INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices...
Transcript of INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices...
![Page 1: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/1.jpg)
INTERNAL CONTROLSBethany Staats, CPA
Finance DirectorCity of New Albany
April 24, 2019
![Page 2: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/2.jpg)
INTERNAL CONTROL
• A government’s internal control structure safeguards its assets and provides management with reasonable assurance that transactions are being processed accurately and completely.
![Page 3: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/3.jpg)
OBJECTIVES OF INTERNAL CONTROL
• Reliability of financial reporting.• Effectiveness and efficiency of operations.• Compliance with applicable laws and
regulations (state and federal) and policies.• Safeguarding of assets• To prevent or detect material
misstatements timely
![Page 4: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/4.jpg)
5 COMPONENTS OF INTERNAL CONTROL
• Control Environment• Risk Assessment• Control Activities• Information and
Communication• Monitoring
![Page 5: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/5.jpg)
CONTROL ENVIRONMENT
Sets the tone of the organization and influencesthe control consciousness of its People. This is thefoundation for all other Components.
-Integrity and Ethical Values
-Commitment to Competence
-Legislative Authority
-Management’s Philosophy and Operating Style
-Organizational Structure
-Assignment of Authority and Responsibility
-Policies and Procedures
![Page 6: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/6.jpg)
RISK ASSESSMENT
The identification and analysis of internal andexternal risks relevant to the achievement ofobjectives and then determining how to managethose risks.
-Entity-wide Objectives
-Process-level Objectives
-Risk Identification and Analysis
-Managing Change
![Page 7: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/7.jpg)
CONTROL ACTIVITIES
Policies and procedures occurring throughout the organization, at all levels and in all functions, that help ensure management directives are carried out.
-Policies and Procedures
-Security (Application and Network)
-Application Change Management
-Continuity/Backups
-Outsourcing/Service Organizations
![Page 8: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/8.jpg)
INFORMATION AND COMMUNICATION
Identifying, capturing and communicating pertinent information in a form and timeframe that enable people to carry out their responsibilities.
-Quality of Information -Effectiveness of Communication
![Page 9: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/9.jpg)
MONITORING
A process that assesses the quality of the internal control system’s performance over time.
-Ongoing Monitoring
-Separate Evaluations
-Reporting Deficiencies
![Page 10: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/10.jpg)
![Page 11: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/11.jpg)
COMPONENTS OF AN INTERNAL CONTROL PROCEDURE
• Who performs the procedure?• What is the procedure?• How often is it performed?• How is it evidenced?
![Page 12: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/12.jpg)
TWO CATEGORIES OF INTERNAL CONTROL PROCEDURES
• Application Control- preventative in nature
• Monitoring Controls- detective in nature
![Page 13: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/13.jpg)
CASH RECEIPTS
• Prenumbered receipt documents should be utilized and controlled
• Receipts should be promptly recorded and deposited in a timely manner
• Receipt documents approved by an appropriate level of management
• All employees with access to cash must be bonded and should be required to take vacations.
• Cash on-hand must be appropriately safeguarded with restricted access
![Page 14: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/14.jpg)
CASH RECEIPTS
Segregation of Duties between receiving, recording, and custody of cash:
• Individuals who open mail should not prepare deposits, deposit cash receipts, reconcile bank accounts, investigate discrepancies, or record journal entries;
• Individuals who deposit cash receipts should not reconcile bank accounts or record journal entries; and
• Individuals who reconcile the bank accounts should not investigate discrepancies or maintain access to cash.
![Page 15: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/15.jpg)
CASH RECEIPTS• Cash registers should be
utilized when appropriate. • Cash register tapes should be
reconciled daily.• Cashier funds should be
counted and reconciled at the end of each shift.
• Daily cash receipts should be compared to postings to customer accounts.
![Page 16: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/16.jpg)
CASH DISBURSEMENTS
• Requisitions to purchase should be reviewed and approved by an appropriate level of management.
• Purchase orders should be reviewed and certified by an authorized individual.
• Purchase order, receiving report, and invoice should be matched prior to payment.
• Prenumbered purchase orders/System Generated
![Page 17: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/17.jpg)
CASH DISBURSEMENTS
• Should pay from original invoices only (no statements or proposals).
• Paid invoices should be approved for payment by appropriate department/individual and not individual cutting the check
• Pre-numbered checks – any voids/nonissues accounted for and appropriately marked void
• Vendor check should be compared with the approved vendor invoice before it is mailed.
• Blank checks should be appropriately safeguarded with restricted access.
![Page 18: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/18.jpg)
CASH DISBURSEMENTS
• Passwords are established and used for individuals authorized to make wire transfers and/or ACH. 2nd approval where able.
• Segregation of Duties – Individuals who review, authorize, or sign checks should not prepare checks, mail checks, have access to edit the vendor master file, investigate discrepancies involving cash disbursements, or reconcile the bank accounts.
![Page 19: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/19.jpg)
PETTY CASH
• A petty cash fund should be used for relatively small amounts only.
• Approval must be obtained to establish a petty cash account.
• Petty cash custodian must be appointed.• Policy should be developed to govern
allowable payments from petty cash.
![Page 20: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/20.jpg)
PETTY CASH
• Petty cash on-hand must be appropriately safeguarded with restricted access.
• Each petty cash expenditure must be adequately documented to support replenishment.
