VGFOA Fall Conference October 23, 2014 John Montoro, Presenter

Transcription

1 VGFOA Fall Conference October 23, 2014 John Montoro, Presenter

2 Brief overview of internal control components under the new COSO framework Monitoring of Internal Controls What to do? By Whom? How?

3 Team Competition

4 Team Selection Pharrell Christina Blake Shakira Adam Gwen

5 Team BUZZER I m so HAPPY! JEANIE in a bottle TEXAS! (with finger point) HIPS don t lie High FIVE! HOLLA back girl

6 Look for

7 TRUE OF FALSE VGFOA Stands for: Virginia Golfing Federation of America FALSE

8 Safeguard your organization s assets while in your possession Efficiently manage and spend the funds entrusted to you Accurately report how the money was spent Obey all applicable laws and regulations while doing so

9

10 Internal controls Name one of the five components of internal controls

11 It makes perfect sense! CPA s are so smart!

12 Internal Controls for Dummies Set the tone establish a culture of accountability Analyze your risks. Ask yourself: What could go wrong? Establish control procedures to mitigate significant risks Communicate those procedures to your employees Check back from time to time to see if controls are working as designed

13 Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability Risk Assessment 6. Specifies suitable objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change Control Activities Information & Communication Monitoring Activities 10.Selects and develops control activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information 14.Communicates internally 15.Communicates externally 16.Conducts ongoing and/or separate evaluations 17.Evaluates and communicates deficiencies

14 1. Demonstrate a commitment to integrity and ethical values 2. Board that demonstrates independence and provides oversight over internal control 3. Management establishes, with board oversight, structures, appropriate lines of authority and responsibility in the pursuit of objectives 4. Organization demonstrates a commitment to attract, develop and retain competent individuals 5. Employees are held accountable for their internal control responsibilities Setting the tone

15 6. Objectives are stated with sufficient clarity to enable the identification and assessment of risk relating to the objectives 7. The organization identifies risks to the achievement of it s objectives across the entity and considers how the risks will be managed 8. Organization always considers the potential for fraud when assessing risk 9. Identifies and assesses changes that could significantly impact internal controls What could go wrong?

16 10. Control activities are developed that contribute to the mitigation of risks to acceptable levels 11. Selects and develops general control activities over technology I want to prevent and detect errors 12. Control activities are deployed through policies that establish what is expected and procedures that put policies into action

17 13. Relevant, quality information is generated to support the functioning of internal control 14. Internally communicates information on objectives and responsibilities for internal control Employees are not mindreaders 15. The organization communicates with external parties regarding matters affecting the functioning of internal control

18 16. Ongoing or separate evaluations are conducted to ascertain whether the components of internal control are present and functioning Do we have that much in the bank? 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those persons responsible for taking corrective action

19 Identifies and assesses changes that could significantly impact internal controls Is a principle of which internal control component? RISK ASSESSMENT

20 Ongoing or separate evaluations are conducted to ascertain whether the components of internal control are present and functioning Is a principle of which internal control component? MONITORING

21 Select and develop general control activities over technology Is a principle of which internal control component? Establish control procedures

22 TRUE OF FALSE If you have implemented 4 out of the 5 components of internal control, that s a score of 80% and considered a passing grade by the auditors FALSE

23 Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: Each component and each relevant principle is present and functioning The five components are operating together in an integrated manner Each principle is suitable to all entities; all principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component

24 Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives

25 Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014) During the transition period, external reporting should disclose whether the original or updated version of the Framework was used

26 Demonstrates a commitment to integrity and ethical behavior? A) Risk assessment B) Monitoring C) Procedures D) None of the above CONTROL ENVIRONMENT

27 Monitoring Internal Controls

28 TRUE OF FALSE The effectiveness of internal controls is the responsibility of internal audit FALSE

29 Monitoring Internal Controls

30 Monitoring Internal Controls Periodically monitor what you are doing now validate Identify a change in process or structure. Keep in mind that the change may be external. - Initiate a change management process

31 Who should perform monitoring? What controls to consider? What information should be evaluated? What procedures to employ, by whom and how often. How to assess and report results.

32 TRUE OF FALSE The reliability of a monitoring procedure is dependent upon who performs it. TRUE

33 Self review Peer review Supervisory review Increasing objectivity Impartial review

34 Use your risk assessment to identify key controls Formal comprehensive analysis Informal discussion (documented) Risk factors to consider Nature of operations Changes in operations Environmental factors Susceptibility to theft or fraud

35 Area: Objective: Risk: Priority: Revenue Timely recorded and properly classified Increased fraud risk if not timely; risk of not identifying regulations to follow (state vs federal) High

36 TRUE OF FALSE When evaluating controls, your goal is to obtain absolute assurance that the control is effective FALSE

37 Identify persuasive information both suitable and sufficient in the circumstances that provides evaluator reasonable, not absolute support for conclusion regarding the continuing effectiveness of internal controls in a particular risk area

38 TRUE OF FALSE In order to be effective, a monitoring procedure should be conducted by someone outside of the department being evaluated FALSE

39 Ongoing Monitoring: procedures include both direct and indirect information Regular management activities Peer comparisons Reconciliations Separate evaluations Conducted periodically Not ingrained in routine operations

40 Attributes of Ongoing Monitoring Integrates with operations Provides objective assessments Uses knowledgeable personnel Considers feedback Adjusts scope and frequency as needed

41 TRUE OF FALSE Only report results of monitoring if a problem or potential weakness is identified FALSE

42 Need to prioritize results. Consider: Likelihood that the deficiency will affect the achievement of an objective The effectiveness of compensating controls The aggregating effect of multiple deficiencies

43 Monitoring Internal Controls Periodically monitor what you are doing now validate Identify a change in process or structure. Keep in mind that the change may be external. - Initiate a change management process

44

45 TRUE OF FALSE A quote from Jenny Smith, Finance Director of Aloha County: Internal controls in the Treasurer s office are not my problem FALSE

46 You have government wide responsibility for internal controls Decentralized operations You have limited authority and daily oversight of a number of key accounting functions You rely on other departments for key information Public oversight How do you encourage departments/functions to be proactive and let you know of potential problems?

47 What can management do? What can internal audit do?

48

49 Commonwealth of Virginia ARMICS program Specifically excluded internal audit shops from participating Annual certification of the effectiveness of internal controls in their department/agency Internal audit can use the results to help tailor their audit program for the next year

50 A word of caution: Proper monitoring requires the assessment of persuasive information and documentation With that in mind, what type of documentation would you require for the annual certification of internal controls?

51 Generally a key control Susceptible to change due to turnover, vacant positions, downsizing Before you can monitor, you need to formally identify those controls. Encourage reporting Annually request verification that controls are in place- throughout the year.

52 Timely reconciliations of balances to external documentation, to subsidiary ledgers are a key control for all organizations Examples. How do you know they are being done every month?

53 What are your key controls to ensure that payments are not made to fictitious vendors? How can you monitor those controls to ensure that they are functioned as designed?

54 You have lunch with your banker. We never look at signatures anymore. You initiate ACH payments or your bank now offers on line bill pay.

55 Name one way you can encourage monitoring and reporting in departments outside of finance

56 John Montoro, CPA, CGMA RealTime Accounting Solutions