Effective Internal Controls by @EricPesik
-
Upload
eric-pesik -
Category
Business
-
view
1.781 -
download
0
description
Transcript of Effective Internal Controls by @EricPesik
effective internal controls
Presented by Er ic Roring Pesik at C o r r u p t i o n a n d C o m p l i a n c e S o u t h & S o u t h E a s t A s i a S u m m i t
S e p t e m b e r 2 0 1 2 H i l t o n H o t e l , S i n g a p o r e
effective internal controls
internal controls
finance & accounting procedures
corporate IT systems
company policies & procedures
humanize internal controls
simplify internal controls
restaurant guest check
restaurant procedures
take your order
prepare your order
serve your order
pay for your order
receipt for order
restaurant guest check
human scale controls
1. simple 2. effective 3. efficient
organic controls
internal control integrated framework
internal control is a process
affected by people
reasonable assurance
achieve objectives
1. process 2. people 3. assurances 4. objectives
integrated framework
human framework
human laziness
human carelessness
human dishonesty
1. laziness 2. carelessness 3. dishonesty
human framework
internal controls methods
segregation of duties
retention of records
supervision or monitoring
information processing
authorization of transactions
top-level reviews
electronic security
physical security
1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
internal controls methods
effective internal controls
risk focused
risk assessment
High Magnitude Low Probability
Low Magnitude Low Probability
High Magnitude High Probability
Low Magnitude High Probability
risk matrix
Probability of Risk
Mag
nitu
de o
f Los
s
who determines risk?
risk experts
subjective opinions
objective data
sources of data
categories of risk
probability of the risk
2%
4%
7%
7%
9%
11%
13%
14%
19%
19%
51%
Cash Register
Payroll
Financial Statement
Check Tampering
Cash Larceny
Cash on Hand
Skimming
Expense Account
Non-Cash
Billing
Corruption
magnitude of the loss
$23
$23
$33
$60
$72
$90
$100
$128
$131
$175
$1,730
Cash Register
Cash on Hand
Expense Account
Skimming
Payroll
Non-Cash
Cash Larceny
Billing
Check Tampering
Corruption
Financial Statement
adjusted risk profile
0.0
0.2
0.2
0.4
0.6
0.7
0.7
1.3
2.0
7.4
10.0
Cash Register
Cash on Hand
Payroll
Expense Account
Skimming
Cash Larceny
Check Tampering
Non-Cash
Billing
Corruption
Financial Statement
perpetrators of risk
probability of the risk
0.0%0.4%0.4%
1.5%2.2%2.2%
2.9%2.9%3.3%
4.0%4.0%
10.7%14.0%
15.1%15.4%
21.0%
LegalResearch and Dev
Internal AuditInformation Technology
Human ResourcesMfg and Production
Board of DirectorsMarketing/Pub Relations
Customer ServiceFinance
Warehousing/InventoryPurchasing
Exec/Upper MgmtAccountingOperations
Sales
magnitude of the loss
$13 $46
$71 $95 $100 $105
$150 $180
$200 $239 $248
$450 $500
$566 $800
$829
Internal AuditCustomer Service
Information TechnologySales
Research and DevOperations
Mfg and ProductionAccounting
Human ResourcesWarehousing/Inventory
Marketing/Pub RelationsFinance
PurchasingLegal
Board of DirectorsExec/Upper Mgmt
adjusted risk profile
0.00.00.20.20.20.20.30.4
1.01.01.1
1.71.7
2.83.5
10.0
Internal AuditResearch and Dev
Information TechnologyMfg and Production
Human ResourcesLegal
Customer ServiceMarketing/Pub Relations
Board of DirectorsWarehousing/Inventory
SalesFinance
OperationsPurchasingAccounting
Exec/Upper Mgmt
external data
internal data
company constituents
human laziness
human carelessness
human dishonesty
risk experts
ordinary employees
formal risk assessment
risk inventory
probability of occurrence
magnitude of loss
risk matrix
internal controls methods
1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
effectiveness of controls
cost of mitigating or avoiding
follow the money
effective loss reduction
23.2%25.0%25.0%
30.0%30.6%
34.9%40.0%40.0%
46.6%46.8%
50.0%50.0%51.5%
59.0%59.2%
Rewards for WhistleblowersManagement Certification of F/S
External Audit of F/SIndependent Audit Committee
