1 / 72

FGFOA Boot Camp November 13, 2012 Internal Controls

FGFOA Boot Camp November 13, 2012 Internal Controls. Presented by Walt Maxwell, CPA Dana McDonald, CPA. r 2 Rampell & Rampell, P.A. certified public accountants. Internal Controls – Beyond Segregation of Duties. Definition of Internal Control Types of Internal Controls

aneko
Télécharger la présentation

FGFOA Boot Camp November 13, 2012 Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FGFOA Boot CampNovember 13, 2012Internal Controls Presented by Walt Maxwell, CPA Dana McDonald, CPA r2 Rampell & Rampell, P.A. certified public accountants

  2. Internal Controls – Beyond Segregation of Duties • Definition of Internal Control • Types of Internal Controls • Key Internal Controls • Designing Internal Controls • Fraud r2 Rampell & Rampell, P.A. certified public accountants

  3. Internal Controls – Beyond Segregation of Duties • The absence of controls, ineffective controls, or the ability of management to override controls provides the opportunity for fraud to be perpetrated. r2 Rampell & Rampell, P.A. certified public accountants

  4. “ I think I should warn you that the flip side of our generous bonus-incentive program is capital punishment.” r2 Rampell & Rampell, P.A. certified public accountants

  5. Definition of Internal Control • Internal control is a process designed by management topromote efficiency, reduce risk of asset loss, and help ensure the reliability of financial statements and compliance with laws and regulations. r2 Rampell & Rampell, P.A. certified public accountants

  6. Individual Internal Controls • Each of us has developed what we can call our own “personal internal control system.” • Lock Doors • Balance Checking Account • Plan Shortest Route to Run Errands (promotes operational efficiency) • File an Annual Income Tax Return (compliance with federal and state tax regulations) r2 Rampell & Rampell, P.A. certified public accountants

  7. Types of Internal Controls • Preventive Controls • Detective Controls • Corrective Controls r2 Rampell & Rampell, P.A. certified public accountants

  8. Preventative Controls • Designed to discourage errors or prevent irregularities from occurring in the first place. • Segregation of Duties • Proper Authorization • Adequate Documentation • Physical Control Over Assets r2 Rampell & Rampell, P.A. certified public accountants

  9. Detective Controls • Detective controls are designed to find errors or irregularities after they have occurred. • Separation of Duties • Proper Authorization • Adequate Documentation • Physical Control Over Assets r2 Rampell & Rampell, P.A. certified public accountants

  10. Corrective Controls • Corrective controls are the KEY INTERNAL CONTROLSthat are designed to correct errors or irregularities from occurring in the first place. r2 Rampell & Rampell, P.A. certified public accountants

  11. Key Internal Controls • Segregation of Duties • Authorization • Independent Checks • Analytical Review • Physical Safeguards and Security r2 Rampell & Rampell, P.A. certified public accountants

  12. Segregation of Duties • Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities. • Three functions that are considered to be mutually incompatible. • Authorize a Transaction • Record the Transaction in the Accounting Records • Maintain Custody of the Assets Resulting From the Transaction r2 Rampell & Rampell, P.A. certified public accountants

  13. Authorization • Approval of a transaction means that the approver has reviewed the supporting documentation and is satisfied that the transaction is appropriate, accurate, and complies with applicable laws, regulations, policies, and procedures. r2 Rampell & Rampell, P.A. certified public accountants

  14. Independent Checks • Employees who did not do the work check and verify the accuracy of the work. • Periodic reconciliations which compare different sets of data to one another (i.e. bank reconciliations) r2 Rampell & Rampell, P.A. certified public accountants

  15. Analytical Review • Management comparison of reports is especially important in situations when it is not practical to segregate duties. • Types of Reports to Compare • Current Performance to Prior Periods • Current Performance to Budgets • Current Performance to Forecasts • Current Performance to Benchmarks r2 Rampell & Rampell, P.A. certified public accountants

  16. Physical Safeguards & Security • Physical control over assets and records helps protect the organization’s assets. These control activities may include electronic or computer-related controls. • Safe • Employee ID Cards • Locks • Backup and Recovery Procedures r2 Rampell & Rampell, P.A. certified public accountants

  17. Most Effective Control • According to the Association of Certified Fraud Examiners, the most effective accounting based control is a surprise audit. • Surprise Count of Petty Cash • Surprise Visit to Off-Site Location r2 Rampell & Rampell, P.A. certified public accountants

  18. Who is responsible for internal controls? • Everyone plays a part in the internal control system. r2 Rampell & Rampell, P.A. certified public accountants

  19. How does Management Establish Internal Controls? • In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a report titled Internal Control—Integrated Framework (the framework). This document provides management with guidance for designing and implementingan effective internal control system. r2 Rampell & Rampell, P.A. certified public accountants

  20. Components of Internal Control • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring r2 Rampell & Rampell, P.A. certified public accountants

  21. Control Environment • The control environment component is the foundation upon which other components of internal control are based, and it sets the tone of an organization. r2 Rampell & Rampell, P.A. certified public accountants

  22. Control Environment • The factors that set the tone of the organization and influence the control consciousness of its people are: • Integrity and Ethical Values • Commitment to Competence • Human Resource Policies and Practices • Assignment of Authority and Responsibility r2 Rampell & Rampell, P.A. certified public accountants

  23. Control Environment Cont. • Management’s Philosophy and Operating Style • Governing Body or Audit Committee Participation • Organizational Structure r2 Rampell & Rampell, P.A. certified public accountants

  24. Risk Assessment • Management establishes mechanisms for identifying and analyzing risks that may affect an entity’s ability to properly record, process, summarize and report financial data. r2 Rampell & Rampell, P.A. certified public accountants

