Presentation on theme: "Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014."— Presentation transcript:
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014
Abbreviated Organization Chart Henry T. Yang Chancellor Jim Corkill, Controller, Business & Financial Services Robert Tarsia Director, Audit and Advisory Services Sheryl Vacca Senior Vice President/Chief Compliance and Audit Officer, UCOP Peggy Arrivas Associate Vice President and Systemwide Controller - Financial Accounting, UCOP Pam Lombardo Associate Vice Chancellor, Administrative Services
Distinct and Complimentary Roles b Office of the Controller Provide leadership in a campus- wide effort to ensure effective controls and accountability practices. Assist management in assessing their control environment and the effectiveness and efficiency of operations. Ensure that campus financial policies and procedures are clear, adequate, and current. Evaluate systems and participate in system development to ensure proper controls are implemented and compliance with policy. b Audit and Advisory Services Independent evaluation of systems of accountability and control. Investigate reported cases of alleged improper financial activities. Serve as the liaison between the University community and external audit agencies.
UCSB Control Initiative Business Officer Institute (BOI) Campus Financial Mgmt. Training & Manual Departmental Control Self- Assessments Campus Wide Process Risk Assessment Departmental Process Risk Assessment Control Advisory Committee (CAC) Financial Risk Assessment BOI Feedback Common Audit Findings
Assessments b Departmental Control Self Assessments b Departmental Process Risk Assessment b Campus Wide Process Risk Assessment
Office of the Controller http://www.bfs.ucsb.edu/controller/welcome b Jim Corkill Controller Controller Director, Business & Financial Services email@example.com b Vacant Associate Director of Controls Associate Director of Controls x7667 x7667 b Liz Molina Budget Analyst Budget Analyst x8593 firstname.lastname@example.org b Alexandra Cugnier Financial & Payroll Assistant email@example.com
Internal Controls b What are Internal Controls? DefinitionDefinition COSO ModelCOSO Model ExamplesExamples b Why are They Important? b Who is Responsible for Internal Controls?
Internal Control - A definition b Internal Control is a process, effected by a college or university’s governing board, administration, faculty and staff, designed to provide reasonable assurance regarding achievement of objectives in the following areas: Effectiveness and efficiency of operationsEffectiveness and efficiency of operations Reliability of financial reportingReliability of financial reporting Compliance with applicable laws and regulationsCompliance with applicable laws and regulations Internal Control Concepts & Applications, 1992, Committee of Sponsoring Organizations of the Treadway Commission
COSO Internal Control Model b COSO stands for Committee of Sponsoring Organizations. b Committee was formed to develop a common definition of internal controls and provide guidance on judging its effectiveness. b COSO is referred to as an Internal Control Model or framework.
COSO Internal Control Model b Officially adopted by the University of California b A tool for departments to use in evaluating their internal controls.
COSO Internal Control Model There are five components of internal control in the COSO Model: b Control Environment b Risk Assessment b Control Activities b Information and Communication b Monitoring
Control Environment b The “tone at the top” set by people in positions of authority b Based on attitudes and habits of those in authority b An element in establishing the organizational culture
Control Environment Control Environment Factors: b Integrity and Ethical Values b Commitment to Competence b Management’s Philosophy and Operating Style b Assignment of Authority and Responsibility
Risk Assessment b Risk - Anything that gets in the way of meeting your goal/objective b Risk Assessment - The identification and analysis of relevant risks associated with achieving business goals/objectives
Risk Assessment b Why is a risk assessment important? b Risks impact an organization’s ability to meet its objectives such as: Positive Public ImagePositive Public Image Providing Excellent Customer ServiceProviding Excellent Customer Service Reducing OverdraftsReducing Overdrafts
Control Activities b Control Activities Policies and procedures that help ensure management directives are carried out and necessary actions are taken to address risksPolicies and procedures that help ensure management directives are carried out and necessary actions are taken to address risks
Control Activities - Specific Examples b Segregation of Duties b Transaction Reviews b Reconciliations
Control Activities – Specific Examples b Financial Performance Reviews b Systems Controls b Physical Controls
Information and Communication The information system must provide data that is: Relative to established objectivesRelative to established objectives Accurate and in sufficient detailAccurate and in sufficient detail Understandable and in a usable formUnderstandable and in a usable form This information must be provided to the right people in time to allow appropriate action
Information and Communication Communication Up and down the organizationUp and down the organization Across organizational linesAcross organizational lines Communication Examples Employee duties and control responsibilities should be clearly communicatedEmployee duties and control responsibilities should be clearly communicated Ability to report suspected problems, without fear of repercussionsAbility to report suspected problems, without fear of repercussions
Monitoring Monitoring b A process that assesses the quality of an internal control system’s performance over time
Monitoring Monitoring Activity Examples b Management Review of actual expenditures vs. budgetedReview of actual expenditures vs. budgeted Comparison of various reports with physical assetsComparison of various reports with physical assets b Separate evaluations Assessment of internal controls by Audit and Advisory ServicesAssessment of internal controls by Audit and Advisory Services External auditors reviewsExternal auditors reviews
The department has a documented PPS plan. This is an example of what type of control in the COSO model? 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information/Communication 5. Monitoring
The department evaluates all options before making a financial decision. 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information/Communication 5. Monitoring
The Chair/MSO reviews monthly budget reports comparing actual expenditures to budgeted. 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information/Communication 5. Monitoring
PricewaterhouseCoopers, the University’s external auditors, audit the campus on a yearly basis. 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information/Communication 5. Monitoring
The department performs and annual inventory 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information/Communication 5. Monitoring
Internal Controls b Why are They Important? b Who is Responsible for Internal Controls?
Internal Controls and SAS 112 b SAS 112: Statement of Accounting Standards b Auditors will be reviewing not only the transactions and ensuring the numbers are correct, but also the controls in place to ensure those numbers are correct. b Controls must be documented – or they are not considered controls.