Internal Controls Todd Olszowy VP Finance/CFO Water & Power Community CU Internal Controls • Definition: A well defined and documented set of systematic measures adopted and implemented by an organization designed to: – Conduct business in an orderly, efficient & effective manner – Safeguard assets and other resources – Deter and detect errors, fraud and theft – Ensure accuracy, completeness and compliance of financial and reporting data – Ensure compliance and practice to established and adopted policies and procedures Internal Controls • Conducting business in an orderly, efficient and effective manner – Establish Risk Tolerance • Assess the degree to which you are willing accept risk • Document, report & manage to risk tolerance • Be willing and able to accept and survive the consequences of risk failure Internal Controls • Continued – Cost/Benefit Analysis • Are the internal controls implemented due to risk assessment creating an operating environment that restricts member service (orderly), inhibits employee productivity or morale (efficient) or prohibits growth (effective) Internal Controls • Safeguard assets and other resources – Basic safeguards should be incorporated into credit union policies and procedures • • • • • • Rotation of duties Proper segregation of duties Compulsory vacations Dual controls Adequate documentation Surprise audits/cash counts/access controls Internal Controls • Deter & detect errors, fraud and theft • Credit unions with limited staff are often at higher risk of errors, fraud and theft due to the fact that many critical duties and responsibilities are preformed by few people Internal Controls • Ensure accuracy, completeness and compliance of financial and reporting data – Annual examinations, audits and AUP (agreed upon procedures) are not designed nor intended to detect fraud and thus are not intended to be utilized as substitutes for a safe and sound system of well documented and executed system of internal controls. Internal Controls • Ensure compliance and practice to established and adopted policies and procedures – Document risk tolerance and state in your policies the what, who, when, why & how • Policies should explicitly state – – – – – What are you going to do Who is going to do it How often are you going to do it Why are you doing it How do you intend to do it Internal Controls • Continued • Actual practice should ensure that – You actually did what you said you were going to do – It was done by the person or persons you said were going to do it – It was completed within the proper timeframe – Document why you did it – Was it done procedurally in the manner in which you intended Internal Controls • NCUA Examination Focus – NCUA Letter No. 13-CU-01 • NCUA goal is a strong, safe credit union system • Credit unions continue to evolve and face various economic and operational challenges • NCUA 2013 Supervisory Focus is to improve credit union capacity to manage risk Internal Controls • NCUA continued • 2013 Examination Capacity Focus – Operational Risk • The risk of loss resulting from inadequate or failed internal processes, people and systems that ensure the security and stability of service delivery channels • Two primary areas of operational risk focus – Technology - Adopting new technology to meet evolving member service needs and leveraging automation to increase efficiency i.e remote deposit capture, online banking, mobile banking and social media – Internal Controls – examination of a sound system of controls to ensure that credit unions are operated in a safe manner consistent with board approved policies and procedures Internal Controls • NCUA continued • Balance Sheet Management – In 2013 NCUA examiners will focus on the ability of credit unions to generate adequate earning without adversely increasing specific risk factors • Interest Rate Risk (IRR) – high levels of long-term assets funded by short-term less stable funds (shares) • Concentration Risk- focus on a limited diversification of assets • Less Established Products – credit union entrance into less established more complex products where the credit union may lack the experience and expertise to adequately mitigate risk controls Internal Controls • Cooperation/Relationships/Resources – CCUL – Larger Credit Union – CPA/Audit Firm – NCUA Examiner Internal Controls • Summary – The purpose of internal controls is not to entrap or inhibit employees but rather to provide an environment which discourages staff and management from doing something they would not ordinarily do. – In smaller credit unions the supervisory committee typically oversees the internal control function – Ultimately credit union officials are responsible for implementing a system of sound internal controls and for ensuring that those controls are regularly adhered to by staff as well as management Internal Controls • Questions?