Iteral Cotrol Framework NMASBO Boot Camp October 2017 Make up of participats Superitedets Aspirig Superitedets School Districts Charter Schools Former Coaches 1
Take Away Items A iteral cotrol system is made up of 5 compoets; Cotrol/orgaizatioal eviromet, risk assessmet, cotrol activities, iformatio ad commuicatio, ad moitorig. Which compoet is the most importat? Segregatio of duties is part of what compoet of the iteral cotrol system? What are the compoets of the fraud triagle? Why is it importat to maitai proper segregatio of duties? Class Objectives ad Goals To assist participats Uderstad the purpose of the iteral cotrol eviromet Develop a process to pla ad documet a Iteral Cotrol policy statemet ad procedure maual. 2
Sessio Ageda Iteral Cotrol Framework Policy ad Procedure Risk ad Materiality Compoets of a Trasactio ad Procedure Procedure Writig Iteral Cotrol defiitio Iteral cotrol refers to the methods a compay uses to protect its assets ad promote efficiet use, to esure accurate ad reliable iformatio, ad to ecourage adherece to laws ad regulatios. Adapted from Committee o Auditig Procedure, Iteral Cotrol (AICPA) Tools that help maagemet be effective ad efficiet while avoidig serious problems such as overspedig, operatioal failures, ad violatios of law. Iteral cotrols are the structure, policies, ad procedures put i place to provide reasoable assurace that maagemet meets its objectives ad fulfills its resposibilities. http://www.state.ma.us/osc/overview.htm Adapted from Committee o Auditig Procedure, Iteral Cotrol (AICPA) 3
Statutory/Regulatory Referece NMAC 6.20.2.11 INTERNAL CONTROL STRUCTURE STANDARDS: A. Every school district shall establish ad maitai a iteral cotrol structure to provide maagemet with reasoable assurace that assets are safe-guarded agaist loss from uauthorized use or dispositio, that trasactios are executed i accordace with maagemet's authorizatio ad recorded properly to permit the preparatio of geeral purpose fiacial statemets i accordace with GAAP, ad that state ad federal programs are maaged i compliace with applicable laws ad regulatios. The iteral cotrol structure shall iclude writte admiistrative cotrols (rules, procedures ad practices, ad policies that affect the orgaizatio) ad accoutig cotrols (activity cycles, fiacial statemet captios, accoutig applicatios icludig computer systems) that are i accordace with GAAP. Statutory/Regulatory Referece MOP PSAB Supplemet 2 Maagemet is resposible for developig detailed policies procedures ad practices ad isurig that they are a itegral part of the district s operatio. 4
I Geeral Iteral should - Help rather tha hidrace Make sese Part of day to day operatios Cost effective Commuicated Compoets Cotrol/Orgaizatioal Eviromet Risk Assessmet Cotrol Activities Iformatio ad Commuicatio Moitorig 5
Cotrol/Orgaizatioal Eviromet A etity s cotrol eviromet represets maagemet s ad the board s attitude, awareess, ad actios about iteral cotrol. What is the toe at the top? Maagemet must Establish Appropriate cotrol eviromet Trai staff to uderstad ad use appropriate cotrol i all areas. Provide structure ad process for implemetig these cotrols. Risk Assessmet What could go wrog? What assets eed protectig? A risk is the possibility of a evet that threates a etity s ability to meet its objectives. Two type of risk Exteral Iteral Risk icreases durig a time of chage Maagemet s role is to idetify risk areas ad maage the risk. 6
Cotrol Activities Established procedures Those policies ad procedures ad the iformatio system that maagemet establishes to provide reasoable assurace that their objectives are achieved. Iclude the desig, implemetatio, ad maiteace of policies ad procedures. Aim policies ad procedures at idetified risk. Avoid excessive cotrols, which are as harmful as excessive risk ad result i icreased bureaucracy. Cotrol Activities Prevetive authorizatio lists, computer edits, segregatio of duties ad supervisory approval. Detective recociliatio, exceptio reports, ad supervisory review. 7
