Int Control

advertisement
Internal Control:
Identifying and Minimizing Risks
For Governmental Entities
1
2
Comptroller Justin Wilson likens Memphis to a
recovering alcoholic
State Comptroller Justin Wilson has penned an op-ed
piece in the Commercial Appeal that compares
governments to alcoholics – and pronounces Memphis
on the road to recovery. An excerpt:
The individual knows he is drinking too much and the
government recognizes that its finances are precarious,
but hey, it’s not that serious, I’ll change tomorrow or
next year. Besides, getting drunk makes me happy and
providing services and benefits we don’t pay for today
keeps the voters happy.
3
The downward spiral progresses until the
individual or the government hits bottom.
That happens with the realization that the
pain caused by the substance abuse or the
financial irresponsibility outweighs the
pleasure derived from the behavior.
4
…Most alcoholics still struggle with temptation,
and there is always the danger of falling off
the wagon. But if Memphis continues on its
road to recovery, and continues to make good
financial decisions, there is no reason to
compare it to Detroit. Rather, Memphis will
find its rightful place among the world’s most
vibrant cities.
5
State of Tennessee
Justin P. Wilson, State Comptroller
For Immediate Release: June 19, 2014
Three Quarters of a Million Dollars’ Worth of Stolen Public Money Remains
Uncollected
Although county officials across Tennessee have made strides in recovering money
stolen from public coffers, $775,221.12 remained uncollected at the end of the last
fiscal year.
That was one of the key findings of the 2013 Report of Cash Shortages, which was
released today by the state Comptroller’s office.
Each year, the Comptroller’s office prepares the report detailing the status of money
stolen from county governments in Tennessee. The report includes information
compiled from annual financial reports for the 89 counties audited by the
Comptroller’s office and six counties audited by private accounting firms, as well as
investigations and special reports issued by the Comptroller’s office.
The new report provides a snapshot of each county’s cash shortages as of June 30,
2013. There is information in the report not only about money stolen during the year,
but also in previous fiscal years that remains unrecovered.
The state’s 95 counties began the last fiscal year with $563,372.50 in cash
$449,624.04
worth of new shortages was detected. Counties
shortages that had not been recovered. During the year,
were able to recover $237,775.42 through restitution payments, insurance claims
or other means. That left a net unrecovered shortage of $775,221.12 at the end of
the fiscal year.
“While it’s encouraging that county officials have been able to recover substantial
amounts of the money that has been taken from them, it’s discouraging that the
amount of new thefts discovered in the fiscal year outpaces the recovered
I hope people will
read through this report and realize how
widespread the theft of public funds is in
our state. I urge local government officials to follow the steps
amounts,” Comptroller Justin P. Wilson said. “
recommended by our auditors to safeguard against the fraud, waste and abuse of
public money.”
Blake Fontenay, Communications Director, (615) 253-2668 or
[email protected]
A Personal Decision
What is it worth to you?
Would you throw away your integrity?
Give up your good reputation?
Lose the good name you have worked your
entire life to build?
How much would it take????
Dennis Dycus once said…
“If you think theft or fraud is not happening
where you work, you are probably wrong”.
Video – Dixon, IL
Video - Columbus
9
10
Reference Text:
Committee of Sponsoring Organizations
of the Treadway Commission
Internal Control – Integrated Framework
Framework and Appendices
May 2013
11
COSO Model
12
The Committee of Sponsoring Organizations
(COSO)
• Sponsored and funded by:
– American Institute of Certified Public Accountants
(AICPA)
– American Accounting Association (AAA)
– Financial Executives Institute (FEI)
– The Institute of Internal Auditors (IIA)
– The Institute of Management Accountants (IMA)
• Publishes The Internal Control Integrated
Framework, a standard for establishing internal
controls
13
Definition
COSO defines internal control as:
“…a process, affected by an entity’s board of directors,
management and other personnel designed to provide
reasonable assurance regarding the achievement of
objectives in the following categories:
1) Effectiveness and efficiency of operations
2) Reliability of financial reporting
3) Compliance with applicable laws and objectives”
14
Five Components of the
COSO Model
1.
2.
3.
4.
5.
