Managing Risk in Nonprofit Organizations

1,060 views

Published on

Presentation from Tate & Tryon CPA

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,060
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
41
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Managing Risk in Nonprofit Organizations

  1. 1. Managing Risk In NonprofitOrganizationsCharles F. Tate, CPAManaging PartnerTate & Tryon, CPAs and ConsultantsWashington, DCJanuary 13, 2012
  2. 2. What We’ll Discuss Today1. Overview of COSO and Publications2. COSO’s ERM3. COSO’s Internal Control4. Relationship of COSO to Auditing Standards
  3. 3. 1. Overview of COSO and Publications
  4. 4. COSO is the Acronym For:A. Class of Service OverridesB. Combat Oriented Supply OperationsC. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission”
  5. 5. What is the Treadway Commission?A. Governmental CommissionB. Presidential CommissionC. Congressional CommissionD. All of the AboveE. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative
  6. 6. Which Organization is not Part of the Private SectorInitiative (i.e., a Sponsoring Organization)?A. American Accounting Association (AAA)B. American Institute of CPAs (AICPA)C. Association of Financial Professionals (AFP)D. Financial Executives International (FEI)E. Institute of Internal Auditors (IIA)F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee
  7. 7. COSO Publications
  8. 8. COSO Publications
  9. 9. Which Prominent Accounting FirmAuthored a COSO Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton (GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand (C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication
  10. 10. COSO’s Definitions and ObjectivesA process, effected by an entity’s board of directors,management and other personnel, designed to providereasonable assurance regarding the achievement ofobjectives in the following categories: ERM  Internal Control1. Strategy setting 1. Effectiveness and2. Identify & manage efficiency of operations. potential events 2. Reliability of financial3. Manage risks to be reporting. within its risk appetite 3. Compliance with laws and regulations.
  11. 11. Which Individual Did Not Influence SOXLegislation? A. B. C. D. Answer D: Michael M. Tryon Had No Influence on SOX
  12. 12. 2. COSO’s ERM
  13. 13. COSO Enterprise Risk Management –Integrated Framework Componentsunique to ERM
  14. 14. COSO Internal Control – Integrated Framework
  15. 15. Comparison of COSO IC and ERM
  16. 16. Relationship of COSO Objectives Internal ControlEnterprise Risk Internal Control Over Financial Management (1992) Reporting (2004) (2006)• Strategic• Operations • Operations• Compliance • Compliance• Financial • Financial • Financial Reporting Reporting Reporting
  17. 17. ERM Expands on Internal Control AddingThree Components Control Environment ERM Objective Control Activities Setting ERM Event Identification Monitoring ERM Risk Information & Response Communication Risk Assessment
  18. 18. ERM Expands on Internal Control Objective Setting • Strategic Objectives–high level • Related Objectives–operations, reporting, & compliance • Achievement of Objectives–reasonable assurance • Risk Appetite–guidepost in strategy setting • Risk Tolerances–acceptable levels of variation
  19. 19. Forming Risk Appetite (Exhibit 3.5 ERM Guidance)
  20. 20. ERM Expands on Internal Control Event Identification • Events can be positive, negative impact, or both • Events are interdependent–not isolated • Events are driven by external and internal factors
  21. 21. Implementation – Event IdentificationExternal FactorsExternal Internal• Economic • Infrastructure• Natural Environment • Personnel• Political • Process• Social • Technology• Technological
  22. 22. COSO Components & Principles–ERM Risk Response • Avoidance, reduction, sharing, acceptance • Evaluation of risk likelihood and impact • Assessing costs versus benefits • Opportunities in response to options • Portfolio view
  23. 23. Implementation – Risk ResponseAvoidance Sharing• Disposing of a program • Buy insurance• Deciding not to engage in • Joint venture/outsource new initiatives/activities • Hedging risks Risk ResponseReduction Acceptance• Diversifying/rebalance • Self insure• Limits/processes • Accept risk that conforms to risk tolerance
  24. 24. Simplified Process For ERM Strategy & Objectives Event Identification & Likelihood Risk Response & Quantification Financial Model
  25. 25. Financial Impact of Key ScenariosMajor Annual Increase Potential Scenario ProbabilityActivity (H-M-L) Amount (Decrease) (in millions) • Terrorist or political uprising H 100Donations 1,000 • Donation mismanagement L -20Biomedical • Virus M -400 2,400Services • War, natural disaster H -600Fundraising • Weather L 50 -0-Events • Pandemic LGovernment • Economic downturn H -40 60Grants • Contract mismanagement M -0-Investments • Financial meltdown M -30 90& other • Fraud (Madoff or Stanford) M -10Total 3,600 -1,000
  26. 26. 3. COSO’s Internal Control
  27. 27. COSO Components–Internal Control Control Environment Risk Assessment Control Activities Information & Monitoring Communication
  28. 28. COSO Internal Control Components &Principles Environment Principles • Management Philosophy • Board of Directors • Integrity and Ethical Values • Commitment to Competence • Organizational Structure • Assignment of Authority and Responsibility • Human Resource Standards • Risk Appetite
  29. 29. Control Environment/Internal Environment isthe Foundation of the 5 Components
  30. 30. COSO Internal Control Components &Principles Risk Assessment Principles • Specify objectives • Risk identification & analysis • Inherent and residual risk
