VGFOA Fall Conference October 23, 2014 John Montoro, Presenter - PowerPoint PPT Presentation

VGFOA Fall Conference October 23, 2014 John Montoro, Presenter

 Brief overview of internal control components under the new COSO framework  Monitoring of Internal Controls ◦ What to do? ◦ By Whom? ◦ How?

Team Competition

Team Selection Pharrell Christina Blake Shakira Gwen Adam

Team “BUZZER” JEANIE in a TEXAS! I’m so HAPPY! bottle (with finger point) HIPS don’t lie HOLLA back girl High FIVE!

Look for…

TRUE OF FALSE VGFOA Stands for: “Virginia Golfing Federation of America” FALSE

 Safeguard your organization’s assets while in your possession  Efficiently manage and spend the funds entrusted to you  Accurately report how the money was spent  Obey all applicable laws and regulations while doing so

1992 2006 2009 2013

Internal controls Name one of the five components of internal controls

It makes perfect sense! CPA’s are so smart!

Internal Controls for Dummies Set the tone – establish a culture of accountability Analyze your risks. Ask yourself: “What could go wrong? Establish control procedures to mitigate significant risks Communicate those procedures to your employees Check back from time to time to see if controls are working as designed

1. Demonstrates commitment to integrity and ethical values Control Environment 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability 6. Specifies suitable objectives Risk Assessment 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change 10.Selects and develops control activities Control Activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Uses relevant information Information & 14.Communicates internally Communication 15.Communicates externally 16.Conducts ongoing and/or separate evaluations Monitoring Activities 17.Evaluates and communicates deficiencies

Demonstrate a commitment to integrity and 1. ethical values Board that demonstrates independence and 2. provides oversight over internal control Setting Management establishes, with board oversight, the tone 3. structures, appropriate lines of authority and responsibility in the pursuit of objectives Organization demonstrates a commitment to 4. attract, develop and retain competent individuals Employees are held accountable for their 5. internal control responsibilities

Objectives are stated with sufficient 6. clarity to enable the identification and assessment of risk relating to What the objectives could go wrong? The organization identifies risks to 7. the achievement of it’s objectives across the entity and considers how the risks will be managed Organization always considers the 8. potential for fraud when assessing risk Identifies and assesses changes that 9. could significantly impact internal controls

10. Control activities are developed that I want to contribute to the mitigation of risks prevent to acceptable levels and detect errors 11. Selects and develops general control activities over technology 12. Control activities are deployed through policies that establish what is expected and procedures that put policies into action

13. Relevant, quality information is generated to support the Employees functioning of internal control are not mind- readers 14. Internally communicates information on objectives and responsibilities for internal control 15. The organization communicates with external parties regarding matters affecting the functioning of internal control

16. Ongoing or separate evaluations are Do we conducted to ascertain whether the have that components of internal control are much in the bank? present and functioning 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those persons responsible for taking corrective action

Identifies and assesses changes that could significantly impact internal controls Is a principle of which internal control component? RISK ASSESSMENT

“Ongoing or separate evaluations are conducted to ascertain whether the components of internal control are present and functioning” Is a principle of which internal control component? MONITORING

Select and develop general control activities over technology Is a principle of which internal control component? Establish control procedures

TRUE OF FALSE If you have implemented 4 out of the 5 components of internal control, that’s a score of 80% and considered a passing grade by the auditors FALSE

 Effective internal control provides reasonable assurance regarding the achievement of objectives and requires that: ◦ Each component and each relevant principle is present and functioning ◦ The five components are operating together in an integrated manner  Each principle is suitable to all entities; all principles are presumed relevant except in rare situations where management determines that a principle is not relevant to a component

 Components operate together when all components are present and functioning and internal control deficiencies aggregated across components do not result in one or more major deficiencies  A major deficiency represents an internal control deficiency or combination thereof that severely reduces the likelihood that an entity can achieve its objectives

 Users are encouraged to transition applications and related documentation to the updated Framework as soon as feasible  Updated Framework will supersede original Framework at the end of the transition period (i.e., December 15, 2014)  During the transition period, external reporting should disclose whether the original or updated version of the Framework was used

Demonstrates a commitment to integrity and ethical behavior? A) Risk assessment B) Monitoring C) Procedures D) None of the above CONTROL ENVIRONMENT

Monitoring Internal Controls

TRUE OF FALSE “The effectiveness of internal controls is the responsibility of internal audit” FALSE

Monitoring Internal Controls

Monitoring Internal Controls Periodically monitor what you are doing now – validate Identify a change in process or structure. Keep in mind that the change may be external. - Initiate a change management process

 Who should perform monitoring?  What controls to consider?  What information should be evaluated?  What procedures to employ, by whom and how often.  How to assess and report results.

TRUE OF FALSE The reliability of a monitoring procedure is dependent upon who performs it. TRUE

 Self review  Peer review Increasing objectivity  Supervisory review  Impartial review

 Use your risk assessment to identify key controls ◦ Formal comprehensive analysis ◦ Informal discussion (documented)  Risk factors to consider ◦ Nature of operations ◦ Changes in operations ◦ Environmental factors ◦ Susceptibility to theft or fraud

 Area: Revenue  Objective: Timely recorded and properly classified  Risk: Increased fraud risk if not timely; risk of not identifying regulations to follow (state vs federal)  Priority: High

TRUE OF FALSE When evaluating controls, your goal is to obtain absolute assurance that the control is effective FALSE

 Identify persuasive information – both suitable and sufficient in the circumstances that provides evaluator reasonable, not absolute support for conclusion regarding the continuing effectiveness of internal controls in a particular risk area

TRUE OF FALSE In order to be effective, a monitoring procedure should be conducted by someone outside of the department being evaluated FALSE

 Ongoing Monitoring: procedures include both direct and indirect information ◦ Regular management activities ◦ Peer comparisons ◦ Reconciliations  Separate evaluations ◦ Conducted periodically ◦ Not ingrained in routine operations

 Attributes of Ongoing Monitoring ◦ Integrates with operations ◦ Provides objective assessments ◦ Uses knowledgeable personnel ◦ Considers feedback ◦ Adjusts scope and frequency as needed

TRUE OF FALSE Only report results of monitoring if a problem or potential weakness is identified FALSE

 Need to prioritize results. Consider: ◦ Likelihood that the deficiency will affect the achievement of an objective ◦ The effectiveness of compensating controls ◦ The aggregating effect of multiple deficiencies

Monitoring Internal Controls Periodically monitor what you are doing now – validate Identify a change in process or structure. Keep in mind that the change may be external. - Initiate a change management process

TRUE OF FALSE A quote from Jenny Smith, Finance Director of Aloha County: “Internal controls in the Treasurer’s office are not my FALSE problem”