SUNY Maritime College Internal Control Program New York

SUNY Maritime College Internal Control Program

New York State Internal Control Act of 1987 • Establish and maintain guidelines for a system of internal controls • Establish and maintain a system of internal controls and a program of internal control review • Make available to all a clear and concise statement emphasizing the importance of internal controls and the related responsibility of each employee • Designate an internal control officer • Implement training and education efforts to ensure all have adequate awareness and understanding • Periodically evaluate need for internal audit function

Internal Controls Are… Internal controls are the safeguards and management oversight designed to prevent, detect, and correct program and operational breakdowns and to ensure that goals are met. Key Elements of Internal Control: ØWell defined mission A well defined mission provides direction and stability to an organization. ØAccountability (at all levels) Key component at all levels for effective organization. ØCommunication Clearly stated objectives, communicated through the ranks, point the way forward for all employees.

Components of Internal Control: Internal controls consist of the following five interrelated components : 1. General Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring and Feedback

COSO’s Internal Control Framework Monitoring Control Activities § Assessment of a control system’s performance over time. § Policies/procedures that ensure management directives are carried out. § Combination of ongoing and separate evaluation. § Range of activities including § Management and supervisory approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties. activities. § Internal audit activities. Information and Communication § Pertinent information identified, captured and communicated in a timely manner. § Access to internal and externally generated information. § Flow of information that allows for successful control actions from instructions on responsibilities to summary of findings for management action. Control Environment § Sets tone of organization-influencing control consciousness of its people. § Factors include integrity, ethical values, competence, authority, responsibility. Risk Assessment § Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives, forming the basis for determining control activities. § Foundation for all other components of control. 9

An Effective Control Environment Is a product of … • Management’s philosophy, style and supportive attitude • Competence • Ethical values • Integrity • Morale of the organization’s people • Organizational structure • Accountability relationships

Control Environment …Depends on the people on campus. Your role: t Lead by example to foster ethical values and integrity in the organization. t Communicate its commitment to Internal Controls t Establish training programs to support staff development. t Support controls with positive attitude. t Foster positive employee morale and have a supportive attitude in the organization. t Remember your operating style and philosophy has a pervasive influence in the organization. t Review and update policies and procedures periodically. t Minimize and monitor any overrides to controls. t Select staff capable of carrying out controls.

Risks are events that threaten the achievement of the College’s objectives and mission. We must ensure each risk is assessed and handled properly. Risk Benefits Costs The cost of internal control should not exceed the benefit derived. 8

Risk Assessment The process of identifying, evaluating and determining how to manage these events. t Risk should be assessed at all levels of an organization. t Risk measured in terms of likelihood and impact. t Risks should be appropriately managed (accepted, controlled, or avoided). t Corrective actions are essential to effective risk management.

Control Activities • Control activities are tools or processes- both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the College's objectives and mission. • Management should establish control activities to effectively and efficiently accomplish the College's objectives and mission.

Examples of Control Activities • Admission process • Purchase requisition process • Accounts payable process • Property control process • Personnel process • Payroll timekeeping process

Types of Control and Examples • Documentation – Policies and procedures • Records – Recording transactions & events • Authorization – Approving transactions • Structure – Separation of duties • Supervision – Monitoring control objectives • Security – Safeguarding resources

Real-Life Examples of Control Breaches: 1. A clerical employee copied travel and other receipts, forged a faculty member’s signature, and simultaneously submitted them to both the State and the campus foundation for reimbursement. 2. An employee altered checks received from students and deposited the checks into her own bank account. 13

Communication Ask Yourself- and Your Staff Are we: ü Doing the right things (performing the right mission, planning strategically)? ü Doing these things right (achieving the needed results)? ü Making needed changes in the right order (prioritizing and applying resources correctly)? ü Operating as efficiently as possible (in applying people and other resources)? 14

Who Is Responsible For Internal Control? EVERY ONE. v Senior management assures appropriate controls are in place for all operations. v Every employee follows controls and reports problems or improvements.

Responsibilities of Managers: t Strengthen the control environment (set the “Tone”). t Document the policies, procedures, and day-to-day processes using narratives, flow-charts etc. t Have an updated Standard Operating Manual for your area. t Identify the control objectives for those processes: t Ensure accurate, reliable, and timely financial and management data; t Ensure adherence to laws, regulations, and management directives; t Safeguard resources against loss due to waste, abuse, and fraud t Implement cost effective controls designed to meet those objectives. t Regularly review/test the controls to determine Ø if they meet the objectives Ø if they are performing as intended. 16

Responsibilities of Managers: t Assess risks that may adversely affect your department’s mission or operations. t Request for and review weekly/monthly/quarterly reports (continuous monitoring) t Identify and classify internal control deficiencies t Recommend: Ø the retention of effective, efficient, and economical controls Ø enhancement of controls Ø elimination of inefficient controls or Ø implementation of new controls for the department’s processes and procedures. t Develop and document the corrective action plans t Track and document progress of corrective action plans

Internal Controls… Improve the likelihood that the right things happen and the wrong things don’t. Are safeguards, but they do not guarantee success. Reflect the qualities of management – good and bad. Require commitment and coordination from managers like you. Will succeed or fail depending on the attention people give to it. Are a process, not just a set of rules. Are built into an organization, not an added feature – part of the culture. Impact every aspect of the organization. 18

Why Are Internal Controls Important? • Compliance with applicable laws/policies • Accomplishment of the mission • Relevant and reliable data • Economical and efficient use of resources • Safeguard assets Internal Control CARES!

Summary • Management Sets the Tone • All Employees Have responsibility for Internal Controls • A Part of Everyday Operations • It’s the Law

THANK YOU…