  31. 31. Risk Assessment Matrix Characteristics As % Entity- Impact Fraud OverallBalance Sheet Account of Business wide on F/S Account Risk Rating Total Process FactorsASSETSCash & cash equivalents 5% L M L H L LPledges receivable 15% M H H M M HInvestments 40% H H H L L HProperty & equipment 35% H M M H M MPrepaid & other assets 5% L L L L L L Total Assets 100%LIABILITIESAccounts Payable 5% L M M H M MDeferred Revenue 20% H H H L H HMortgage (IRB) 25% H H L L M MPension & post retirement 10% M H H L H H Total Liabilities 60%Net Assets 30% H M L L L LTotal Liabilities and Net Assets 100%
  32. 32. Implementation – Risk Assessment Significant Assertions Significant AssertionsBalance Sheet Account Valuation or Rights & Presentation Existence Completeness Allocation Obligations & DisclosureCash & cash equivalents    Pledges receivable     Investments     Property & equipment     Prepaid & other assets Accounts Payable    Deferred Revenue     Mortgage (IRB)     Pension & post retirement     Net assets     
  33. 33. COSO Internal Control Components &Principles Control Activities Principles • Integration with risk assessment • Selection and development of control activities • Controls over information systems/technology • Policies and procedures are communicated
  34. 34. COSO Internal Control Components &Principles Information & Communication Principles • Quality of information • Internal & external communication • Means of communication • Strategic and integrated systems
  35. 35. COSO Internal Control Components &Principles Monitoring Principles • Ongoing monitoring activities • Reporting deficiencies
  36. 36. 4. Relationship of COSO to Auditing Standards
  37. 37. Auditing Standards – Risk Assessment Identifying risks through considering:  The entity and its environment, including its internal control  Classes of transactions, account balances, and disclosures Relating the identified risks to what could go wrong at the relevant assertion level
  38. 38. Intersection of COSO and the Auditor’sResponsibilities COSO (2004) • Broader Objectives Enterprise Risk • More than Internal Control Management COSO (1992) • Operations • Financial Reporting Internal Control • Compliance with Integrated Framework Laws/Regulations COSO (2006) Internal Control over • Financial Reporting Financial Reporting SAS 109 • Understand Five Components Understanding of the • Focus on Controls Relevant Entity & Environment to Financial Reporting
  39. 39. Summary of Risk Assessment StandardsNo. Concept Expands the definition of “reasonable assurance” as a “high” level of104 assurance “Internal control” is replaced by “the entity and its environment,105 including its internal control” Use of management’s assertions in obtaining audit evidence –106 recognition, measurement, presentation and disclosure Reduce audit risk to a low level that is, in the auditor’s professional judgment,107 appropriate for expressing an opinion on the financial statements108 Adequately plan the work and must properly supervise any assistants Sufficient understanding of the entity and its environment, including109 its IC, to assess the risk of material misstatement Sufficient appropriate audit evidence to afford a reasonable basis for an110 opinion111 Enhanced guidance on tolerable misstatement
  40. 40. Auditor’s Assessment of Material Misstatement –SAS 106 Classes of Presentation and Account Balances Transactions Disclosures Occurrence/Rights and Occurrence Existence obligations Completeness Rights and obligations Completeness Classification and Accuracy Completeness understandability Cutoff Valuation and allocation Accuracy and valuation Classification
  41. 41. GAAS & COSO Use of FinancialStatement Assertions to Assess Risk GAAS COSO Risk Assessment Standards Internal Control Over Financial SAS 106 Reporting/1. Existence Existence or Occurrence Occurrence Completeness Completeness Rights and Obligations Valuation and Allocation Rights and Obligations Accuracy Cutoff Valuation or Allocation Classification Presentation and Disclosure Understandability/1. Source: SAS 31, Evidential Matter prior to amendment by SAS 106
  42. 42. Audit Risk Assessment and COSO Financial Statements Investments & Receivables & Real Estate & Payables & Deferred Net Assets & Income Revenue Debt Expenses Revenue Restrictions Assertions Rights & Presentation & Completeness Existence Valuation Obligations Disclosure Risks Processes Competency IT Infrastructure Fraud Risk Entity-Wide Factors Control Objectives Appropriate Statements Classification Reflect Transactions Reflect Materiality Accounting Informative Appropriate Entity-Wide Controls Process-Level Controls Preventive or Detective Manual or AutomatedAdapted from an article by Michael Ramos CPA, entitled Risk-Based Audit Practices, Journal of Accountancy, Dec., 2009
  43. 43. COSO is the Acronym For:A. Class of Service OverridesB. Combat Oriented Supply OperationsC. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission”
  44. 44. What is the Treadway Commission?A. Governmental CommissionB. Presidential CommissionC. Congressional CommissionD. All of the AboveE. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative
  45. 45. Which Organization is not Part of the Private SectorInitiative (i.e., a Sponsoring Organization)?A. American Accounting Association (AAA)B. American Institute of CPAs (AICPA)C. Association of Financial Professionals (AFP)D. Financial Executives International (FEI)E. Institute of Internal Auditors (IIA)F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee
  46. 46. Which Prominent Accounting FirmAuthored a COSO Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton (GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand (C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication

×