Internal Audit DepartmentExternal Audit of ICOFR
Anti-Fraud PolicyManagement Review
Code of ConductJob Rotation/Mandatory Vacation
Fraud Training for EmployeesFraud Training for Managers/Execs
Surprise AuditsEmployee Support Programs
Hotline
benefit of loss reduction
$119 $150 $150
$140 $145
$140 $120 $120
$140 $100 $100 $100 $97
$100 $100
$155 $200 $200 $200
$209 $215
$200 $200
$262 $188
$200 $200 $200
$244 $245
Rewards for WhistleblowersManagement Certification of F/S
External Audit of F/SIndependent Audit Committee
Internal Audit DepartmentExternal Audit of ICOFR
Anti-Fraud PolicyManagement Review
Code of ConductJob Rotation/Mandatory Vacation
Fraud Training for EmployeesFraud Training for Managers/Execs
Surprise AuditsEmployee Support Programs
Hotline
risk detection
detection method
0.7%
1.7%
2.4%
2.7%
4.4%
5.5%
5.8%
8.9%
11.3%
14.3%
42.3%
IT Controls
Notified by Police
Confession
Surveillance/Monitoring
Document Examination
Account Reconciliation
External Audit
By Accident
Management Review
Internal Audit
Tip
source of tips
1.8%
2.5%
3.7%
12.1%
13.4%
17.8%
49.2%
Perpetrator'sAcquaintance
Competitor
Shareholder/Owner
Vendor
Anonymous
Customer
Employee
companies with hotlines
33.8%
42.3%
47.1%
No Hotline
Tips Overall
With Hotline
companies without hotlines
33.8%
42.3%
47.1%
13.3%No Hotline
Tips Overall
With Hotline
importance of hotlines
whistleblower bounties
follow the money
recap
effective internal controls
1. simple 2. effective 3. efficient
1. process 2. people 3. assurances 4. objectives
1. laziness 2. carelessness 3. dishonesty
1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
risk focused
objective data
follow the money
questions?
get more from http://www.slideshare.net/ericpesik/
License and Credits
This presentation, excluding the images, is provided under creative commons attribution license. http://creativecommons.org/licenses/by/3.0/ You are free to share, copy, distribute, and transmit this work; to remix, adapt this work; and to make commercial use of the work; under the condition that you attribute this work to me by including the following attribution “Effective Internal Controls by Eric Pesik. Used with permission,” and URL Link: http://www.slideshare.net/ericpesik/
Microsoft Office Online: Except as noted below, all images in this presentation are from Microsoft Office Online. Used with permission from Microsoft: http://office.microsoft.com/en-us/images/
Flickr Creative Commons: The following images are from flickr creative commons and are licensed and used under creative commons attribution license: http://creativecommons.org/licenses/by/2.0/deed.en
Art Coffee House Waitress by Wonderlane http://www.flickr.com/photos/wonderlane/293137892/
Waitress by Adikos http://www.flickr.com/photos/adikos/4319818916/
Rutherford Grill by Neeta Lind http://www.flickr.com/photos/neeta_lind/2517034517/
Serving Food by Adrian Nier http://www.flickr.com/photos/adriannier/4004167201/
Donut Shop Owner by Robert Couse-Baker http://www.flickr.com/photos/29233640@N07/7104455917/
Two chorizo burritos with cheese and sour cream by Rick http://www.flickr.com/photos/spine/1994814081/
Waiter by Hans Van Den Berg http://www.flickr.com/photos/myimage/4353456304/
Blue Telephone by UggBoy♥UggGirl http://www.flickr.com/photos/uggboy/5345135964/
Association of Certified Fraud Examiners: All data is from the Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2010 Global Fraud Study based on 1,843 cases of occupational fraud that were reported by the Certified Fraud Examiners who investigated them. http://www.acfe.com
Committee on Sponsoring Organizations of the Treadway Commission: The Internal Control — Integrated Framework was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission. It establishes a common definition of internal control that services the needs of different parties for assessing and improving their control systems. http://www.coso.org