INTERNAL CONTROLS

Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls Understand how various risks effect your internal control environment Provide participants with examples of policies and procedures to implement good internal controls

Do you use internal controls? When you leave home in the morning to go to work, do you lock the doors to your house? If you do, that’s your own “internal control” to safeguard the assets you own in your home! You are an internal control user. Congrats!

What are internal controls? Internal control is a “process” affected by an organization’s board, management and other personnel designed to provide reasonable assurance regarding the achievement of: –Effectiveness and efficiency of operations –Reliability of financial reporting –Compliance with laws and regulations

What are Internal Controls? System of checks and balances to protect and to enhance the organization to achieve their goals Not a “organizational burden” but it is a means to encourage the optimal use of resources to succeed

Why Have Internal Controls? Improve accountability to customers Help organizations achieve performance and budget targets Improve reliability of financial reporting Improve compliance with laws, regulations Prevent loss of resources and public assets Prevent loss of public trust Reduce legal liability

Internal Control Objectives Completeness –Are the reports submitted complete? Accuracy –Was the information recorded accurately? Authorization –Who are authorized signers and what are their limitations?

Internal Control Objectives Adequacy of Audit Trail –Can a transaction be traced from the accounting records back to the original documentation to provide a proper trail for the audit (invoice, timesheet)? Segregation of Duties –Are the various aspects of the accounting functions separated and performed by more than one person Physical safeguard of assets –Protection of the assets of the organization to ensure its mission can be carried out

Good Internal Control practices Documented policies and procedures Adequate review process for financial reports and budgets Adequate cash management procedures (e.g., monthly bank reconciliations by supervisory personnel) Physical safeguarding of assets System to track Members’ & employees’ activities System to follow-up on problems to ensure resolution

Good Internal Control Practices Existence of codes of conduct Job descriptions Board of directors maintain timely communications about organization’s objectives, strategy, and on dealing with issues Assignment of responsibilities Policies to hire, train, promote and compensate employees are in place

Good Internal Control Practices Positive “atmosphere” in the work environment Safeguards for employees related to whistle-blowing (Sarbanes-Oxley) A clear chain of command

Good Internal Control Practices Adequate Segregation of duties –The same employee should not authorize purchase, sign the check and record the purchase in the accounting system Approval process for disbursing funds –Set different levels for approving purchases, for example: Transactions up to $1,000 require one signature on check Purchases over $1,000 require two signatures on check

Monitoring Ensuring that employees are carrying out their duties Comparison of budget to actual and to program goals Obtaining feedback on operations and other initiatives Periodic outside review of the system (audit)

Risk Assessment Risk is different for each organization on every level Cost vs. Benefit Analysis Determine the level of risk for misstatement for all transactions, then put a control in place to mitigate the risk –Examples: Travel for some organizations can be low risk, but high for others Salaries are typically a higher risk for most organizations

Controls Activities include: Pre-numbered receipts for cash and checks Cash collection should be under the control of at least two individuals (e.g., events such as seminars) Person opening mail should be different from person making deposits All cash received should be deposited, then organization’s checks used to pay expenses All checks should be stamped “For deposit only” and deposited on the same day received

Controls Activities include: All disbursements should be made by check and supporting documentation retained –A check should never be made payable to cash –A blank check should never be signed –If petty cash is used, ensure it is reconciled regularly If treasurer or check signer is also the accountant, two signatures should be required Bank reconciliation should be done by person other than the accountant

Control Activities include: Fixed Assets –Purchase of fixed assets should require board approval –Purchases in excess of $5,000 CNCS’s approval if not in original budget Bonding –It is good practice to have employees that work with cash to be bonded

Control Activities??? Are transactions authorized by a person delegated approval authority? Are records routinely reviewed and reconciled by someone other than the preparer or transactor? Are equipment, inventories, cash and other property secured physically, counted periodically, and compared with item descriptions shown on control records?

Policies and Procedures Documented Policies and Procedures are important because: –They are the standards for the organization’s operations –They help in maintaining information that is crucial to operations that would otherwise remain in employees’ “hands” –They help in orienting new employees and substitutes if the appropriate personnel are absent –They communicate the expectations of the board and staff

Policies and Procedures Policies should be established, followed, monitored, updated and reviewed As times change, so does the need for our policies –Example: Internet access to cash accounts and ability to make electronic transfers

Written Policies and Procedures Assist with consistency and clear communications of expectations –Policy Expectations: “what is to be done” –Procedure or Process: “how is it to be completed” –Description of methods & procedures to be followed –Explanation & examples of principal transactions

Policies and Procedures should include Authorizations of transactions Payroll procedures Cash receipts procedures Procurement Policies Travel Regulations Financial Reporting Budgeting Record of Retention Conflict of Interest

Organizational Information Organizational Chart describing lines of authority Job Descriptions outline key responsibilities Chart of accounts with details of what is expected to be entered within each account List of Board members, types of committees and frequency of meetings Organizational Documents (IRS determination letter, Articles of Incorporation) Sub-contract/Cooperative Agreement

Job Description Should include: –Job Title –Reports to: –Supervises: –Basic Function: –Duties and Responsibilities: –Qualifications: –Classification:

Impact of Internal Controls Potential impacts of insufficient internal controls: –Audit findings –Federal funds may be managed inappropriately –Funding sources are jeopardized –Inconsistencies –Inefficient use of time and resources

In Conclusion Internal Controls affect every level in an organization and every size of an organization Internal Controls allow an organization to achieve its goals effectively and efficiently