internal controls – account receivable and cash receiptsgeorgiafmc.org/annual...

Financial Management Program

1

Learning Objectives

Upon completion of this session , you should be able to:

Recall definition of internal control

Understand the importance of internal control

Recite basics of the payroll and benefit cycle

Explain Internal Control for the payroll cycle

Discuss segregation of duties for payroll

2

INTERNAL CONTROL

DEFINITION

3

COSO

Committee of Sponsoring

Organizations

Internal Control Review

4

COSO’s definition of internal control:

Internal control is a process, effected

by an entity’s board of directors,

management and other personnel,

designed to provide reasonable

assurance regarding the achievement

of objectives in the following

categories:

Internal Control Review

5

COSO’s Integrated Framework

Internal control is directed towards the achievement of objectives

– Operations—effectiveness & efficiency

– Financial Reporting—reliability of financial statements

– Compliance—following applicable laws and regulations

6

Internal Control Components

7

Internal Control Components 1st component, Control Environment

Integrity and ethical values

gifts and gratuities.pdf

UGA example

Commitment to competence

Management’s philosophy and operating style

Assignment of authority and responsibility

Human resource policies and practices

8

gifts and gratuities.pdf


2nd Component, Risk Assessment

Defined by COSO –

Risk assessment is the identification and

analysis of relevant risks to achievement of the

objectives, forming a basis for determining how

the risk should be managed.

9


3rd Component, Control Activities

Control activities are the methods used to

reduce risk identified during the risk

assessment process.

10

Control Activities

Top Level Reviews

Direct Functional or Activity

Management

Information Processing

Physical Controls

Segregation of Duties

11


4th Component, Information and

Communication

An organization needs to make sure that

types of communications used are broad-

based, useful, reliable and continuous.

12

5th Component, Monitoring

Ensures that the internal controls operate

as intended.

– Ongoing Monitoring

– Separate Evaluations


13

COSO Update – 1st Quarter 2013

Concepts that remain the same

– Definition of internal control

– 5 components

– Criteria used to assess effectiveness

– Use of judgment in evaluating effectiveness

14

COSO Update – 1st Quarter 2013

Concepts added

Codification of principles for developing and

evaluating the effectiveness of Internal

Controls

Expanded financial reporting objective to

address internal and external, financial and

non-financial reporting objectives

Increased focus on operations, compliance

and non-financial reporting objectives based

on user input

15

COSO Update Timeline www.coso.org

Sept - Jan Feb - Oct Dec - Mar Apr - Dec

Assess & Survey

Stakeholders

Design &

Build

Public

Exposure Finalize

2010 2011 2012

Released first quarter 2013

16

Control Environment

Risk Assessment

Control Activities

Information &

Communication

Monitoring Activities

Summary of Updates Codification of 17 principles embedded in the original Framework

1. Demonstrates commitment to integrity and ethical values

2. Exercises oversight responsibility

3. Establishes structure, authority and responsibility

4. Demonstrates commitment to competence

5. Enforces accountability

6. Assesses fraud risk

7. Identifies and analyzes significant change

8. Specifies relevant objectives

9. Identifies and analyzes risk

10. Selects and develops control activities

11. Selects and develops general controls over technology

12. Deploys through policies and procedures

13. Uses relevant information

14. Communicates internally

15. Communicates externally

16. Conducts ongoing and/or separate evaluations

17. Evaluates and communicates deficiencies 17

IMPORTANCE OF INTERNAL

CONTROLS

18

Meet objectives

Prevent errors

Protect employees

Checks and balances

Establish standards

Compliance

Preserve integrity

Security of assets

Several

valuable

reasons for

Internal

Controls

19

• Most state laws require governments to

have annual audits of their financial

statements in accordance with

Generally Accepted Government

Auditing Standards (GAGAS).

• GAGAS requires reporting on internal

controls

20

Internal Control and Single Audits

• When expending Federal assistance of

more than $500,000, a government

must undergo an A-133 audit or a

Single Audit.

• Single audit requires auditee to maintain

a system of internal controls

21

Lack of adequate internal controls is

one of the most commonly cited

reasons that fraud occurs within an

organization.

FRAUD

22

PAYROLL AND BENEFIT

ACCOUNTING OVERVIEW

23

• Determined by agreement between employer and employee

• Salary schedule – Type of position

– Steps and years of experience

• Employees pay examples: – Annual salary/prorated over pay periods

– Hourly rates

• FLSA—150% regular rate for +40 hours with certain exemptions

Employee Earnings

24

• Time sheet – Basis of periodic payroll

• Contents of time sheet – Employee name and number

– Pay period

– Dates worked

– Number of hours worked

– Signatures • Employee

• Employer

Employee Earnings

25

• Special Journal

• Sometimes call Payroll Register

• Common contents:

