Download Internal Controls and Fraud Risks and more Lecture notes Credit and Risk Management in PDF only on Docsity!
Internal Controls and Fraud Risks
Chris Alger, Director of Financial Operations
• Introduction
• Internal Control Framework
• Components of Fraud
• What’s Next?
Agenda
• Organizational:
– Reliable financial reporting
– Operational effectiveness and efficiency
– Compliance with laws and regulations
• Transactional:
– Authorization
– Completeness
– Accuracy
– Validity
Internal Control Objectives
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring Activities
COSO Framework Components
• The University demonstrates a commitment to integrity and
ethical values
• Management establishes, with board oversight, structures,
reporting lines, and appropriate authority and responsibility in the
pursuit of objectives
• The University demonstrates a commitment to attract, develop,
and retain competent individuals in alignment with objectives
• The University holds individuals accountable for their internal
control responsibilities in the pursuit of objectives
Cornell’s Control Environment
• What could go wrong?
• Dynamic and iterative process of identifying and analyzing
risks to meeting the University’s objectives
• “Risk tolerance” is an important factor:
– How likely is each risk to occur and how impactful could it
potentially be to the University?
Risk Assessment
Alumni Affairs & Development Human Resources T ax
- Tax Exempt Status
- Federal Taxes
- State (s) Taxes
- International Taxes
Strategic
Governance Planning/Resource Allocation Major Transformation Initiatives Market Dynamics
- Alumni Relations/ Prospect Mgt.
- Annual Fundraising
- Donor Relations
- Marketing & Advertising
- Strategic Fundraising Campaigns Research Administration Student & Campus Life Instruction: Supply Chain Regulatory Compliance
- Conflicts of Interest
- Cost-benefit of Compliance Mgt.
- Debt/ SEC/ Bank Compliance
- Discrimination/Affirmative Action
- Drug & Alcohol Use on Campus
- Fair Labor Standards Act
- International/ activities abroad
- Laboratory and Residential Safety
- Medical Billing Compliance
- Minors on Campus
- Other States’ Authorizations for business
- Privacy; cyber-security, data breach
- Research and clinical administration
- Ethical Sexual Assault prevention/ respon^ Conduct se
- Code of Conduct
- Ethics & Compliance Hotline
- Fraud Prevention & Detection Le^ • g^ alTitle IX Liquidity
- Treasury Management
- Counterparty Risk
- Funding
- Investment Management Accounting and Reporting
- Capital Structure
- Debt Covenants
- Debt Ratings
- Interest Rates
- Investor Relations
Financial
Legal & Compliance
Operational
Information Technology Physical Assets Public Safety/Critical Infrastructure Capital / Debt Structure Medicine Clinical Practice
Cornell University Institutional Risk Inventory (The Macro View)
International Operations
- Board Oversight
- Board Performance
- Control Environment
- Institutional Risk Management
- Policies & Procedures
- Social Responsibility
- Affiliates and Partnerships
- Budget Forecasting
- Cost-Benefit of Admin Oversight
- Operating Budget Prep./ Tracking
- Organizational Structure
- Outsourcing Arrangements
- Strategic Planning & Execution
- Tax Planning
- Third Party Relationships
- Measurement & Monitoring
- Personnel Deployment
- Program Planning & Execution
- Program Vision and Direction
- Technology Implementations
- Transition/Change Management
- Alumni Relations
- Community/State/Federal Relations
- Competition
- Crisis Communications
- Internal Communications
- Faculty Recruitment & Retention
- Macro-Economic Factors
- Media Relations
- Research Competitiveness
- Social Media
- Socio-Political Issues
- Animal Research & Care
- Cornell Tech/Ithaca/WCM Collab.
- Export Controls
- Grants & Contracts Admin.
- Human Subjects Protection
- Research Quality
- Research Misconduct
- Revenue Management
- Academic Support
- Classroom Technology & Support
- Cornell Tech/Ithaca/WCM Collab.
- Curriculum Dev. & Mgt.
