1 / 41

Agenda -Internal control background -Elk River Utilities’ story

Agenda -Internal control background -Elk River Utilities’ story -Building an internal control strategic plan Control environment Risk assessment Control activities Information and communication Monitoring. Internal control is everyone’s responsibility Anyone can override controls

werner
Télécharger la présentation

Agenda -Internal control background -Elk River Utilities’ story

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Agenda • -Internal control background • -Elk River Utilities’ story • -Building an internal control strategic plan • Control environment • Risk assessment • Control activities • Information and communication • Monitoring

  2. Internal control is everyone’s responsibility Anyone can override controls Over the past year we assisted with 5 fraud investigations 1 did not appear to be fraud 1 is still to be resolved 3 resulted in convictions

  3. Trust vs. Procedures • We trust our employees • Without a framework, trust is not enough • Most of the cases we worked on had more trust than procedures

  4. No arrest record Socially conforming Educated beyond high school Likely to be married Not likely divorced Member of a house of worship Holds position of responsibility Characteristicsof TrustworthyPeople

  5. No arrest record Socially conforming Educated beyond high school Likely to be married Not likely divorced Member of a house of worship Holds position of responsibility Characteristics of Fraudster

  6. WHY? • Why are the characteristics of honest, trustworthy citizens the same as those of the fraudster?

  7. BECAUSE! • Fraud is committed by one who is capable of deceiving another. • A position of trust is sometimes necessary to obtain access to items of value. • Fewer restrictions or controls are placed on individuals that appear trustworthy.

  8. Fraud Detection • Relatively few fraud and abuse offenses are discovered through routine audits. Most fraud is uncovered as a result of tips and complaints from other employees and citizens.

  9. How Fraud is Detected *Statistics are from Policies and Procedures to Prevent Fraud and Embezzlement by Edward J McMillan, CPA, CAE

  10. Fraud Triangle Incentive Opportunity Rationalization

  11. Disgruntled employee Stressed out Excessive lifestyle Unnaturally compulsive or controlling Financial difficulties Drug problems Gambling problems Incentive

  12. City of Arden Hills • Amount totaled over $230,000 • Method of cover- up was thought through • Pure luck caught her • Had issues with gambling • Plead guilty in 2006

  13. Ramsey County Sheriff’s Department • Deputy had stolen over $200,000 • She worked in the department that deals with foreclosures for over 10 years • Nature of foreclosures allowed her time to cover tracks • Had issues with gambling

  14. Opportunity • Too much trust • Limited internal controls • Lack of supervision Purpose of internal control is to remove the opportunity for fraud

  15. Rationalization • Perpetrator convinces themselves they are not stealing • Have seen cases where they think they are borrowing. • They see self-correcting a perceived wrong • Pay discrepancy • Lack of recognition

  16. City of Glenwood • Administrator and clerk colluded to steal over $130,000 • Every time he stole city funds, he would write a personal check back to the city but never deposited it. He kept it in a desk drawer • When caught, it allowed for easy documentation of the amount stolen

  17. Elk River Municipal Utilities • Over $260,000 stolen over seven years • Started with notices from IRS in 2005 relating to 2001 • We investigated and found issues with the W-2’s

  18. Elk River Municipal Utilities • Because of W-2 problems we investigated other areas of responsibility • We tested some disbursements based on another fraud investigation we had completed • Found that employee was receiving an additional check for each payroll

  19. Elk River Municipal Utilities • Control breakdown • Trust rather than procedures • Payroll was not interfaced • Bank reconciliation and check processing accessible by thief • Mail managed by thief

  20. Elk River Municipal Utilities • What is different now • Finance and payroll are integrated • Superintendent received unopened bank statement and reviews detail • Mail duties are outside of finance • Overall change in environment

  21. Key documents missing No separation of financial duties Accounting system in disarray Lack of policies that establish controls Inadequate monitoring to ensure these controls work as intended Ineffective accounting, information technology or Internal Audit staff Documentation that is photocopied or lacking essential information Unusual employee behavior Tips or complaints about fraud Lack of established code of ethical conduct Top Ten Fraud Risk Indicators

  22. Good system will have the following: • Create and maintain environment that allows controls • Ensure risks are addressed • Appropriate control policies and procedures • Communication of information inside and out of the organization • Monitor the effectiveness of policies and procedures

  23. Internal control strategic plan • See matrix at end of materials • For basic system - Complete for both receipts and disbursements • Can also be expanded and used for other areas (inventory, budgeting, etc)

  24. Responsibility for controls • Management is primarily responsible • Governing board is ultimately responsible

  25. Management needs to prioritize its evaluations • Vulnerability assessment gets at the most critical control-related policies and procedures • Look at inherent risk factors • Where are greatest possible losses • Which type is most likely to occur

  26. Control Environment • Sets the tone of the organization • Foundation for all other elements • Includes integrity, ethical values and competence of people • Management philosophy and operating style, way authority is assigned and development of people • Also includes action of board

  27. Control Environment - Code of Conduct • How comprehensive is yours? • Conflicts of interest • Illegal or improper payments • Employees should acknowledge periodically • Employees know how improper behavior is to be handled • If not in writing-how is it communicated? Is the communication effective?

  28. Control Environment- action taken for departures from policies and procedures • Respond to violations of behavioral standards • Communicate disciplinary actions • Management override is explicitly prohibited

  29. Control Environment-commitment to competence • Job descriptions make clear how much judgment and supervision are necessary • Hiring policies are thorough and include background checks • Training should include some formal component • Staff reviews should be documented. • Performance goals should be set and they should be reasonable

  30. Risk Assessment • Every entity faces a variety of risks from internal and external sources that must be assessed. • Since change is always part of doing business we need mechanisms to identify and deal with special risks • Need both high and low level analysis. • So both staff and management participate

  31. Risk Assessment – Areas of special attention • Changed operating environment • New personnel • New information systems • Rapid growth • New technology • New activities

  32. Control policies and procedures • This allows for accurate financial reporting • Purchasing policy with limits • Records are properly designed • Physical security over assets • Segregation of duties • Reconciliation and verification • Timely reports

  33. Communication of information • Pertinent information must be identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities. • Deals with internal and external data

  34. Communication of information • Appropriate for the user • Received soon enough to allow individuals to take action • In addition to timely, it needs to be current – not yesterday’s news • Reliable and accurate – doesn’t always have to be precise to be reliable • Information needs to be accessible to all levels

  35. Communication of information • Accounting policies and procedures manual • Clearly communicates and outlines specific authority and responsibility • Serves as a reference tool for guidance • Lessens the threat of turnover

  36. Monitoring • Assesses the quality of the system’s performance • Scope and frequency of separate evaluations depends on risk assessments

  37. Monitoring • Bank reconciliations could be off • Physical inventory could show differences • Budget variances may show an unexplained increase Internal control is only effective if investigation and resolution accompanies these discrepencies

  38. Monitoring • Corrective action plans should be completed for every finding • A timetable should be set for each plan • Regular review of the strategic plan should be done at least annually

  39. Benefits to completing a plan • All parties can speak the same language • Assessing control systems against standard • Increased understanding of internal control

  40. What’s next • Review organization for areas of risk • Each line in the plan should be addressed • May involve some new documentation • Could be addressed with a quick narrative answer • Staff should benefit from the exercise • Outside professional could facilitate

  41. Questions? • Contact at any time: • Steve McDonald • Partner • Abdo, Eick and Meyers • 5201 Eden Avenue, Suite 370 • Edina, MN 55436 • Phone 952-835-9090 • E-mail smcdonald@aemcpas.com

More Related