Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gfoa Presentation 2012

344 views

Published on

Preparing an Internal Control Manual for local government.

  • Be the first to comment

Gfoa Presentation 2012

  1. 1. GFOA - Missouri Preparing An Internal Control Manual May 3,2012Ron Steinkamp, CPA, CIA, CFE314.983.1238rsteinkamp@bswllc.com 1050 N. Lindbergh Blvd. | St. Louis, MO 63132 | 314.983.1200 1551 Wall St., Ste. 280 | St. Charles, MO 63303 | 636.255.3000 2220 S. State Route 157, Ste. 300 | Glen Carbon, IL 62034 | 618.654.3100 888.279.2792 | www.bswllc.com © 2012 Brown Smith Wallace All Rights Reserved
  2. 2.  Facilities  Cell phones  Presentation materials  Participation © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved1
  3. 3. Questions  Who has an IC manual?  If you do, why do you?  If you don’t, why not?  What are the benefits?  What would you like to learn from this presentation? © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved2
  4. 4. © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved3
  5. 5. Agenda  GFOA best practice  COSO internal control framework  Importance of having an internal control manual  Developing an internal control manual  Components of an internal control manual  Examples  Guidance/resources  Questions © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved4
  6. 6. GFOA Best Practice Documentation of Accounting Policies and Procedures  Every government should document  Appropriate level of management should promulgate  Review and update no less than once every three years  Update changes as they occur  Assign employee duty of overseeing the process © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved5
  7. 7. Cont.  Documentation should:  Be readily available to all employees who need it  Delineate the authority and responsibility of all employees, especially the authority to authorize transactions and for the safe- keeping of assets and records  Include which employees are to perform which procedures  Be described as actually performed  Explain the design and purpose of control related procedures to increase employee understanding and support for controls © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved6
  8. 8. Cont. Enhancing Management Involvement with IC  Financial managers obtain the information and training needed to take responsibility for internal control  Obtain a sound understanding of the essential components of a comprehensive framework of internal control as set forth by the Council of Sponsoring Organizations (COSO)  Employees responsible for internal control receive the information and training needed to fulfill their responsibilities © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved7
  9. 9. Cont.  Document internal control procedures  Procedures include practical means for employees to report management override of controls  Periodically evaluate relevant internal control procedures to ensure they are:  Adequately designed  Have been implemented  Function as designed © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved8
  10. 10. COSO INTERNAL CONTROL FRAMEWORK © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved9
  11. 11. What is COSO?  Issued the Internal Control Integrated Framework in 1992  Established a common definition of internal control  Provided a standard (criteria) to assess the effectiveness of internal controls  The standard for internal control recognized by the U.S. accounting profession © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved10
  12. 12. Internal Control Definition  Process  Effected by people  Provide reasonable assurance regarding the achievement of objectives related to:  Effectiveness and efficiency of operations  Reliability of financial reporting  Compliance with applicable laws and regulations © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved11
  13. 13. COSO Control Categories  Control environment  Risk assessment  Control activities  Information and communication  Monitoring © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved12
  14. 14. Cont. Control Environment  Sets the tone of an organization  Provides discipline and structure  Factors include:  Integrity and ethical values  Commitment to competence  Organizational structure  Assignment of authority and responsibility  Human resource policies and practices © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved13
  15. 15. Cont. Risk Assessment  Identify risks, including fraud risks, that could impede the achievement of objectives  Analyze risks  Formulate a risk management approach © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved14
  16. 16. Cont. Control Activities  The policies and procedures that help mitigate risks  Common control categories include:  Tracking achievements to plans  Monitoring performance measures and indicators  Physically securing and safeguarding vulnerable assets  Ensuring accuracy and completeness of information processing systems  Segregating key duties and responsibilities to reduce the risk of error or fraud  Ensuring transactions are authorized, properly classified, and promptly recorded © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved15
  17. 17. Cont.  Limiting access to resources and records and establishing accountability for their custody  Documenting all transactions  Ensuring transactions are conducted in accordance with applicable laws and regulations © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved16
  18. 18. Cont. Information and Communication  Management should receive information in a timely manner and in a format that allows proper execution of internal controls and operational responsibilities  Communication should be useful, reliable and continuous © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved17
  19. 19. Cont. Monitoring  Assess the quality of performance of internal controls over time  Includes:  Ongoing monitoring – regular management and supervisory activities  Separate evaluations – internal and external audits  Mechanism to ensure prompt resolution of audit findings and recommendations  Management is responsive to recommendations aimed at strengthening controls © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved18
