Internal Controls and Fraud Protection Board and Management Responsibilities - PowerPoint PPT Presentation


PPT – Internal Controls and Fraud Protection Board and Management Responsibilities PowerPoint presentation | free to download - id: 3dfbc2-NjYyM


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Internal Controls and Fraud Protection Board and Management Responsibilities


Internal Controls and Fraud Protection Board and Management Responsibilities By Gerard M. Zack, CFE, CPA, MBA Zack Accounting & Consulting, P.C. Nonprofit Resource ... – PowerPoint PPT presentation

Number of Views:123
Avg rating:3.0/5.0
Slides: 37
Provided by: navrefOrg
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Internal Controls and Fraud Protection Board and Management Responsibilities

Internal Controls and Fraud ProtectionBoard and
Management Responsibilities
  • By
  • Gerard M. Zack, CFE, CPA, MBA
  • Zack Accounting Consulting, P.C.
  • Nonprofit Resource Center, Inc.

  • Part I
  • Overview of Board and Management Responsibilities
  • Auditor Responsibilities
  • Framework of Internal Controls
  • Part II
  • Overview of an Organization-Wide Model of
    Internal Control
  • Best Practices Pertaining to Board and Management

Elements of an Organizational System of Internal
  • Financial Controls
  • Preventive controls
  • Detective controls
  • Non-Financial Systems
  • Management Oversight and Behavior

II. Non-Financial Systems
  • Several Non-Financial Systems Are Important to
    Internal Controls and Fraud Protection
  • Among the Most Important
  • Human Resources Systems
  • Information Technology Systems
  • Communications Systems
  • Insurance Protection

Human Resources Systems
  • Hiring Policies and Practices
  • New Employee Orientation
  • Code of Ethics and Related Policies
  • Performance Evaluation Systems
  • Compensation Adjustment Practices
  • Grievance Policies
  • Counseling of Troubled Employees
  • Exit Interviews

  • Organization Chart
  • Clear understanding of lines of communication
  • Access to Audit Committee
  • Or equivalent board-level representatives
  • Hotlines
  • Anonymous reporting of suspected fraud and abuse,
    or any other misconduct, by employees
  • External
  • Crisis management

Methods of Detection NPOs Overall
  • Tips 34.4 34.2
  • By Accident 28.7 25.4
  • Internal Controls 19.7 19.2
  • Internal Audit 16.4 20.2
  • External Audit 14.8 12.0
  • Notified by Police 4.9 3.8
  • Source 2006 ACFE Report to the Nation on
    Occupational Fraud and Abuse

Tips Came From
  • Employee 64.1
  • Anonymous 18.1
  • Customer 10.7
  • Vendor 7.1

III. Management Oversight
  • Day-to-Day Management Activities
  • Board of Directors
  • Financial Oversight and Monitoring
  • Board and management level
  • Department/program level

Day-to-Day Management
  • Understanding Responsibilities and Risks
  • Setting an Example Follow all Policies
  • Tone at the top
  • Communicate seriousness of internal control
  • All Supervisors and Managers Have
  • Awareness of red flags of problems
  • Enforcement of Policies
  • And reward ethical behavior
  • Responding to Fraud and Deficiencies in I.C.
  • Open-Door Policies Receive Communications
    Regarding Allegations of Wrongdoing
  • Corrective Actions

Board of Directors
  • Oversight Responsibilities in Many Areas
  • Establishment of Committees so That Committee can
    Address Issues in Greater Detail Than Full Board
  • Separate Audit Committee
  • Committee Charters
  • Outline Responsibilities and Authority
  • Committees Deal With Issues in Detail, Bringing
    Summaries and Recommendations to the Full Board
  • Audit Committee Should be Independent of Finance

So, whats it all mean for me as a board member?
Best Practices for Board Members
  1. Codes of Ethics
  2. Hotlines and Whistleblower Protection
  3. Functioning Audit Committee
  4. Fraud Risk Assessment Process
  5. Model Oversight and Policies After U.S.
    Sentencing Commission Guidelines
  6. Make Inquiries Regarding The NPCs Financial and
    Non-Financial Controls

1. Codes of Ethics
  1. Draft or edit to make sure it is comprehensive
    and accurate
  2. Draft or edit related written policies and
  3. Reinforce awareness and importance
  4. Staff training and certification

Codes of Ethics
  • Two Approaches to Drafting
  • Detailed identifying specific acts
  • Broad conduct in general terms
  • If Broad, Cross-Reference Other Written Policies,
    Such as Personnel Manual, etc.

Codes of Ethics
  • Borrowing from SOX Codes Should Deter
    Wrongdoing and Promote
  • Honest, ethical conduct, including handling of
    conflicts of interest
  • Full, fair, timely disclosures
  • Compliance with applicable laws and regulations
  • Prompt internal reporting of violations
  • Description of what constitutes fraudulent
  • Accountability for adherence to the code and
    sanctions for those who breach it

Codes of Ethics
  • Communicate the Code Effectively, Through Policy
    Manuals, etc.
  • Have Employees Sign, Acknowledging They
    Understand it and Agree to Comply With it
  • Emphasized at Orientation for New Employees
  • Training and Periodic Re-certification
  • Monitoring of Code is the Responsibility of
  • Management
  • Audit committee

Ethics Training Topics
  • Code of Ethics
  • Conflicts of Interest
  • Ethical Issues
  • Kickbacks
  • Hotline Usage Other Methods of Reporting
  • Protection from Retaliation
  • Each Persons Role in Maintaining an Ethical

