RISK MANAGEMENT & INTERNAL CONTROLS

RISK MANAGEMENT &

INTERNAL CONTROLS

RISK MANAGEMENT

OPERATIONAL

• Loss arising from system failure, human error, or external events.

• Controls: segregation of duties, access control, authorisation & reconciliation procedures, staff

education, grievance procedures, backups, reliable data.

MARKET

RISK MANAGEMENT

Proper management of working capital,

capital expenditure, actual versus forecast cash flows.

ASSESSING FRAUD RISK

1. Do one or two key employees appear to

dominate the company?

2. Do any key employees appear to have a

close association with vendors?

3. Do any key employees have outside

business interest that might conflict with their job duties?

4. Does the firm conduct pre-employment

background checks to identify previous dishonest or unethical behaviour?

ASSESSING FRAUD RISK

(Continuing)

5. Does the firm educate employees about

the importance of ethics and anti-fraud?

6. Does the firm provide a secure channel

to report fraud/theft?

7. Is job or assignments rotation mandatory

for employees who handle cash receipts and accounting duties?

8. Is the level of authority clearly identified

ASSESSING FRAUD RISK

(Continuing)

9. Are there policies and procedures addressing

the identification, classification and handling of proprietary information?

10. Do employees who have access to proprietary

information sign non-disclosure agreements?

11. Is there a company policy that address the

receipt of gifts, discounts and services offered by a supplier or client?

12. Are the firm’s financial goals and objectives

Indemnity Insurance

 AFF (AIIF)

 AON (PI & Court Bonds)  Professional Negligence

 Refer to Policy on requirements

In possession of FFC

Covers all costs fees & expenses incurred in

the investigation, defense or settlement of my claim

Indemnity Insurance

Buying additional cover (top up cover)

AON

Misappropriation of Trust Funds

 AFF

 Theft of trust moneys

 Indemnify members of public – not practitioner

 Fund of last resort  Excussion

 Separate insurance cover for firm to cover this type of eventuality required

Asset Insurance

 Buildings

 Movable property (office contents)

 Loss of income / accounts receivable  Public liability

Life & Disability Insurance

 Annuity / Provident Fund

Decision postponed

Low priority on expenditure list

Ignorance to type of environment creating risk
Incentive to support staff

Marketing

Marketing

 External

Clients needs regularly accessed

Remain relevant – anticipate client needs
Branding

Network

Social media
Webpage

Legal topics - newspapers

- functions

Marketing

INTERNAL CONTROLS:

CHECK LIST

A. Accounting Records and General

1. Are the accounting records, including

lists of trust ledger balances, retained for at least five years from the date of the

last entry therein?

2. Are all accounting records written up

monthly?

3. Are all accounting records kept in a neat,

INTERNAL CONTROLS:

CHECK LIST

4. Are employees’ duties clearly defined? 5. Are the duties of accounting staff

rotated?

6. Are all employees required to take

regular holidays and are their duties then assumed by other employees?

7. Are all employees in positions of trust

INTERNAL CONTROLS:

CHECK LIST

B. Banking Accounts

1. Are separate trust and business banking

accounts maintained?

2. Are there any investments accounts in

operation?

3. Who has authority to open and call up? 4. Proper recording?

Investment accounts (cont)

 Procedure to obtain prior written consent?  Detailed record kept?

 Regular review?

 Review by person other than those who maintain a register, account, or records of investments.

INTERNAL CONTROLS:

CHECK LIST

C. Remittances Received by Mail

1. Is the mail collected from the post office

by a responsible official?

2. Is all mail opened by at least two

persons?

3. Are the mail openers independent of the

INTERNAL CONTROLS:

CHECK LIST

4. Is there a record of all moneys received

by mail?

5. Is this record subsequently checked with

actual receipts by an independent person?

6. Is this checking function adequately

INTERNAL CONTROLS:

CHECK LIST

D. Receipts and Banking

1. Is the trust account cash kept separate

from business account cash?

2. Are receipts made out immediately for all

amounts received?

3. Are full particulars always shown on

receipts?

4. Are the originals of all cancelled receipts

stapled to the cancelled copies?

5. Is the cash office secure against access by

INTERNAL CONTROLS:

CHECK LIST

6. Are properly printed pre-numbered receipt

books with an adequate number of copies used?

7. Is a register of receipt books maintained?

8. Are unused receipt books under the control of

a responsible official who has nothing to do with cash receipts?

9. Are all receipts banked intact daily?

10. Are receipts regularly compared with details of

the bank stamped deposit slips by an independent employee?

INTERNAL CONTROLS:

CHECK LIST

E. Cheque Payments

1. Are cheque preparers independent of the

persons who:

a. approve vouchers for payment b. sign cheques?

2. Are cheques made payable to third

parties such as Banks, etc. always made payable to “ABC for credit of account

INTERNAL CONTROLS:

CHECK LIST

3. Are all trust account cheques preprinted to

“order”?

4. Are cash cheques and bearer cheques

prohibited?

5. Are cancelled cheques marked cancelled

and kept available for subsequent inspection?