  25. Risk Assessment • The following are risks that may affect an entity's ability to properly record, process, summarize and report financial data: • Changes in the Operating Environment • New Personnel • New Information Systems • Rapid Growth • New Technology r2 Rampell & Rampell, P.A. certified public accountants

  26. Risk Assessment Cont. • New Lines, Products or Activities • Corporate Restructuring • Foreign Operations • Accounting Pronouncements r2 Rampell & Rampell, P.A. certified public accountants

  27. Control Activities • Control activities are the policies and procedures that ensure management’s directives are carried out. r2 Rampell & Rampell, P.A. certified public accountants

  28. Control Activities • The various policies and procedures that ensure that necessary actions are taken to address risks affecting achievement of entity's objectives are: • Performance Reviews (review of actual against budgets, forecasts) • Information Processing (checks for accuracy completeness, authorization) • Segregation of Duties r2 Rampell & Rampell, P.A. certified public accountants

  29. Information and Communication • Information is identified, captured, and communicated in a form and timeframe to enable people to carry out their responsibilities. r2 Rampell & Rampell, P.A. certified public accountants

  30. Examples of Information and Communication • Methods established to record, process, summarize and report transactions must be able to: • Identify and Record All Valid Transactions • Report on a Timely Basis • Measure the Value Properly r2 Rampell & Rampell, P.A. certified public accountants

  31. Examples of Information and Communication Cont. • Record in the Proper Time Period • Properly Present and Disclose • Communicate Responsibilities to Employees r2 Rampell & Rampell, P.A. certified public accountants

  32. Monitoring • This is the process that assesses the quality of the internal control system’s performance over time and includes ongoing monitoring. • Governing body has the responsibility for the financial reporting process. r2 Rampell & Rampell, P.A. certified public accountants

  33. External Auditors Role • Mindset that external auditors are responsible – “Myth” • Auditors must test an entity’s controls r2 Rampell & Rampell, P.A. certified public accountants

  34. Red Flags • As an auditor, when we go into an organization to perform control testing, certain items indicate that there may be problems. • As an auditor, we must exercise professional skepticism. r2 Rampell & Rampell, P.A. certified public accountants

  35. Red Flags • Examples of red flags: • Limited Staffing • Insufficient Documentation (missing source documents, missing approvals, overall sloppiness) • Reconciliations Not Performed on a Timely Basis • Lots of Voids and Deviations from Procedures • Unexpected or Unusual Patterns • Employee Behavior Changes r2 Rampell & Rampell, P.A. certified public accountants

  36. Limitations of Internal Controls • No matter how well internal controls are designed, they can only provide reasonable assurance that objectives have been achieved. • Some limitations are inherent in all internal control systems: • Judgment • Breakdowns • Management Override • Collusion r2 Rampell & Rampell, P.A. certified public accountants

  37. Judgment • The effectiveness of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information at hand. r2 Rampell & Rampell, P.A. certified public accountants

  38. “I find it simply amazing that what we know as just ‘good business’ is perceived by the public as greed.” r2 Rampell & Rampell, P.A. certified public accountants

  39. Breakdowns • Even well designed internal controls can break down. • Employee Misunderstanding or Mistake • Errors From Complicated Computer Systems or New Technology r2 Rampell & Rampell, P.A. certified public accountants

  40. Management Override • High level personnel may be able to override prescribed policies and procedures for personal gain or advantage. r2 Rampell & Rampell, P.A. certified public accountants

  41. “I think I’d make an excellent executive vice president, because for the last four years all those documents you asked me to shred…I didn’t shred any of them.” r2 Rampell & Rampell, P.A. certified public accountants

  42. Mitigating Management Override Potential • Corporate culture of integrity and ethical values • Hiring qualified accounting personnel • Effective internal audit function • A financially literate governing body and/or audit committee willing to assume responsibility to prevent/detect management override • An effective whistleblower program r2 Rampell & Rampell, P.A. certified public accountants

  43. Collusion • Individuals acting collectively can alter financial data or other management information in a manner that cannot be identified by control systems. r2 Rampell & Rampell, P.A. certified public accountants

  44. “Well, if you think the on-screen special effectswere interesting, wait until you see the bookkeeping” r2 Rampell & Rampell, P.A. certified public accountants

  45. Example of Collusion This fraud began with the failure to record or disclose a liability caused by a failed loan. The perpetrator’s internal accountants relayed that the bankers had requested that the loss be kept off the financial statements and that the external CPAs not be alerted. Extensive internal collusion helped to hide this fraud. “Audit evidence” provided to external CPAs included falsified contracts and invoices that presented certain assets as owned. r2 Rampell & Rampell, P.A. certified public accountants

  46. Example of Collusion Cont. In addition, assets that were sold were not removed from the books, assets that were borrowed were presented as owned, and certain guarantees of loans were not disclosed. To top it off, those involved in the collusion even borrowed physical assets to pass inspection and observation by external CPAs. r2 Rampell & Rampell, P.A. certified public accountants

  47. Example of Collusion Cont. The extent of the internal collusion would have made this scheme difficult for any external auditor to spot. How was this uncovered? A whistleblower tipped off authorities to the fraud. r2 Rampell & Rampell, P.A. certified public accountants

  48. “And, hey, don’t kill yourself trying to pay it back.You know our motto… ‘What the hell, it’s only money’.” r2 Rampell & Rampell, P.A. certified public accountants

  49. What Can Happen When Internal Controls Are Weak or Non-Existent? • The absence of controls, ineffective controls, or the ability of management to override controls provides the opportunity for fraud to be perpetrated. r2 Rampell & Rampell, P.A. certified public accountants

  50. “Right. Money isn’t everything ……what’s the other thing again?” r2 Rampell & Rampell, P.A. certified public accountants

More Related