The document discusses designing effective financial controls. It outlines that effective controls require a commitment to control objectives, risk assessment, control activities, communication, and monitoring. It describes the five components of the COSO internal control framework - control environment, risk assessment, control activities, communication and information, and monitoring. Key focus areas for effective controls are outlined as control activities to manage risk, reliable information available to stakeholders, communication mechanisms, and monitoring for compliance.
Presentation by Rich Pollack, VP and Chief Information Officer, VCU Health, at the marcus evans National Healthcare CIO Summit held in Pasadena, CA March 13-14 2017
High-performing organizations achieve results by utilizing portfolio management to select the right projects at the right time with the right resources based on a data-driven selection methodology. Portfolio management adds value to an organization’s bottom line by optimizing the organization’s capacity and capabilities to meet the demands of an ever changing market and technology trends. It does this by providing insight and global visibility of the organizations approved set of strategic criteria against a backdrop of organizational constraints. This presentation provides a few of the value creation processes that implementing a best in class portfolio management solution can provide to your organization.
To learn more: http://developingaculturethatworks.com/
Managing human resources at data centers 1.0aqel aqel
This presentation discusses set of topics related to human resources (HR) who are working in data-centers. A common HR life cycle approach was followed that starts by hiring, developing and/or managing, and ending by transitioning datacenter worker to a new stage that might include rotating to another job within the organization.
HR Planning is based on business requirements, nature of technology implemented and available budgets. Some best practices for hiring and managing human resources were discussed including organizing, motivation and risks optimization. The paper includes lots of globally accredited best practices and controls that facilitate operations excellence.
Presentation by Rich Pollack, VP and Chief Information Officer, VCU Health, at the marcus evans National Healthcare CIO Summit held in Pasadena, CA March 13-14 2017
High-performing organizations achieve results by utilizing portfolio management to select the right projects at the right time with the right resources based on a data-driven selection methodology. Portfolio management adds value to an organization’s bottom line by optimizing the organization’s capacity and capabilities to meet the demands of an ever changing market and technology trends. It does this by providing insight and global visibility of the organizations approved set of strategic criteria against a backdrop of organizational constraints. This presentation provides a few of the value creation processes that implementing a best in class portfolio management solution can provide to your organization.
To learn more: http://developingaculturethatworks.com/
Managing human resources at data centers 1.0aqel aqel
This presentation discusses set of topics related to human resources (HR) who are working in data-centers. A common HR life cycle approach was followed that starts by hiring, developing and/or managing, and ending by transitioning datacenter worker to a new stage that might include rotating to another job within the organization.
HR Planning is based on business requirements, nature of technology implemented and available budgets. Some best practices for hiring and managing human resources were discussed including organizing, motivation and risks optimization. The paper includes lots of globally accredited best practices and controls that facilitate operations excellence.
Research has shown that top performing organizations that practice project portfolio management (PPM) and IT Governance have a 40% greater return on IT investments than their competitors. During this presentation the speaker will cover tips and techniques such as:
•Portfolio Optimization practices that work
•How to categorize your PPM inventory
•Understanding the difference between project reviews and portfolio management reviews
•How should risk management impact your PPM environment
•What Top 3 soft skills must PPM managers develop
•RACI for PPM Governance
To learn more: http://developingaculturethatworks.com/
IT steering committees are a best practice approach for aligning strategic business and IT priorities. Understand when the time is right to establish an IT steering committee and how to get this group started on the right track.
This solution will help you:
•Build the case for IT steering.
•Focus your IT steering objectives. Get your steering committee on track.
IT leaders must ensure that the IT steering committee has a formal mandate with clear objectives, strong executive participation, and a commitment to meeting regularly.
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
Key Questions and Ideas this presentation addresses:
· How to manage a Portfolio if you don't have a PMO?
· How to say no to a project request?
· Portfolio Governance
· How to setup a portfolio management office?
· How to engage the business or practice groups?
· How to develop a mature portfolio practice?
· What are the steps for setting up a PPM capability?
Effective governance is a critically important enabler in achieving “top performer” status. “Governance” is the third topic in a supply chain learning series presented by ScottMadden and Shared Services & Outsourcing Network (SSON). In this session, we focus on the key building blocks of effective supply chain governance models including decision rights, performance metrics, service level agreements, and issue escalation/resolution. In addition, we discuss how to create alignment across an enterprise for a consistent supply chain strategy that clearly differentiates transactional efficiency from higher-value, strategic activities.
To learn more, please visit www.scottmadden.com.
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, for the Institute of Internal Auditors International Conference, in Vancouver, Canada, July, 5-8 2015.
Productivity gains are key to the bottom line profits of your department and organization because they allow you to accomplish more with less. The purpose of this webinar is to discuss the 3 vital elements that can help you and your organization increase its productivity gains by:
• Cascading Activity Alignment
• Optimizing Resource Utilization
• Increasing throughput and value creation
To learn more: http://developingaculturethatworks.com/
Research has shown that top performing organizations that practice project portfolio management (PPM) and IT Governance have a 40% greater return on IT investments than their competitors. During this presentation the speaker will cover tips and techniques such as:
•Portfolio Optimization practices that work
•How to categorize your PPM inventory
•Understanding the difference between project reviews and portfolio management reviews
•How should risk management impact your PPM environment
•What Top 3 soft skills must PPM managers develop
•RACI for PPM Governance
To learn more: http://developingaculturethatworks.com/
IT steering committees are a best practice approach for aligning strategic business and IT priorities. Understand when the time is right to establish an IT steering committee and how to get this group started on the right track.