Cotrol Activities Are established over Authorizatio ad executio of trasactios Segregatio of duties Desig ad use of documets ad records Access to assets ad records Trasactio Authorizatio All trasactios should be authorized by resposible persoel actig withi the scope of their prescribed authority ad resposibility. Specific authorizatio Geeral authorizatio 8
Segregatio of duties No policy or procedure ca prevet collusio. Compoets of a trasactio Authorizatio - Maagemet Executio - Custodial Recordig - Accoutig Balacig/checks - Moitorig Desig ad Use of Documets ad Records Aid to record trasactio correctly Audit trail Forms should be Pre-umbered Multiple use Easy 9
Access Oly authorized persoel should have access to assets ad records. Iformatio & Commuicatio To operate efficietly, iformatio should be commuicated i a form ad time frame that eables people to discharge their assiged resposibilities. Iformatio must be reliable for effective ad timely decisio makig. 10
Iformatio & Commuicatio Policies ad procedures must be commuicated to those who eed it. How do we do this? Writte procedural statemet Flow charts Web site Moitorig To assure quality, iteral cotrols should be moitored-through cotiuig or periodic evaluatios, or both ad discrepacies resolved by maagemet at least oe level above those resposible. 11
Aalyzig Iteral cotrol policies ad procedures are ot static. Iclude the desig, implemetatio, ad maiteace of policies ad procedures. Aim policies ad procedures at idetified risk. Avoid excessive cotrols, which are as harmful as excessive risk ad result i icreased bureaucracy. Ask Why? Flow chart curret practice Review flow chart for uecessary redudacies. Policy vs. Procedure 12
Policy Iteral Cotrol policy may be broad or specific. Supported by Superitedet Adopted by Board Procedure Procedural statemets are task specific ad eforce or support the iteral cotrol policy. Should the procedural statemet be log or short? Procedure statemets should ot be issued from the ivory tower. 13
Why procedure statemets? Because someoe made a mess we had to clea up ad we do t wat that to happe agai. To make our lives easier. Problematic issues Policy/Procedure maiteace Broad policy statemets chages are ifrequet Procedural statemets should be reviewed periodically for effectiveess ad efficiecy. 14
Risk ad Materiality Risk What could go wrog? What assets eed protectig? Possibility of a evet that threates a etity s ability to meet its objectives. Risk icreases durig a time of chage Maagemet s role is to idetify risk areas ad maage the risk. How do we idetify the risk? 15
Risk Availability / Accessibility Liquidity Visibility Risk of Fraud Auditors are ot good at detectig fraud. Motivatio Opportuity Frustrate oe ad you reduce the frequecy of fraud. Ratioalizatio highly motivated ad seeks opportuity. 16
Materiality Would this iformatio or data be importat to the ed user? Legal requiremets are always material. Who are the ed users? Superitedet Program People PED TAXPAYERS The Threat Matrix 1- High risk/ High materiality 2 Low risk/ High materiality 3 High risk/ Low materiality 4 No problem + Materiality - Risk + - 1 2 3 4 17
Trasactio Compoets Trasactio Compoets Authorizatio - Maagemet Executio - Custodial Recordig - Accoutig Balacig/checks - Moitorig 18
Procedure Compoets Procedure Elemets Authorizatio - Maagemet Executio - Custodial Recordig - Accoutig Balacig/checks Moitorig If these are the elemets of a trasactio, should t these elemets be specifically addressed i a procedural statemet? 19
Procedure Writig Procedure Writig Procedures should be easy to read ad uderstad. Iformatio should be commuicated is several differet ways. Use flow charts if possible. Be as specific as you eed. Repeatig software users guide? 20
Procedure writig exercise Prepare a draft procedure for Cash receipts. Compare procedure to the compoets of a trasactio Be geeral Please, do ot be software specific. Write procedure usig 2 people Procedure Writig Results 21
Closig Remarks Questios Commets 22