Understanding Internal Controls. Federal Highway Administration New Mexico Division

Transcription

1 Understanding Internal Controls Federal Highway Administration New Mexico Division

2 Agenda and Objectives Defining and discussing the importance of internal controls Internal Controls organization, policies, and procedures are tools to help program and financial managers achieve results and safeguard the integrity of their programs. OMB Definition Identify control objectives and techniques Define the five standards and understand their intention Identifying how the standards are used

3 What are Internal Controls 3 How can I effectively, efficiently, and economically carry out my responsibilities for the proper stewardship of the public resources for which I am accountable?

4 The Road Map Understanding of internal control Effective Internal Control Program Types of Controls Appreciation of internal controls Directive Preventive Commitment to internal controls Detective Corrective

5 Accountability 01 Use of resources is consistent with agency mission 02 Programs and resources are protected from waste, fraud, and mismanagement 03 Laws and regulations are followed 04 Reliable/timely information is obtained, maintained, reports, and used for decision making

6 Three Objective of Internal Controls 6 Effective and efficiency of operations Management Planning Budgeting Compliance with applicable laws and regulations Reliability of financial reporting

7 GAO Definition 7 Internal Controls organization, policies, and procedures are tools to help program and financial managers achieve results and safeguard the integrity of their programs. Effectiveness and efficiency of operations Reasonable assurance that objectives will be achieved Objective identified Controls designed Controls in place Objective achieved Reliability of financial reporting Compliance with applicable laws and regulations

8 Why Internal Controls are Important 8 Public Public demands for accountability in the use of taxpayer dollars. Everyone is interested Congress, OMB, GAO, OIGs, agency management, the media. Resources Internal controls are the normal, common sense approach to the management and protection of various types of resources. Effectiveness Internal controls are the means to accomplish a mission within available resources

9 Importance of Internal Controls in an Organization 9 Mission Vision Guiding Principles Agency Strategic Goals Internal Control Program.

10 Fundamental Components of Internal Control 10 Control Objectives Statements about what is supposed to happen. Found in Laws, government-wide and agency regulations, agency goals and performance measures, policy statements and in operations manuals. Control Techniques Specific steps, activities, or procedures that are performed to implement the control objectives. They tell how internal controls objectives are to be carried out.

11 Control Objectives 11 Plans and Policies What Management wants to happen (or not to happen.

12 Control Objectives Should Be 12 Written, complete, appropriate, measurable, and logical Tailor-made for the program/function/activity not canned Supporting the achievement of the mission and the overall goals of the internal control mandates Specifically designed for each situation management wants to manage

13 Control Objectives Helps Us To 13 Identify control techniques or mechanisms Evaluate the control system Provide documented response criteria for addressing risk

14 Establishing an Effective Control Objective 14 Identifying what you want to happen. Identify what you don t want to happen

15 Control Techniques 15 Control Techniques helps us achieve our Control Objectives

16 Identifying and Developing Internal Control Techniques 16 Programmatic Major work is based on welldesigned procedures, Provide consistency of treatment of similar transactions. Ensuring accuracy, provide directions, and increase productivity Operational Financial Administrative

17 Examples of Control Techniques

18 Questions to ask when developing control techniques 18 What needs to happen in this process? How should they do this process? What essential steps are needed to carry. out the process? When do they do this process? Who performs this process and what do they need to know and do? What are the inputs and outputs of this process?

19 What Controls Mean to Managers Develop and implement appropriate, cost effective internal controls Assess the adequacy of internal controls 02 Identify needed improvements and take corrective actions Separately assess: Internal Control over financial report Conformance with financial system requirements 05 Report annually through management assurance statements

20 What Reasonable Assurance Recognizes 20 Human mistakes, judgement errors, and acts of collusion to circumvent controls can negatively affect meeting agency objectives There are lifecycle costs and benefits of controls The cost of a control should not exceed the benefits likely to be derived

21 Balancing Our Control Programs 21 Cost Risks Controls Benefits

22 Manager Responsibilities 22 Documentation Monitoring Communication Cleary defining and communicating organizational mission and goals Assessing risks Deciding where controls are needed Designing and developing written descriptions of controls Communicating these controls to all personnel Placing controls in operations Continuously monitoring and improving the effectiveness of internal controls Periodically testing (evaluating) controls Eliminating duplicate or excess controls and improving weak controls Reporting on whether controls are in place and working effectively Taking timely and effective action to correct deficiencies Tracking progress on correcting deficiencies to ensure timely and effective results Identifying consequences when controls fail

