Mais conteúdo relacionado

Apresentações para você(20)


Emerging Contractors Mitigating Control Risk

  2. TODAYS AGENDA • Introduction • Components of Internal control systems • Preventive, detective, and corrective controls • Cost-benefit concept for developing controls in small departments • Super-Users
  3. An organization’s financial resources can be protected from loss, waste, or theft by:  Developing proper internal control systems • Ensuring reliable data processing • Promoting operational efficiency  Having proper management oversight • Mitigating controls for small departments where segregation of duties is not possible INTRODUCTION
  4. Internal controls should achieve four main objectives:  Safeguard assets  Check accuracy and reliability of data  Promote efficiency  Encourage ethics and compliance INTRODUCTION
  5. • Control environment • Risk assessment • Control activities • Information and communication • Monitoring COMPONENTS OF INTERNAL CONTROLS
  6. Control environment  Establishes the tone of a Company  Influences the awareness of the employees  Factors in the control environment: • Integrity and values • Management philosophy and operating style • Assignment of authority and responsibility • Attention and direction of management COMPONENTS OF INTERNAL CONTROLS
  7. Risk assessment  Recognize that ALL organizations have risk  What is the risk factor we are analyzing? • Sources of risk can be internal OR external • Must identify, analyze, and provide action to achieve the organizations goals COMPONENTS OF INTERNAL CONTROLS
  8. Control activities  Organizations policies and procedures • Managements directives • Protection of assets  Includes a combination of: • Manual controls (owner, employees, etc.) • Automated controls (software, etc.) COMPONENTS OF INTERNAL CONTROLS
  9. Control activities  Should be grouped into categories: • Authorizations (before) • Approvals (after) • Verification (after) • Reconciliations (after) • Segregation of duties (continuous, when cost is beneficial) COMPONENTS OF INTERNAL CONTROLS
  10. Information and communication  Information (accounting systems) • Records • Processes • Reporting • Accountability for assets, liabilities and equity (ensuring assertions are met)  Communication • Helps employees understand their roles and responsibilities in the control environment and over financial reporting • Creates and enforces accountability COMPONENTS OF INTERNAL CONTROLS
  11. Monitoring  Assesses the quality of internal control performance over time  Evaluating the design and operation of controls timely  Initiating corrective action when controls are identified as not functioning properly COMPONENTS OF INTERNAL CONTROLS
  12. Preventive controls (before)  Designed to prevent potential problems from occurring Detective controls (during)  Designed to discover occurrences of adverse events Corrective controls (after)  To remedy problems discovered during through the detective controls PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
  13. Preventive and detective controls should be viewed and designed together, as they are interrelated  Detective controls should always be designed to determine if preventive controls are working PREVENTIVE, DETECTIVE, CORRECTIVE CONTROLS
  14. Segregation of Duties  SOD concept – No one person should have control over an ENTIRE process • i.e. – The person who does A/R billings, should not also be in charge of cash receipts and/or reconciling cash  Cost vs. Benefit • Can we achieve the control objective without having to hire another employee?  Additional management oversight • Has the process or procedure out grown the current environment?  If the process has grown to where oversight alone is not enough, additional personnel may be required. COST-BENEFIT FOR DEVELOPING CONTROLS
  15. Management oversight should focus on:  The main risk areas - • Cash • Payroll  Fake employees  Inflated salary  Benefit payments • Fake vendors • Personal expenses • Kick backs (personal projects completed for awarding of jobs) • Theft of materials / tools COST-BENEFIT FOR DEVELOPING CONTROLS
  16. Management oversight  Preventive • Software access rights • Approved vendor listing (restrict access to add in software) • Control over check stock (locked) • No signature stamps (avoid!)  Detective • Receipt and review of bank statements • Receipt and review of payroll reports • Receipt and review of daily cash collections reports • Review of certain bids and why subs were selected over others COST-BENEFIT FOR DEVELOPING CONTROLS
  17. What is a “super user”?  A necessary user for all companies who has access to all areas of the software and/or all areas of the database.  Can include: • Company owners • IT/System Admins • Help Desk employees • Developers • Third party vendors • Applications • Accounting personnel (CFO?) SUPER-USERS
  18. Super user impact to controls:  Risk of management override  Fraud risk (fake vendors, employees, etc.)  No individual accountability (depending on system setup)  Can render segregation of duty controls outside of the software useless  Can impact audit strategy and communication with those charged with governance  Potential issues with regulators (access to sensitive information) • Virtually all compliance regulations require a segregation of duties around super user access SUPER-USERS