Entity Level Controls And
description
Transcript of Entity Level Controls And
©20
11 L
arso
nAlle
n L
LP
111
©20
11 L
arso
nAlle
n L
LP
Entity Level Controls and Fraud
Michael Kosinski, CPA
239-280-3517
©20
11 L
arso
nAlle
n L
LP
2
Objectives
• Discuss the nature of entity level controls• Review the operating environment and the
proper structure to provide effective controls• Review the risk assessment process and
considerations of organizational risks and fraud
©20
11 L
arso
nAlle
n L
LP
3
Is Greed Good?
What
•Aggressive financial reporting
Message
•Tax fraud
Are
•Personal expenses in the company
You
•Unrealistic estimates
Sending?
•Don’t tell the auditors
©20
11 L
arso
nAlle
n L
LP
4
People are your assets
Feedback
Compensation Evaluations
Competence
Inadequate Staffing Defined Roles
Staffing Levels
Short Staffed Turnover
©20
11 L
arso
nAlle
n L
LP
5
Internal Controls• “MF Global Holdings Ltd.’s bankruptcy, the eighth-largest
in U.S. history, is exposing a lack of internal controls that may have prevented a last-minute rescue of Jon Corzine’s futures broker.” Washington Post Nov 2, 2011
Functional
Entity
©20
11 L
arso
nAlle
n L
LP
6
What are entity level controls?
Influence the company’s culture
Instills the tone of the company
Attitudes, awareness, and actions of management
©20
11 L
arso
nAlle
n L
LP
7
Entity Level Controls
Entity Level
Control Environment
Risk Assessment
Communication
Monitoring
©20
11 L
arso
nAlle
n L
LP
8
Is it enough just to say it?• “Boards should be absolutely certain that the company is
run properly from a fiduciary standpoint in every degree. I am a great believer in the audit committee having full access to the auditors in every way, shape, and form.”—former Sunbeam Chairman Al Dunlap
• “You’ll see people who in the early days … took their life savings and trusted this company with their money. And I have an awesome responsibility to those people to make sure that they’ve done right.”—former WorldCom CEO Bernard Ebbers
©20
11 L
arso
nAlle
n L
LP
9
Is it enough just to say it?• “We are offended by the perception that we would waste
the resources of a company that is a major part of our life and livelihood, and that we would be happy with directors who would permit that waste. … So as a CEO, I want a strong, competent board.”—former Tyco CEO Dennis Kozlowski
• “It’s more than just dollars. You’ve got to give back to the community that supported you.”—Adelphia founder John Rigas
• People have an obligation to dissent in this company.”—former Enron CEO Jeffrey Skilling
©20
11 L
arso
nAlle
n L
LP
10
Or do you have to live it?
• “It is not simply a case of having a set of procedures and processes, nor is it just about having controls in place. Reliance on a poor control is often worse than having no control at all. [The trustees must have] … a clear understanding of the business and what can go wrong.” - Tony Rawlins - (2001)
©20
11 L
arso
nAlle
n L
LP
111111
©20
11 L
arso
nAlle
n L
LP
The Control Environment
©20
11 L
arso
nAlle
n L
LP
12
Control Environment
Sets the tone
Foundation for all other controls
Provides structure and discipline
Most cost effective and efficient control
©20
11 L
arso
nAlle
n L
LP
13
What does it look like?
Ownership
Integrity
Structure
Accountability
Responsibility
Oversight
Philosophy
Competence
©20
11 L
arso
nAlle
n L
LP
14
Soft Controls
Philosophy
Competence
Integrity
©20
11 L
arso
nAlle
n L
LP
15
Integrity
Articulate
Inform
Demonstrate
Approaches
Day to day activities New hires Investigate violations
Vendor interactions Periodic updates Timelines and consistent
Customer interactions Understandable Communicate actions
Intolerance of violations Available Monitor compliance
©20
11 L
arso
nAlle
n L
LP
16
Competence
Hire
Train
Sustain
Approaches
Critical Skills In-house Oversight
Knowledge External Evaluate
Ability Professional services Analyze roles
Interviews Cost Benefit
©20
11 L
arso
nAlle
n L
LP
17
Oversight
Establish
Evaluate
Review
Approaches
Independence Management Performance
Responsibilities Risks Audit
Skepticism Effectiveness Advisors
Policies
©20
11 L
arso
nAlle
n L
LP
18
Philosophy
Mitigate
Diligence
Processes
Approaches
Reporting risks Judgment Adjustments
Suppliers Attitudes Estimates
Customers Accounting principles
Employees Authorization
©20
11 L
arso
nAlle
n L
LP
19
Structure
Establish
Align
Maintain
Approaches
Organizational chart Roles Appropriate reporting
Streamlined layers Functions Current job descriptions
Reporting lines Processes Communication
Clear roles
©20
11 L
arso
nAlle
n L
LP
20
