Internal Controls and Risk Assessment

Report
Presented By:
Donna Denker, CPA
Donna Denker & Associates
Per
SAS 99 – (2002) – “An
intentional act that results in
material misstatement to the
financial statements that are
subject to an audit.”
Financial
Reporting Fraud
Misappropriation of Assets
External Fraud
Diverting
cash receipts
Lapping
Stealing
or forging checks
Altering bank deposits
Stealing petty cash
 Creating
fictitious
vendors or
overstating vendor
accounts
 Stealing inventory or
equipment
 Taking kickbacks
 Abusing
travel and
entertainment
reimbursements
 Creating ghost
employees or
overstating hours
worked
Opportunity
Fraudster’s
Need
Rationalization
 Defines
internal controls
 Describes the components of effective
internal controls
 Provides evaluation criteria for internal
controls
 Guidance on management’s reporting of
internal controls over financial reporting
A
process, effected by an entity’s board
of directors, management and other
personnel, designed to provide
reasonable assurance regarding the
achievement of objections in any of the
following categories:
Efficiency
and effectiveness of
operations
Reliability of financial reporting
Compliance with applicable
laws and regulations
Integrity
Ethical Values
Competency
 Entity
must be aware of and deal with
risks it faces
 Entity must set objectives integrated with
other activities so that the organization
works together
 Entity must establish mechanisms to
identify, analyze and manage the related
risk
 Establishment
of policies to ensure that
risks are addressed
 Execution of policies to ensure they are
carried out correctly and completely
 Systems
to capture and exchange
information
Monitoring
all of the processes
Allow modifications as necessary
System should react dynamically by
changing as conditions warrant
 Existence
or Occurrence
 Completeness
 Rights and Obligations
 Valuation and Allocation
 Presentation and Disclosure
 Establish
organization control
environment
 Risk identification and analysis
 Communications
 Monitoring
 Human
judgment
 Breakdowns
 Management overrides
 Collusion
 Message
from the board and
management
 Ethics policy and repercussions for
violations
 Conflict of Interest policies
 Recognizing temptations
 Hiring
policies
 In-house or external training
 Outside consultants to supplement if
needed
 Performance and skills evaluated
periodically
 Board does performance and skills
evaluations for management
 Understand
your fraud risks
 Set the tone at the top – zero tolerance
policy
 Oversee internal controls
 Retain outside experts when in doubt
 Ask questions and exercise skepticism
 Whistleblower program
 Commitment
to excellence
 All journal entries are authorized,
supported and reviewed
 Organizational
chart
 Job descriptions
 Roles are supportive of financial
reporting objectives
Considerations of segregation of
responsibility
 Responsibilities are commiserate with
authority
 Empowers employees

 HR
policies
 Job descriptions
 Pre-employment investigation
 Ensure appropriate training
 Regular performance evaluations
 Competency is considered
 Exit interview with staff
 Funding
agents and regulatory bodies
 Vendors
 Tribal
Council
 Creditors
 Access to assets
 News media
 Changes
 Employees
 Technology
 Personnel
practices
 Access to assets
 Changes
 Previously
identified failures
 Complexity of activities
 Brainstorming
sessions
 Regular management meetings to
discuss issues
 Reacting to changes in a timely manner
 Education or training programs
 Supervision
 Personnel evaluations
 Segregation of duties
 Early identification of changes
 Physical
Controls
 Segregation of Duties
 IT Controls
 Management activities
 Budget monitoring
 Policy and procedures
• Policies establish what should be done
• Procedures establish how it should be done
 Staff
to Staff
 Management to Staff
 Upward communication to Board
 Vendors
 Funding
Agents
 Independent Auditors
 Policies
and procedures
 Management meetings
 Departmental meetings
 Financial Statements and Budget Reports
 External financial reporting
 Reports from External Auditors or
Regulators
 Supervision
of staff performance
 Budget to Actual expenditure
comparisons
 Reconciliations and comparisons to
physical assets
 Enforcement of policies
 Bank
and investment statements
 Vendors monthly statements
 Federal agencies communicating
concerns
 External or internal auditors

similar documents