INTERNAL CONTROLS INTERNAL CONTROLS

Session ObjectivesSession Objectives

• Understand why an organization should have internal controls

• Understand the key components of internal controls

• Understand how various risks effect your internal control environment

• Provide participants with examples of policies and procedures to implement good internal controls

Do you use internal controls?Do you use internal controls?

• When you leave home in the morning to go to work, do you lock the doors to your house?

• If you do, that’s your own “internal control” to safeguard the assets you own in your home! You are an internal control user. Congrats!

What are internal controls?What are internal controls?

• Internal control is a “process” affected by an organization’s board, management and other personnel designed to provide reasonable assurance regarding the achievement of:– Effectiveness and efficiency of operations– Reliability of financial reporting– Compliance with laws and regulations

What are Internal Controls?What are Internal Controls?

• System of checks and balances to protect and to enhance the organization to achieve their goals

• Not a “organizational burden” but it is a means to encourage the optimal use of resources to succeed

Why Have Internal Controls?Why Have Internal Controls?

• Improve accountability to customers • Help organizations achieve performance and

budget targets• Improve reliability of financial reporting• Improve compliance with laws, regulations• Prevent loss of resources and public assets• Prevent loss of public trust• Reduce legal liability

Internal Control ObjectivesInternal Control Objectives

• Completeness– Are the reports submitted complete?

• Accuracy– Was the information recorded accurately?

• Authorization– Who are authorized signers and what are

their limitations?

Internal Control ObjectivesInternal Control Objectives

• Adequacy of Audit Trail– Can a transaction be traced from the accounting

records back to the original documentation to provide a proper trail for the audit (invoice, timesheet)?

• Segregation of Duties– Are the various aspects of the accounting functions

separated and performed by more than one person

• Physical safeguard of assets– Protection of the assets of the organization to ensure

its mission can be carried out

Good Internal Control practicesGood Internal Control practices

• Documented policies and procedures• Adequate review process for financial reports

and budgets• Adequate cash management procedures (e.g.,

monthly bank reconciliations by supervisory personnel)

• Physical safeguarding of assets• System to track Members’ & employees’

activities• System to follow-up on problems to ensure

resolution

Good Internal Control PracticesGood Internal Control Practices

• Existence of codes of conduct• Job descriptions• Board of directors maintain timely

communications about organization’s objectives, strategy, and on dealing with issues

• Assignment of responsibilities• Policies to hire, train, promote and

compensate employees are in place

Good Internal Control PracticesGood Internal Control Practices

• Positive “atmosphere” in the work environment

• Safeguards for employees related to whistle-blowing (Sarbanes-Oxley)

• A clear chain of command

Good Internal Control PracticesGood Internal Control Practices

• Adequate Segregation of duties– The same employee should not authorize

purchase, sign the check and record the purchase in the accounting system

• Approval process for disbursing funds– Set different levels for approving purchases,

for example:• Transactions up to $1,000 require one

signature on check• Purchases over $1,000 require two signatures

on check

MonitoringMonitoring

• Ensuring that employees are carrying out their duties

• Comparison of budget to actual and to program goals

• Obtaining feedback on operations and other initiatives

• Periodic outside review of the system (audit)

Risk AssessmentRisk Assessment

• Risk is different for each organization on every level

• Cost vs. Benefit Analysis• Determine the level of risk for misstatement for

all transactions, then put a control in place to mitigate the risk– Examples:

• Travel for some organizations can be low risk, but high for others

• Salaries are typically a higher risk for most organizations

Controls Activities include:Controls Activities include:

• Pre-numbered receipts for cash and checks• Cash collection should be under the control of

at least two individuals (e.g., events such as seminars)

• Person opening mail should be different from person making deposits

• All cash received should be deposited, then organization’s checks used to pay expenses

• All checks should be stamped “For deposit only” and deposited on the same day received

Controls Activities include:Controls Activities include:

• All disbursements should be made by check and supporting documentation retained– A check should never be made payable to cash– A blank check should never be signed– If petty cash is used, ensure it is reconciled regularly

• If treasurer or check signer is also the accountant, two signatures should be required

• Bank reconciliation should be done by person other than the accountant

Control Activities include:Control Activities include:

• Fixed Assets– Purchase of fixed assets should require

board approval– Purchases in excess of $5,000 CNCS’s

approval if not in original budget

• Bonding– It is good practice to have employees that

work with cash to be bonded

Control Activities???Control Activities???

• Are transactions authorized by a person delegated approval authority?

• Are records routinely reviewed and reconciled by someone other than the preparer or transactor?

• Are equipment, inventories, cash and other property secured physically, counted periodically, and compared with item descriptions shown on control records?

Policies and ProceduresPolicies and Procedures

• Documented Policies and Procedures are important because:– They are the standards for the organization’s

operations– They help in maintaining information that is crucial to

operations that would otherwise remain in employees’ “hands”

– They help in orienting new employees and substitutes if the appropriate personnel are absent

– They communicate the expectations of the board and staff

Policies and ProceduresPolicies and Procedures

• Policies should be established, followed, monitored, updated and reviewed

• As times change, so does the need for our policies– Example: Internet access to cash

accounts and ability to make electronic transfers

Written Policies and ProceduresWritten Policies and Procedures

• Assist with consistency and clear communications of expectations– Policy Expectations: “what is to be done”– Procedure or Process: “how is it to be

completed”– Description of methods & procedures to be

followed– Explanation & examples of principal

transactions

Policies and Procedures should Policies and Procedures should includeinclude

• Authorizations of transactions• Payroll procedures• Cash receipts procedures• Procurement Policies• Travel Regulations• Financial Reporting• Budgeting• Record of Retention• Conflict of Interest

Organizational InformationOrganizational Information

• Organizational Chart describing lines of authority

• Job Descriptions outline key responsibilities• Chart of accounts with details of what is

expected to be entered within each account• List of Board members, types of committees

and frequency of meetings• Organizational Documents (IRS determination

letter, Articles of Incorporation)• Sub-contract/Cooperative Agreement

Job DescriptionJob Description

• Should include:– Job Title– Reports to:– Supervises:– Basic Function:– Duties and Responsibilities:– Qualifications:– Classification:

Impact of Internal ControlsImpact of Internal Controls

• Potential impacts of insufficient internal controls:– Audit findings– Federal funds may be managed

inappropriately– Funding sources are jeopardized– Inconsistencies– Inefficient use of time and resources

In ConclusionIn Conclusion

• Internal Controls affect every level in an organization and every size of an organization

• Internal Controls allow an organization to achieve its goals effectively and efficiently