Internal Controls and Fraud Protection Board and Management Responsibilities - PowerPoint PPT Presentation

Loading...

PPT – Internal Controls and Fraud Protection Board and Management Responsibilities PowerPoint presentation | free to download - id: 3dfbc2-NjYyM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Internal Controls and Fraud Protection Board and Management Responsibilities

Description:

Internal Controls and Fraud Protection Board and Management Responsibilities By Gerard M. Zack, CFE, CPA, MBA Zack Accounting & Consulting, P.C. Nonprofit Resource ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 37
Provided by: navrefOrg
Learn more at: http://navref.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Internal Controls and Fraud Protection Board and Management Responsibilities


1
Internal Controls and Fraud ProtectionBoard and
Management Responsibilities
  • By
  • Gerard M. Zack, CFE, CPA, MBA
  • Zack Accounting Consulting, P.C.
  • Nonprofit Resource Center, Inc.

2
Agenda
  • Part I
  • Overview of Board and Management Responsibilities
  • Auditor Responsibilities
  • Framework of Internal Controls
  • Part II
  • Overview of an Organization-Wide Model of
    Internal Control
  • Best Practices Pertaining to Board and Management
    Oversight

3
Elements of an Organizational System of Internal
Control
  • Financial Controls
  • Preventive controls
  • Detective controls
  • Non-Financial Systems
  • Management Oversight and Behavior

4
II. Non-Financial Systems
  • Several Non-Financial Systems Are Important to
    Internal Controls and Fraud Protection
  • Among the Most Important
  • Human Resources Systems
  • Information Technology Systems
  • Communications Systems
  • Insurance Protection

5
Human Resources Systems
  • Hiring Policies and Practices
  • New Employee Orientation
  • Code of Ethics and Related Policies
  • Performance Evaluation Systems
  • Compensation Adjustment Practices
  • Grievance Policies
  • Counseling of Troubled Employees
  • Exit Interviews

6
Communications
  • Organization Chart
  • Clear understanding of lines of communication
  • Access to Audit Committee
  • Or equivalent board-level representatives
  • Hotlines
  • Anonymous reporting of suspected fraud and abuse,
    or any other misconduct, by employees
  • External
  • Crisis management

7
Methods of Detection NPOs Overall
  • Tips 34.4 34.2
  • By Accident 28.7 25.4
  • Internal Controls 19.7 19.2
  • Internal Audit 16.4 20.2
  • External Audit 14.8 12.0
  • Notified by Police 4.9 3.8
  • Source 2006 ACFE Report to the Nation on
    Occupational Fraud and Abuse

8
Tips Came From
  • Employee 64.1
  • Anonymous 18.1
  • Customer 10.7
  • Vendor 7.1

9
III. Management Oversight
  • Day-to-Day Management Activities
  • Board of Directors
  • Financial Oversight and Monitoring
  • Board and management level
  • Department/program level

10
Day-to-Day Management
  • Understanding Responsibilities and Risks
  • Setting an Example Follow all Policies
  • Tone at the top
  • Communicate seriousness of internal control
  • All Supervisors and Managers Have
    Responsibilities
  • Awareness of red flags of problems
  • Enforcement of Policies
  • And reward ethical behavior
  • Responding to Fraud and Deficiencies in I.C.
  • Open-Door Policies Receive Communications
    Regarding Allegations of Wrongdoing
  • Corrective Actions

11
Board of Directors
  • Oversight Responsibilities in Many Areas
  • Establishment of Committees so That Committee can
    Address Issues in Greater Detail Than Full Board
  • Separate Audit Committee
  • Committee Charters
  • Outline Responsibilities and Authority
  • Committees Deal With Issues in Detail, Bringing
    Summaries and Recommendations to the Full Board
  • Audit Committee Should be Independent of Finance
    Committee

12
So, whats it all mean for me as a board member?
13
Best Practices for Board Members
  1. Codes of Ethics
  2. Hotlines and Whistleblower Protection
  3. Functioning Audit Committee
  4. Fraud Risk Assessment Process
  5. Model Oversight and Policies After U.S.
    Sentencing Commission Guidelines
  6. Make Inquiries Regarding The NPCs Financial and
    Non-Financial Controls

14
1. Codes of Ethics
  1. Draft or edit to make sure it is comprehensive
    and accurate
  2. Draft or edit related written policies and
    procedures
  3. Reinforce awareness and importance
  4. Staff training and certification

15
Codes of Ethics
  • Two Approaches to Drafting
  • Detailed identifying specific acts
  • Broad conduct in general terms
  • If Broad, Cross-Reference Other Written Policies,
    Such as Personnel Manual, etc.

16
Codes of Ethics
  • Borrowing from SOX Codes Should Deter
    Wrongdoing and Promote
  • Honest, ethical conduct, including handling of
    conflicts of interest
  • Full, fair, timely disclosures
  • Compliance with applicable laws and regulations
  • Prompt internal reporting of violations
  • Description of what constitutes fraudulent
    behavior
  • Accountability for adherence to the code and
    sanctions for those who breach it

17
Codes of Ethics
  • Communicate the Code Effectively, Through Policy
    Manuals, etc.
  • Have Employees Sign, Acknowledging They
    Understand it and Agree to Comply With it
  • Emphasized at Orientation for New Employees
  • Training and Periodic Re-certification
  • Monitoring of Code is the Responsibility of
  • Management
  • Audit committee

18
Ethics Training Topics
  • Code of Ethics
  • Conflicts of Interest
  • Ethical Issues
  • Kickbacks
  • Hotline Usage Other Methods of Reporting
  • Protection from Retaliation
  • Each Persons Role in Maintaining an Ethical
    Workplace