The Value of Ethics Training
  • With Fraud Awareness or Ethics Training
  • Median Loss 100,000
  • Median Months to Detection 15
  • Without
  • Median Loss 200,000
  • Median Months to Detection 24

Policy on Suspected Misconduct
  • Functions in Conjunction With Code of Ethics
  • Identifies How to Report Suspected Activities
  • Incorporates Whistleblower Protection Provisions
  • States Employers Rights
  • Including right to inspect and search employee
    files, lockers, desks, etc. that are provided as
    an employee convenience by the employer
  • Explains Disciplinary Actions That May Result,
    Including Termination

2. Hotlines
  • Allows for Anonymous Reporting of Suspected
  • Utilize Third-Party Services (EthicsLine of
    Association of CFEs The Network Pinkerton
    Security Other Services)
  • FraudNet, a Service of GAO to Report Wrongdoing
    Involving Federal Funds
  • or
  • (202) 512-3086

  • Consider Method of Reporting
  • Telephone interview
  • Voicemail service
  • Web-based format
  • Consider Protocol for Dissemination of
  • Direct to audit committee
  • Compliance officer
  • Human resources
  • Internal audit

Promote the Hotline
  • Personnel Manual and Other Policy Manuals
  • Staff Meetings
  • Memos/Newsletters
  • Postings in Break Rooms
  • Intranet

The Value of Hotlines
  • With Hotlines
  • Median Loss 100,000
  • Months Prior to Detection 15
  • Without Hotlines
  • Median Loss 200,000
  • Months Prior to Detection 24

Whistleblower Protection
  • Key to Encouraging Proper Use of a Hotline is
    Protection of Whistleblower
  • Does Not Protect Trouble-Makers
  • Protects Employees Who Report Possible Misconduct
    Based on Information They Believe to be Truthful
  • Protects Against Retaliation Against
    Whistleblower in any Form

3. Audit Committee Functions
  • Oversee All Audit Functions
  • Selection, Planning, etc.
  • Review and Approve Audit Reports
  • Oversee Corrective Actions in Response to Auditor
  • Monitor Adequacy of Internal Controls
  • Receive Communications
  • Investigate Allegations of Fraud

Audit Committee Functions (2)
  • Monitor Compliance With Code of Conduct
  • Manage Conflicts of Interest
  • Monitor Adequacy of Insurance Protection
  • Assess Financial Risks Due to Current Operating

Audit Committee Charter
  • Clearly Describe Responsibilities
  • Provide Committee With Proper Authority
  • Access to records
  • Authority to hire investigators, if deemed
  • Describe Member and Meeting Requirements

4. Fraud Risk Assessments
  • Active, ongoing discussion involving each of the
  • Identification of potential fraud risks
  • Evaluation of current internal controls in
    response to those risks
  • Consideration of changes necessary to properly
    respond to the risks
  • Design and implement changes in internal controls
  • Monitoring of the performance of internal
  • Receive input regarding control breakdowns

Who is Involved?
  • The Boards role is to oversee and make sure this
    process is taking place Direct involvement
    depends on the individual circumstances (size and
    structure of NPC)
  • Others with roles
  • Senior management
  • Chief financial and operations officers
  • Program personnel (research and education)
  • Auditors
  • Others as deemed necessary

5. Model Practices After USSC
  • Directly applicable only in certain federal
    cases Includes guidelines for assessing
    penalties against corporations
  • Similar approach often taken to penalizing
    corporations in non-federal non-criminal cases
  • Excellent source of best practices regarding
    establishment of an ethical culture by boards and
    senior management

Sentencing Guidelines Due Diligence
  1. Establish standards and procedures (internal
    controls) to prevent and detect criminal conduct
  2. Assign high-level personnel responsibility for
    compliance and ethics program, and specific
    individuals for day-to-day operational
    responsibility for the program
  3. Reasonable efforts not to include within
    substantial authority any person the organization
    knew, or should have known through due diligence,
    has engaged in illegal activities or other
    conduct inconsistent with an effective compliance
    and ethics program

Sentencing Guidelines Due Diligence
  1. Communicate standards and procedures of the
    compliance and ethics program periodically and in
    a practical manner by conducting training and
    otherwise disseminating information
  2. Take reasonable steps to ensure the program is
    followed (monitoring and auditing), including
    having a publicized system for employees and
    agents to report problems or seek guidance
  3. When criminal conduct is detected, take steps to
    prevent further similar criminal conduct

Sentencing Guidelines Due Diligence
  1. Periodically assess risk of criminal conduct and
    design, implement, or modify the preceding
    requirements to reduce the risk of criminal
  2. Large organizations should encourage small
    organizations (such as subcontractors and
    vendors) to implement effective compliance and
    ethics programs

6. Make Inquiries
  • As stated earlier, the role of the NPC board is
    not necessarily to be internal control experts or
    to directly carry out each of the steps described
    in this presentation
  • Direct involvement in development of policies or
    practices that are the responsibility of the
  • Make inquiries of management and staff regarding
    how each of the other areas is being addressed
  • Make inquiries regarding fraud risks and the
    existence of internal controls in response to
    specific fraud risks that well explain in the
    second part of this series.

Contact Information
  • Gerard M. Zack, CPA, CFE
  • Zack Accounting Consulting. P.C.
  • 1700 Rockville Pike, Suite 400
  • Rockville, MD 20852
  • E-mail