Your SlideShare is downloading. ×
0
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Managing Risk in Nonprofit Organizations
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Managing Risk in Nonprofit Organizations

476

Published on

Presentation from Tate & Tryon CPA

Presentation from Tate & Tryon CPA

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
476
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
32
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Managing Risk In NonprofitOrganizationsCharles F. Tate, CPAManaging PartnerTate & Tryon, CPAs and ConsultantsWashington, DCJanuary 13, 2012
  • 2. What We’ll Discuss Today1. Overview of COSO and Publications2. COSO’s ERM3. COSO’s Internal Control4. Relationship of COSO to Auditing Standards
  • 3. 1. Overview of COSO and Publications
  • 4. COSO is the Acronym For:A. Class of Service OverridesB. Combat Oriented Supply OperationsC. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission”
  • 5. What is the Treadway Commission?A. Governmental CommissionB. Presidential CommissionC. Congressional CommissionD. All of the AboveE. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative
  • 6. Which Organization is not Part of the Private SectorInitiative (i.e., a Sponsoring Organization)?A. American Accounting Association (AAA)B. American Institute of CPAs (AICPA)C. Association of Financial Professionals (AFP)D. Financial Executives International (FEI)E. Institute of Internal Auditors (IIA)F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee
  • 7. COSO Publications
  • 8. COSO Publications
  • 9. Which Prominent Accounting FirmAuthored a COSO Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton (GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand (C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication
  • 10. COSO’s Definitions and ObjectivesA process, effected by an entity’s board of directors,management and other personnel, designed to providereasonable assurance regarding the achievement ofobjectives in the following categories: ERM  Internal Control1. Strategy setting 1. Effectiveness and2. Identify & manage efficiency of operations. potential events 2. Reliability of financial3. Manage risks to be reporting. within its risk appetite 3. Compliance with laws and regulations.
  • 11. Which Individual Did Not Influence SOXLegislation? A. B. C. D. Answer D: Michael M. Tryon Had No Influence on SOX
  • 12. 2. COSO’s ERM
  • 13. COSO Enterprise Risk Management –Integrated Framework Componentsunique to ERM
  • 14. COSO Internal Control – Integrated Framework
  • 15. Comparison of COSO IC and ERM
  • 16. Relationship of COSO Objectives Internal ControlEnterprise Risk Internal Control Over Financial Management (1992) Reporting (2004) (2006)• Strategic• Operations • Operations• Compliance • Compliance• Financial • Financial • Financial Reporting Reporting Reporting
  • 17. ERM Expands on Internal Control AddingThree Components Control Environment ERM Objective Control Activities Setting ERM Event Identification Monitoring ERM Risk Information & Response Communication Risk Assessment
  • 18. ERM Expands on Internal Control Objective Setting • Strategic Objectives–high level • Related Objectives–operations, reporting, & compliance • Achievement of Objectives–reasonable assurance • Risk Appetite–guidepost in strategy setting • Risk Tolerances–acceptable levels of variation
  • 19. Forming Risk Appetite (Exhibit 3.5 ERM Guidance)
  • 20. ERM Expands on Internal Control Event Identification • Events can be positive, negative impact, or both • Events are interdependent–not isolated • Events are driven by external and internal factors
  • 21. Implementation – Event IdentificationExternal FactorsExternal Internal• Economic • Infrastructure• Natural Environment • Personnel• Political • Process• Social • Technology• Technological
  • 22. COSO Components & Principles–ERM Risk Response • Avoidance, reduction, sharing, acceptance • Evaluation of risk likelihood and impact • Assessing costs versus benefits • Opportunities in response to options • Portfolio view
  • 23. Implementation – Risk ResponseAvoidance Sharing• Disposing of a program • Buy insurance• Deciding not to engage in • Joint venture/outsource new initiatives/activities • Hedging risks Risk ResponseReduction Acceptance• Diversifying/rebalance • Self insure• Limits/processes • Accept risk that conforms to risk tolerance
  • 24. Simplified Process For ERM Strategy & Objectives Event Identification & Likelihood Risk Response & Quantification Financial Model
  • 25. Financial Impact of Key ScenariosMajor Annual Increase Potential Scenario ProbabilityActivity (H-M-L) Amount (Decrease) (in millions) • Terrorist or political uprising H 100Donations 1,000 • Donation mismanagement L -20Biomedical • Virus M -400 2,400Services • War, natural disaster H -600Fundraising • Weather L 50 -0-Events • Pandemic LGovernment • Economic downturn H -40 60Grants • Contract mismanagement M -0-Investments • Financial meltdown M -30 90& other • Fraud (Madoff or Stanford) M -10Total 3,600 -1,000
  • 26. 3. COSO’s Internal Control
  • 27. COSO Components–Internal Control Control Environment Risk Assessment Control Activities Information & Monitoring Communication
  • 28. COSO Internal Control Components &Principles Environment Principles • Management Philosophy • Board of Directors • Integrity and Ethical Values • Commitment to Competence • Organizational Structure • Assignment of Authority and Responsibility • Human Resource Standards • Risk Appetite
  • 29. Control Environment/Internal Environment isthe Foundation of the 5 Components
  • 30. COSO Internal Control Components &Principles Risk Assessment Principles • Specify objectives • Risk identification & analysis • Inherent and residual risk
