Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Entity Level Controls And

1,699 views

Published on

November 8, 2011, presentation to IMA members detailing entity level controls to include the control environment, risk assessment, communication and monitoring aspects of internal controls.

  • Be the first to comment

Entity Level Controls And

  1. 1. Entity Level Controls and Fraud Michael Kosinski, CPA mkosinski@larsonallen.com 239-280-3517 ©2011 LarsonAllen LLP ©2011 LarsonAllen LLP1
  2. 2. Objectives • Discuss the nature of entity level controls • Review the operating environment and the proper structure to provide effective controls • Review the risk assessment process and considerations of organizational risks and fraud ©2011 LarsonAllen LLP2
  3. 3. Is Greed Good? • Aggressive financial reporting What • Tax fraud Message • Personal expenses in the company Are • Unrealistic estimates You • Don’t tell the auditors Sending? ©2011 LarsonAllen LLP3
  4. 4. People are your assets Staffing Levels Short Staffed Turnover Competence Inadequate Staffing Defined Roles Feedback ©2011 LarsonAllen LLP Compensation Evaluations4
  5. 5. Internal Controls • ―MF Global Holdings Ltd.’s bankruptcy, the eighth-largest in U.S. history, is exposing a lack of internal controls that may have prevented a last-minute rescue of Jon Corzine’s futures broker.‖ Washington Post Nov 2, 2011 Functional Entity ©2011 LarsonAllen LLP5
  6. 6. What are entity level controls? Influence the company’s culture Instills the tone of the company Attitudes, awareness, and actions of management ©2011 LarsonAllen LLP6
  7. 7. Entity Level Controls Control Environment Monitoring Entity Risk Assessment Level Communication ©2011 LarsonAllen LLP7
  8. 8. Is it enough just to say it? • ―Boards should be absolutely certain that the company is run properly from a fiduciary standpoint in every degree. I am a great believer in the audit committee having full access to the auditors in every way, shape, and form.‖— former Sunbeam Chairman Al Dunlap • ―You’ll see people who in the early days … took their life savings and trusted this company with their money. And I have an awesome responsibility to those people to make sure that they’ve done right.‖—former WorldCom CEO Bernard Ebbers ©2011 LarsonAllen LLP8
  9. 9. Is it enough just to say it? • ―We are offended by the perception that we would waste the resources of a company that is a major part of our life and livelihood, and that we would be happy with directors who would permit that waste. … So as a CEO, I want a strong, competent board.‖—former Tyco CEO Dennis Kozlowski • ―It’s more than just dollars. You’ve got to give back to the community that supported you.‖—Adelphia founder John Rigas • People have an obligation to dissent in this company.‖— ©2011 LarsonAllen LLP former Enron CEO Jeffrey Skilling9
  10. 10. Or do you have to live it? • ―It is not simply a case of having a set of procedures and processes, nor is it just about having controls in place. Reliance on a poor control is often worse than having no control at all. [The trustees must have] … a clear understanding of the business and what can go wrong.‖ - Tony Rawlins - (2001) ©2011 LarsonAllen LLP10
  11. 11. 11 The Control Environment ©2011 LarsonAllen LLP ©2011 LarsonAllen LLP
  12. 12. Control Environment Sets the tone Foundation for all other controls Provides structure and discipline Most cost effective and efficient control ©2011 LarsonAllen LLP12
  13. 13. What does it look like? Ownership Integrity Accountability Oversight Philosophy Structure Responsibility Competence ©2011 LarsonAllen LLP13
  14. 14. Soft Controls Integrity Competence Philosophy ©2011 LarsonAllen LLP14
  15. 15. Integrity Articulate Inform Demonstrate Approaches Day to day activities New hires Investigate violations Vendor interactions Periodic updates Timelines and consistent Customer interactions Understandable Communicate actions Intolerance of violations Available Monitor compliance ©2011 LarsonAllen LLP15
  16. 16. Competence Hire Train Sustain Approaches Critical Skills In-house Oversight Knowledge External Evaluate Ability Professional services Analyze roles Interviews Cost Benefit ©2011 LarsonAllen LLP16
  17. 17. Oversight Establish Evaluate Review Approaches Independence Management Performance Responsibilities Risks Audit Skepticism Effectiveness Advisors Policies ©2011 LarsonAllen LLP17
  18. 18. Philosophy Mitigate Diligence Processes Approaches Reporting risks Judgment Adjustments Suppliers Attitudes Estimates Customers Accounting principles Employees Authorization ©2011 LarsonAllen LLP18
  19. 19. Structure Establish Align Maintain Approaches Organizational chart Roles Appropriate reporting Streamlined layers Functions Current job descriptions Reporting lines Processes Communication Clear roles ©2011 LarsonAllen LLP19
