Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Red Flag Reporting - Organizational Level Controls


Published on

Smith & Howard - Red Flag Reporting - Organizational Level Controls

Published in: Services
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Red Flag Reporting - Organizational Level Controls

  1. 1. Organizational Level Controls
  2. 2. Components of Internal Control • COSO sets forth five components of internal control: – Control Environment – Risk Assessment – Control Activities – Information and Communication – Monitoring
  3. 3. Components of Internal Control (continued) Two types of Controls: • Organizational Level Controls (Focus of this Presentation) • Functional Level Controls COSO Component Primary Level of Application Organizational Level Functional Level Control Environment X Risk Assessment X Information and X Communication (Communication) X (Information Systems) Control Activities X Monitoring X
  4. 4. Control Environment • Sets the Organization’s Tone • Most Cost Effective and Efficient way to Implement Internal Control • Effects all Other Aspects of Internal Control • Control Environment Factors Include the Following Principles: – Integrity and ethical values, commitment to competence, oversight by board or audit committee, management’s philosophy and operating style, organizational structure, manner of assigning authority and responsibility, HR policies and procedures. • Hard Controls vs. Soft Controls
  5. 5. Integrity and Ethical Values • Management’s Integrity Plays a Significant Role in “Setting the Tone at the Top” • Challenges Faced when Establishing Ethical Values: – Balancing the Issues and Concerns of Various Parties – Assigning Prominence to High Ethical Behavior within the Organization – Balancing Short-Term and Long-Term Goals
  6. 6. Commitment to Competence • Employee Competence is Critical to an Organization’s Control Environment – Otherwise, Employees May Not Follow Policies – Internal Control Effectiveness would be Impaired • Competence Levels Required are Determined by Management. – Implemented by hiring decisions, training – Competence comes with cost – Jobs with less supervision require more Competence
  7. 7. Board of Directors / Audit Committee • Their Existence Plays a Role in Setting Tone at the Top • Board and Audit Committee Should Consist of Executives Outside the Company – Outsiders are Less Likely to be Influenced by Management • Audit Committee Should Oversee: – Internal Controls over Financial Reporting – Fraud Risks Identified by Management – Implementation of Anti-Fraud Measures – Creation of Appropriate Tone at the Top – Consideration of Management Override of Controls
  8. 8. The Audit Committee Should… • Exercise Appropriate Skepticism • Have Knowledge of the Business and Industry • Brainstorm Possible Fraud Risks • Assess Tone at the Top via the Code of Conduct • Use an Effective Whistleblower Program (including a fraud hotline) • Develop an Effective Information and Feedback Network
  9. 9. Management’s Philosophy and Operating Style • Management Style: Formal vs. Informal – Organizations with a formal management style generally have more structured policies and procedures in place. – Organizations with an informal management style use personal contact with supervisors as a control function instead of written policies and procedures. • Management’s Philosophy and Operating Style Determine Acceptable Behavior and Expectations for Each Employee – An effective antifraud environment is created with a strong value system founded on integrity. – Proper examples set by management resonate through the business
  10. 10. Organizational Structure • Organizational Structure: – “Provides the framework within which its activities for achieving entity-wide objectives are planned, controlled, and monitored.” – Types of structures include: Centralized, decentralized, matrix reporting relationships, direct reporting relationships. – Can be organized by: Product line, industry, geographic location, distribution network, marketing network, function. – Issues to consider when establishing appropriate organizational structure are how: Areas of authority are defined, appropriate responsibilities are assigned, appropriate lines or reporting are established.
  11. 11. Assignment of Authority and Responsibility • Determined by Management – Segregation of Duties should be Considered – Delegating authority to those closest to the transaction facilitates timely decision-making. However, raises the risk of poor decisions. • Other Factors Affecting how Organizations Delegate Responsibilities include: – Organizational structure, competence, accountability, monitoring.
  12. 12. Assignment of Authority and Responsibility (Continued) • Considerations for assignment of authority and responsibility related to financial reporting include: – Appropriateness of authority and responsibility to meet required objectives – Policies that prevent unauthorized access – Assignments of authorization is assigned at appropriate levels
