Download
internal controls for it cape@cviog uga edu n.
Skip this Video
Loading SlideShow in 5 Seconds..
INTERNAL CONTROLS for IT cape@cviog.uga PowerPoint Presentation
Download Presentation
INTERNAL CONTROLS for IT cape@cviog.uga

INTERNAL CONTROLS for IT cape@cviog.uga

427 Vues Download Presentation
Télécharger la présentation

INTERNAL CONTROLS for IT cape@cviog.uga

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. INTERNAL CONTROLS for ITcape@cviog.uga.edu

  2. Internal Controls: An Overview • Objectives • Define what internal controls are • Describe the five components of the internal control framework • Discuss the limitations of internal controls • Determine who is responsible for internal controls and the categories of responsibility • Internal controls from an auditor’s perspective • Practical elements of IT internal controls

  3. Internal Controls: An Overview • What are internal controls? • A coordinated set of policies and procedures that help to ensure that management’s objectives are achieved. • Practical techniques employed by management to accomplish its objectives and meet its responsibilities. • Management techniques, an inextricable part of how management conducts its business.

  4. Internal Controls: An Overview • All governments exist to serve some purpose. • Management provides leadership for the government to fulfill its purposes. • Management has limitations in achieving goals.

  5. Internal Controls: An Overview • Management’s fundamental responsibilities should address: • Effectiveness • Are activities actually achieving their intended purposes? • Efficiency • Is management making the best use of scarce resources?

  6. Internal Controls: An Overview • Management’s fundamental responsibilities should address: • Compliance • Is management using resources according to federal/state and local laws? • Financial reporting • Do managers have a system of accounting and financial reporting in place to make good decisions? • Are managers accountable for their actions to individuals and groups outside the government for their management of resources?

  7. Internal Controls: An Overview • Management’s responsibilities or objectives: • Effectiveness and efficiency of OPERATIONS • COMPLIANCE • FINANCIAL REPORTING • Internal Control: • Framework that management establishes to ensure that it meets those responsibilities or objectives.

  8. Internal Controls: An Overview

  9. Internal Controls: An Overview • Five Components of Internal Control Framework: • Provides a favorable CONTROL ENVIRONMENT • Management is knowledgeable about controls. • Management is committed to establishing and maintaining controls. • Management communicates its support for internal controls to staff at all levels.

  10. Internal Controls: An Overview • Five Components of Internal Control Framework: • Continually ASSESSES RISK • The risk here is that management’s objectives will not be fulfilled. • Causes might include: • Changes within the government – new personnel • Changes outside the government – population increase or decrease • Sound internal control framework helps management to anticipate, identify and assess potential risks.

  11. Internal Controls: An Overview • Five Components of Internal Control Framework: • Establish and maintain effective control-related POLICIES AND PROCEDURES • Preventive controls • Prior authorization and approval of transactions • Segregation of duties • Detective controls • Account reconciliations • Timely preparation of financial statements

  12. Internal Controls: An Overview • Five Components of Internal Control Framework: • Effective COMMUNICATION • Ensures that RIGHT information is provided to RIGHT individuals at the RIGHT time and in the RIGHT format. • Provides for communication between levels and activities within the organization. • Provides for communication with parties outside the government.

  13. Internal Controls: An Overview • Five Components of Internal Control Framework: • MONITORS effectiveness of control policies and procedures/resolution of problems identifies by controls. • Ensures that controls continue to function properly • Control system could undergo a self-assessment • Also includes follow-up on potential problems

  14. Internal Controls: An Overview

  15. Why Have an Anti-Fraud Program?ACFE 2004 Occupational Fraud Survey $660 billion in annual fraud losses

  16. Why Have an Anti-Fraud Program?ACFE 2004 Occupational Fraud Survey Small business hit the hardest

  17. Why Have an Anti-Fraud Program?ACFE 2004 Occupational Fraud Survey Fraudulent statements – least #, highest $ Asset misappropriation – highest #, least $

  18. Why Have an Anti-Fraud Program?ACFE 2004 Occupational Fraud Survey Tips were the most common means of detection – all industries (39.6%)

  19. Why Have an Anti-Fraud Program?ACFE 2004 Occupational Fraud Survey Tips were the most common means of detection – government agencies (48.5%)

  20. Common Elements of Fraud False statement, representation, or document Made intentionally or recklessly About a material fact Upon which a victim relies

  21. Who Commits Fraud? Based on ACFE 2002 Occupational Fraud Survey • The majority of frauds (64%) are committed by employees. Frauds committed by managers or executives are three-and-a-half times more costly than frauds committed by employees. • Males accounted for losses that were three times greater than those of females. • Most fraudsters were first-time offenders. Only about 7% of fraud perpetrators had been convicted of a previous crime. • Approximately 33% of reported frauds involved collusion (two or more individuals). • The oldest perpetrators (over 60) caused median losses 27 times greater than those of the youngest fraudsters (below 25)—older employees generally occupy more senior positions with greater access to assets.

