4. OBJECTIVES
Understand why an organization should have internal controls.
Understand the key components of internal controls.
Understand how various risks effect your internal control environment.
Provide participants with examples of policies and procedures to
implement good internal controls.
5. INTRODUCTION
Do you use internal controls?
When you leave home in the morning to go to work, do you lock the
doors to your house?
If you do, that’s your own “internal control” to safeguard the assets you
own in your home! You are an internal control user. Congrats!
7. Internal control is a “process” affected by an organization’s board, management
and other personnel designed to provide reasonable assurance regarding the
achievement of:
Effectiveness and efficiency of operations.
Reliability of financial reporting.
Compliance with laws and regulations.
8. What Is Internal Control
INTERNAL CONTROLS are the integration of the
activities, plans, attitudes, policies and efforts of
the people of an organization working together to
provide reasonable assurance that the
organization will achieve its mission.
Simply put -
9. What is Internal Control
Internal Controls are actions taken to make
sure the right things happen ---
-- and the wrong things don’t.
10. Internal Control System
Improve accountability
to
customers
Definition
Internal controls or an internal
control system are the integration
of the activities, plans, attitudes,
policies and efforts of the people
of an organization which, working
together, provide a reasonable
assurance that the organization
will achieve its mission.
Help organizations achieve
performance and budget targets.
Improve reliability of
financial reporting.
Improve compliance with
laws, regulations.
Help organizations achieve
performance and budget
targets
Prevent loss of
resources and public
assets.
Prevent loss of public
trusts and public
assets.
Reduce legal
liability and
public assets.
11. What is the Purpose of
Compliance with laws and policies
Accomplishment of mission
Relevant and reliable data
Economical and efficient
use of resources
Safeguard assets
12. Who is Responsible for
Internal Control
Everyone in an organization has responsibility
for internal control.
Senior Management sets the “tone at the
top” that affects integrity, ethics and other
factors of a positive control environment.
13. Internal Control System
System Components
Monitoring
Assess internal control
performance
Control Activities
Tools that help prevent or reduce
risk
Risk Assessment
Identification and analysis of relevant risks to
achievement of objectives
Control Environment
Sets the tone for the organization
The foundation for all other components of internal control
14. INTERNAL CONTROL OBJECTIVES
COMPLETENESS
Are the reports submitted complete?
Accuracy –Was the information recorded accurately?
Authorization –Who are authorized signers and what are their limitations?
Adequacy of Audit Trail –Can a transaction be traced from the accounting records
back to the original documentation to provide a proper trail for the audit (invoice,
timesheet)?
Segregation of Duties
Are the various aspects of the accounting functions separated and performed by
more than one person?
Physical safeguard of assets?
Protection of the assets of the organization to ensure its mission can be carried out
15. GOOD INTERNAL CONTROL
PRACTICES
Documented policies and procedures.
Adequate review process for financial reports and budgets.
Adequate cash management procedures (e.g., monthly bank
reconciliations by supervisory personnel)
Physical safeguarding of assets.
System to track Members’ & employees’ activities.
System to follow-up on problems to ensure resolution
Existence of codes of conduct
16. Job descriptions.
Board of directors maintain timely communications about organization’s
objectives, strategy, and on dealing with issues.
Assignment of responsibilities Policies to hire, train, promote and compensate
employees are in place.
Positive “atmosphere” in the work environment.
A clear chain of command
Adequate Segregation of duties –The same employee should not authorize
purchase, sign the check and record the purchase in the accounting system.
Approval process for disbursing funds –Set different levels for approving
purchases, for example: Transactions up to =N=1,000,000 require one
signature on check Purchases over=n=1,000,000.00 require two signatures on
check.
17. Monitoring
Ensuring that employees are carrying out their duties Comparison of
budget to actual and to program goals.
Obtaining feedback on operations and other initiatives.
Periodic outside review of the system (audit)
18. Risk Assessment.
Risk is different for each organization on every level Cost vs. Benefit
Analysis.
Determine the level of risk for misstatement for all transactions, then put
a control in place to mitigate the risk –Examples: Travel for some
organizations can be low risk, but high for others.
Salaries are typically a higher risk for most organizations
19. CONTROLS ACTIVITIES INCLUDE:
Pre-numbered receipts for cash and checks.
Cash collection should be under the control of at least two individuals.
Person opening mail should be different from person making deposits.
All cash received should be deposited, then organization’s checks used to pay
expenses.
All checks should be stamped “For deposit only” and deposited on the same day
received
All disbursements should be made by check and supporting documentation retained
A check should never be made payable to cash
A blank check should never be signed
If petty cash is used, ensure it is reconciled regularly. If treasurer or check signer is
also the accountant, two signatures should be required Bank reconciliation should be
done by person other than the accountant.