  13. 13. Human Resource Policies and Procedures • HR Policies and Procedures enable and reinforce other aspects of the control environment. – Includes an organization’s practices relating to: hiring, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions.
  14. 14. Special Considerations for Small and Mid-sized Businesses • Nature and Size of the Business • Organization and Ownership Characteristics • Diversity and Complexity of Operations • Methods for Processing Financial Information • Legal and Regulatory Requirements
  15. 15. Challenges for Smaller Businesses in Implementing Internal Controls • Management Influence – Potential for management override of controls is greater with smaller companies. • Segregation of Duties – This is often difficult with smaller companies since there are less employees to split tasks with. • Qualified Accounting Personnel – Smaller companies may not have the resources to hire accounting personnel with the appropriate technical skills.
  16. 16. Challenges for Smaller Businesses in Implementing Internal Controls (Continued) • Board of Directors and Audit Committee – Smaller companies may not have the resources to attract a qualified board of directors. • Information Technology – It may not make financial sense for a smaller company to have an expensive ERP system with robust controls.
  17. 17. Managing Change – Potential Changes with Significant Impact • Changes in the Organization’s Operating Environment – Management implements changes that result in additional risks – Competitive pressures affect marketing or production strategies – Deregulation affects competition and cost structures • New Personnel May: – Not have proper understanding of control – Not understand the corporate culture – Emphasize performance over control activities – Not have the training and supervision necessary for controls to operate • New or Revised Information Systems – Time and cost constraints, and other issues on implementation – Lack of training and lack of new controls related to new system
  18. 18. Managing Change – Potential Changes with Significant Impact (Continued) • Rapid Growth within the Organization – May strain existing systems and personnel – Shifting responsibilities – More focused on results than on controls • New Technology – New or modified controls need to be implemented to address new technology – Personnel may require training on use of new technology • New Business Models, Products, or Activities – Personnel may be unfamiliar of new business models, products, and activities – Existing controls may not address new areas
  19. 19. Managing Change – Potential Changes with Significant Impact (Continued) • Restructuring Within the Organization May Result In: – Staff reductions, inadequate supervision, inadequate separation of duties, reassignment of personnel and new duties • Expanded Foreign Operations – Culture and customs of foreign country may different – Economic and regulatory environment may be different • Adaption of New Accounting Principles – Unfamiliar with new requirements – New requirements may affect a variety of accounts and transactions – Complex requirements may require study and analysis to ensure provisions are applied properly – Presentation and disclosure issues
  20. 20. Communication • Communication of expectations, responsibilities, and other matters is necessary for the business to operate effectively • Internal Communication- It is important that management communicates: – The importance of internal control – Internal control responsibilities – That unexpected events should be investigated – How job activities relate to the work of others
  21. 21. Communication (Continued) • Importance of Upstream Communication – Information flowing from bottom to top – Significant operating issues are typically identified by people close to the transaction – Sales representatives may learn new way to give company products an edge – Personnel may be aware of ways to cut costs – Finance employees may be aware of misstatements
  22. 22. Communication (Continued) • For upstream communication to occur, open channels must be available • Management should communicate key issues to the board
  23. 23. Communication (Continued) • External Communication – Communication with companies doing business with the organization – Communication with independent auditors – Communication with regulators – Communication with shareholders
  24. 24. Monitoring • Monitoring can be accomplished through: – Ongoing Activities • Comparisons • Reconciliations • Internal and External Audit • Regulators • Vendors & Customers – Separate Evaluations – A Combination of the Two
  25. 25. Questions?
  26. 26. Thank You! Please call Debbie Risher or Marvin Willis at Smith & Howard with questions. 404-874-6244