internal controls
DESCRIPTION
INTERNAL CONTROLS. 2/2/2012 – Mt. Laurel 2/7/2012 – Rockaway 2/9/2012 – Robbinsville . Internal Control Guide. State of New Jersey Office of the State Comptroller A. Matthew Boxer, State Comptroller November 2011 Report of FraudToll Free Hotline 1-866-OSC-TIPS Link - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/1.jpg)
INTERNAL CONTROLS
2/2/2012 – Mt. Laurel2/7/2012 – Rockaway
2/9/2012 – Robbinsville
![Page 2: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/2.jpg)
Internal Control Guide
• State of New Jersey• Office of the State Comptroller• A. Matthew Boxer, State Comptroller
• November 2011• Report of Fraud Toll Free Hotline 1-866-OSC-TIPS
• Link• http://www.nj.gov/comptroller/doc/internal_control_guide_nov_2011.pdf
![Page 3: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/3.jpg)
Management of Organization
Four Basic Functions
– Planning– Organizing– Leading– Controlling
![Page 4: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/4.jpg)
Effective Management
Allows Managers to:
– Delegate responsibilities to staff
– Have comfort that expectations will be realized
![Page 5: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/5.jpg)
What is Internal Control
COSO (Committee of Sponsoring Organizations)
A process…designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
– Effectiveness and efficiency of operations– Reliability of financial and management data– Compliance with applicable laws and regulations
– Safeguard resources against loss
![Page 6: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/6.jpg)
Internal Control System
• Integral part of managing any organization
• To meet goals and objectives system includes:– Plans– Methods– Procedures
• First line of Defense in safeguarding assets
• Preventing and detecting errors and fraud
![Page 7: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/7.jpg)
IMPORTANCE
• Keeps organization on course• Protects organization by catching small mistakes
• Protects organization by mitigating opportunities for innocent mistakes or internal fraud
• Impacts organization’s people, processes, and physical structure
![Page 8: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/8.jpg)
Fundamental Concepts
• Internal Controls will change with organizational changes
• Degree of control employed is a business judgment
• Cost should not exceed benefit derived
![Page 9: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/9.jpg)
Fundamental Concepts
• Considerations of Weaknesses– Increase supervision– Institute additional or compensating controls– Accept the risk inherent with the control weakness
![Page 10: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/10.jpg)
Fundamental Concepts
• Organizational Self Regulation– Affects every aspect including staff, processes and operations
– Integrated into day-to-day operations and responsibilities
– Incorporates the qualities of good management– Depends upon people– Must make sense within each unique environment
![Page 11: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/11.jpg)
LIMITATIONS• Human errors and poor judgments• Controls can be circumvented by collusion
• Management can intentionally override controls
• Excess costs can prevent management from implementing ideal controls
• More controls are not always better• Balance between risk and controls
– Proactive– Value-added– Cost effective– Decrease exposure
![Page 12: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/12.jpg)
Design Considerations
– Organizational size– Organizational structure– Nature of business operations– Diversity and complexity of operations
– Method of transmitting, processing, maintaining and accessing information
– Applicable legal and regulatory requirements
ONE SIZE DOES NOT FIT ALL!
![Page 13: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/13.jpg)
FRAMEWORK COMPOENENTS
• Control Environment• Risk Assessment• Control Activities• Information &
Communication• Monitoring
![Page 14: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/14.jpg)
Control Environment• Integrity and Ethical Values• Commitment to Competence• Organizational Structure• Organizational Structure• Delegation of Authority and Responsibility
• Relationship with Oversight Agencies• Human Resources Policies and procedures
![Page 15: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/15.jpg)
Risk Assessment• Risk Identification
– Change in operating cycle– New employees– New or enhanced technology systems– New programs– New and revised laws and regulations
• Questions to Ask– What could go wrong– What is worst case scenario– What would cause us to fail– What areas are we most vulnerable– What assets do we need to safeguard
![Page 16: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/16.jpg)
Risk Assessment• Methods
– Periodic management conferences– Executive round tables– Forecasting– Strategic planning– Consideration of findings from audits– Other assessments
• Risk Management– Accept the risk and not institute further controls– Share the risk– Reduce the risk by instituting controls– Avoid the risk by avoiding the function
![Page 17: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/17.jpg)
Control Activities – Specific Policies and Procedures
• Security Assets• Segregation of Duties• Authorization of Activities• Approval, Verification and Reconciliation
• Adequate Documentation• Information Processing• Independent Performance Review
![Page 18: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/18.jpg)
Security Assets
• Unique user IDs and passwords• Physical security of tangible and intangible assets
• Backup for computer records and programs – secure offsite facility