20. CONTROL ACTIVITIES???
Are transactions authorized by a person delegated approval
authority?
Are records routinely reviewed and reconciled by someone other
than the preparer or transactor?
Are equipment, inventories, cash and other property secured
physically, counted periodically, and compared with item
descriptions shown on control records?
21. POLICIES AND PROCEDURES
Documented Policies and Procedures are important because:
They are the standards for the organization’s operations.
They help in maintaining information that is crucial to operations that would otherwise remain in
employees’ “hands”.
They help in orienting new employees and substitutes if the appropriate personnel are absent.
They communicate the expectations of the board and staff
Policies should be established, followed, monitored, updated and reviewed As times change, so
does the need for our policies –Example: Internet access to cash accounts and ability to make
electronic transfers
Written Policies and Procedures Assist with consistency and clear communications of
expectations
Policy Expectations: “what is to be done” –Procedure or Process: “how is it to be completed”
Description of methods & procedures to be followed.
22. Policies and Procedures should include:-
Authorizations of transactions
Payroll procedures
Cash receipts procedures
Procurement Policies
Travel Regulations
Financial Reporting
Budgeting
Record of Retention.
Conflict of Interest
23. Organizational Information
Organizational Chart describing lines of authority
Job Descriptions outline key responsibilities.
Chart of accounts with details of what is expected to be entered within
each account.
List of Board members, types of committees and frequency of
meetings.
Organizational Documents (Articles of Incorporation) Sub-
contract/Cooperative Agreement
24. Job Description Should include:
Job Title
Reports to:
Supervises:
Basic Function:
Duties and Responsibilities:
Qualifications:
Classification:
25. Potential impacts of insufficient internal controls:
Audit findings
Federal funds may be managed inappropriately –
Funding sources are jeopardized
Inconsistencies
Inefficient use of time and resources
26.
27. Internal Control and Everyday Tasks
Telephone Calls
What can go wrong:
Unauthorized calls
No one to answer telephones
Wrong information given
Internal Controls:
Utilize voice mail
Provide staff with training, reference materials and updated information
Policy on telephone use
28. Internal Control and Everyday Tasks
Data Entry
What can go wrong:
Erroneous Entries
Unauthorized entries and overrides
Data not up-to-date
Internal Controls:
Provide staff with data entry training and reference manuals; proof data reports against actual
records
Use passwords, change passwords periodically, test access privileges periodically
Ensure all transactions are authorized
29. Internal Control and Everyday Tasks
Supplies and Equipment
What can go wrong:
Theft or misuse
Running out of supplies
Equipment breakdown
Internal Controls:
Secure storage area; perform periodic inventories for
equipment; follow procedures for surplus equipment
Provide training on use of equipment
Follow manufacturers’ recommended maintenance schedules
Periodically check supply levels
30. Who is Responsible for
Internal Control
Everyone in an organization has responsibility
for internal control.
31. Who Is Responsible For
Internal Control
Your role as an employee is
accomplished by:
◦ Fulfilling the duties and responsibilities established in your job
description
◦ Meeting applicable performance standards
◦ Attending education and training programs to increase awareness
and understanding
◦ Taking all reasonable steps to safeguard assets against waste, loss,
and unauthorized use
◦ Reporting breakdowns in internal control systems to your
supervisor
32. Conclusion
The people of an organization,
functioning as a team, set the
limits for how good an
organization will be. Internal
controls are those elements of
our day-to-day work activities
that help ensure success.
33. “Five percent of the
people think;
ten percent of the
people think they think;
and the other eighty-
five percent would
rather die than think.”
-Thomas A. Edison
34. “LIFE DOES NOT HAVE A
REMOTE CONTROL; YOU
NEED TO GET UP AND
CHANGE IT YOURSELF.”
DANIELMALCOM
Internal controls are those elements of our day-to-day work activities that help ensure success.
Senior management is responsible for establishing the control environment and communication systems within the organization. These two components provide executive management with the greatest opportunity to postively impact internal control
There are five main components of a internal control system: The Control Environment sets the tone for the organization, influencing the control consciousness of its people. It is the foundation of all other components of internal control. The key elements of the control environment include mission, ethics and integrity, competence and supportive attitude.
Risks are events that threaten the accomplishment of our objectives (such as human error, fraud, system breakdowns and natural disasters). In the risk assessment process we identify each risk in terms of likelihood, significance of impact and cause.
Control Activities include policies and procedures, documentation, approval and authorization, supervision
Monitoring – are we achieving our objectives
Communication and information – relevant information must be available and must occur up, down and across an organization (i.e, our mission, what are expectations for employees; a means for employees to provide suggestions for improvement or to report suspected ethical violations
Senior management is responsible for establishing the control environment and communication systems within the organization. These two components provide executive management with the greatest opportunity to postively impact internal control