Office of the Controller and Internal Controls

1
Office of the Controller and Internal Controls

• Sandra Featherson
• Associate Director of Controls
• Office of the Controller
• February 2008

2
Abbreviated Organization Chart
Patrick Reed University Auditor, UCOP
Anne Broome Vice President, Financial Management,
UCOP
Henry T. Yang Chancellor
Donna Carpenter Vice Chancellor, Administrative
Services
Jim Corkill, Controller, Accounting Services and
Controls
Peter Cataldo Acting Director, Audit and
Advisory Services
3
Distinct and Complimentary Roles

• Office of the Controller
• Provide leadership in a campus-wide effort to
  ensure effective controls and accountability
  practices.
• Assist management in assessing their control
  environment and the effectiveness and efficiency
  of operations.
• Ensure that campus financial policies and
  procedures are clear, adequate, and current.
• Evaluate systems and participate in system
  development to ensure proper controls are
  implemented and compliance with policy.

• Audit and Advisory Services
• Independent evaluation of systems of
  accountability and control.
• Investigate reported cases of alleged improper
  financial activities.
• Serve as the liaison between the University
  community and external audit agencies.

4
UCSB Control Initiative
5
Assessments

• Departmental Control Self Assessments
• Departmental Process Risk Assessment
• Campus Wide Process Risk Assessment

6
Office of the Controllerhttp//controller.ucsb.ed
u

• Jim Corkill
• Controller
• Director of Accounting Services and Controls
• x5882
• jim.corkill_at_accounting.ucsb.edu
• Sandra Featherson
• Associate Director of Controls
• x7667
• sandra.featherson_at_accounting.ucsb.edu
• Vacant
• Administrative Analyst
• x8593
• Neil Clark
• Administrative Assistant
• x8593
• neil.clark_at_accounting.ucsb.edu

7
Internal Controls

• What are Internal Controls?
• Definition
• COSO Model
• Examples
• Why are They Important?
• Who is Responsible for Internal Controls?

8
Internal Control - A definition

• Internal Control is a process, effected by a
  college or universitys governing board,
  administration, faculty and staff, designed to
  provide reasonable assurance regarding
  achievement of objectives in the following areas
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations

Internal Control Concepts Applications, 1992,
Committee of Sponsoring Organizations of the
Treadway Commission
9
COSO Internal Control Model

• COSO stands for Committee of Sponsoring
  Organizations.
• Committee was formed to develop a common
  definition of internal controls and provide
  guidance on judging its effectiveness.
• COSO is referred to as an Internal Control Model
  or framework.

10
COSO Internal Control Model

• Officially adopted by the University of
  California
• A tool for departments to use in evaluating their
  internal controls.

11
COSO Internal Control Model

• There are five components of internal control in
  the COSO Model
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring

12
Control Environment

• Control Environment
• The tone at the top set by people in positions
  of authority
• Based on attitudes and habits of those in
  authority
• An element in establishing the organizational
  culture

13
Control Environment

• Control Environment Factors
• Integrity and Ethical Values
• Commitment to Competence
• Managements Philosophy andOperating Style
• Assignment of Authority andResponsibility

14
Risk Assessment

• Risk - Anything that gets in the way of meeting
  your goal/objective
• Risk Assessment - The identification and
  analysis of relevant risks associated with
  achieving business goals/objectives

15
Risk Assessment

• Why is a risk assessment important?
• Risks impact an organizations ability to meet
  its objectives such as
• Positive Public Image
• Providing Excellent CustomerService
• Reducing Overdrafts

16
Control Activities

• Control Activities
• Policies and procedures that help ensure
  management directives are carried out and
  necessary actions are taken to address risks

17
Control Activities - Specific Examples

• Segregation of Duties
• Transaction Reviews
• Reconciliations

18
Control Activities Specific Examples

• Financial Performance Reviews
• Systems Controls
• Physical Controls

19
Information and Communication

• The information system must provide data that is
• Relative to established objectives
• Accurate and in sufficient detail
• Understandable and in a usable form
• This information must be provided to the right
  people in time to allow appropriate action

20
Information and Communication

• Communication
• Up and down the organization
• Across organizational lines
• Communication Examples
• Employee duties and control responsibilities
  should be clearly communicated
• Ability to report suspected problems, without
  fear of repercussions

21
Monitoring

• Monitoring
• A process that assesses the quality of an
  internal control systems performance over time

22
Monitoring

• Monitoring Activity Examples
• Management
• Review of actual expenditures vs. budgeted
• Comparison of various reports with physical
  assets
• Separate evaluations
• Assessment of internal controls by Audit and
  Advisory Services
• External auditors reviews

23
Internal Controls

• Why are They Important?
• Who is Responsible for Internal Controls?

24
Internal Controls and SAS 112

• SAS 112 Statement of Accounting Standards
• Auditors will be reviewing not only the
  transactions and ensuring the numbers are
  correct, but also the controls in place to ensure
  those numbers are correct.
• Controls must be documented or they are not
  considered controls.

25
Questions??