19
The Value of Ethics Training
  • With Fraud Awareness or Ethics Training
  • Median Loss 100,000
  • Median Months to Detection 15
  • Without
  • Median Loss 200,000
  • Median Months to Detection 24

20
Policy on Suspected Misconduct
  • Functions in Conjunction With Code of Ethics
  • Identifies How to Report Suspected Activities
  • Incorporates Whistleblower Protection Provisions
  • States Employers Rights
  • Including right to inspect and search employee
    files, lockers, desks, etc. that are provided as
    an employee convenience by the employer
  • Explains Disciplinary Actions That May Result,
    Including Termination

21
2. Hotlines
  • Allows for Anonymous Reporting of Suspected
    Wrongdoing
  • Utilize Third-Party Services (EthicsLine of
    Association of CFEs The Network Pinkerton
    Security Other Services)
  • FraudNet, a Service of GAO to Report Wrongdoing
    Involving Federal Funds
  • fraudnet_at_gao.gov or
  • (202) 512-3086

22
Hotlines
  • Consider Method of Reporting
  • Telephone interview
  • Voicemail service
  • Web-based format
  • Consider Protocol for Dissemination of
    Information
  • Direct to audit committee
  • Compliance officer
  • Human resources
  • Internal audit

23
Promote the Hotline
  • Personnel Manual and Other Policy Manuals
  • Staff Meetings
  • Memos/Newsletters
  • Postings in Break Rooms
  • Intranet

24
The Value of Hotlines
  • With Hotlines
  • Median Loss 100,000
  • Months Prior to Detection 15
  • Without Hotlines
  • Median Loss 200,000
  • Months Prior to Detection 24

25
Whistleblower Protection
  • Key to Encouraging Proper Use of a Hotline is
    Protection of Whistleblower
  • Does Not Protect Trouble-Makers
  • Protects Employees Who Report Possible Misconduct
    Based on Information They Believe to be Truthful
  • Protects Against Retaliation Against
    Whistleblower in any Form

26
3. Audit Committee Functions
  • Oversee All Audit Functions
  • Selection, Planning, etc.
  • Review and Approve Audit Reports
  • Oversee Corrective Actions in Response to Auditor
    Findings
  • Monitor Adequacy of Internal Controls
  • Receive Communications
  • Investigate Allegations of Fraud

27
Audit Committee Functions (2)
  • Monitor Compliance With Code of Conduct
  • Manage Conflicts of Interest
  • Monitor Adequacy of Insurance Protection
  • Assess Financial Risks Due to Current Operating
    Environment

28
Audit Committee Charter
  • Clearly Describe Responsibilities
  • Provide Committee With Proper Authority
  • Access to records
  • Authority to hire investigators, if deemed
    necessary
  • Describe Member and Meeting Requirements

29
4. Fraud Risk Assessments
  • Active, ongoing discussion involving each of the
    following
  • Identification of potential fraud risks
  • Evaluation of current internal controls in
    response to those risks
  • Consideration of changes necessary to properly
    respond to the risks
  • Design and implement changes in internal controls
  • Monitoring of the performance of internal
    controls
  • Receive input regarding control breakdowns

30
Who is Involved?
  • The Boards role is to oversee and make sure this
    process is taking place Direct involvement
    depends on the individual circumstances (size and
    structure of NPC)
  • Others with roles
  • Senior management
  • Chief financial and operations officers
  • Program personnel (research and education)
  • Auditors
  • Others as deemed necessary

31
5. Model Practices After USSC
  • Directly applicable only in certain federal
    cases Includes guidelines for assessing
    penalties against corporations
  • Similar approach often taken to penalizing
    corporations in non-federal non-criminal cases
  • Excellent source of best practices regarding
    establishment of an ethical culture by boards and
    senior management

32
Sentencing Guidelines Due Diligence
  1. Establish standards and procedures (internal
    controls) to prevent and detect criminal conduct
  2. Assign high-level personnel responsibility for
    compliance and ethics program, and specific
    individuals for day-to-day operational
    responsibility for the program
  3. Reasonable efforts not to include within
    substantial authority any person the organization
    knew, or should have known through due diligence,
    has engaged in illegal activities or other
    conduct inconsistent with an effective compliance
    and ethics program

33
Sentencing Guidelines Due Diligence
  1. Communicate standards and procedures of the
    compliance and ethics program periodically and in
    a practical manner by conducting training and
    otherwise disseminating information
  2. Take reasonable steps to ensure the program is
    followed (monitoring and auditing), including
    having a publicized system for employees and
    agents to report problems or seek guidance
  3. When criminal conduct is detected, take steps to
    prevent further similar criminal conduct

34
Sentencing Guidelines Due Diligence
  1. Periodically assess risk of criminal conduct and
    design, implement, or modify the preceding
    requirements to reduce the risk of criminal
    conduct
  2. Large organizations should encourage small
    organizations (such as subcontractors and
    vendors) to implement effective compliance and
    ethics programs

35
6. Make Inquiries
  • As stated earlier, the role of the NPC board is
    not necessarily to be internal control experts or
    to directly carry out each of the steps described
    in this presentation
  • Direct involvement in development of policies or
    practices that are the responsibility of the
    board
  • Make inquiries of management and staff regarding
    how each of the other areas is being addressed
  • Make inquiries regarding fraud risks and the
    existence of internal controls in response to
    specific fraud risks that well explain in the
    second part of this series.

36
Contact Information
  • Gerard M. Zack, CPA, CFE
  • Zack Accounting Consulting. P.C.
  • 1700 Rockville Pike, Suite 400
  • Rockville, MD 20852
  • E-mail zackaccounting_at_earthlink.net
About PowerShow.com