under the microscope business officers meeting march 7, 2006 presented by randy van dyke internal...
Post on 19-Dec-2015
213 views
TRANSCRIPT
Under the Microscope
Business Officers MeetingMarch 7, 2006
Presented by Randy Van Dyke
Internal Control
Overview
• Quiz
• Background
• Internal Control Defined
• Internal Control Framework
• Self Assessment Checklist
Quiz – Handout Pages 2-4
“First, get your facts. Then you can distort ‘em as you please.”
Mark Twain
Background
A Rough Ride for Business– War on Terrorism / Natural
Disasters– Economic downturn / Aftermath– Financial frauds / Business
failures
Sarbanes Oxley Act
“This law says to every dishonest corporate leader: you will be exposed and punished; the era of low standards is over.”
George W. Bush
Sarbanes Oxley Act
• Audit Committee organization and function
• Companies must document and evaluate the effectiveness of internal controls
• CEOs and CFOs must personally certify financial statement accuracy
Sarbanes Oxley Act
• Outside audit reports must include a statement on the effectiveness of internal controls
• Companies must have in place mechanisms for reporting and investigating wrongdoing (including anonymous reports)
Impact on U
• Board of Regents Policy
• Trustees Audit Committee
– Level of Involvement
– Scope of Oversight
Core Process Assessments
This assessment focused on internal controls for 15 business processes.
192 risks and related controls were evaluated.
Core Process Assessments
Potential Risk: Unauthorized access to check stock and printing capability.
Primary Control: A secured laser printer is used to print checks at the time they are issued.
Internal Control Defined
Activities undertaken to increase the likelihood of achieving management objectives in three areas:
– Efficiency and effectiveness of operations
– Financial accountability
– Compliance with laws and regulations
Internal Control Defined
“Internal control gets us where we want to go, with no surprises along the way. Internal control is everyone’s responsibility. . . . Internal control is me.”
Cargill Corporation
Internal Control Framework
Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Control EnvironmentControl Environment
Risk AssessmentRisk Assessment
Control ActivitiesControl Activities
MonitoringMonitoringInform
ation & C
omm
unication
Information &
Com
municationIn
form
atio
n &
Com
mun
icat
ion
Info
rmat
ion
& C
omm
unic
atio
n
Control Environment
• Integrity and ethical values• Commitment to Competence• Management Operating Style• Organizational Structure• Assignment of Authority and
Responsibility• Human Resource Policies and
Practices
Risk Assessment
• Organizational Goals and Objectives
• Risk Identification and Prioritization
• Managing Change
Control Activities
• Written Policies and Procedures
• Control Procedures
• Controls over Information Systems
Monitoring
• Management Supervision
• Outside Sources
• Response Mechanisms
• Self-assessment Mechanisms
Quiz
1. Internal control starts with a strong set of policies and procedures.
False: Internal control starts with a strong control environment.
Quiz
2. Internal and external auditors are responsible to develop and monitor internal controls.
False: While auditors play an important role, management is the owner of internal control.
Quiz
3. Internal controls are mostly concerned with control over assets, cash receipts, and cash disbursements.
False: Internal control is integral to every aspect of business.
Quiz
4. Internal controls are essentially negative, like a list of “thou-shalt-nots.”
False: Internal control makes the right things happen the first time.
Quiz
5. Internal controls take time away from core activities, such as serving faculty and students.
False: Internal control should be built “into,” not “onto” business processes.
Quiz
6. When delegating authority and empowering employees, it is necessary to give up a certain amount of internal control.
False: Decentralized decision-making requires different forms of control.
Quiz
7. If controls are strong, we can be assured employees will be prevented from committing fraud.
False: Internal control provides reasonable, but not absolute assurance.
Quiz
8. What are some impediments to establishing effective internal controls?
• Lack of knowledge and ‘ownership’
• Lack of creativity• Lack of interest
Links & Contact Information
• Internal Audit Department http://www.utah.edu/Internal Audit/
• Ethics and Compliance Hotline 585-1593; [email protected]
• Ethical Standards and Code of Conduct http://www.hr.utah.edu/ethicalstandards/
• University of Utah Policies and Procedures http://www.admin.utah.edu/ppmanual/
• COSO http://www.coso.org/• [email protected], 581-5988
• [email protected], 581-6561
• [email protected], 585-3529