Managing Enterprise Risk through Internal Audit Presented by Ann Clift, CFO Foundation Communities May 19, 2014
[email protected] 512-610-4032
(Source materials: Wikipedia and FC Internal audit procedures)
Enterprise Risk Management
Definition : Risk-based approach to managing an enterprise, integrating concepts of internal control, Sarbanes-Oxley Act and strategic planning. Includes methods and processes used by organizations to manage risks and seize opportunities related to achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy and monitoring progress. (Source: Wikipedia) Page 1
ERM Framework Methods
to identify, analyze, monitor and respond to risks and opportunities
Potential
strategies: Avoiding risks Reducing likelihood or impact of risk Identifying alternatives Identify ways to share or transfer risk Page 2
Internal Auditing Definition:
an independent, objective assurance activity designed to evaluate and improve an organization’s effectiveness of risk management and internal control processes.
Note: While internal auditors are not independent of organization that employs them – the auditing staff should maintain an attitude of independence and objectivity in conducting their procedures.
Page 3
Internal Audit Primary Objective: Evaluation of Internal Controls Evaluation includes procedures to assess: Effectiveness and efficiency of operations Reliability of financial and management reporting Compliance with laws and regulations Safeguarding of Assets
Page 4
Overview of Internal Audit Procedures Based on fact that you understand your own organization and its internal controls Identify source of key risks Identify the management practices used to control specific risks Establish standard internal audit procedures (risk-based sampling and testing) for each functional area to be audited Conduct the audit Report on the audit Follow-up on findings Page 5
Internal Audit Reports Each audit finding should include “5 C’s”:
Condition: What problem is identified Criteria: What standard that was not met Cause: Why did the problem occur Consequence: What is risk/negative outcome or opportunity lost because of finding Corrective action: What should be done to correct or cure finding – what has been agreed to and by what date
Page 6
Reports – cont’d
Executive Summary of findings and recommendations are helpful
Detailed listing of findings with objective data sources indicated
Report on ‘counseling’ done with staff on how to make corrections (Whereas a third party auditor would only advise management of findings – our internal audits can provide useful instruction to staff that may be not be performing tasks as policy or procedures would dictate – CAUTION: some findings may require reporting to management and not addressing directly with employee involved)
Page 7
Quality of Internal Audit Reports Objectivity Clarity
– use simple layman’s language Accuracy Brevity – be concise as possible Timeliness – important to prepare and issue report promptly after audit is completed Page 8
VALUE ADDED Identify
and make corrections when staff are not following procedures correctly Increased accuracy of financial information Potentially deter fraud Increased staff interaction and understanding of overall organization Opportunity to “catch someone doing something right” and acknowledge them Page 9
Foundation Communities Organization overview
A 25 year old nonprofit serving Austin and Dallas/Ft. Worth Areas of Texas Seventeen Properties -Four Supportive Housing Properties Thirteen Family Properties 2,673 Rental Units (all but three NTX properties are self-managed) Services Include: Learning Centers (preschool, afterschool and adult education programs), Case Management for ELI families and SRO residents, Financial Literacy Coaching, Volunteer Income Tax Preparation, Matched Savings programs, Saving Green program, Health Insurance enrollment assistance Healthy Living Programs – nutrition and exercise activities Page 10
FC Internal Audit Activities Goal of conducting an internal audit at each property at least once per year Identified risks include: Staff not following our financial management policy and procedures Detect and deter fraudulent activities such as misappropriated rent collections, fraudulent purchases or theft of assets Prevent inaccuracies/misstatements in security deposit liabilities, prepaid and delinquent rent balances Resident qualifications comply with LURA Page 11
Internal Audit Procedures
Personnel verification Vacant unit verification File audit – match rent & security deposit to Rent Roll software, review income certification in compliance with LURA and background check pass at application Deposit sample accuracy of data Shop equipment inventory physical observation Record retention Petty cash balance/procedures/security Page 12
Reporting Accounting
staff conduct audits and submit to CFO for review Shared with property manager and supervisor following review Follow-up on findings and agreed remedies
Page 13
Added values
Gets accounting staff onsite – familiar with property staff and physical assets Helps identify problems especially with new staff that may not have been trained adequately or misunderstood their training Correction of security deposit liabilities and other lease/rent related account balances Detect and deter fraudulent activity Page 14
Discussion: What
is the risk of fraudulent activity within your organization? Identify three ways a fraud could occur. How did or would you detect it? What kind of internal audit procedure would you use to identify and detect it?
Page 15
Please send me your ideas on other areas to audit and areas of financial or compliance risk.
Ann Clift Foundation Communities, Inc. 3036 South First Street Austin, TX 78704 512-610-4032
[email protected]
Page 17
NOTES: