SlideShare uma empresa Scribd logo

Emerging Contractors Mitigating Control Risk

M
Marie Pagnotta

Tips and strategies to help owners of small construction practices understand and mitigate fraud and control risks.

Apresentações e oratória
1 de 19
Baixar para ler offline
Presented by: Michael Carr, CPA, MSA, MST Director 508-212-3088 EMERGING CONTRACTORS MITIGATING CONTROL RISK CITRINCOOPERMAN.COM
TODAYS AGENDA • Introduction • Components of Internal control systems • Preventive, detective, and corrective controls • Cost-benefit concept for developing controls in small departments • Super-Users
An organization’s financial resources can be protected from loss, waste, or theft by:  Developing proper internal control systems • Ensuring reliable data processing • Promoting operational efficiency  Having proper management oversight • Mitigating controls for small departments where segregation of duties is not possible INTRODUCTION
Internal controls should achieve four main objectives:  Safeguard assets  Check accuracy and reliability of data  Promote efficiency  Encourage ethics and compliance INTRODUCTION
• Control environment • Risk assessment • Control activities • Information and communication • Monitoring COMPONENTS OF INTERNAL CONTROLS
Control environment  Establishes the tone of a Company  Influences the awareness of the employees  Factors in the control environment: • Integrity and values • Management philosophy and operating style • Assignment of authority and responsibility • Attention and direction of management COMPONENTS OF INTERNAL CONTROLS
Risk assessment  Recognize that ALL organizations have risk  What is the risk factor we are analyzing? • Sources of risk can be internal OR external • Must identify, analyze, and provide action to achieve the organizations goals COMPONENTS OF INTERNAL CONTROLS
Control activities  Organizations policies and procedures • Managements directives • Protection of assets  Includes a combination of: • Manual controls (owner, employees, etc.) • Automated controls (software, etc.) COMPONENTS OF INTERNAL CONTROLS
Control activities  Should be grouped into categories: • Authorizations (before) • Approvals (after) • Verification (after) • Reconciliations (after) • Segregation of duties (continuous, when cost is beneficial) COMPONENTS OF INTERNAL CONTROLS
Information and communication  Information (accounting systems) • Records • Processes • Reporting • Accountability for assets, liabilities and equity (ensuring assertions are met)  Communication • Helps employees understand their roles and responsibilities in the control environment and over financial reporting • Creates and enforces accountability COMPONENTS OF INTERNAL CONTROLS
Monitoring  Assesses the quality of internal control performance over time  Evaluating the design and operation of controls timely  Initiating corrective action when controls are identified as not functioning properly COMPONENTS OF INTERNAL CONTROLS
Preventive controls (before)  Designed to prevent potential problems from occurring Detective controls (during)  Designed to discover occurrences of adverse events Corrective controls (after)  To remedy problems discovered during through the detective controls PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
Preventive and detective controls should be viewed and designed together, as they are interrelated  Detective controls should always be designed to determine if preventive controls are working PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
Segregation of Duties  SOD concept – No one person should have control over an ENTIRE process • i.e. – The person who does A/R billings, should not also be in charge of cash receipts and/or reconciling cash  Cost vs. Benefit • Can we achieve the control objective without having to hire another employee?  Additional management oversight • Has the process or procedure out grown the current environment?  If the process has grown to where oversight alone is not enough, additional personnel may be required. COST-BENEFIT FOR DEVELOPING CONTROLS
Management oversight should focus on:  The main risk areas - • Cash • Payroll  Fake employees  Inflated salary  Benefit payments • Fake vendors • Personal expenses • Kick backs (personal projects completed for awarding of jobs) • Theft of materials / tools COST-BENEFIT FOR DEVELOPING CONTROLS
Management oversight  Preventive • Software access rights • Approved vendor listing (restrict access to add in software) • Control over check stock (locked) • No signature stamps (avoid!)  Detective • Receipt and review of bank statements • Receipt and review of payroll reports • Receipt and review of daily cash collections reports • Review of certain bids and why subs were selected over others COST-BENEFIT FOR DEVELOPING CONTROLS
What is a “super user”?  A necessary user for all companies who has access to all areas of the software and/or all areas of the database.  Can include: • Company owners • IT/System Admins • Help Desk employees • Developers • Third party vendors • Applications • Accounting personnel (CFO?) SUPER-USERS
Super user impact to controls:  Risk of management override  Fraud risk (fake vendors, employees, etc.)  No individual accountability (depending on system setup)  Can render segregation of duty controls outside of the software useless  Can impact audit strategy and communication with those charged with governance  Potential issues with regulators (access to sensitive information) • Virtually all compliance regulations require a segregation of duties around super user access SUPER-USERS
QUESTIONS

Recomendados

C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
Citrin Cooperman
 
The Modern ERP Landscape
The Modern ERP LandscapeThe Modern ERP Landscape
The Modern ERP Landscape
Citrin Cooperman
 
TRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
TRU Snacks Webinar Series - How to Automate Finance Using Accounting RobotsTRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
TRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
Citrin Cooperman
 
TRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
TRU Snacks Webinar Series - Effective Technology for Managing a Remote WorkforceTRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
TRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
Citrin Cooperman
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
Global Knowledge Training
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
AstalapulosListestos
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Genpact Ltd
 

Recomendados

C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
C-Suite Snacks Webinar Series: Best-In-Class Finance and Accounting: Should Y...
Citrin Cooperman
 
The Modern ERP Landscape
The Modern ERP LandscapeThe Modern ERP Landscape
The Modern ERP Landscape
Citrin Cooperman
 
TRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
TRU Snacks Webinar Series - How to Automate Finance Using Accounting RobotsTRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
TRU Snacks Webinar Series - How to Automate Finance Using Accounting Robots
Citrin Cooperman
 
TRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
TRU Snacks Webinar Series - Effective Technology for Managing a Remote WorkforceTRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
TRU Snacks Webinar Series - Effective Technology for Managing a Remote Workforce
Citrin Cooperman
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
Global Knowledge Training
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
AstalapulosListestos
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Genpact Ltd
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
Francois Combrinck CBAP
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
AstalapulosListestos
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
AstalapulosListestos
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
Tapas Bhattacharya
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
Wafaa N. AbuSadah
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
AstalapulosListestos
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment
Chris Nicole Apat-Orcullo, CPA
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
EC-Council
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
Yasir Khan
 
IT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial SectorIT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial Sector
UKNGroupLtd
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
Astri Stiawaty
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
mascot4u
 
AMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management ProgramAMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management Program
Ivanti
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
Conor Coughlan
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
Social Tables
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
ControlCase
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
arif prasetyo
 
Managerial control
Managerial controlManagerial control
Managerial control
Parul Tandan
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
Jayant Dalvi
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
 
Risk assessment facilitation guide
Risk assessment facilitation guideRisk assessment facilitation guide
Risk assessment facilitation guide
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Auditing corporate governance guide
Auditing corporate governance guideAuditing corporate governance guide
Auditing corporate governance guide
 
It alignment-who-is-in-charge
It alignment-who-is-in-chargeIt alignment-who-is-in-charge
It alignment-who-is-in-charge
 
Building continuous auditing capabilities
Building continuous auditing capabilitiesBuilding continuous auditing capabilities
Building continuous auditing capabilities
 
Data analytics and audit coverage guide
Data analytics and audit coverage guideData analytics and audit coverage guide
Data analytics and audit coverage guide
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
IT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial SectorIT Outsourcing Risks In Financial Sector
IT Outsourcing Risks In Financial Sector
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
 
AMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management ProgramAMB400: How to Build a Successful IT Asset Management Program
AMB400: How to Build a Successful IT Asset Management Program
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 

Semelhante a Emerging Contractors Mitigating Control Risk

Semelhante a Emerging Contractors Mitigating Control Risk (20)

Managerial control
Managerial controlManagerial control
Managerial control
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
Compliance
ComplianceCompliance
Compliance
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1Ais Romney 2006 Slides 06 Control And Ais Part 1
Ais Romney 2006 Slides 06 Control And Ais Part 1
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
chapter2-190516054412.pdf
chapter2-190516054412.pdfchapter2-190516054412.pdf
chapter2-190516054412.pdf
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptx
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptx
 
Internal control.. control env
Internal control.. control envInternal control.. control env
Internal control.. control env
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
Foundation of Control
Foundation of ControlFoundation of Control
Foundation of Control
 
CISA_WK_1.pptx
CISA_WK_1.pptxCISA_WK_1.pptx
CISA_WK_1.pptx
 
Management Control System
Management Control SystemManagement Control System
Management Control System
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorduction
 

Último

If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
 

Último (20)

