to complete the course survey when
you get back to your office
• “Like” the Learning and Development Facebook
page!
• Give us a call – we are here to help!