23 Problems Arise 23 Auditors Secret Lack of control objective or control techniques An inadequate control objective or control technique Failure to follow internal controls Internal Control Deficiencies

24 Lack of Education about Internal Control 24 A bean counter, financial or auditing function Not critical to mission accomplishments Accounting and budgeting related only Not important to program managers Too administrative and not operational A paperwork exercise

25 Internal Control Integrated Framework

26 GAO Standards 26 Provide criteria for assessing the design, implementation, and operating effectiveness of internal control in the federal government entities to determine if an internal control system is effective Apply to all of an entity s objective all aspects of operations, reporting, and compliance GAO Should be built by management as an integral part of an entity s operations, especially through polices and procedures Are presented through a hierarchical structure of: Five Components Seventeen principles related to the components Attributes related to the principles

27 The Five Standards of Internal Control 27 Control Activities Monitoring Information Communication Risk Assessment Control Environment

28 Control Environment 28 Control Activities Monitoring Information Communication Risk Assessment Control Environment The Control Environment is the foundation for an internal control system

29 Control Environment Principles 29 The oversight body should oversee the entity s internal control system Management should demonstrate a commitment to recruit, develop, and retain competent individuals The oversight body and management should demonstrate a commitment to integrity and ethical values Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity s objective Management should evaluate performance and hold individuals accountable for their internal control responsibilities

30 Control Environment Principles 30 Exercise Oversight Responsibility: Oversight structure. Oversight for the internal control system Input for remediation of deficiencies Demonstrate commitment to competence: Expectation of competence Recruitment, development, and retention of individuals Succession and contingency plans and preparation Demonstrate commitment to integrity and ethical values: Tone at the top Standards of Conduct Adherence to standards of conduct Establish structure, responsibility and authority: Organization structure Assignment of responsibility and delegation of authority Documentation of the internal control system Enforce Accountability: Enforcement of accountability Consideration of excessive pressures

31 Factors that can affect Control environment 31 Integrity and ethical values Commitment to competence Management philosophy and operating style Organization structure Delegation of authority and responsibility Human Capital policies and practices

32 Risk Assessment 32 Control Activities Monitoring Information Communication Risk Assessment Control Environment

33 Risk Assessment Principles 33 Management should consider the potential for fraud when identifying, analyzing, and responding to risks Management should identify, analyze, and respond to significant changes that could impact the internal control system Risk Management should define objectives clearly to enable the identification of risks and define risk tolerance Management should identify, analyze, and respond to risks related to achieving the defined objectives

34 Risk Assessment Principles Define Objectives and Risk Tolerance: Definitions of objectives Definitions of risk tolerance Define Identify Identify, Analyse, and Respond to Risk: Identification of Risks Analysis of risks Response to risk Identify, Analyse, and Respond to Change: Identification of change Analysis of and respond to change Respond Assess Assess Fraud Risk: Types of fraud Fraud risk factors Response to fraud risks 9 8

35 Control Activities 35 Control Activities Monitoring Information Communication Risk Assessment Control Environment

36 Control Activities Principles 36 Top-level reviews of actual performance Control of information processing Physical control over vulnerable assets Segregation of duties Management should design control activities to achieve objectives and respond to risks Management should design the entity s information system and related control activities to achieve objectives and respond to risks Management should implement control activities through policies

37 Control Activities Specific to Information Systems 37 General control applies to all information System: Mainframe Desktop/laptop computer Network End-user environment

38 Information and Communication 38 Control Activities Monitoring Information Communication Risk Assessment Control Environment

39 39 Information and Communication Principles Management should use quality information to achieve the entity s objectives Management should internally communicate the necessary quality information to achieve the entity s objectives Management should externally communicate the necessary quality information to achieve the entity s objectives

40 Information and Communication Principles Use Quality Information 14 Communicate Internally 15 Communicate Externally

41 Monitoring 41 Control Activities Monitoring Information Communication Risk Assessment Control Environment

42 Monitoring Principles 42 Establish a baseline Internal control system monitoring Evaluation of results Reporting / Evaluation of issues Perform Monitoring Activities Evaluate Issues and Remediate Deficiencies Corrective Actions

43 Internal Control Management and Evaluation Tool 43

44 Contact Information Monica J Gourd Transportation Financial Specialist New Mexico Division Office Monica.Gourd@dot.gov