Accountability and Responsibility
Assign
Articulate
Review
Approaches
Responsibility Links Nature of position
Authority Empowerment Key personnel
Segregation Limits
©20
11 L
arso
nAlle
n L
LP
21
Small Business Challenges
• Management influence• Segregation of duties• Qualified personnel• Limited oversight• Technology
©20
11 L
arso
nAlle
n L
LP
222222
©20
11 L
arso
nAlle
n L
LP
The Risk Assessment Process
©20
11 L
arso
nAlle
n L
LP
23
Risk Assessment
RespondAnalyzeIdentify
©20
11 L
arso
nAlle
n L
LP
24
Risk Analysis
Estimate Significance
Assess Probability Managing the Risk
©20
11 L
arso
nAlle
n L
LP
25
Risk Assessment
Reporting Objectives• Establish
Document Communicate
• Apply Principals
RiskManagement• Risk Identification• Organization and
Relationships• Anticipate and
mitigate
FraudConsideration• Assess• Monitor
©20
11 L
arso
nAlle
n L
LP
26
Reporting Objectives
Identify Assertions
•Significant accounts•Underlying transactions
Capture Activities
•Review activities•Appropriately presented
Appropriate Policies
•Policies vs. industry•Detail vs. industry
©20
11 L
arso
nAlle
n L
LP
27
Risk Analysis Aspects
Competency
IT Infrastructur
e
Probability
Reassess
Business Process
©20
11 L
arso
nAlle
n L
LP
28
•Assertions and accounts•Business processes and SupportIdentify•Maps the internal controls•Identifies controls and risksControls•Interacts with external parties•Suppliers, investors, creditorsInformation
•Considers factors impacting reporting
Internal vs. External
©20
11 L
arso
nAlle
n L
LP
29
Overall Risks - External RisksCompetition
Customers and Technology
Regulation and Economy
Company
©20
11 L
arso
nAlle
n L
LP
30
Overall Risks - Internal Risks
InformationTechnology
PersonnelManagement
Access to Assets
Nature of Organization
©20
11 L
arso
nAlle
n L
LP
31
Fraud Considerations
•Comprehensive brainstorming•Consider override controlsAssess•Compensation practices•Incentives and pressuresReview•Investigate and reporting•Remediation of instancesInvestigate
•Consider fraud in management•Consider innternal auditOversight
©20
11 L
arso
nAlle
n L
LP
323232
©20
11 L
arso
nAlle
n L
LP
Communication
©20
11 L
arso
nAlle
n L
LP
33
Communication Objectives
• Communication exists between management and governance to provide relevant information
• All personnel receive a clear message about reporting, and internal controls
• Communication is effective and absent of fears of retribution
©20
11 L
arso
nAlle
n L
LP
34
Communication to Employees
Management
IC Critical to all Employees
Roles and Responsibilitie
s
Relation of Job to Others
Unexpected Events
©20
11 L
arso
nAlle
n L
LP
35
Communication to ManagementManagement
Operating Issues Customer Needs
Continuous Improvement Competition
Misstatements
©20
11 L
arso
nAlle
n L
LP
36
External Communication
Company
Suppliers
Vendors
RegulatorsAudit
Prospects
Shareholders
©20
11 L
arso
nAlle
n L
LP
37
Facilitating Internal Control
Communicate Financial Reporting Objectives
• Financial reporting, IC, policies and responsibilities• Communicates IC information and code of conduct
Develop Alternative Means of Communication
• Mentoring and other channels• Whistleblower and anonymous hotlines
Board of Directors
• Open discussions with management• Communicate expectations for financial information• Meets with external advisors and internal audit
©20
11 L
arso
nAlle
n L
LP
383838
©20
11 L
arso
nAlle
n L
LP
Monitoring
©20
11 L
arso
nAlle
n L
LP
39
Monitoring – Small Business
• Tend to be informal• Based on ongoing activities• Examples
– Significant variances from expectations– Inaccuracies in financial information– Operating issues and shortages– Customer and vendor complaints– Communications from third parties
©20
11 L
arso
nAlle
n L
LP
40
Ongoing Monitoring
Normal Management
Third party communication
Supervision
Reconciliations to physical assets
Communications from auditors
Certifications
©20
11 L
arso
nAlle
n L
LP
41
Ongoing Activities
Management
• Variances• Budget
Comparisons• Benchmarking• Key statistics
Third Party
• Customer payments
• Bank balance reconciliations
• Vendor statements
• Noncompliance from regulators
Supervision
• Segregation of duties
• Supervisor reviews• Adjustments• Approving
vendors• Review
accuracy
©20
11 L
arso
nAlle
n L
LP
42
Ongoing Monitoring
• Reconciliation to physical assets– Subsidiary schedules and bank statements– Fixed asset and inventory counts
• Auditor Communication– How many adjustments were made– Deficiency communications
• Certifications– Independent verifications– Not typical for small to mid sized businesses