- Количество слайдов: 32
Internal Control Under the Microscope Business Officers Meeting March 7, 2006 Presented by Randy Van Dyke
Overview • Quiz • Background • Internal Control Defined • Internal Control Framework • Self Assessment Checklist
Quiz – Handout Pages 2 -4 “First, get your facts. Then you can distort ‘em as you please. ” Mark Twain
Background A Rough Ride for Business – War on Terrorism / Natural Disasters – Economic downturn / Aftermath – Financial frauds / Business failures
Sarbanes Oxley Act “This law says to every dishonest corporate leader: you will be exposed and punished; the era of low standards is over. ” George W. Bush
Sarbanes Oxley Act • Audit Committee organization and function • Companies must document and evaluate the effectiveness of internal controls • CEOs and CFOs must personally certify financial statement accuracy
Sarbanes Oxley Act • Outside audit reports must include a statement on the effectiveness of internal controls • Companies must have in place mechanisms for reporting and investigating wrongdoing (including anonymous reports)
Impact on U • Board of Regents Policy • Trustees Audit Committee – Level of Involvement – Scope of Oversight
Impact on U • Ethical Conduct Guidance • Ethics & Compliance Hotline 585 -1593 [email protected] utah. edu
Core Process Assessments This assessment focused on internal controls for 15 business processes. 192 risks and related controls were evaluated.
Core Process Assessments
Core Process Assessments Potential Risk: Unauthorized access to check stock and printing capability. Primary Control: A secured laser printer is used to print checks at the time they are issued.
College-Wide Reviews Reviewed 44 potential issues in each of the College’s 14 organizational units.
Audit Follow-Up Responsible Person: Peggy Halliday Completion Date: March 1, 2006
Internal Control Defined Activities undertaken to increase the likelihood of achieving management objectives in three areas: – Efficiency and effectiveness of operations – Financial accountability – Compliance with laws and regulations
Internal Control Defined “Internal control gets us where we want to go, with no surprises along the way. Internal control is everyone’s responsibility. . Internal control is me. ” Cargill Corporation
Control Activities Risk Assessment n tio to ca ica un un mm mm Co Co In for ma tio n& Monitoring n& n& tiio to ma ma for f r In In Co mm un ica tio n Internal Control Framework Control Environment Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO)
Control Environment • • • Integrity and ethical values Commitment to Competence Management Operating Style Organizational Structure Assignment of Authority and Responsibility • Human Resource Policies and Practices
Risk Assessment • Organizational Goals and Objectives • Risk Identification and Prioritization • Managing Change
Control Activities • Written Policies and Procedures • Controls over Information Systems
Information & Communication • Access to Information • Communication Patterns
Monitoring • Management Supervision • Outside Sources • Response Mechanisms • Self-assessment Mechanisms
Quiz 1. Internal control starts with a strong set of policies and procedures. False: Internal control starts with a strong control environment.
Quiz 2. Internal and external auditors are responsible to develop and monitor internal controls. False: While auditors play an important role, management is the owner of internal control.
Quiz 3. Internal controls are mostly concerned with control over assets, cash receipts, and cash disbursements. False: Internal control is integral to every aspect of business.
Quiz 4. Internal controls are essentially negative, like a list of “thoushalt-nots. ” False: Internal control makes the right things happen the first time.
Quiz 5. Internal controls take time away from core activities, such as serving faculty and students. False: Internal control should be built “into, ” not “onto” business processes.
Quiz 6. When delegating authority and empowering employees, it is necessary to give up a certain amount of internal control. False: Decentralized decisionmaking requires different forms of control.
Quiz 7. If controls are strong, we can be assured employees will be prevented from committing fraud. False: Internal control provides reasonable, but not absolute assurance.
Quiz 8. What are some impediments to establishing effective internal controls? • Lack of knowledge and ‘ownership’ • Lack of creativity • Lack of interest
Links & Contact Information • Internal Audit Department http: //www. utah. edu/Internal Audit/ • Ethics and Compliance Hotline 585 -1593; [email protected] utah. edu • Ethical Standards and Code of Conduct http: //www. hr. utah. edu/ethicalstandards/ • University of Utah Policies and Procedures http: //www. admin. utah. edu/ppmanual/ • COSO http: //www. coso. org/ • Randy. Van. [email protected] utah. edu, 581 -5988 • Chuck. [email protected] utah. edu, 581 -6561 • Pamela. [email protected] utah. edu, 585 -3529