1
Audits, Internal Controls, Ethics, and Fraud
CSU 101 March 6-9, 2011MontereyMonterey
Kathi McCoyDirector, Auditing Services
Sacramento
Responsibility / Accountability
CSU FundingSt t– State
– Student Tuition and Fees
Fiduciary Obligation– Spend Funds on Purposes for Which They Were
Allocated / Received
Adherence to Laws / Regulations / Policies
2
2
Audit Definition
“An independent objective assurance and“An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.”
Institute of Internal Auditors
3
Types of Audits
Financial Audits
C li A ditCompliance Audits– Government Laws and Regulations
– Trustee Resolutions and Policies
– Chancellor’s Office Executive Orders
Policies and Directives
ICSUAM / SUAM / SAM
– Campus: Policies and Procedures
4
3
Operational or Performance audits
Types of Audits
Information Systems (IS) or Information Technology (IT) audits
InvestigationsInvestigations
5
Audits
CSU Office of the University Auditor
Campus Audits
Systemwide Financial Statements – GAAP
Federal Audits
State Audits
Athletics – NCAA Audits
6
4
Risk
The Probability of Something Happening with Impact to the University
Risk Identification
Risk Assessment
Risk Response– Avoid: No New Ventures / Exit Risky Ones
– Reduce: Put Controls in Place
– Share: Obtain Insurance
– Accept
7
Risk Categories
Strategic– Goals and ObjectivesGoals and Objectives
Financial– Loss of Assets
Operational– Ongoing Management Processes
ComplianceCompliance– Laws and Regulations
Reputational– Tarnishing of Image
8
5
INTERNAL CONTROLS
ALL EMPLOYEES
ARE RESPONSIBLE
FOR MANAGING
INTERNAL CONTROLSINTERNAL CONTROLS
9
Control Process
Internal control is a process…designed to provide reasonable assurance regarding the achievement of objectives:achievement of objectives:
– Effectiveness and efficiency of operations and the use of resources
– Reliability of financial information and reports
Compliance with applicable laws and regulations– Compliance with applicable laws and regulations
– Safeguarding of Assets
10
6
What Are Controls
System of checks and balances
Procedures to prevent and detect errors, theft or unauthorized use
Ways to manage and reduce risk
Good business practices
11
Types of Controls
Preventive Controls– Keep errors / irregularities from occurringKeep errors / irregularities from occurring
Detective Controls– Identify errors / irregularities that occurred
Corrective Controls– Correct errors / irregularities
– Prevent recurrence
12
7
Internal Controls
Segregation of Duties
Safeguarding of Assets
Proper Authorizations & Reviews
Reconciliations
13
Examples
Buildings, Offices, Labs, & State Vehicles Kept Locked When Unoccupied
Computer Passwords Changed Periodically
Reconciliations of Source Documents Against Pro Card Statements
Locked Cash Drawers
Secure Storage for Checks Secure Storage for Checks
Proper Authorizations
Alarm Systems
Background Checks14
8
ETHICAL BEHAVIORETHICAL BEHAVIOR
DOING THE RIGHT THING
Wh i l i ti ?Where is your moral compass pointing?
15
Ethics
Ethical behavior means
Being honestBeing honest,
Telling the truth,
Doing what you said you were going to do.
Barbara Jordan
State Senator – Texas
US. Congresswoman
16
9
Ethical Behavior
Advantages– Credibility
Ethical Behavior
Credibility
– Efficiency
– Morale / Loyalty / Personal Satisfaction
ImpactsInstitutional Reputation– Institutional Reputation
– Morale
– Donations
17
Conflict of Interest
Law seeks to minimize the extent to which public employees pursue their own
Conflict of Interest
p p y pfinancial interests at the expense of public interest
– Accepting gifts / honoraria
– Outside employment that would impair independence of judgment related to state dutiesp j g
– Disclosure of confidential information
– Receipt of personal or financial benefit
18
10
Core Values
Act Responsibly and Be Accountable– Integrity / Credibility / Excellenceg y y
Meet Commitments
Respect Confidentiality
Support Controls
Adherence to Laws, Regulations, Policies
19
Your Behavior
Protect University Assets
– Financial People Data Equipment
Your Behavior
Financial, People, Data, Equipment
Use of University Assets
– Phones (office and cell), Photocopier, Fax, Software, Internet, Equipment, Office Supplies, Postage
Work Time is University TimeWork Time is University Time
– Arrive late, leave early, long lunch
– Conducting personal business on Univ time
20
11
Your Obligations
Do Your Job: Adhere to Policies, Laws, R l ti d B t B i P tiRegulations, and Best Business Practices
Do Not Disclose Confidential Information
Avoid Conflicts of Interest and the Appearance of ppConflicts of Interest
21
Make Good Ethical DecisionsMake Good Ethical Decisions
Ethical Behavior
Publicity Test
Conscience Test
Parent Perspective
Role Model Test
Universality Test
Golden Rule
22
12
“Well, maybe just this once…”
You might be on thin ethical ice, when you hear:
“No one will ever know…”
“It doesn’t matter how it gets done as long as it gets done.”