  22. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Executives commit the frauds with the largest losses

  23. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey 51% make less than $50,000 a year

  24. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey 56% have worked 6 or more years with the same employer

  25. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Men have a slight majority over women

  26. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Men commit frauds with three times the losses by women

  27. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Persons 41-50 commit 32% of the frauds

  28. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Persons over 51 commit the largest frauds

  29. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Persons those with some college or less commit most of the frauds

  30. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Despite low frequency, those with advanced degrees commit the most costly frauds

  31. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey Two-thirds of the frauds are committed by one person

  32. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey When there is collusion, the losses quadruple

  33. Who Commits Fraud?From ACFE 2004 Occupational Fraud Survey 83% have never been charged or convicted

  34. Fraud Triangle Opportunity Pressures / Incentives Rationalization / Attitude

  35. Internal Controls: An Overview • Limitations of Internal Controls • Cost may exceed benefit • Management can override controls • Risk of collusion

  36. Types of Fraud Skimming Invoice Kickbacks Write-offs False shipping Forgery Misuse of Property Economic Extortion Understatement Corruption Lapping Conflicts of Interest Illegal Gratuities False invoices

  37. Fraud Categories

  38. Corruption Categories

  39. Cash Misappropriation Categories

  40. Non-Cash Misappropriation Categories

  41. Internal Controls: An Overview • Responsibility for Internal Controls • Management is primarily responsible for internal controls. • Governing board is ultimately responsible for internal controls. • Auditors can help management, but must never assume primary or ultimate responsibility.

  42. Internal Controls: An Overview • Categories of Management Responsibility for Internal Controls: • Design • Use the five interrelated components of I/C to design policies and procedures. • Implementation • Controls are actually installed as designed and placed in operation.

  43. Internal Controls: An Overview • Categories of Management Responsibility for Internal Controls: • Monitoring • Controls continue to function or changed as needed. • Reporting • Governing board should be kept apprised of how I/C are functioning or changes that need to be implemented.

  44. Internal Controls: An Overview • Management’s Methods of Monitoring I/C • Internal Auditors • Self-Assessment • External Auditors • Management’s misconception that external auditor’s monitor.

  45. Internal Controls: An Overview • Internal Controls from an Auditor’s View • Auditors render opinion that financial statements are in accordance with GAAP. • Auditors must • Gain an understanding of internal controls • Document that understanding in audit workpapers • Determine planned risk assessment based on understanding • Perform tests of controls • Determine if controls can be relied upon to achieve audit efficiency.

  46. Internal Controls: An Overview • Internal controls are techniques – policies and procedures that are incorporated into the way day-to-day business is handled– to accomplish management’s objectives. • Five interrelated components are essential for a comprehensive internal control framework.

  47. Internal Controls: An Overview • These five components include: • CONTROL ENVIRONMENT • Create and maintain an environment conducive to control • RISK ASSESSMENT • Ensure that risks from both inside and outside the government are assessed and managed on an ongoing basis • POLICIES AND PROCEDURES • Result in the design and implementation of appropriate control-related policies and procedures • Provide for appropriate communication both inside and outside the government • Monitor the effectiveness of control-related policies and procedures

  48. Internal Controls: An Overview • These five components include: • COMMUNICATION • Provide for appropriate communication both inside and outside the government • MONITORING • Monitor the effectiveness of control-related policies and procedures

  49. Internal Controls: An Overview • Internal controls have limitations. • Not cost beneficial • Subject to management override • Risk of collusion • Management is primarily responsible for internal controls • Governing board is ultimately responsible for internal controls.

  50. Internal Controls: An Overview • Auditors must gain an understanding of internal controls and test those controls looking for weaknesses that could have a significant impact on financial reporting. • Auditors are not a substitute for management monitoring of internal controls.