– Name of employee

– Expenditure/expense classifications

– Adjusted gross payroll

– Net payroll

Payroll Journal

26

• Social security tax

• Federal Income Tax

• State Income Tax

• Deferred compensation

• Pension plans

• Insurance

• Other miscellaneous

Payroll Deductions and

Withholdings

27

Recording the Payroll

28

Recording Employer’s

Share of Benefits

29

Earnings Records

30

PAYROLL PROCESS AND

INTERNAL CONTROL

OBJECTIVES

31

Payroll Cycle

32

Payroll Cycle

33

• Control operations

– Establish levels of authority

– Provide approval for transactions

– Provide feedback to approvers

• Safeguard assets

– Loss or damage

– Waste, inefficiency, error, theft or fraud

Control Objectives

34

• Provide adequate information

– Timely

– Reliable

– Supports control structure

Control Objectives

35

1. Payroll transactions are preapproved or

authorized

2. Only valid transactions are recorded and

they are recorded in proper period

3. Valid transactions are accurate, agree

with source documents and recorded on

a timely basis

Control Objectives for

Payroll

36

4. Recorded transactions

– Represent economic events that actually

occurred

– Are lawful in nature

– Are executed in accordance with

management’s general authorization


Payroll

37

5. Access to payroll records are controlled

– Restricted to authorized personnel

6. Proper segregation of duties


Payroll

38

Control Environment/Payroll

• Control Environment

– Published code of ethics required to be read and acknowledged by employees

• Only employees that possess required knowledge and skills should be hired

• Employees should be supervised by qualified personnel

• Job descriptions should be updated with required skills and knowledge

39

Control Environment/Payroll

• Management has ongoing commitment to

ongoing education and training for

employees in the payroll department

– Especially regarding federal and state tax

issues and laws

40

Risk Assessment and

Payroll

Objective No. 1: Authorization

Risks:

• Hiring an unapproved employee

May not be legally eligible

• Overspending budget

• Hiring an unqualified employee

• Incorrect classification for benefits

could result in higher costs

41

Risk Assessment and

Payroll Objective No. 2: Safeguarding Assets

Risks:

• Errors in payroll process due to hiring

unqualified employee

• Interest and penalties

• Fictitious employees added to payroll

42

Risk Assessment and

Payroll Objective No. 2: Safeguarding Assets

Risks:

• Incorrect employee classification

– Employee vs independent contractor

– Exempt vs nonexempt

• Leave taken not properly reported

43

Risk Assessment and

Payroll Objective No. 3: Accurate, reliable and timely information

Risks:

• Salary/Pay rate not correct

• Hours/pay period inaccurately entered

• Deduction entered improperly

• Payroll transactions not posted to general ledger

• Taxes/benefits not paid within required time

44

Control Activities for Payroll

Four Categories of Control Activities

• Hiring

• Documentation

• Authorization

• Reconciliation

45

• Written process for hiring

– Budget approval

– Authority to advertise

– Appropriate applicant information

– Established selection process

– Formal job offering (Letter) • Pay rate

• Benefits provided

• Status – Full-time, part-time

• FLSA classification


46

• Documentation—complete

the forms

– Personal data

– Form I-9 (Employment Eligibility

Verification)

– Form W-4 (Federal Tax Withholding)

– Form G-4 (State Tax Withholding)

– Benefit forms

– Retirement plan forms

– Other forms


47

• Authorization

– Required to ensure that only valid

transactions are entered into payroll system

• Time sheets signed by employee and supervisor

– Supervisor’s approval = authorization to pay and certifies

time recorded is actual time worked.

• Payroll should be authorized by supervisor

– Verify that all supporting documentation is present prior

to approving payroll

– Could be manual or electronic approval


48

• Reconciliations

– Hours worked on time sheets = summary of

hours worked in payroll system

– Adjusted Gross Salary - No variations unless

adjustments to pay

– Taxable Wages - Adjusted gross wages less

pre-tax deductions

– Benefits and Deductions

– # of employees


49

• Checklist easy way to show

completed tasks

• Also need to reconcile general

ledger accounts after

withholdings are paid


50

Information/Communication of Payroll

• Enrollment period for benefits

• Pay periods and dates (cutoff)

• Holidays

• Furlough days

• Personnel policies and procedures

• Salary information

• Benefits payable due dates

• Tax withholding due dates

51

Monitoring and Payroll

• Are controls operating as intended

• Unmonitored controls deteriorate over time

• Monitoring should be ongoing

52

Ongoing Monitoring

and Payroll

• Supervisory activities:

Preventive control

Detective control

Examples:

Reconciliations of payroll amounts

Initial and date face of reconciliation

Review employee information change forms for accurate and timely posting

53

Monitoring and Payroll

• Separate Evaluations

– Completed by persons outside of operations

after the fact

• External auditors

• Internal auditors

• Objective

– Internal controls functioning properly

– Provide communication tools for deficiencies

54

SEGREGATION OF DUTIES

55

What Is Segregation of Duties?

• Segregation of duties (SoD) means

separating the record-keeping function

from the operational responsibility of that

activity and from those who exercise

physical control over the records

56

What Is Segregation of Duties?

Used to ensure

that errors or

irregularities are

prevented or

detected on a

timely basis by

employees in the

normal course of

business

Deliberate fraud more

difficult

Likely that innocent errors will be found

57

Categories of Duties to be Segregated

58

Evaluating Segregation of Duties

Ask yourself…

If I make an error in my work,

will someone downstream of

me detect it before it becomes

a major issue for management

and the taxpayers to read

about?

59


Function that is indispensable, potential subject to abuse

Divide function into separate steps

Assign each step to a different person or different department

60


At a minimum, no person should be able to perform more than two of the functions. The

matrix illustration below presents various ways to assign responsibilities that are less than the

optimum.

61

Mitigating or Compensating Controls

• Reduces the risk of an existing or potential

control weakness resulting in errors and

omissions

• Compensating controls are less desirable

than the segregation of duties

• More resources are required to investigate

and correct errors and to recover losses

62

Mitigating or Compensating

Controls

• Types of compensating controls that can

be implemented:

– Review reports of detailed transactions

– Review selected transactions

– Take periodic asset counts

– Check reconciliations

63

Mitigating or

Compensating

Controls

Management performs

the procedure

Compensating controls

cannot be delegated

64

Segregation of Duties Checklist

65


66


67

internal controls – account receivable and cash receiptsgeorgiafmc.org/annual...

Documents