• Replenishment should be requested once a pre-determined minimum level has been reached.
![Page 21: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/21.jpg)
PAYROLL DISBURSEMENTS
• Leave forms should be approved (pre-approved whenever possible).
• Time records should be approved.• Payroll journals, Hours registers, etc. should be
reviewed prior to final processing.
![Page 22: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/22.jpg)
PAYROLL DISBURSEMENTS
If using Paper Checks for Payroll:• Prenumbered checks should be used.• Blank checks should be appropriately
safeguarded with restricted access.• Payroll checks released only to employee and
employee should be required to sign.Direct Deposit:Bank file needs to be compared to the final payroll journal and payment should have separate approval
![Page 23: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/23.jpg)
PAYROLL DISBURSEMENTS
• Quarterly payroll filings should be reviewed and approved to ensure accuracy.
• Personnel files should be reviewed on a periodic basis to ensure completeness.
• HR function and payroll processing function should be separate where possible
![Page 24: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/24.jpg)
QUIZ
True or False?• Applications controls are detective in nature.• Documentation evidencing the performance of an
internal control should be discarded immediately.• Approving an invoice for payment is an example of
an application control.• All employees should have access to the safe in the
event of an emergency.
![Page 25: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/25.jpg)
MONITORING CONTROLS
• Monthly financial reports should be reviewed by the governing body.
• Budget vs. Actual comparisons should be reviewed on a periodic basis.
• Monthly bank reconciliations should be performed.
![Page 26: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/26.jpg)
BANK RECONCILIATION
• Should be performed at least monthly.• Should be performed by an employee who
has no other responsibilities pertaining to cash and reviewed by supervisor
• Necessary to identify time lags and detect errors.
![Page 27: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/27.jpg)
BANK RECONCILIATION
Common Reconciliation Items:
• Deposits-in-transit• Outstanding checks• Miscellaneous bank
debits and credits
![Page 28: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/28.jpg)
ACCESS CONTROLS
• Computer terminals should be password protected.
• Computer applications should be restricted to only those with a need for such access.
• Computer facilities should be restricted to authorized personnel only.
![Page 29: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/29.jpg)
Computer Controls
• Accountability, authorization, and approval– Who has access?– Why do they have access?– What information systems and data are
authorized for use?– What is their role and what do they do?– Where does sensitive, private information reside?
![Page 30: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/30.jpg)
Computer Controls
• Limit system and data access to appropriate users
• Determine approval hierarchies and limit access
• Appoint a departmental security administrator• Implement security measures to protect
access• Train employees in computer access, security,
software, and appropriate use of information
![Page 31: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/31.jpg)
DISASTER RECOVERY
Procedures to minimize the disruption of Government Operations if computers or other advanced technologies are disabled following a disaster.
![Page 32: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/32.jpg)
DISASTER RECOVERY
At a minimum, a Governments policies and procedures should:
• Formally assign a disaster recovery team• Require creation and preservation of back-up data• Make provision for the alternative processing of data
following a disaster• Establish guidelines for the immediate aftermath of a
disaster
![Page 33: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/33.jpg)
DISASTER RECOVERY
• Copy of policies and procedures should be kept off-site to ensure availability in the event of a disaster
• Every Government should test its plan and take immediate action to remedy deficiencies identified
• Disaster recovery for outsourced services must also be considered
![Page 34: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/34.jpg)
SERVICE ORGANIZATIONS
• Outsourced services • SOC 1, Type 2 (Old SAS 70) audit.• User control considerations.
![Page 35: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/35.jpg)
TYPICAL SO’s
• Payroll processing (ADP)
• Income tax processing (RITA)
• EMS billing services
• Self-insurance claims processing
• Investment purchases (where each transaction is NOT pre-approved).
![Page 36: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/36.jpg)
NOT SO’S
• Bank checking account
• Investment purchases (where your entity approves each transaction).
• Purchased insurance policy
![Page 37: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/37.jpg)
WHO’S RESPONSIBLE?• No shift in responsibility for the underlying activity,
the activity remains your entity’s activity
• Your entity shares responsibility for processing transactions
• The ultimate responsibility regarding proper processing is yours
• Your entity has a responsibility to monitor its SO’s.
![Page 38: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/38.jpg)
INTERNAL CONTROL MONITORING
• Performance of internal control procedures should be monitored by management periodically.
• Monitoring should be the responsibility of an internal audit team.
• Deviations should be reported to management for corrective action.
![Page 39: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/39.jpg)
INTERNAL CONTROL LIMITATIONS
• Cost-Benefit Rule• Human Element• Employee Collusion
![Page 40: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/40.jpg)
QUIZTrue or False?• Reviewing budget vs. actual reports on a periodic
basis is an example of a monitoring control.• It is management’s responsibility to implement user
control considerations identified in a SOC I Type 2 report.
• A purchased insurance policy is an example of the use of a service organization.
• Internal control procedures will eliminate all accounting errors/omissions.
![Page 41: INTERNAL CONTROLS - MemberClicks€¦ · CASH DISBURSEMENTS • Should pay from original invoices only (no statements or proposals). • Paid invoices should be approved for payment](https://reader034.fdocuments.us/reader034/viewer/2022051920/600c6a7b3a18b0162044e360/html5/thumbnails/41.jpg)
QUESTIONS?
Contact Information:
Bethany Staats, CPAFinance DirectorCity of New Albany