This solution will help you:
•Build the case for IT steering.
•Focus your IT steering objectives. Get your steering committee on track.
IT leaders must ensure that the IT steering committee has a formal mandate with clear objectives, strong executive participation, and a commitment to meeting regularly.
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
Key Questions and Ideas this presentation addresses:
· How to manage a Portfolio if you don't have a PMO?
· How to say no to a project request?
· Portfolio Governance
· How to setup a portfolio management office?
· How to engage the business or practice groups?
· How to develop a mature portfolio practice?
· What are the steps for setting up a PPM capability?
Effective governance is a critically important enabler in achieving “top performer” status. “Governance” is the third topic in a supply chain learning series presented by ScottMadden and Shared Services & Outsourcing Network (SSON). In this session, we focus on the key building blocks of effective supply chain governance models including decision rights, performance metrics, service level agreements, and issue escalation/resolution. In addition, we discuss how to create alignment across an enterprise for a consistent supply chain strategy that clearly differentiates transactional efficiency from higher-value, strategic activities.
To learn more, please visit www.scottmadden.com.
Presentation by Vincent Tophoff, Senior Technical Manager, IFAC, for the Institute of Internal Auditors International Conference, in Vancouver, Canada, July, 5-8 2015.
Productivity gains are key to the bottom line profits of your department and organization because they allow you to accomplish more with less. The purpose of this webinar is to discuss the 3 vital elements that can help you and your organization increase its productivity gains by:
• Cascading Activity Alignment
• Optimizing Resource Utilization
• Increasing throughput and value creation
To learn more: http://developingaculturethatworks.com/
Internal controls maturity and SME corporate governananceBrowne & Mohan
Good Corporate governance is a key factor in ensuring sound financial reporting and deterring misappropriations of capital and resources. Internal control and corporate governance go hand in hand. Many SME
have an ambitious goal of reaching a
reliable, continuous and integrated internal
control state. However, many SME’s are
still grappling to build a comprehensive
control process. In this paper, we present an
internal maturity framework that SME can use to benchmark and know how they can discourage frauds, improve compliance and adoption of standards.
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
SAS Framework,Chapter 3 Of Accounting Information System. Frauds ,ethics and Internal Control, Levels of SAS-78/COSO Framework. The Control Environment, Risk Assessment, Monitoring, Supervision and in the end Control Acvities
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
This presentation is my endeavor to bring to notice the new position that internal audit enjoys today in the corporate framework, expectations of the industry and emerging opportunities for the professionals.
Similar to Designing Effective Financial Controls (20)
2. “A strong internal control
framework is the result of clear
control objectives and a
commitment by a company’s
Board, management, and
employees to create and
maintain a strong control
environment. It also requires a
commitment to properly assess
organizational risk, establish
and conduct appropriate
control activities, generate and
communicate timely, relevant
and reliable information, and
participate in regular
monitoring activities.”
3. Every year corporations lose millions of dollars
due to poor internal controls. The failures include
inadequate segregation of duties, lax control over
vendor master records and incorrect customer
invoices. Additionally, poor controls around the
flow of data in an organization’s ERP system can
result in manual rework to correct improper
accounting entries. Taken to the extreme,
inadequate controls can result in material
misstatements in financial reporting and the
associated regulatory submissions.
With the continued guidance of Section 404 of the
Sarbanes-Oxley Act, management is required to
publish in their annual reports a statement
concerning the scope and adequacy of the
internal control structure and procedures for
financial reporting. Additionally, the company’s
auditors must attest to and report on the
assessment of the effectiveness of the internal
control structure and procedures for financial
reporting. An investment in strong internal
controls is essential for the effective governance
and protection of the corporation.
Control Objectives
In designing an effective internal control structure,
three objectives must be kept in mind as the
controls are designed, tested and maintained.
These objectives are:
ß Ensure that corporate assets are
safeguarded against malfeasance and
used only for business purposes,
ß Provide accurate business information to
management, investors, creditors,
regulators and other relevant stakeholders,
and
ß Ensure that employees comply with all
applicable laws and regulations.
With these objectives established, the internal
control structure can be developed and
maintained using the COSO internal control
framework.
The Internal Control Framework
The Internal Control - Integrated Framework report,
published by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO),
provides a framework that consists of five interrelated
components. All of these components must be in
place and operating effectively for there to be an
effective internal control structure. These five
components are:
ß Control Environment
ß Risk Assessment
ß Control Activities
ß Communication and Information
ß Monitoring
Control Environment
The control environment is the foundation of a
company’s internal control structure and is centered on
the attitudes, actions and awareness of the company’s
internal stakeholders, including the Board of Directors,
management and front-line personnel. The level of
importance these stakeholders place on strong internal
controls will greatly influence the existence and
effectiveness of those controls.