  20. 20. Why Have an Internal Control Manual © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved19
  21. 21. Accountability  Government officials are entrusted by the public to:  Operate in an efficient and effective manner  Properly handle and safeguard funds  Comply with laws and regulations  Achieve results for which they were authorized/funded  Must be accountable to the public A good up to date IC Manual that is properly implemented and followed provides reasonable assurance that risks are properly identified, managed, monitored and reported on through control activities. © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved20
  22. 22. Con’t. Sound Management Practice  Maintain control  Describe the method and systems of management  Comply with regulations  Educate employees  Provide for continuity  Preparation for audit © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved21
  23. 23. Developing an Internal Control Manual © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved22
  24. 24. Approach E D R V D O E P E A E C D L V L S U U A I U I M C N E A G E A W T N N T E T E © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved23
  25. 25. Cont. Plan  Select the team and leader  Establish objectives  Determine format and contents of the IC manual and contents  Determine processes to document  Establish a time line  Assign team responsibilities  Schedule team check points © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved24
  26. 26. Cont. Review  Review current policies and procedures  Walk through “as is” process with process owner  Document “as is” process  Validate “as is” process documentation with process owner  Make changes as appropriate © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved25
  27. 27. Cont. Evaluate  Identify existing internal controls in “as is” process  Determine adequacy and effectiveness of existing internal controls  Identify control gaps – missing controls  Discuss with process owner and seek input on design of controls © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved26
  28. 28. Cont. Design  Design process with adequate and effective controls  Walk through re-design process with process owner  Make changes as necessary © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved27
  29. 29. Cont. Document  Document process and related controls  Compile IC Manual with all processes © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved28
  30. 30. Cont. Educate  Train & roll-out to all effected employees  Part of new hire orientation  Refresher training © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved29
  31. 31. Cont. Tips  Start with a flexible table of contents  Keep it simple, short and uncomplicated  Determine consistent format and layout  Date each policy and procedure included in the manual  Include page numbers © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved30
  32. 32. Components of an Internal Control Manual © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved31
  33. 33. Internal Control Manual• Introduction • Internal control basics• Fraud • Control environment• Risk assessment • Control activities• Information & • Monitoring communication © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved32
  34. 34. Cont. Introduction  Purpose  Scope  Authority  How to use the manual  Definitions © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved33
  35. 35. Cont. Internal Control Basics  Define internal control  Control framework  Importance of controls  Management’s responsibility for internal controls © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved34
  36. 36. Cont. Fraud  Definition  Characteristics  Reporting responsibility  How to report © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved35
  37. 37. Cont. Control Environment  Definition  Responsibility  Expectations related to:  Integrity and ethical values  Commitment to competence  Management philosophy and operating style © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved36
  38. 38. Cont.  Organizational structure  Assignment of authority and responsibility  Human resource policies and procedures © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved37
  39. 39. Cont. Risk Assessment  Definition  Responsibility  Expectations related to:  Establishment of objectives  Risk identification  Risk analysis  Managing risk during change © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved38
  40. 40. Cont. Control Activities  Definition  Responsibility  Control types:  Approvals, authorizations and verifications  Reconciliations  Performance reviews © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved39
  41. 41. Cont.  Security of assets  Segregation of duties  IT – general controls  IT – application controls  Identify procedures and controls within critical cycles/processes such as:  Revenue  Procurement  Disbursement  Payroll © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved40
  42. 42. Cont.  Treasury  Financial reporting  Fixed assets  Regulatory  Information systems © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved41
  43. 43. Cont. Information & Communication  Definition  Responsibility  Expectations related to:  Information  Communications © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved42
  44. 44. Cont. Monitoring  Definition  Responsibility  Expectations related to:  Ongoing monitoring  Evaluations  Audit resolution © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved43
  45. 45. Example Internal Control Manuals © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved44
  46. 46. Example IC Manuals • IC Policy Manual – North Carolina • IAC Manual – Ohio Counties • Atlantic Beach NC Internal Control Policy • Fin Mgmt Controls Manual - Example • Understanding Internal Control • Internal Control Manual © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved45
  47. 47. Guidance/Resources © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved46
  48. 48.  COSO – www.coso.org  GAO – www.gao.gov  www.gao.gov/products/AIMD-00-21.3.1  www.gao.gov/products/GAO-01-1008G  GFOA – www.gfoa.org  IIA – www.theiia.org © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved47
  49. 49. Questions © 2012 Brown Smith Wallace All Rights Reserved © 2011 Brown Smith Wallace All Rights Reserved48

×