The Control Environment
Risk Assessment
Control Activities
Information and
Communication
Monitoring Activities
15
1. The Control Environment
• Sets the tone for the entire organization
• Management leads by example
•
•
•
•
Integrity and ethical values
Commitment to competence
Organizational structure
Adherence to policies and procedures
16
New
Control Environment
Principles
17
Control Environment – 5 Principles
1. Organizational commitment to integrity and
ethical values
2. Governing body
a. Demonstrates independence from management
b. Exercises oversight of internal control
18
Control Environment – 5 Principles
3. Management establishes reporting lines,
authorities and responsibilities
4. Organizational commitment to attract, develop
and retain competent individuals
5. Organization holds individuals accountable for
internal control responsibilities
19
2. Risk Assessment
• Present at every level of an organization
• Define organizational objectives
• Identify risks that may adversely impact
organization’s achievement of goals
• Minimize the likelihood of occurrence
20
Risk Analysis
• Assess the frequency of the risk
occurring
• Estimate the potential impact if the risk
were to occur
• Determine how the risk should be
managed
• Prioritize and manage significant risks
21
Reasonable Assurance
• Effective control system provides reasonable
but not absolute assurance
• Appropriate balance between risk of a certain
practice and level of control to ensure
objectives
• Cost of a control should not exceed the
derived benefit
22
Controls Out of Balance
Excessive Risks
Excessive Controls
•
•
•
•
• Increased bureaucracy
• Reduced productivity
• Increased complexity
• Increase of no-value
activities
Loss of Assets or Grants
Poor business decisions
Noncompliance
Public scandals
23
New
Risk Assessment
Principles
24
Risk Assessment – 4 Principles
1. Objectives are specified to enable the
identification and assessment of related risks
2. Risks to the achievement of the entity’s
objectives are identified and analyzed to
manage those risks
3. The potential for fraud is considered in risk
assessment
4. The organization identifies and assesses
changes that could significantly impact internal
control
25
3. Control Activities
• Policies and procedures to mitigate risks
• Appropriate response
• Implementation
• Conscientious
• Consistent
• Types of Controls
• Preventive controls – proactive
• Detective controls – reveal what has occurred
26
Types of Controls
Preventive
Detective
•
•
•
•
•
•
•
•
•
Deter undesirable events
Help prevent loss
Examples
Emphasize quality
Proactive
Detect undesirable events
Provide evidence of loss
Do not prevent loss
Provide evidence that
preventive controls are
functioning
27
New
Control Activities
Principles
28
Control Activities – 3 Principles
1. Activities that contribute to the mitigation of risks
to acceptable levels are selected and developed by
the organization
2. General control activities over technology are
selected and developed to support objectives
3. Control activities are deployed through policies
and procedures
29
4. Information and
Communication
• Essential at every level of an
organization
• Clear understanding of expectations
• Minimizes assumptions
30
Communicating
• Standard operating procedures
– Strengthen communication channels
– Decrease chance that a new administration will
arbitrarily change policies
• Information overload results in employees
ignoring communication attempts
31
New
Information and Communication
Principles
32
Information and Communication –
3 Principles
1. Relevant and quality information is used to
support the functioning of internal control
2. Information, including objectives and
responsibilities, are communicated internally
3. Matters affecting the functioning of internal
control are communicated to external parties
33
5. Monitoring Activities
• Ongoing evaluation
• Activities functioning properly
• Controls must change over time
• Technologies evolve
• Priorities change
• New deficiencies emerge
34
New
Monitoring Activities
Principles
35
Monitoring Activities - 2 Principles
1. Evaluations are developed to ascertain
internal control components are present
and functioning
2. Internal control deficiencies are
communicated to those responsible for
taking corrective action
36
Basic Internal
Internal Controls
Checklist
37
Checklist
1. Make sure that the following policies and procedures are
available in your municipality, either by hard copy or
electronically:
a.
b.
c.
d.
Administrative procedures
Financial and accounting manual (including at a minimum the
Comptroller requirements)
Employee handbook
Purchasing manual
2. Make sure that departments have well‐written
departmental policies and procedures manuals which
address significant activities and unique issues. Employee
responsibilities, limits to authority, performance standards,
control procedure disciplinary action for not complying and
organizational relationships should be clear.
38
Checklist
3. Make sure that employees are well acquainted with the
municipality’s policies and procedures that pertain to their
job responsibilities.
4. Discuss ethical issues with employees. If employees need
additional guidance, consider departmental standards of
conduct.
5. Communicate state laws related to conflict of interest; make
sure employees understand how to disclose potential
conflicts of interest.
6. Develop job descriptions; clearly state responsibility for
internal control, and correctly translate desired competence
levels into required knowledge, skills, and experience.
39
Checklist
7. Make sure that each employee has an adequate training
program.
8. Conduct employee performance evaluations periodically.
Good performance should be valued highly and recognized
in a positive manner.
9. Most importantly, make sure appropriate disciplinary action
is taken when an employee does not comply with policies
and procedures or behavioral standards.
40
QUESTIONS ?
MTAS and CTAS now working on
model I/C policies and training
programs
(and perhaps others are as well)
41
Download