office of the controller and internal controls jim corkill controller office of the controller...
TRANSCRIPT
Office of the Controller and Internal Controls
Jim CorkillControllerOffice of the ControllerSeptember 2014
Abbreviated Organization Chart
Henry T. Yang Chancellor
Jim Corkill,Controller, Business &
Financial Services
Robert TarsiaDirector,
Audit and Advisory Services
Sheryl VaccaSenior Vice
President/Chief Compliance and Audit
Officer, UCOP
Peggy ArrivasAssociate Vice President
and Systemwide Controller - Financial Accounting,
UCOP
Pam LombardoAssociate Vice Chancellor,
Administrative Services
Distinct and Complimentary Roles
Office of the Controller• Provide leadership in a campus-
wide effort to ensure effective controls and accountability practices.
• Assist management in assessing their control environment and the effectiveness and efficiency of operations.
• Ensure that campus financial policies and procedures are clear, adequate, and current.
• Evaluate systems and participate in system development to ensure proper controls are implemented and compliance with policy.
Audit and Advisory Services• Independent evaluation of
systems of accountability and control.
• Investigate reported cases of alleged improper financial activities.
• Serve as the liaison between the University community and external audit agencies.
UCSB Control Initiative
Business Officer Institute (BOI)
Campus Financial Mgmt. Training
& Manual
Departmental Control Self- Assessments
Campus Wide Process Risk Assessment
Departmental Process Risk Assessment
Control Advisory Committee
(CAC) Financial Risk Assessment
· BOI Feedback· Common Audit
Findings
Assessments
Departmental Control Self Assessments Departmental Process Risk Assessment Campus Wide Process Risk Assessment
Office of the Controllerhttp://www.bfs.ucsb.edu/controller/welcome
Jim Corkill Controller
Director, Business & Financial [email protected]
Vacant Associate Director of Controls x7667
Liz Molina Budget Analyst x8593
Alexandra CugnierFinancial & Payroll [email protected]
Internal Controls
What are Internal Controls?• Definition• COSO Model• Examples
Why are They Important? Who is Responsible for Internal Controls?
Internal Control - A definition
Internal Control is a process, effected by a college or university’s governing board, administration, faculty and staff, designed to provide reasonable assurance regarding achievement of objectives in the following areas:
• Effectiveness and efficiency of operations• Reliability of financial reporting• Compliance with applicable laws and regulations
Internal Control Concepts & Applications, 1992, Committee of Sponsoring Organizations of the Treadway Commission
COSO Internal Control Model
COSO stands for Committee of Sponsoring Organizations.
Committee was formed to develop a common definition of internal controls and provide guidance on judging its effectiveness.
COSO is referred to as an Internal Control Model or framework.
COSO Internal Control Model
Officially adopted by the University of California
A tool for departments to use in evaluating their internal controls.
COSO Internal Control Model
There are five components of internal control in the COSO Model: Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Control Environment
Control Environment The “tone at the top” set by people in positions of
authority
Based on attitudes and habits of those in authority An element in establishing the organizational culture
Control Environment
Control Environment Factors: Integrity and Ethical Values Commitment to Competence Management’s Philosophy and
Operating Style Assignment of Authority and
Responsibility
Risk Assessment
Risk - Anything that gets in the way of meeting your goal/objective
Risk Assessment - The identification and analysis of relevant risks associated with achieving business goals/objectives
Risk Assessment
Why is a risk assessment important? Risks impact an organization’s ability to
meet its objectives such as:• Positive Public Image• Providing Excellent Customer
Service• Reducing Overdrafts
Control Activities
Control Activities• Policies and procedures that help ensure management
directives are carried out and necessary actions are taken to address risks
Control Activities - Specific Examples
Segregation of Duties Transaction Reviews Reconciliations
Control Activities – Specific Examples
Financial Performance Reviews Systems Controls Physical Controls
Information and Communication
The information system must provide data that is:
• Relative to established objectives• Accurate and in sufficient detail• Understandable and in a usable form
This information must be provided to the right people in time to allow appropriate action
Information and Communication
Communication• Up and down the organization• Across organizational lines
Communication Examples• Employee duties and control
responsibilities should be clearly communicated
• Ability to report suspected problems, without fear of repercussions
Monitoring
Monitoring A process that assesses the quality of an internal control
system’s performance over time
Monitoring
Monitoring Activity Examples Management
• Review of actual expenditures vs. budgeted
• Comparison of various reports with physical assets
Separate evaluations• Assessment of internal controls by
Audit and Advisory Services• External auditors reviews
The department has a documented PPS plan. This is an example of what type of control in the COSO model?
1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring
The department evaluates all options before making a financial decision.
1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring
The Chair/MSO reviews monthly budget reports comparing actual expenditures to budgeted.
1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring
PricewaterhouseCoopers, the University’s external auditors, audit the campus on a yearly basis.
1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring
The department performs and annual inventory
1. Control Environment2. Risk Assessment3. Control Activities4. Information/Communication5. Monitoring
Internal Controls
Why are They Important? Who is Responsible for Internal Controls?
Internal Controls and SAS 112
SAS 112: Statement of Accounting Standards
Auditors will be reviewing not only the transactions and ensuring the numbers are correct, but also the controls in place to ensure those numbers are correct.
Controls must be documented – or they are not considered controls.
Questions??