INTERNAL CONTROLS:

CHECK LIST

6. Are all cheques accompanied by

properly authorised vouchers when presented for signature?

Forged vouchers(fictitious creditors) Forged bank statements

Relevant ledger account

7. Is the signing of cheques in blank

INTERNAL CONTROLS:

CHECK LIST

F. Petty Cash

1. Does the petty cashier have exclusive

control over the petty cash and responsibility therefore?

2. Are all payments supported by properly

authorised petty cash slips and vouchers (where applicable)?

3. Are all paid slips and vouchers marked

INTERNAL CONTROLS:

CHECK LIST

4. Has a reasonable limit been set for

individual payments?

5. Is the float fixed at a reasonable level

having regard to the level of expenditure?

6. Periodically examined by a responsible

person?

7. Is the cash counted and agreed to the

INTERNAL CONTROLS:

CHECK LIST

G. Control of Pre-numbered Stationery

1. Is the following stationery consecutively

pre-numbered and numerically and physically controlled?

a) Receipt books - Business - Trust

b) Cheque books - Business

- Trust c) Fee notes

INTERNAL CONTROLS:

CHECK LIST

2. Are all orders for the printing of controlled

stationery authorised by a responsible official?

3. Is the physical control of such stationery

vested in a responsible official or a person divorced from the effecting or recording of transactions?

The Trust Reconciliation

 1. Are bank reconciliations prepared monthly?

 2. Such recons prepared by employee

independent of cash receipts and payment functions?

 3. Does the reconciler exercise physical control over bank statements and issued cheques?

Trust Reconciliation (cont)

 Do the bank recon procedure include:

A comparison of paid cheques with the cash

book as to names, dates and amounts?

Accounting for numerical sequence of paid

cheques?

Regular follow –up on long outstanding

cheques and deposits?

INTERNAL CONTROLS:

CHECK LIST

H. Computerised Accounting

Data Capture

 Are all source entries independently totalled prior to being captured?

2. Is a permanent record kept in a register

of these batch totals together with a description of the entries processed?

INTERNAL CONTROLS:

CHECK LIST

3. Are all source documents or source entries: a) Sequentially numbered?

b) Processed in sequence?

4. Where computer postings are made directly

from the source document (i.e. where there is no book of prime entry) are all prime

documents sequentially numbered, batched and permanently filed?

INTERNAL CONTROLS:

CHECK LIST

Security of Information/Data Resident on the Computer

1. Does the computerised system generate an

audit trail of the following:

a) Transfers between the trust accounts and

business accounts.

b) Transactions processed to the trust accounts. c) All deleted, amended and/or inactive trust

INTERNAL CONTROLS:

CHECK LIST

Security Over Programs

1. Are there defined responsibilities

regarding testing, documenting and approving the implementation or

INTERNAL CONTROLS:

CHECK LIST

Security Over Data Access

1. Is there effective security against

unauthorised access to programs and data files?

2. Are there controls to ensure that

computer programmers do not have access to the live data files?

3. Is access restricted by an effective

Internet fraud

 Phishing

Fraudsters pretend to be a trusted corporation

or bank. Requested to obtain valuable information.

 “ Dear Client,

A payment has been made to your account. To view the details of the payment, please click here to login. < http://www.milan-ipe.com/login-nedbank-secure-payment/index.php> Please ensure that you enter the One Time Pin that will be sent to your cell phone immediately after your login.

If you have any questions or would like more information, please contact our support centre”

Phishing (cont)

 “Account Update Notice 

 Dear Valued Clients, 

 ABSA has initiated protective procedures to secure the online banking accounts of our customers from identity theft and phishing attempts.

 As a result of this newly implanted security program, we will require you to bear with us as we work to increase the security of your account.

 Please follow the instructions as we will be sending you SMS messages for verification purposes.  We would suspend your access for safety reasons until you upgrade. follow the link below

 

 Please go to: https:important/server/upgrade/absa.co.za <

http://www.papayacomputer.com/tmp/arr/ssl/o-upgrade/server/update-profile/cs.servers.php> 

 You will also need to verify your TVN upon request. 

 Thank You 



Tips to Prevent

 Never access internet banking using a link or a favorite.

 Always open your browser and type in address.

 Never allow browser to save pin.

 Hover your mouse over any hyperlinks to reveal the actual URL.

 Use a secure site – secure protocol – https://

Tips (cont)

 Avoid opening unsolicited emails and attachments that may cause viruses, malware and spyware.

 Ensure that your antivirus and antispyware is up to date. - keyloggers

 Do not make use of public

terminals(internet cafes,hotels,libraries,etc)  Secure payment sites when shopping on

INTERNAL CONTROLS:

CHECK LIST

Back-up

1. Is there a formal back-up procedure that is

followed?

2. Are data files backed-up regularly? 3. Are multiple versions of the back-up

maintained?

4. Are back-up files stored in a safe alternative

location?

5. Are back-up files frequently tested to ensure

INTERNAL CONTROLS:

CHECK LIST

I. Scams & Money Laundering

1. Have manuals, policies and procedures

been developed and implemented to ensure compliance with provisions of anti-money laundering legislation?