1 / 38

Internal Controls

Internal Controls. When Is It Too Much or Too Little October 2007. Introduction and Background. Eide Bailly, LLP More than 120 firm wide professionals at Eide Bailly are loyal to serving governments, which range from small local governments to large state agencies, for more than 40 years.

jethro
Télécharger la présentation

Internal Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internal Controls When Is It Too Much or Too Little October 2007

  2. Introduction and Background • Eide Bailly, LLP • More than 120 firm wide professionals at Eide Bailly are loyal to serving governments, which range from small local governments to large state agencies, for more than 40 years. • Boise office has 30 professionals that serve governments.

  3. Introduction and Background • Offices in: • Arizona • Idaho • Montana • Oklahoma • North Dakota • South Dakota • Minnesota • Iowa

  4. The “Fraud Triangle”

  5. The “Fraud Triangle” Motive

  6. The “Fraud Triangle” Motive Rationalization

  7. The “Fraud Triangle” Motive Perceived Opportunity Rationalization

  8. What is the Most Important Reason for Having a Strong Internal Control System? To prevent errors from occurring To safeguard assts from unauthorized use of misappropriation (i.e. to prevent fraud)

  9. Keep this in Mind... • Few things are more devastating, demoralizing, and tragic than the discovery that someone you trusted has committed fraud • There is, however, one thing that is considerably more devastating, demoralizing, and tragic ... • When a totally innocent and honest employee falls under suspicion simply because the lack of internal control created the appearance of an opportunity to commit fraud

  10. PERSPECTIVE • You will not prevent all losses. • You are trying to prevent large losses

  11. COSO • Committee of Sponsoring Organizations of the Treadway Commission • Five components of a good control system: • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring

  12. COSO • Identified control environment as the most critical • Autopsies of major scandals identify the control environment as the primary cause of the scandal

  13. Why??? • Why then do managers, auditors and regulators put so much emphasis on control activities – Hard Controls (i.e. policies, procedures, systems) • Because it is easy • Professional guidance and requirements that auditors and regulators follow

  14. Because it is easy • More objective to assess • Easy to read policy and spot situations where duties should be segregated • Easy to determine if policies are being followed • Was the invoice approved • Was a bid obtained when required • Bank reconciliation was reviewed by someone other than who prepared it.

  15. Professional guidance • Public Company Accounting Oversight Board • SEC • AICPA • All have issued standards and related rules that define internal controls over financial reporting with more emphasis on activities than environment

  16. When is it too much? • When controls • Decrease the efficiency of processes • To many checks and balances • Require more people than necessary – Cost vs. Benefit • Gives the perception that the controls are in place because employees can not be trusted

  17. Control Environment/soft controls • Tone at the top • Management’s attitude, philosophy, operating style the ethics and integrity of people in the organization – the competence of people. It is the foundation of all other control components.

  18. Soft Control Failures:

  19. Reasons Controls Break Down Reason Number 1 Don’t Understand the Control Implications Of Policies, Procedures and Reports Yes ___ No ___

  20. Reasons Controls Break Down Reason Number 2 Don’t Have the Information Needed to Assure Transactions Are Proper Yes ___ No ___

  21. Reasons Controls Break Down Reason Number 3 Not Enough Time to do the Control Procedures Yes ___ No ___

  22. Reasons Controls Break Down Reason Number 4 Blind Trust Believers ---------------------------- Doubters Yes ___ No ___

  23. Reasons Controls Break Down Reason Number 5 Willful Blindness I choose not to see Yes ___ No ___

  24. Reasons Controls Break Down Reason Number 6 Not Questioning the Strange, Odd and Curious Yes ___ No ___

  25. Reasons Controls Break Down Reason Number 7 Not Enforcing Documentation Requirements Yes ___ No ___

  26. Reasons Controls Break Down Reason Number 8 Inadequate Fraud Prevention and Detection Skills Yes ___ No ___

  27. Reasons Controls Break Down Reason Number 8 Situational Incompetence

  28. Which of the four options below would make the most significant impact on helping your organization be more effective in fighting fraud, misconduct, and wrongdoing? Implementing the policy suggestions in the Anti Fraud Environment list 14% Conducting an organization wide Comprehensive Fraud Exposure Analysis, including the creation of a Fraud Risk Inventory 14% Providing awareness, prevention and early detection skills training for managers and key employees 62% Catching and prosecuting wrongdoers 10%

  29. Reasons Controls Break Down Reason Number 9 Those Responsible for Control Procedures or Oversight are Crooks! Yes ___ No ___

  30. Soft Control Suggestions • Clarify Fraud Expectations • Fraud Policy • Fraud Skills Training • Fraud Exposure Analysis • Use “How Do I Know”

  31. 1. Clarify Fraud Expectations • Fraud prevention and detection expectations should be stated and understood. Never assume managers and employees know what is expected. Tell them. • At an upcoming staff meeting, discuss what you personally expect of others. Include thoughts on risks, awareness, prevention, early detection and proper response. • Cover anything that would fall under wrongdoing, misconduct and outright fraud.

  32. 2. Fraud Policy • All organizations face the risk of wrongdoing and fraud. And to effectively manage those risks, everyone should know what their responsibilities are in this important area. • An effective “Policy on Suspected Misconduct” is the perfect place to document these responsibilities. • Employees and managers will have a one-stop source explaining their role in deterrence, early detection and effective incident response.

  33. Fraud Policy Statement • Positive message • Manager responsibilities • Exposures • Procedures to prevent • Procedures to detect • What to do / not to do • Emphasis on SUSPECTED acts

  34. 3. Fraud Skills Training • Don’t expect team members to be able to handle fraud risks if they have never been shown how to do so. • Most employees have never been taught the skills needed to be effective in this area. • Sponsor or conduct fraud awareness and skills training programs specifically addressing what employees and auditors need to know to prevent, detect and handle fraud.

  35. Fraud Skills For Managers What fraud skills are needed: • General knowledge of fraud risks • Why soft controls are as important as hard controls • What can happen in their areas • What it will look like when it happens • Suggestions on preventing • Suggestions on prompt detection when prevention fails

  36. 4. Fraud Exposure Analysis • Ask the question “What could go wrong?” • Create a robust inventory of fraud risks. • Use this list to provide training. • Develop offsetting prevention and early detection procedures for each risk identified. • Publicize the effort and the results. • Create awareness in honest employees, and fear in those tempted to commit wrongdoing.

  37. 5. Use “How Do I Know” • When gathering information and in interviews, utilize a “show me how you…” rather than a “do you…” approach to verifying details. • Before sign-off on journal entries, exception reports, disbursements, reconciliation results, and many other daily events, make sure people know that they are responsible for the results. • Verify important details.

  38. When in Doubt, Doubt • If something looks or feels wrong to you in your area of responsibility, it probably is. You are in the best position to know. • Choose to follow up to determine the cause of indicators and behaviors that concern you. • If you’re not sure, make a habit of checking details. • If you’re still not sure, get help! Refer suspicions to others for resolution.

More Related