Presentation on theme: "Internal Controls. Definition of Internal Control Internal control is a process, effected by an entity's board of directors, management, and other personnel,"— Presentation transcript:
Definition of Internal Control Internal control is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations.
Benefits of Internal Control Having controls in place minimizes embezzlement and/or misappropriation of funds. The temptation to steal assets from the church is lessened once steps have been taken to put checks and balances in place. These controls would help to promote ethical behavior. There is also a reduction in the need to accuse and confront employees. The internal controls would provide accurate information that would be used to detect illegal behavior and also to make reporting easier. The internal controls minimize the embarrassment of the church because of negative publicity from the media should inappropriate behavior occurs. It is a good practice to try and prevent the image of the church from being damaged in any way. Fraud in the headlines is a strike against any organization.
External/regulatory oversight Unlike corporations which provide quarterly financial statements to the SEC and hold quarterly conference calls with outside analysts, the church is subject to almost no recurring outside financial scrutiny Since many churches and dioceses are not required by law to be transparent and accountable in their finances, they choose to keep their finances private.
Canon Law and Other Guidelines Canon law contains a number of provisions directed at good management and financial practices. The primary diocesan institution to monitor diocesan finances is the diocesan finance council (DFC). According to canon law, each diocese is required to establish a DFC, to be presided over by the bishop or his delegate. In addition to canon law, the United States Conference of Catholic Bishops (USCCB) has established recommended guidelines for diocesan financial management. But they are just that - guidelines
5 Elements of the IC Process Control Environment Risk Assessment Control Activities Information and Communication Monitoring
Control Environment The core of any business is its people - their individual attributes, including integrity, ethical values, and competence and the environment in which they operate. Clear lines of authority and accountability that emphasize the importance of internal controls A documented code of conduct/ethical standards A formal budget process and prompt variance analysis. A plan to attract and retain competent personnel. An effective audit committee and internal audit functions. More on the Control Environment later
Risk Assessment The entity must be aware of and deal with the risks it faces. It must set objectives, integrated with the sales, production, marketing, financial, and other activities so that the organization is operating in concert. It also must establish mechanisms to identify, analyze, and manage the related risks. Clear objectives regarding operating, financial reporting, and law compliance functions. An entity-wide review to assess and evaluate risk (discussed later)
Control Activities Control policies and procedures must be established to ensure that management's responses to risks are effectively carried out. Segregation of duties: collections of cash contributions counted by two or more people. Independent counting and/or confirmation of investments. Controlled access to electronic data processing operations and adequate back-up (disaster recovery) in place.
Information and Communication Information and communication systems surround all of these activities. They enable people to capture and share the information needed to conduct, manage, and control operations. Management support for developing and maintaining effective financial management information systems. The sharing of information on emerging risk issues with other dioceses. Channels of communication for employees and church workers to report suspected irregularities or illegal acts.
Monitoring. The entire process must be monitored, and modifications must be made as necessary. In this way, the system can react dynamically, changing as conditions warrant. Regular receipt and prompt acting on reports of problems in internal controls (from external/internal auditors, etc.). Prompt follow-up on unusual variances from budget. Periodic comparison of physical inventories of saleable items (textbooks, cemetery lots, etc.) and permanent assets (sacred vessels, historical treasures, office equipment) to accounting records and the reconciliation of differences.
Limitations of IC Mistakes and human errors in applying the established policies and procedures. Circumvention of controls by collusion of two or more people (e.g., an employee and a vendor). Intentional disregard of controls (e.g., management override, falsifying documents, forgery, etc.). Discussed in more detail later
People and IC Bishop Finance Officers Internal Auditors Other Diocesan Personnel Volunteers Committees Finance Council Audit committee Financial/project review committee Properties committee Investments committee External Auditors
Key Business Cycles Financial planning and control Cash management (includes the revenue cycle) Payroll Purchasing
Elements of IC Honest Employees Require vacations Bonding when appropriate Awareness of conflict of interest policies “know” your employees Background checks on all potential hires Separation of duties Recordkeeping, custodianship, authorization Appropriate policies and procedures over transactions Suitable documents and accounting records Physical control over assets Independent verification of performance
Financial Planning and Control Cycle Monthly Comparative Financial Statements Chart of Accounts Policy and Procedures Manuals.