If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 

Emerging Contractors Mitigating Control Risk

  • 1. Presented by: Michael Carr, CPA, MSA, MST Director 508-212-3088 EMERGING CONTRACTORS MITIGATING CONTROL RISK CITRINCOOPERMAN.COM
  • 2. TODAYS AGENDA • Introduction • Components of Internal control systems • Preventive, detective, and corrective controls • Cost-benefit concept for developing controls in small departments • Super-Users
  • 3. An organization’s financial resources can be protected from loss, waste, or theft by:  Developing proper internal control systems • Ensuring reliable data processing • Promoting operational efficiency  Having proper management oversight • Mitigating controls for small departments where segregation of duties is not possible INTRODUCTION
  • 4. Internal controls should achieve four main objectives:  Safeguard assets  Check accuracy and reliability of data  Promote efficiency  Encourage ethics and compliance INTRODUCTION
  • 5. • Control environment • Risk assessment • Control activities • Information and communication • Monitoring COMPONENTS OF INTERNAL CONTROLS
  • 6. Control environment  Establishes the tone of a Company  Influences the awareness of the employees  Factors in the control environment: • Integrity and values • Management philosophy and operating style • Assignment of authority and responsibility • Attention and direction of management COMPONENTS OF INTERNAL CONTROLS
  • 7. Risk assessment  Recognize that ALL organizations have risk  What is the risk factor we are analyzing? • Sources of risk can be internal OR external • Must identify, analyze, and provide action to achieve the organizations goals COMPONENTS OF INTERNAL CONTROLS
  • 8. Control activities  Organizations policies and procedures • Managements directives • Protection of assets  Includes a combination of: • Manual controls (owner, employees, etc.) • Automated controls (software, etc.) COMPONENTS OF INTERNAL CONTROLS
  • 9. Control activities  Should be grouped into categories: • Authorizations (before) • Approvals (after) • Verification (after) • Reconciliations (after) • Segregation of duties (continuous, when cost is beneficial) COMPONENTS OF INTERNAL CONTROLS
  • 10. Information and communication  Information (accounting systems) • Records • Processes • Reporting • Accountability for assets, liabilities and equity (ensuring assertions are met)  Communication • Helps employees understand their roles and responsibilities in the control environment and over financial reporting • Creates and enforces accountability COMPONENTS OF INTERNAL CONTROLS
  • 11. Monitoring  Assesses the quality of internal control performance over time  Evaluating the design and operation of controls timely  Initiating corrective action when controls are identified as not functioning properly COMPONENTS OF INTERNAL CONTROLS
  • 12. Preventive controls (before)  Designed to prevent potential problems from occurring Detective controls (during)  Designed to discover occurrences of adverse events Corrective controls (after)  To remedy problems discovered during through the detective controls PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
  • 13. Preventive and detective controls should be viewed and designed together, as they are interrelated  Detective controls should always be designed to determine if preventive controls are working PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
  • 14. Segregation of Duties  SOD concept – No one person should have control over an ENTIRE process • i.e. – The person who does A/R billings, should not also be in charge of cash receipts and/or reconciling cash  Cost vs. Benefit • Can we achieve the control objective without having to hire another employee?  Additional management oversight • Has the process or procedure out grown the current environment?  If the process has grown to where oversight alone is not enough, additional personnel may be required. COST-BENEFIT FOR DEVELOPING CONTROLS
  • 15. Management oversight should focus on:  The main risk areas - • Cash • Payroll  Fake employees  Inflated salary  Benefit payments • Fake vendors • Personal expenses • Kick backs (personal projects completed for awarding of jobs) • Theft of materials / tools COST-BENEFIT FOR DEVELOPING CONTROLS
  • 16. Management oversight  Preventive • Software access rights • Approved vendor listing (restrict access to add in software) • Control over check stock (locked) • No signature stamps (avoid!)  Detective • Receipt and review of bank statements • Receipt and review of payroll reports • Receipt and review of daily cash collections reports • Review of certain bids and why subs were selected over others COST-BENEFIT FOR DEVELOPING CONTROLS
  • 17. What is a “super user”?  A necessary user for all companies who has access to all areas of the software and/or all areas of the database.  Can include: • Company owners • IT/System Admins • Help Desk employees • Developers • Third party vendors • Applications • Accounting personnel (CFO?) SUPER-USERS
  • 18. Super user impact to controls:  Risk of management override  Fraud risk (fake vendors, employees, etc.)  No individual accountability (depending on system setup)  Can render segregation of duty controls outside of the software useless  Can impact audit strategy and communication with those charged with governance  Potential issues with regulators (access to sensitive information) • Virtually all compliance regulations require a segregation of duties around super user access SUPER-USERS