effective internal controls

Presented by Er ic Roring Pesik at C o r r u p t i o n a n d C o m p l i a n c e S o u t h & S o u t h E a s t A s i a S u m m i t

S e p t e m b e r 2 0 1 2 H i l t o n H o t e l , S i n g a p o r e

effective internal controls

internal controls

finance & accounting procedures

corporate IT systems

company policies & procedures

humanize internal controls

simplify internal controls

restaurant guest check

restaurant procedures

take your order

prepare your order

serve your order

pay for your order

receipt for order

restaurant guest check

human scale controls

1. simple 2. effective 3. efficient

organic controls

internal control integrated framework

internal control is a process

affected by people

reasonable assurance

achieve objectives

1. process 2. people 3. assurances 4. objectives

integrated framework

human framework

human laziness

human carelessness

human dishonesty

1. laziness 2. carelessness 3. dishonesty

human framework

internal controls methods

segregation of duties

retention of records

supervision or monitoring

information processing

authorization of transactions

top-level reviews

electronic security

physical security

1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security

internal controls methods

effective internal controls

risk focused

risk assessment

High Magnitude Low Probability

Low Magnitude Low Probability

High Magnitude High Probability

Low Magnitude High Probability

risk matrix

Probability of Risk

Mag

nitu

de o

f Los

s

who determines risk?

