Internal Controls and Fraud Risks, Lecture notes of Credit and Risk Management

– How likely is each risk to occur and how impactful could it potentially be to the University? Risk Assessment. 8. Page 9. Cornell University.

Typology: Lecture notes

2022/2023

Uploaded on 05/11/2023

ekasha
ekasha 🇺🇸

4.8

(22)

270 documents

1 / 33

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Internal Controls and Fraud Risks
Chris Alger, Director of Financial Operations
10/26/2018
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21

Partial preview of the text

Download Internal Controls and Fraud Risks and more Lecture notes Credit and Risk Management in PDF only on Docsity!

Internal Controls and Fraud Risks

Chris Alger, Director of Financial Operations

• Introduction

• Internal Control Framework

• Components of Fraud

• What’s Next?

Agenda

• Organizational:

– Reliable financial reporting

– Operational effectiveness and efficiency

– Compliance with laws and regulations

• Transactional:

– Authorization

– Completeness

– Accuracy

– Validity

Internal Control Objectives

• Control Environment

• Risk Assessment

• Control Activities

• Information and Communication

• Monitoring Activities

COSO Framework Components

• The University demonstrates a commitment to integrity and

ethical values

• Management establishes, with board oversight, structures,

reporting lines, and appropriate authority and responsibility in the

pursuit of objectives

• The University demonstrates a commitment to attract, develop,

and retain competent individuals in alignment with objectives

• The University holds individuals accountable for their internal

control responsibilities in the pursuit of objectives

Cornell’s Control Environment

• What could go wrong?

• Dynamic and iterative process of identifying and analyzing

risks to meeting the University’s objectives

• “Risk tolerance” is an important factor:

– How likely is each risk to occur and how impactful could it

potentially be to the University?

Risk Assessment

Alumni Affairs & Development Human Resources T ax

  • Tax Exempt Status
  • Federal Taxes
  • State (s) Taxes
  • International Taxes
Strategic

Governance Planning/Resource Allocation Major Transformation Initiatives Market Dynamics

  • Alumni Relations/ Prospect Mgt.
  • Annual Fundraising
  • Donor Relations
  • Marketing & Advertising
  • Strategic Fundraising Campaigns Research Administration Student & Campus Life Instruction: Supply Chain Regulatory Compliance
  • Conflicts of Interest
  • Cost-benefit of Compliance Mgt.
  • Debt/ SEC/ Bank Compliance
  • Discrimination/Affirmative Action
  • Drug & Alcohol Use on Campus
  • Fair Labor Standards Act
  • International/ activities abroad
  • Laboratory and Residential Safety
  • Medical Billing Compliance
  • Minors on Campus
  • Other States’ Authorizations for business
  • Privacy; cyber-security, data breach
  • Research and clinical administration
  • Ethical Sexual Assault prevention/ respon^ Conduct se
  • Code of Conduct
  • Ethics & Compliance Hotline
  • Fraud Prevention & Detection Le^ • g^ alTitle IX Liquidity
  • Treasury Management
  • Counterparty Risk
  • Funding
  • Investment Management Accounting and Reporting
  • Capital Structure
  • Debt Covenants
  • Debt Ratings
  • Interest Rates
  • Investor Relations
Financial
Legal & Compliance
Operational

Information Technology Physical Assets Public Safety/Critical Infrastructure Capital / Debt Structure Medicine Clinical Practice

Cornell University Institutional Risk Inventory (The Macro View)