• Disaster recovery plans• Performing periodic unannounced verifications
![Page 19: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/19.jpg)
Segregation of Duties
• Prevent one person from performing incompatible duties
• Require responsibility for operations be separate from related record-keeping
• Ensure three functions of authorizing, recording, and maintaining assets are separate
![Page 20: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/20.jpg)
Authorization of Activities
• Define parameters– Execution of transactions– Requirement of signature– Appropriate monetary thresholds– Documentation requirements adhered to
![Page 21: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/21.jpg)
Approval, Verification and Reconciliation
• Identify activities or transactions that require supervisory approval
• Require supervisory approval to ensure transaction has been validated and conforms
• Prior to transaction review all supporting documentation
![Page 22: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/22.jpg)
Adequate Documentation
• Concise and clear• Implementation of storage and retention policies
• Documents periodically verified to ensure accountability and compliance
![Page 23: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/23.jpg)
Information Processing
• Access within the computing environment controlled by unique user passwords
• Change passwords on a periodic basis
• Restrict Access
![Page 24: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/24.jpg)
Independent Performance Review
• Periodic reconciliations performed• Comparison of different sets of data to identify differences
• Implement necessary corrective actions
• Management review of reports, statements, reconciliations
• Comparison of information about current performance
![Page 25: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/25.jpg)
INFORMATION COMMUNICATION
RelevantReliableTimely
![Page 26: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/26.jpg)
Information and Communication
• Written policies and procedures• Mission statements, goals and objectives• Organization charts• Job descriptions and performance evaluations
• Training materials• Period reports measuring progress towards goals
• Internal/external audit report• Financial reports
![Page 27: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/27.jpg)
Types of Communication
• Performance and management systems• Information systems• Policy and procedure manuals• Management directives• Memos and e-mails• Internet and intranet• Speeches and briefings
![Page 28: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/28.jpg)
Characteristics of Effective Communication
• Relevant information on operational performance
• Current, accurate, complete and timely
• Shared with appropriate staff at right time
• Management receptive to employee recommendations
• Appropriate channels
![Page 29: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/29.jpg)
MONITORING
Assessment of Internal Control performance over time- Self Assessments- Peer Reviews
- Internal Audits
![Page 30: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/30.jpg)
Monitoring should focus on:
• Control Activities• Mission• Control Environment• Communication• Risk and Opportunities
![Page 31: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/31.jpg)
Fraud Awareness
Common Anti-fraud measuresThree elements Present when
Fraud OccursTypes of Fraud
Examples
![Page 32: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/32.jpg)
Common Anti-Fraud Measures
• External Audits• Internal Audits• Fraud Training• Surprise Audits• Establishment of hotline
![Page 33: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/33.jpg)
Three Elements Present
• Opportunity– Caused by ability to circumvent internal controls or internal control weaknesses
• Motive– Pressure or perceived pressure – financial– Greed– Revenge– Thrill Seeking
• Rationalization– Excuse or perceived validation for action
![Page 34: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/34.jpg)
Types of Fraud
• Management Fraud– Top management’s manipulation of financial statements
• Employee Fraud– Embezzlement of assets
• Vendor– Overcharging for goods– Shipping inferior goods– Not shipping goods but billed and payment received
![Page 35: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/35.jpg)
Examples of Fraud
• Theft or misappropriation of assets• Fictitious revenues or
disbursements• Check tampering• Fictitious refunds• Fictitious vendor or employee
payments• False statements• False Overtime• Forgery or alteration of documents• Invoice Kickbacks• Bid Rigging
• Unauthorized use of records• Falsification of Reports• Conflicts of interest• Inaccurate employment records• Authorizing or receiving
compensation for hours not worked
• Incurring obligation in excess of appropriate authority
• Willful violation of laws, regulations, policies or contractual obligations
![Page 36: INTERNAL CONTROLS](https://reader036.vdocuments.us/reader036/viewer/2022062411/56816874550346895ddee7b3/html5/thumbnails/36.jpg)
Indicators of Fraud
• Unsupported or unauthorized transactions
• Missing or altered documents• Inconsistent, vague, or
implausible responses• Denial of access to records• Unusual delays in providing
requested information• Numerous complaints• Significant transactions involving
related-parties• Inadequate or absent internal
controls
• Analytical anomalies• Unexplained inventory shortages• Purchases in excess of needs• Excessive voided transactions• Cash shortages
• A CRITICAL COMPONENT IS PROPER EDUCATION OF EMPLOYEES CONCERING FRAUD AWARENESS
• THE PERCEPTION OF THE POSSIBILITY OF DETECTION IS THE BIGGEST DETERENT