risk experts

subjective opinions

objective data

sources of data

categories of risk

probability of the risk

2%

4%

7%

7%

9%

11%

13%

14%

19%

19%

51%

Cash Register

Payroll

Financial Statement

Check Tampering

Cash Larceny

Cash on Hand

Skimming

Expense Account

Non-Cash

Billing

Corruption

magnitude of the loss

$23

$23

$33

$60

$72

$90

$100

$128

$131

$175

$1,730

Cash Register

Cash on Hand

Expense Account

Skimming

Payroll

Non-Cash

Cash Larceny

Billing

Check Tampering

Corruption

Financial Statement

adjusted risk profile

0.0

0.2

0.2

0.4

0.6

0.7

0.7

1.3

2.0

7.4

10.0

Cash Register

Cash on Hand

Payroll

Expense Account

Skimming

Cash Larceny

Check Tampering

Non-Cash

Billing

Corruption

Financial Statement

perpetrators of risk

probability of the risk

0.0%0.4%0.4%

1.5%2.2%2.2%

2.9%2.9%3.3%

4.0%4.0%

10.7%14.0%

15.1%15.4%

21.0%

LegalResearch and Dev

Internal AuditInformation Technology

Human ResourcesMfg and Production

Board of DirectorsMarketing/Pub Relations

Customer ServiceFinance

Warehousing/InventoryPurchasing

Exec/Upper MgmtAccountingOperations

Sales

magnitude of the loss

$13 $46

$71 $95 $100 $105

$150 $180

$200 $239 $248

$450 $500

$566 $800

$829

Internal AuditCustomer Service

Information TechnologySales

Research and DevOperations

Mfg and ProductionAccounting

Human ResourcesWarehousing/Inventory

Marketing/Pub RelationsFinance

PurchasingLegal

Board of DirectorsExec/Upper Mgmt

adjusted risk profile

0.00.00.20.20.20.20.30.4

1.01.01.1

1.71.7

2.83.5

10.0

Internal AuditResearch and Dev

Information TechnologyMfg and Production

Human ResourcesLegal

Customer ServiceMarketing/Pub Relations

Board of DirectorsWarehousing/Inventory

SalesFinance

OperationsPurchasingAccounting

Exec/Upper Mgmt

external data

internal data

company constituents

human laziness

human carelessness

human dishonesty

risk experts

ordinary employees

formal risk assessment

risk inventory

probability of occurrence

magnitude of loss

risk matrix

internal controls methods

1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security

effectiveness of controls

cost of mitigating or avoiding

follow the money

effective loss reduction

23.2%25.0%25.0%

30.0%30.6%

34.9%40.0%40.0%

46.6%46.8%

50.0%50.0%51.5%

59.0%59.2%

Rewards for WhistleblowersManagement Certification of F/S

External Audit of F/SIndependent Audit Committee

Internal Audit DepartmentExternal Audit of ICOFR

Anti-Fraud PolicyManagement Review

Code of ConductJob Rotation/Mandatory Vacation

Fraud Training for EmployeesFraud Training for Managers/Execs

Surprise AuditsEmployee Support Programs

Hotline

benefit of loss reduction

$119 $150 $150

$140 $145

$140 $120 $120

$140 $100 $100 $100 $97

$100 $100

$155 $200 $200 $200

$209 $215

$200 $200

$262 $188

$200 $200 $200

$244 $245

Rewards for WhistleblowersManagement Certification of F/S

External Audit of F/SIndependent Audit Committee

Internal Audit DepartmentExternal Audit of ICOFR

Anti-Fraud PolicyManagement Review

Code of ConductJob Rotation/Mandatory Vacation

Fraud Training for EmployeesFraud Training for Managers/Execs

Surprise AuditsEmployee Support Programs

Hotline

risk detection

detection method

0.7%

1.7%

2.4%

2.7%

4.4%

5.5%

5.8%

8.9%

11.3%

14.3%

42.3%

IT Controls

Notified by Police

Confession

Surveillance/Monitoring

Document Examination

Account Reconciliation

External Audit

By Accident

Management Review

Internal Audit

Tip

source of tips

1.8%

2.5%

3.7%

12.1%

13.4%

17.8%

49.2%

Perpetrator'sAcquaintance

Competitor

Shareholder/Owner

Vendor

Anonymous

Customer

Employee

companies with hotlines

33.8%

42.3%

47.1%

No Hotline

Tips Overall

With Hotline

companies without hotlines

33.8%

42.3%

47.1%

13.3%No Hotline

Tips Overall

With Hotline

importance of hotlines

whistleblower bounties

follow the money

recap

effective internal controls

1. simple 2. effective 3. efficient

1. process 2. people 3. assurances 4. objectives

1. laziness 2. carelessness 3. dishonesty

1. segregation of duties 2. retention of records 3. supervision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security

risk focused

objective data

follow the money

questions?

get more from http://www.slideshare.net/ericpesik/

License and Credits

This presentation, excluding the images, is provided under creative commons attribution license. http://creativecommons.org/licenses/by/3.0/ You are free to share, copy, distribute, and transmit this work; to remix, adapt this work; and to make commercial use of the work; under the condition that you attribute this work to me by including the following attribution “Effective Internal Controls by Eric Pesik. Used with permission,” and URL Link: http://www.slideshare.net/ericpesik/

Microsoft Office Online: Except as noted below, all images in this presentation are from Microsoft Office Online. Used with permission from Microsoft: http://office.microsoft.com/en-us/images/

Flickr Creative Commons: The following images are from flickr creative commons and are licensed and used under creative commons attribution license: http://creativecommons.org/licenses/by/2.0/deed.en

Art Coffee House Waitress by Wonderlane http://www.flickr.com/photos/wonderlane/293137892/

Waitress by Adikos http://www.flickr.com/photos/adikos/4319818916/

Rutherford Grill by Neeta Lind http://www.flickr.com/photos/neeta_lind/2517034517/

Serving Food by Adrian Nier http://www.flickr.com/photos/adriannier/4004167201/

Donut Shop Owner by Robert Couse-Baker http://www.flickr.com/photos/29233640@N07/7104455917/

Two chorizo burritos with cheese and sour cream by Rick http://www.flickr.com/photos/spine/1994814081/

Waiter by Hans Van Den Berg http://www.flickr.com/photos/myimage/4353456304/

Blue Telephone by UggBoy♥UggGirl http://www.flickr.com/photos/uggboy/5345135964/

Association of Certified Fraud Examiners: All data is from the Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2010 Global Fraud Study based on 1,843 cases of occupational fraud that were reported by the Certified Fraud Examiners who investigated them. http://www.acfe.com

Committee on Sponsoring Organizations of the Treadway Commission: The Internal Control — Integrated Framework was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission. It establishes a common definition of internal control that services the needs of different parties for assessing and improving their control systems. http://www.coso.org