21st Annual Legal & Accounting Institute: Putting Internal Controls in Place
Upcoming SlideShare
Loading in...5
×
 

21st Annual Legal & Accounting Institute: Putting Internal Controls in Place

on

  • 393 views

 

Statistics

Views

Total Views
393
Views on SlideShare
393
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

21st Annual Legal & Accounting Institute: Putting Internal Controls in Place 21st Annual Legal & Accounting Institute: Putting Internal Controls in Place Presentation Transcript

  • What a Steal: Putting internal . controls in place to prevent fraud and protect your organization Bob McAdams, CPA Eddie Guerra, CPA BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.
  • An Introduction to Fraud What is fraud? An intentional act that results in material misstatement of the financial statements.  Who commits fraud?  Usually older than other criminals.  Often married with stable family situations.  Above average education.  Typically, the person earns less than $50,000 a year and has worked for the nonprofit for at least three years.  However the most costly fraud is perpetrated by managers and executives earning between $100,000 and $150,000 a year.  Perpetrators that have been with organizations more than 10 years generated median losses of $230,000  – Information from the Association of Fraud Examiners Client name - Event - Presentation title Page 2
  • Fraud is difficult to predict but…  Predictive characteristics include employees: with high debt, live beyond their means, refuse to take vacations, work in organizations that don’t enforce clear lines of authority and have weak internal controls  Fraud in nonprofits occurs most by accounting and upper management and sales personnel (skimming, billing schemes and cash larceny) Client name - Event - Presentation title Page 3
  • The Fraud Triangle – Incentive – Opportunity – Rationalization Client name - Event - Presentation title Page 4
  • Excerpted from the BDO Ac’sense 2009 self-study course – Focus on Fraud: Fraud and Misconduct in the Corporate World accessible at http:// www.bdo.com/acsense/events/Focus-on-FraudSept09%20.aspx. Client name - Event - Presentation title Page 5
  • Client name - Event - Presentation title Page 6
  • Types of Misstatements Types of misstatements caused by fraud: – Misstatements resulting from fraudulent financial reporting. – Misstatements resulting from misappropriation of assets.  Client name - Event - Presentation title Page 7
  • Fraudulent Financial Reporting  Stages: • Misstatement. • Concealment.  Financial statements misstated as a result of: • Misapplication of accounting principles involving measurement and resulting in misstatement of amounts. • Omission or misrepresentation about transactions or events. • Recording fictitious transactions. • Recording sham transactions. Client name - Event - Presentation title Page 8
  • Misappropriation of Assets  Stages: • Misstatement. • Concealment. • Conversion.  Opportunity to commit and conceal exist only when: • Assets are susceptible to misappropriation. • There is a lack of antifraud programs and controls to prevent or detect it. Client name - Event - Presentation title Page 9
  • Other Fraud Considerations  Off-the-books versus on-the-books fraud. – Off-the-books schemes, such as kickbacks or skimming cash sales, do not involve a documentary trail or manipulation of the company’s books. – On-the-books schemes may relate to either misappropriation of assets or fraudulent financial reporting.  Information technology and fraud. – Automated systems are used to generate false documents or manipulate accounting records to affect or conceal the fraud. Client name - Event - Presentation title Page 10
  • Other Fraud Considerations (continued)  Fraud conditions: – Incentives/pressures to commit fraud. – Opportunities to commit fraud. – Attitudes/rationalizations.  Other characteristics of fraud: – – – – Management override of controls. Concealment. Collusion. Falsifying documents or records. Client name - Event - Presentation title Page 11
  • Responsibility for Fraud Detection  Management’s responsibility for fraud detection. – Management is responsible for designing and implementing agency programs and controls to prevent, deter, and detect fraud.  Auditor’s responsibility for fraud detection. – To obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud  Immaterial misstatements caused by fraud. – The expectation gap.  Exercising professional skepticism. Client name - Event - Presentation title Page 12
  • Board and Management Responsibilities Board and management should set the proper tone, create and maintain a culture of honesty and high ethical standards and establish controls to prevent, deter and detect fraud. When management and those responsible for oversight of the financial reporting process fulfill those responsibilities, the opportunities to commit fraud can be reduced significantly Financial questions you should ask Systems that protect NPOs • Internal controls • Accounting policies and procedures • Board committees • External audits Understand the financial statements Client name - Event - Presentation title Page 13
  • What Are Auditors’ Required to Do? Access Fraud Risk The fraud risk assessment process Hold a discussion among engagement team members to consider the susceptibility of the client’s financial statements to material misstatement due to fraud. Obtain other information needed to identify risks of material misstatement due to fraud. Identify risks that may result in material misstatement of the financial statements due to fraud. Assess the identified risks after taking into account the company’s antifraud programs and internal controls. Respond to the results of the risk assessment. Evaluate internal controls Report material fraud and material and significant weaknesses in internal control Client name - Event - Presentation title Page 14