International Operations

  • Board Oversight
  • Board Performance
  • Control Environment
  • Institutional Risk Management
  • Policies & Procedures
  • Social Responsibility
    • Affiliates and Partnerships
    • Budget Forecasting
    • Cost-Benefit of Admin Oversight
    • Operating Budget Prep./ Tracking
    • Organizational Structure
    • Outsourcing Arrangements
    • Strategic Planning & Execution
    • Tax Planning
    • Third Party Relationships
    • Measurement & Monitoring
    • Personnel Deployment
    • Program Planning & Execution
    • Program Vision and Direction
    • Technology Implementations
    • Transition/Change Management
      • Alumni Relations
      • Community/State/Federal Relations
  • Competition
  • Crisis Communications
  • Internal Communications
  • Faculty Recruitment & Retention
  • Macro-Economic Factors
  • Media Relations
  • Research Competitiveness
  • Social Media
  • Socio-Political Issues
  • Animal Research & Care
  • Cornell Tech/Ithaca/WCM Collab.
  • Export Controls
  • Grants & Contracts Admin.
  • Human Subjects Protection
  • Research Quality
  • Research Misconduct
  • Revenue Management
  • Academic Support
  • Classroom Technology & Support
  • Cornell Tech/Ithaca/WCM Collab.
  • Curriculum Dev. & Mgt.
  • Digital/ Distance Learning
  • Program Accreditation
  • Accreditation & Licensing
  • Billing & Collections
  • Charge Capture and Coding
  • Clinical Workflow/ Integration
  • Medical Management
  • Medical Malpractice
  • NYP Hospital Relations
  • Patient Safety
  • Payer Contracting
  • Pharmacy Management
  • Quality of Care
  • Quality Reporting (Internal/External)
  • Scheduling & Registration
  • Weill Cornell Physicians Network
  • Cash & Checks Handling Safeguards
  • Deferred Maintenance
  • Inventory Management
  • Property Plant & Equipment
  • Real Estate Management
  • Data Center & Systems Continuity
  • Data Protection (Level I / PCI)
  • Internet Outages
  • IT Infrastructure
  • IT Management & Strategy
  • IT Network Security/Access
  • IT Policies and Procedures
  • IT Investment Level/ Spend
  • Third Party Provider Dependencies
  • User Help and Training Tools
  • Compensation and Benefits
  • Competency & Skills
  • Faculty Development
  • Instructor Evaluation& Tenure
  • Succession Planning
  • Culture
  • Diversity
  • Recruiting and Retention
  • Staff Development
  • Procurement
  • Supplier Selection
  • Continuity of Operations/ Recovery
  • Crime Prevention and Response
  • Cyber Attack Response Readiness
  • Environmental Health& Safety
  • Gas, Power, Steam, Water Outages
  • Natural Events Readiness/ Response
  • Physical Safety
  • Terror & Malicious Acts
  • Contract Terms and Conditions
  • Intellectual Property
  • Litigation/ Liability/Contingent Liabilities
  • Record Retention Investments
  • Markets
  • Performance
  • Valuation
  • Accounting Policies & Procedures
  • Accounting, Reporting & Disclosure
  • Appropriate Designation of Funds
  • Billing and Payment Requests
  • Budget and Planning
  • Financial Reporting Internal Controls
  • Gifts Accounting
  • Grants Accounting
  • Investment Accounting
  • Payment Disbursements Insuranc e Enrollment Management
  • Admission Evaluation
  • Admission Policies
  • Diversity
  • Recruitment of Students
  • Registration
  • Student Financial Services
  • Athletics & Recreation
  • Dining Services
  • Gannett Health Services
  • Housing
  • Student Activities/Fraternal Orgs
  • Well Being & Safety. Gener
  • al Personal Injury
  • Third Party Property Damage
  • Vehicle Use
  • China/ Beijing Center
  • India
  • Intervention/ Evacuation
  • Rome AA&P
  • Travel Health, Safety & Security
  • Weill Cornell Medicine - Qatar
  • Insurance Policy Limit Adequacy
  • Policy Exclusions/Limitations
  • Self-insured Retention Levels 4 Domains, 26 Categories, 171 Inherent Risk Areas
China/ Beijing Center
 Clinical Practice-Quality of Care & Patient Safety
Conflicts of Interest
Continuity of Business Unit Operations
Cornell Tech/ Ithaca/ WCM Collaboration
Cyber Security/ Data Protection
Data Center & IT Systems Continuity
Debt Ratings
Deferred Maintenance
Digital/ Distance Learning
Donor Relations
External Intrusions Into Institutional Decision Making
Emergency Preparedness, Response, and Recovery
Faculty Recruitment & Retention
Fed/State Regulatory/Legislative Adverse Action/ Scrutiny
Institutional Risk Management Program
International Travel, Health, Safety & Security
International/ Activities, Business Models, Contracting
Investments Performance
IT Governance & Strategy
IT Infrastructure – Internal /3rd^ Party Cloud Services
Laboratory and Residential Safety Compliance
Medical Billing Compliance
Policies & Procedures
Research Enterprise (includes competitiveness)
Research Grants & Contracts Administration
Research Human Subjects Protection
Staff Recruitment and Retention
Strategic Fundraising Campaigns
Strategic Planning & Execution
Student Activities/Fraternal Organizations
Student Financial Services
Student Recruitment
Student Well Being & Safety
Technology Transformation Implementations
Terrorist & Malicious Acts
Title IX Program/ Sexual Assault
Transition/Change Management Capabilities
Weill Cornell Medicine - Qatar
Weill Cornell Physicians Network Expansion

Resulting From e-Surveys and Normalization Process

Alphabetic Order

Items in blue font are the institutional Tier 1 – Top 11 Inherent risk areas

Cornell University Top 40 Institutional Inherent Risk Areas 2

“Heat Mapping” – Micro View

0 2 4 6 8 10 12 0 2 4 6 8 10 12

Potential Impact
Likelihood

Cash theft Federal non-compliance Incomplete accruals Payroll error Equipment theft Innacurate financial reporting

Where should we be allocating internal control resources?

• Policies and procedures that provide reasonable assurance that

control objectives are met and risk responses are carried out.

• Examples of control procedures:

– Segregation of duties (authorization, recording, and custody)

– Proper documentation and authorization of transactions

– Account reconciliations

– Independent checks on performance

– Safeguarding of assets of data

Control Activities

• Internal control environments can only be effective if they

are periodically measured for success:

– Internal audit

– External audit

– Management response to deficiencies identified

Monitoring

What Could Go Wrong?

https://www.insidehighered.com/quicktakes/2018/03/29/6-howard-employees-fired-fraud

What Could Go Wrong?

https://www.timeshighereducation.com/features/5-examples-of-fraud-that-universities-can-learn-from/2008457.article

Red Flags