  20. 20. Accountability and Responsibility Assign Articulate Review Approaches Responsibility Links Nature of position Authority Empowerment Key personnel Segregation Limits ©2011 LarsonAllen LLP20
  21. 21. Small Business Challenges • Management influence • Segregation of duties • Qualified personnel • Limited oversight • Technology ©2011 LarsonAllen LLP21
  22. 22. 22 The Risk Assessment Process ©2011 LarsonAllen LLP ©2011 LarsonAllen LLP
  23. 23. Risk Assessment Identify Analyze Respond ©2011 LarsonAllen LLP23
  24. 24. Risk Analysis Estimate Assess Managing Significance Probability the Risk ©2011 LarsonAllen LLP24
  25. 25. Risk Assessment Reporting Risk Fraud Objectives Management Consideration • Establish • Risk • Assess Document Identification • Monitor Communicate • Organization and • Apply Principals Relationships • Anticipate and mitigate ©2011 LarsonAllen LLP25
  26. 26. Reporting Objectives Identify • Significant accounts • Underlying transactions Assertions Capture • Review activities • Appropriately presented Activities Appropriate • Policies vs. industry • Detail vs. industry Policies ©2011 LarsonAllen LLP26
  27. 27. Risk Analysis Aspects Business Competency Process Reassess IT Infrastructure Probability ©2011 LarsonAllen LLP27
  28. 28. • Assertions and accounts Identify • Business processes and Support • Maps the internal controls Controls • Identifies controls and risks • Interacts with external parties Information • Suppliers, investors, creditors Internal vs. • Considers factors impacting reporting External ©2011 LarsonAllen LLP28
  29. 29. Overall Risks - External Risks Customers and Competition Technology Company Regulation and Natural Economy Disasters ©2011 LarsonAllen LLP29
  30. 30. Overall Risks - Internal Risks Information Personnel Technology Management Access to Nature of Assets Organization ©2011 LarsonAllen LLP30
  31. 31. Fraud Considerations • Comprehensive brainstorming Assess • Consider override controls • Compensation practices Review • Incentives and pressures • Investigate and reporting Investigate • Remediation of instances • Consider fraud in management Oversight • Consider innternal audit ©2011 LarsonAllen LLP31
  32. 32. 32 Communication ©2011 LarsonAllen LLP ©2011 LarsonAllen LLP
  33. 33. Communication Objectives • Communication exists between management and governance to provide relevant information • All personnel receive a clear message about reporting, and internal controls • Communication is effective and absent of fears of retribution ©2011 LarsonAllen LLP33
  34. 34. Communication to Employees Management IC Critical to all Roles and Relation of Job Unexpected Employees Responsibilities to Others Events ©2011 LarsonAllen LLP34
  35. 35. Communication to Management Management Customer Operating Needs Issues Continuous Competition Improvement Misstatements ©2011 LarsonAllen LLP35
  36. 36. External Communication Suppliers Shareholders Vendors Company Prospects Regulators Audit ©2011 LarsonAllen LLP36
  37. 37. Facilitating Internal Control Communicate Financial Reporting Objectives • Financial reporting, IC, policies and responsibilities • Communicates IC information and code of conduct Develop Alternative Means of Communication • Mentoring and other channels • Whistleblower and anonymous hotlines Board of Directors • Open discussions with management • Communicate expectations for financial information ©2011 LarsonAllen LLP • Meets with external advisors and internal audit37
  38. 38. 38 Monitoring ©2011 LarsonAllen LLP ©2011 LarsonAllen LLP
  39. 39. Monitoring – Small Business • Tend to be informal • Based on ongoing activities • Examples – Significant variances from expectations – Inaccuracies in financial information – Operating issues and shortages – Customer and vendor complaints – Communications from third parties ©2011 LarsonAllen LLP39
  40. 40. Ongoing Monitoring Normal Management Third party communication Supervision Reconciliations to physical assets Communications from auditors Certifications ©2011 LarsonAllen LLP40
  41. 41. Ongoing Activities Management Third Party Supervision • Variances • Budget • Customer • Segregation of Comparisons payments duties • Benchmarking • Bank balance • Supervisor reconciliations reviews • Key statistics • Vendor • Adjustments statements • Approving • Noncompliance vendors from regulators • Review accuracy ©2011 LarsonAllen LLP41
  42. 42. Ongoing Monitoring • Reconciliation to physical assets – Subsidiary schedules and bank statements – Fixed asset and inventory counts • Auditor Communication – How many adjustments were made – Deficiency communications • Certifications – Independent verifications – Not typical for small to mid sized businesses ©2011 LarsonAllen LLP42

×