The control environment is core to a company’s
approach to daily business activities and the way it
assesses risk in conducting those activities. According
to COSO, control environment factors include the
“integrity, ethical values and competence of the entity's
people; management's philosophy and operating style;
the way management assigns authority and
responsibility, and organizes and develops its people;
and the attention and direction provided by the board of
directors”.
Risk Assessment
As part of the control structure, a company should have
a process in place to assess risk in relation to its
corporate objectives. The risk assessment applies to
all areas of the company and should involve most
activities within the organization. According to the
COSO framework, risk assessment is a 3-step process:
ß Estimate the significance of the risk,
ß Access the likelihood or frequency of the risk
occurring, and
ß Consider how the risk should be managed and
assess what actions must be taken
An effective risk assessment system will incorporate
both internal and external factors. Internal factors can
include people, systems and processes. External
factors can include economic developments,
4. regulatory changes and industry advances. It is the
responsibility of the company’s management to
properly assess risk and then to develop and maintain
a program that will effectively mitigate the risk
identified.
Control Activities
Control activities are the policies and procedures put in
place by management to ensure that the processes
put in place to address risk are being carried out. This
component of the COSO framework is wide-ranging
and includes controls designed to prevent errors as
well as controls to detect errors after the fact and
enable corrective action to be taken. Examples of
preventive controls include segregation of duties and
physical controls such as locking down cash.
Detective controls are focused on reporting,
reconciliations, management reviews and periodic
audits to detect errors needing correction.
A key aspect of the COSO framework is its emphasis
on information system controls. This includes
financial, operational and compliance related systems.
All of these systems should have both general and
application controls. As the name implies, general
controls pertains to all systems and covers issues
such as physical access to the systems. Application
controls are specific to a particular system and
includes individual security profiles and business logic
that would prevent unreasonable data from passing
through undetected.
Communication and Information
Communications and information are actually two
distinct components of internal control.
Information must be readily available to
organizational stakeholders and the information
must be of sufficient quality that personnel can act
on the information, confident that it is reliable.
This information should also be suitable for
communicating with external stakeholders such as
investors, creditors and regulators.
COSO recognizes that information can be both
structured and unstructured. Structured
information comes from the company’s formal
information systems and can be financial,
operational or compliance related. Unstructured
information can consist of conversations with
customers and suppliers.
A strong internal control structure enables
communication to flow through an organization,
from top to bottom and from the bottom upwards,
as well as horizontally through the various
departments. These communication channels are
created and maintained to ensure that information
flows to those departments and individuals
requiring information for their financial, operational
and compliance related reporting and analysis
responsibilities.
Monitoring
Nothing ever stays the same and internal controls
are no different. Due to changing factors both
internal and external, there is an ongoing need to
monitor internal controls to assess their
effectiveness and to determine if any changes in
the internal controls are warranted.
Monitoring takes two basic forms: ongoing
monitoring as part of a company’s continuous
operations and periodic monitoring based on
specific control objectives. COSO lists various
means of ongoing monitoring which includes
reviews by management and supervisory personnel
to identify errors and make corrections as
necessary. It also includes the regular
reconciliation of physical and financial assets such
as inventory and cash.
In addition to ongoing reviews, it is usually
beneficial to make periodic reviews of specific
control procedures. Although a company’s internal
audit group may be involved in the testing and
evaluation of internal controls, it is also acceptable
for line management to initiate their own review of
internal controls and make updates to the control
structure as necessary to remediate any
deficiencies found.
Conclusion
A strong internal control framework is the result of
clear control objectives and a commitment by a
company’s Board, management, and employees to
create and maintain a strong control environment.
It also requires a commitment to properly assess
organizational risk, establish and conduct
appropriate control activities, generate and
communicate timely, relevant and reliable
information, and participate in regular monitoring
activities.
5. Key Focus Areas for Effective
Internal Controls:
ß Control activities to manage
enterprise risk
ß Information that is reliable and
available to stakeholder groups
ß Communication mechanisms to
convey accurate and timely
information to stakeholders
ß Monitoring to ensure
compliance with internal
controls
6. About Stephen G. Lynch
Steve brings more than 20 years of experience advising global
companies on their service delivery strategies. An experienced
global consultant, Steve has partnered with clients on five continents
to develop and deploy the strategy that leads to superior
performance. His expertise spans the domains of organizational
transformation, process optimization, shared services, and global
service delivery.
Steve previously served in a variety of consulting roles at Ernst & Young, The Hackett Group,
CSC, and most recently, KPMG where he served as a Director in the Advisory practice. His
focus is on capital intensive industries including energy, industrial and consumer product
manufacturing, and pharmaceuticals. His clients include Bristol-Myers Squibb, Johnson &
Johnson, Novartis, Ford, Corning, ITT, General Dynamics, BP, ConocoPhillips, The Coca-C0la
Company, Sunbeam, and Mattel.
Contact Information
Stephen G. Lynch
+1.972.885.7734
steve@stephenglynch.com