  • Professional Skepticism We tend to overemphasize information that supports our assumptions and ignore what doesn’t We take shortcuts to knowledge based on categories of information Healthy skepticism neither completely trusts nor completely distrusts – it is NEUTRAL Client name - Event - Presentation title Page 15
  • Tone at the Top Communicating a code of conduct - Adopt a code of conduct policy or an ethics policy Give examples of ethical challenges Management and Board live the code Conflicts of interest Whistleblowers policy Outside internal control review Actual agency culture should support Client name - Event - Presentation title Page 16
  • Ten Key Financial Questions You Should Ask 1. Is our organization being run in a business-like fashion? 2. Are our key sources of income rising or falling? 3. Are our key expenses, especially salary and benefits, under control? 4. Do we have sufficient reserves? 5. Is our board truly supportive of our fundraising needs? 6. Where are we compared with budget? 7. Is our financial plan consistent with our strategic plan? 8. Is our staff satisfied and productive? 9. Are we filing on a timely basis all the reporting documents we are supposed to be filing? 10. Are we fulfilling our tax-exempt purpose as granted by the IRS? Client name - Event - Presentation title Page 17
  • What are Internal Controls? Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to:       conduct its business in an orderly and efficient manner Safeguard its assets and resources Deter and detect errors, fraud and theft Ensure accuracy and completeness of its accounting data Produce reliable and timely financial and management information Ensure adherence to its policies and plans Client name - Event - Presentation title Page 18
  • What are Internal Controls? Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to:  Conduct its business in an orderly and efficient manner  Safeguard its assets and resources  Deter and detect errors, fraud and theft  Ensure accuracy and completeness of its accounting data  Produce reliable and timely financial and management information  Ensure adherence to its policies and plans Client name - Event - Presentation title Page 19
  • Some common internal control procedures (see outline)  General & cash controls  Investments  Payroll http:// www.bdo.com/acsense/events/Focus-onFraudSept09%20.aspx.  Allocating expenses  Stewardship & accountability  Budgeting & financial planning  Grant funding  Staff training Client name - Event - Presentation title Page 20
  • Types of Controls ― Activity Level Controls ― Entity Level Controls Client name - Event - Presentation title Page 21
  • Basic Internal Controls Basic Internal Controls for the prevention of fraud can be grouped into 3 categories:  Physical Access  Job Description  Accounting Reconciliation and Analysis Client name - Event - Presentation title Page 22
  • Physical Access The need to control access to your organization’s tangible and intangible assets.  Tangible assets – FF&E, inventory, supplies  Intangible assets – donor records, financial records, bank records, credit card information  Locks, Supervision, employee ID’s, computer passwords, access keys, surveillance systems  Limit access by job function Client name - Event - Presentation title Page 23
  • Job Description  Detail an employee’s job responsibilities and expectations.  Generally, employees should not perform duties outside of their job description without authorization.  Include division or segregation of duties. Client name - Event - Presentation title Page 24
  • Account Reconciliation and Analysis  Regular, documented and reviewed reconciliations and analysis makes concealment difficult.  Should be prepared for: ― Bank Accounts ― Investment accounts ― Accounts Receivable ― Accounts Payable ― Significant other assets and liabilities  Variance Analysis ― Actual to budget ― Current year vs. prior year ― Vertical analysis of revenue and expenditures as a percentage of total  Strong Supervision ― Fraud awareness ― Approval, review, recalculation Client name - Event - Presentation title Page 25
  • Mitigating External Fraud • Restricting access to the organization’s network system to designated IT personnel • Implementing virus protection on the organization’s network • Disallowing the downloading of programs from internet • Educating employees about malicious email scams • Requiring employees to change passwords every 90 days • Setting policy that passwords are not shared • Checking bank transactions on a daily basis to detect any outside intervention • Avoiding promotional scams, it something sounds too good to be true it probably isn’t true Client name - Event - Presentation title Page 26
  • Fraud Risk Assessments  Process aimed at proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud  Ongoing, continuous process  Identifier and prioritizing fraud risk in an organization Client name - Event - Presentation title Page 27
  • COSO Internal Control Integrated Framework See Executive Summary in outline Components of Internal Control  Control environment  Risk assessment  Control activities  Information & communication  Monitoring activities Client name - Event - Presentation title Page 28
  • Questions and Comments Client name - Event - Presentation title Page 29