• No results found

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

N/A
N/A
Info
Download
Protected

Academic year: 2022

Share "University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

Internal Controls

Enterprise-Wide Risk Assessment

University Audit and Compliance

(2)

• In order to achieve goals and objectives, management needs to effectively balance risks and controls.

• Control procedures need to be developed so that they decrease risk to a level where

management can accept the exposure to that risk.

Balancing Risk and Controls

University Audit and Compliance

(3)

In order to achieve a balance, internal controls should be:

Proactive

Value-added

Cost-effective

Address exposure to risk

Balancing Risk and Controls

University Audit and Compliance

(4)

Excessive Risks Excessive Controls Loss of assets, donor, grant Increased bureaucracy

Poor business decisions Reduced productivity Non-compliance Increased complexity Increased regulations Increased cycle time

Public scandals Increase of no-value added activities

Balancing Risk and Controls

Being out of balance, as it relates to financial and compliance goals, can cause the following problems:

University Audit and Compliance

(5)

Myth Fact

Internal control starts with a strong set of policies and procedures.

Internal control starts with a strong control environment.

Internal control—that’s why we have internal auditors.

Management is the owner of internal control.

Internal control is a

finance thing. We do what the Controller’s Office tells us to do.

Internal control is

integral to every aspect of the business.

The Internal Control Mystique

University Audit and Compliance

(6)

Myth Fact

Internal controls are a necessary evil. They take time away from our core activities—serving

students, research, health, football.

Internal controls should be built into, not on to business processes.

Internal controls are a list of “thou shalt nots.”

Internal control makes the right things happen the first time, and every time.

The Internal Control Mystique

University Audit and Compliance

(7)

Myth Fact

If controls are strong enough, we can be sure there will be no fraud, and financial statements will be accurate.

Internal controls provide reasonable, but not

absolute assurance that

objectives will be achieved.

The Internal Control Mystique

University Audit and Compliance

(8)

• Committee of Sponsoring Organizations of the Treadway Commission (COSO)

- A private sector initiative established in 1985 by five financial professional organizations:

o American Accounting Association o AICPA

o Financial Executives Institute o IIA

o Institute of Management Accountants

COSO

University Audit and Compliance

(9)

COSO’s goal:

To improve the quality of

financial reporting by focusing on corporate governance,

ethical practices, and internal control.

In 1992, published Internal Control—Integrated

Framework.

Establishes a common

definition of internal control

Provides a standard by which organizations can assess and improve their control systems.

COSO

Monitoring

Risk Assessment Control Environment

Control Activities

University Audit and Compliance

(10)

COSO defines internal control as a process affected by an entity’s board of directors, management and other personnel, and designed to provide

reasonable assurance regarding the achievement of objectives in the following categories:

• Effectiveness and efficiency of operations

• Reliability of financial reporting

• Compliance with applicable laws and regulations.

Definition

University Audit and Compliance

(11)

Fundamental concepts:

Internal control is a process.

It’s a means to an end, not an end in itself.

-Geared toward the achievement of objectives

Internal control is affected by people at every level.

-Not merely policy manuals and forms

Provides reasonable, not absolute assurance.

Concepts

University Audit and Compliance

(12)

Five Key Components of the Internal Control System:

1. Control environment 2. Risk assessment

3. Control activities

4. Information and communication 5. Monitoring

Key Components

University Audit and Compliance

(13)

• First line of defense is to mitigate risks

• Build control-consciousness throughout the organization’s culture.

- Philosophy & operating style

- Commitment to integrity & ethical values - Competency

- Authority & responsibility

- Organization & development

Control Environment

University Audit and Compliance

(14)

Impact to business objectives:

• Strategic – high-level goals, aligned with and supporting its mission

• Financial – safeguarding assets

• Operational – processes that achieve goals

• Compliance – laws & regulations

• Reputation – public image

Risk Assessment - ERM

University Audit and Compliance

(15)

Actions, supported by policies and

procedures that, when carried out properly and timely, manage or reduce risks.

Approvals Authorizations

Verifications Reconciliations

Segregation of duties • Security of assets

Performance reviews • Information system controls

Control Activities

University Audit and Compliance

(16)

Controls can be either preventive or detective:

Preventive – attempt to deter or prevent undesirable events from occurring.

-Separation of duties, approvals, proper authorization, adequate documentation, physical control over assets.

Detective – attempt to detect undesirable acts.

-Provide evidence that a loss has occurred.

-Reviews, variance analyses, reconciliations, physical inventories, and audits.

Control Activities

University Audit and Compliance

(17)

All organizations must identify, capture, and communicate pertinent information in a

form and timeframe that enables people to carry out their responsibilities.

Information and Communication

University Audit and Compliance

(18)

Effective monitoring consists of:

• Ongoing monitoring

• Separate evaluations

• Reporting deficiencies

Monitoring

University Audit and Compliance

(19)

• Confirms that all 5 components are in place, properly designed, and functioning

effectively.

• We can reduce the cost of monitoring by building it into processes.

Monitoring

University Audit and Compliance

(20)

What is an “effective” system of controls?

Emanates from an ethical tone at the top.

Policies & procedures are in place, understood, and followed.

Organization-wide commitment to strong internal controls, effective risk management, and to

meeting expectations of all stakeholders.

Success Factors

University Audit and Compliance

(21)

Internal controls cannot ensure success.

• Bad decisions

• Poor managers

• Unethical behavior

• Collusion

• Override of controls

• Competition

Limitations

University Audit and Compliance

References

Download now ( PDF - 21 Page - 512.59 KB )

Related documents

Affective responses to supervised 10-week programs of resistance exercise in older adults

Therefore, the present study aims to compare the affective responses of a group of older adults when carrying out a supervised 10-week training inter- vention of either HVLL or

Agency Board Meeting 28 July 2015

The purpose of this report is to inform the Agency Board of the activities of the Audit Committee and provide assurance to the Agency Board that the internal control and risk

Emissions Reduction Fund Safeguard Mechanism Consultation Paper, February 2018

APPEA supports the approach proposed on page 8 of the Consultation Paper to provide for facilities to consistently and regularly report their production data through the National

Services for Children and Young People with Special Educational Needs and Disabilities. Lancashire s Local Offer. Lancashire s Health Services

The special needs school nursing service exists to provide skilled evidence based care to all special needs children and their families in the special school settings,

Charisma and the Clinic

examining charisma within healthcare settings furthers the concept, in particular by drawing 14.. attention to the discursive features of ecologies and the ‘non-innocence’

A network DEA quantity and quality-orientated production model: An application to Australian university research services

For example, in the Australian context, [28−31] measured the research output of Australian universities using, among other things, the number of publications (including books,

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

IIA and ISACA Risk Management Internal Audit Guidance COSO ERM: Enterprise Risk Management. IT Audit Risk and COSO

Tribal Knowledge War: A Location-based Pervasive Knowledge War Game

In this thesis, we have studied literature focused on making games educational and fun, and we have used the knowledge from this literature to develop a prototype of a game that