- Digital/ Distance Learning
- Program Accreditation
- Accreditation & Licensing
- Billing & Collections
- Charge Capture and Coding
- Clinical Workflow/ Integration
- Medical Management
- Medical Malpractice
- NYP Hospital Relations
- Patient Safety
- Payer Contracting
- Pharmacy Management
- Quality of Care
- Quality Reporting (Internal/External)
- Scheduling & Registration
- Weill Cornell Physicians Network
- Cash & Checks Handling Safeguards
- Deferred Maintenance
- Inventory Management
- Property Plant & Equipment
- Real Estate Management
- Data Center & Systems Continuity
- Data Protection (Level I / PCI)
- Internet Outages
- IT Infrastructure
- IT Management & Strategy
- IT Network Security/Access
- IT Policies and Procedures
- IT Investment Level/ Spend
- Third Party Provider Dependencies
- User Help and Training Tools
- Compensation and Benefits
- Competency & Skills
- Faculty Development
- Instructor Evaluation& Tenure
- Succession Planning
- Culture
- Diversity
- Recruiting and Retention
- Staff Development
- Procurement
- Supplier Selection
- Continuity of Operations/ Recovery
- Crime Prevention and Response
- Cyber Attack Response Readiness
- Environmental Health& Safety
- Gas, Power, Steam, Water Outages
- Natural Events Readiness/ Response
- Physical Safety
- Terror & Malicious Acts
- Contract Terms and Conditions
- Intellectual Property
- Litigation/ Liability/Contingent Liabilities
- Record Retention Investments
- Markets
- Performance
- Valuation
- Accounting Policies & Procedures
- Accounting, Reporting & Disclosure
- Appropriate Designation of Funds
- Billing and Payment Requests
- Budget and Planning
- Financial Reporting Internal Controls
- Gifts Accounting
- Grants Accounting
- Investment Accounting
- Payment Disbursements Insuranc e Enrollment Management
- Admission Evaluation
- Admission Policies
- Diversity
- Recruitment of Students
- Registration
- Student Financial Services
- Athletics & Recreation
- Dining Services
- Gannett Health Services
- Housing
- Student Activities/Fraternal Orgs
- Well Being & Safety. Gener
- al Personal Injury
- Third Party Property Damage
- Vehicle Use
- China/ Beijing Center
- India
- Intervention/ Evacuation
- Rome AA&P
- Travel Health, Safety & Security
- Weill Cornell Medicine - Qatar
- Insurance Policy Limit Adequacy
- Policy Exclusions/Limitations
- Self-insured Retention Levels 4 Domains, 26 Categories, 171 Inherent Risk Areas
China/ Beijing Center
Clinical Practice-Quality of Care & Patient Safety
Conflicts of Interest
Continuity of Business Unit Operations
Cornell Tech/ Ithaca/ WCM Collaboration
Cyber Security/ Data Protection
Data Center & IT Systems Continuity
Debt Ratings
Deferred Maintenance
Digital/ Distance Learning
Donor Relations
External Intrusions Into Institutional Decision Making
Emergency Preparedness, Response, and Recovery
Faculty Recruitment & Retention
Fed/State Regulatory/Legislative Adverse Action/ Scrutiny
Institutional Risk Management Program
International Travel, Health, Safety & Security
International/ Activities, Business Models, Contracting
Investments Performance
IT Governance & Strategy
IT Infrastructure – Internal /3rd^ Party Cloud Services
Laboratory and Residential Safety Compliance
Medical Billing Compliance
Policies & Procedures
Research Enterprise (includes competitiveness)
Research Grants & Contracts Administration
Research Human Subjects Protection
Staff Recruitment and Retention
Strategic Fundraising Campaigns
Strategic Planning & Execution
Student Activities/Fraternal Organizations
Student Financial Services
Student Recruitment
Student Well Being & Safety
Technology Transformation Implementations
Terrorist & Malicious Acts
Title IX Program/ Sexual Assault
Transition/Change Management Capabilities
Weill Cornell Medicine - Qatar
Weill Cornell Physicians Network Expansion
Resulting From e-Surveys and Normalization Process
Alphabetic Order
Items in blue font are the institutional Tier 1 – Top 11 Inherent risk areas
Cornell University Top 40 Institutional Inherent Risk Areas 2
“Heat Mapping” – Micro View
0 2 4 6 8 10 12 0 2 4 6 8 10 12
Potential Impact
Likelihood
Cash theft Federal non-compliance Incomplete accruals Payroll error Equipment theft Innacurate financial reporting
Where should we be allocating internal control resources?
• Policies and procedures that provide reasonable assurance that
control objectives are met and risk responses are carried out.
• Examples of control procedures:
– Segregation of duties (authorization, recording, and custody)
– Proper documentation and authorization of transactions
– Account reconciliations
– Independent checks on performance
– Safeguarding of assets of data
Control Activities
• Internal control environments can only be effective if they
are periodically measured for success:
– Internal audit
– External audit
– Management response to deficiencies identified
Monitoring
What Could Go Wrong?
https://www.insidehighered.com/quicktakes/2018/03/29/6-howard-employees-fired-fraud
What Could Go Wrong?
https://www.timeshighereducation.com/features/5-examples-of-fraud-that-universities-can-learn-from/2008457.article
Red Flags