Payroll Cycle Personnel Administration and Employment File Maintenance Timekeeping and Payroll Preparation Payment of Payroll Preparation of Payroll Tax Returns and Payment of Taxes
Purchasing Cycle Authorization of Purchase Processing Purchase Orders Receiving Goods and Services Recognizing the Liability Processing and Recording Cash Disbursements
Guidelines for an IC Review Risk Assessment and Evaluation Suggested Steps A project committee should be established (perhaps a subcommittee of the diocese's finance council) composed of, at a minimum: The committee should be charged with undertaking and documenting a study of the diocesan internal control process and making recommendations for improvement. Its chair should regularly report to the bishop on progress. (Items 3-8 refer to the study/review.) The committee should assess the overall control environment The committee should divide the entity into natural business cycles The committee should review the flow of transactions through these cycles to understand each processing system and its controls. The committee should determine whether control techniques in place in each cycle achieve the defined internal control objectives Where objectives are not met, the committee should assess the resultant risks and make specific recommendations to improve internal controls at a cost below the value of the related benefit to be attained. The committee should draft a report summarizing the project and detailing the recommendations. The implementation of the recommendations should be periodically reviewed to ensure the desired results are achieved and to promote the diocesan culture of appreciating and embracing the value of internal controls. Ongoing Commitment
Fraud and Irregularities The fraud triangle Opportunity, rationalization, pressure Types of fraud Management override Collusion Lapping Theft Accounts Payable Fraud Payroll Ghosts and Unauthorized Pay Charges Kickbacks Supplies or Inventory Fraud
Detecting Fraud Changes in employee's lifestyle, spending habits, or behavior Inventory shortages Ignoring of internal/external policies or audit recommendations Unusual banking activities Decline in employee morale/attendance Exceedingly high expenses/purchases Unexplained budget variances
Zech & West: Control environment The organizational structure of the firm (in the Catholic Church, this involves questions such as is the diocese organized as a corporation sole?) Oversight by the board (in the Catholic Church, this is the diocesan finance council, or DFC) Management's philosophy and operating style Procedures for delegating responsibility and authority Management's methods for evaluating performance External influences (e.g., regulatory oversight)
Results of Zech and West Study: Part 1: Risk Factors (as cited by CFOs) CFO’s ranked the following risk factors in this order (highest risk to lowest risk): Lack of expertise at the parish level Parish finances and controls Litigation Adequacy of insurance coverage Property management
Results of Zech and West Study: Part 2: Importance of DFC If the Diocesan Finance Council (or one of its committees) is involved in reviewing the diocesan budget, there is less fraud detected (better prevention). The more frequently the DFC meets, the greater the amount of fraud detected (better detection)
Results of Zech and West Study: Part 3: Importance of CFO the tenure (years of the experience on the job) of the CFO, whether the CFO had an accounting background, and if the CFO selects the auditors all seemed to imply better fraud prevention However, in cases where the bishop or DFC feels capable of making the auditor selection, it seems appropriate that they do so, from at least an independence viewpoint
Results of Zech and West Study: Part 4: Internal Control Variables Those dioceses with formal, written fraud policies experienced less embezzlement, presumably the result of better prevention. A second variable that had a positive impact on fraud detection was the frequency with which parishes submit their financial data. A third internal control variable that was significant is difficult to interpret. Dioceses that presented comparative financial data in their monthly budget versus actual reports experienced more embezzlement. This control is really a financial reporting control. It is not a control that would typically be used to detect embezzlements. It is a control that would more likely be used to detect errors in financial reporting.
Results of Zech and West Study: Part 5: Audit Category the frequency of internal audits of parishes was significant and positive, and, based on the value of the standardized coefficient, the most important factor in explaining the level of diocesan fraud. This seems logical in that more frequent internal audits result in more detected embezzlements. On the other hand, one could argue that more internal audits would be a deterrent to employees and less fraud and embezzlements should occur.
Recommended environment control policies (Zech and West) Implementation in every Catholic diocese of the policies prescribed in the USCCB handbook Diocesan Financial Issues The establishment of fraud policies in every diocese Annual internal audits of parishes supplemented by external audits conducted at east every three years Public disclosure of the names and professions of every member of the Diocesan Finance Council, along with their conflict of interest guidelines
Continued - Recommendations At a minimum, quarterly meetings of the DFC (or one of its subcommittees) to monitor diocesan office, parish, and school financial reports Selection of the diocesan auditor by someone (bishop or DFC) other than the diocesan CFO At least annual (and preferably more frequent) submission of financial data by all parishes and high schools Establishment of a uniform budgeting process and standardized software for all diocesan entities Establishment of communication channels for church workers to report suspected irregularities or fraudulent activities while protecting their anonymity.
Recommendations from USCCB An annual letter from the parish to the bishop containing The names and professional titles of the parish finance council members, Dates when the council met in the preceding fiscal year and since the end of the fiscal year, Date(s) when the approved (i.e. by the parish finance council) parish financial statements/budgets were made available to the parishioners during the preceding fiscal year and since the end of the fiscal year. A copy of the published financial statements/budgets should be provided to the bishop, it added. A statement signed by the parish priest and the finance council members that they have met, developed, and discussed the financial statements and budget of the parish. Thorough diocesan training for parish finance council members relative to their roles and responsibilities. Establishment of diocesan policies to cover conflicts of interest, protection of whistleblowers, and a fraud policy which would include prosecution of all fraud cases in the diocese. Completion of an annual internal control questionnaire by each parish with proper review and follow-up made by qualified diocesan personnel.
USCCB Recommendations - continued In longer-term recommendations, the committee urged Development of a parish best practices manual, similar to the Diocesan Financial Issues document, which has been developed for dioceses. Integration of financial training into seminarian programs so students will be better prepared to handle parish financial matters.
Other General Recommendations A full audit Expensive and time consuming, but very thorough “Agreed upon procedures” in which an outside firm will look at specific areas of the church’s finances and then make a report with recommendations. firm can perform an internal control review or they can assist in the compilation of the church’s financial statements Have a certified public accountant (CPA) review the church’s financial procedures and issue a management letter noting weaknesses of the system and offering recommendations. An “inside audit” done by a committee comprised by members of the church who have expertise in accounting and finance. These can be effective, but they do have limitations because they do not have the independence of an outside auditor If churches have good financial policies and procedures in place, a full audit may not be necessary. It is important to report the finances of a church on a regular basis in a manner that can be understood easily; in a nutshell, be forthright about the church’s finances Have a time for members to ask questions and to have someone on hand who can answer those questions Use of an internal control checklist