“It sounds too good to be true.”
“Everyone does it.”
“Shred that document.”
“We can hide it.”
“No one will get hurt.”
“What’s in it for me?”
“We didn’t have this conversation.” 23
Last Worst Act
Consider This –Will You Be Judged By Your Last Worst Act:Will You Be Judged By Your Last Worst Act:
Lindsay Lohan
General McChrystal
Gary Condit
Tonya Hardingy g
City of Bell – Mayor, Council Members . . .
Kobe Bryant
24
13
Quote
I would never suggest that ethics is simple. Not only does one have to know the right thing to do --one must also have the moral fortitude to do it.
Norman R. Augustine
Former Chairman and CEOFormer Chairman and CEO
Lockheed Martin
25
Quote
What is right is right, even if no one is doing it.
What is wrong is wrong, even if everyone is doing it.
Source Unknown
26
14
FRAUDULENT ACTIVITIES DO OCCUR
27
There is nothing ethical about fraud!
28
15
Fraud
Fraudulent, Unlawful, Dishonest Acts– Intentional or Deliberate Act
Theft or Misappropriation of Assets
Diversion of Revenue
Ch U i it f E With t PCharge University for Expense Without Proper Authorization
Wrongdoing
29
Fraud Triangle
Motivation / Incentive / PressureMotivation / Incentive / Pressure
Rationalization / Justification
Opportunity
30
16
Fraud TriangleFinancial Need
Motivation
Dissatisfaction
Revenge
Greed
31
Fraud Triangle
I Deserve It
Rationalization
I am Underpaid
I Will Pay It Back – Borrowing
Others Do It
It Does Not Really Hurt Anyone
32
17
Fraud Triangle
Inadequate Internal Controls
Opportunity
Lack of Appropriate Oversight
Use of One’s Position & Authority to Override Controls
It Is Critical for University to Limit
the Opportunities for Fraud
33
Expanding the Fraud Triangle
Personal Capability– Position / FunctionPosition / Function
– Intelligence
– Strong Ego
– Confidence
– Persuasiveness
Lies Effectively and Consistently– Lies Effectively and Consistently
– Tolerates Stress
34
18
TRUST IS NOT AN INTERNAL CONTROL
35
Fiscal Improprieties
Travel ReimbursementsOverstated Expenses
Fiscal Improprieties
– Overstated Expenses
– Fictitious Expenses
– Double Dipping
– Personal Items Concealed as BusinessPersonal Items Concealed as Business Expense
36
19
Fiscal Improprieties
Procurement CardPersonal Items– Personal Items
– Purchases NOT Within Program Parameters
– Lack of Proper Approval
– Inadequate Supporting DocumentationInadequate Supporting Documentation
37
Other Improprieties
Misuse of University Assets– Computer: Software & InternetComputer: Software & Internet
– Copier and Fax
– Phone and E-Mail
– Equipment
– Program and Office Supplies
– Postage
– University Credit Cards
– Employee Work Time
38
20
Do Things RightDo Things Right
Do the Right Thing
39
“Ideal” Audit Observations
Departmental Administrative Policies, Procedures and Practices Are Documented –Current – Followed
All Accounts & Fees Are Reconciled Regularly
Cash Receipts Are Promptly Endorsed, Recorded, Safeguarded, Deposited, and Reconciled
40
21
“Ideal” Audit Observations
Check Requests & Travel Claims Are Properly Authorized, and Sufficiently Documented
Procurement Card Use Adheres to Campus Standards
Duties Are Properly Segregated
S ff Staff Are Properly Trained
Access to HR / Financial Systems Are Properly Assigned and Authorized
41
Inter-relationship
Summary
Inter relationship– Audits
– Internal Controls
– Ethical Behavior
– Fraud
42
Thanks to Auditing Services – CSUN: Contribution to Presentation Content
22
Q U E S T I O N S
CSU Bakersfield Roadrunners
CSU Channel Islands Dolphins
CSU Chico Wildcats
CSU Dominguez Hills Toros
CSU East Bay Pioneers
CSU Fresno Bulldogs
CSU Fullerton Titans
Humboldt State University Lumberjacks
CSU Long Beach 49ers
CSU Los Angeles Golden Eagles
California Maritime Academy Keelhaulers
CSU Monterey Bay Otters
CSU Northridge Matadors
Cal Poly Pomona Broncos
CSU Sacramento HornetsCSU Sacramento Hornets
CSU San Bernardino Coyotes
San Diego State University Aztecs
San Francisco State University Gators
San Jose State University Spartans
Cal Poly San Luis Obispo Mustangs
CSU San Marcos Cougars
Sonoma State University Seawolves
CSU Stanislaus Warriors
Thank You
43
Personal Expenditures, $647,949; Texas Southern University
Wrongdoing
Fraudulent Checks, $502,000, NJ City University – Student Gov't Organization
Embezzlement, $429,000, Bowling Green State
Stealing, $400,000, American University
Embezzlement, $200,000, BYUEmbezzlement, $200,000, BYU
Embezzlement, $144,000, Virginia
Commonwealth University
Toner Theft, $45,000; Penn state
44