  • 31. Risk Assessment Matrix Characteristics As % Entity- Impact Fraud OverallBalance Sheet Account of Business wide on F/S Account Risk Rating Total Process FactorsASSETSCash & cash equivalents 5% L M L H L LPledges receivable 15% M H H M M HInvestments 40% H H H L L HProperty & equipment 35% H M M H M MPrepaid & other assets 5% L L L L L L Total Assets 100%LIABILITIESAccounts Payable 5% L M M H M MDeferred Revenue 20% H H H L H HMortgage (IRB) 25% H H L L M MPension & post retirement 10% M H H L H H Total Liabilities 60%Net Assets 30% H M L L L LTotal Liabilities and Net Assets 100%
  • 32. Implementation – Risk Assessment Significant Assertions Significant AssertionsBalance Sheet Account Valuation or Rights & Presentation Existence Completeness Allocation Obligations & DisclosureCash & cash equivalents    Pledges receivable     Investments     Property & equipment     Prepaid & other assets Accounts Payable    Deferred Revenue     Mortgage (IRB)     Pension & post retirement     Net assets     
  • 33. COSO Internal Control Components &Principles Control Activities Principles • Integration with risk assessment • Selection and development of control activities • Controls over information systems/technology • Policies and procedures are communicated
  • 34. COSO Internal Control Components &Principles Information & Communication Principles • Quality of information • Internal & external communication • Means of communication • Strategic and integrated systems
  • 35. COSO Internal Control Components &Principles Monitoring Principles • Ongoing monitoring activities • Reporting deficiencies
  • 36. 4. Relationship of COSO to Auditing Standards
  • 37. Auditing Standards – Risk Assessment Identifying risks through considering:  The entity and its environment, including its internal control  Classes of transactions, account balances, and disclosures Relating the identified risks to what could go wrong at the relevant assertion level
  • 38. Intersection of COSO and the Auditor’sResponsibilities COSO (2004) • Broader Objectives Enterprise Risk • More than Internal Control Management COSO (1992) • Operations • Financial Reporting Internal Control • Compliance with Integrated Framework Laws/Regulations COSO (2006) Internal Control over • Financial Reporting Financial Reporting SAS 109 • Understand Five Components Understanding of the • Focus on Controls Relevant Entity & Environment to Financial Reporting
  • 39. Summary of Risk Assessment StandardsNo. Concept Expands the definition of “reasonable assurance” as a “high” level of104 assurance “Internal control” is replaced by “the entity and its environment,105 including its internal control” Use of management’s assertions in obtaining audit evidence –106 recognition, measurement, presentation and disclosure Reduce audit risk to a low level that is, in the auditor’s professional judgment,107 appropriate for expressing an opinion on the financial statements108 Adequately plan the work and must properly supervise any assistants Sufficient understanding of the entity and its environment, including109 its IC, to assess the risk of material misstatement Sufficient appropriate audit evidence to afford a reasonable basis for an110 opinion111 Enhanced guidance on tolerable misstatement
  • 40. Auditor’s Assessment of Material Misstatement –SAS 106 Classes of Presentation and Account Balances Transactions Disclosures Occurrence/Rights and Occurrence Existence obligations Completeness Rights and obligations Completeness Classification and Accuracy Completeness understandability Cutoff Valuation and allocation Accuracy and valuation Classification
  • 41. GAAS & COSO Use of FinancialStatement Assertions to Assess Risk GAAS COSO Risk Assessment Standards Internal Control Over Financial SAS 106 Reporting/1. Existence Existence or Occurrence Occurrence Completeness Completeness Rights and Obligations Valuation and Allocation Rights and Obligations Accuracy Cutoff Valuation or Allocation Classification Presentation and Disclosure Understandability/1. Source: SAS 31, Evidential Matter prior to amendment by SAS 106
  • 42. Audit Risk Assessment and COSO Financial Statements Investments & Receivables & Real Estate & Payables & Deferred Net Assets & Income Revenue Debt Expenses Revenue Restrictions Assertions Rights & Presentation & Completeness Existence Valuation Obligations Disclosure Risks Processes Competency IT Infrastructure Fraud Risk Entity-Wide Factors Control Objectives Appropriate Statements Classification Reflect Transactions Reflect Materiality Accounting Informative Appropriate Entity-Wide Controls Process-Level Controls Preventive or Detective Manual or AutomatedAdapted from an article by Michael Ramos CPA, entitled Risk-Based Audit Practices, Journal of Accountancy, Dec., 2009
  • 43. COSO is the Acronym For:A. Class of Service OverridesB. Combat Oriented Supply OperationsC. Committee of Sponsoring Organizations Answer C: Committee Of Sponsoring Organizations of the “Treadway Commission”
  • 44. What is the Treadway Commission?A. Governmental CommissionB. Presidential CommissionC. Congressional CommissionD. All of the AboveE. None of the Above Answer E: The Treadway Commission is a Joint Private Sector Initiative
  • 45. Which Organization is not Part of the Private SectorInitiative (i.e., a Sponsoring Organization)?A. American Accounting Association (AAA)B. American Institute of CPAs (AICPA)C. Association of Financial Professionals (AFP)D. Financial Executives International (FEI)E. Institute of Internal Auditors (IIA)F. Institute of Management Accountants (IMA) Answer C: AFP is not part of the 5 member Sponsoring Committee
  • 46. Which Prominent Accounting FirmAuthored a COSO Publication?A. Price Waterhouse Coopers (PWC)B. Grant Thornton (GT)C. Tate & Tryon (T&T)D. Coopers & Lybrand (C&L)E. Both A. and D.F. Bothe A. B. and D. Answer F: PWC, GT, and C&L all authored a COSO Publication

×