Managing Enterprise Risk through Internal Audit

Managing Enterprise Risk through Internal Audit Presented by Ann Clift, CFO Foundation Communities May 19, 2014 [email protected] 512-610-4032 (...
Author: Warren Owen
1 downloads 2 Views 137KB Size
Managing Enterprise Risk through Internal Audit Presented by Ann Clift, CFO Foundation Communities May 19, 2014 [email protected] 512-610-4032

(Source materials: Wikipedia and FC Internal audit procedures)

Enterprise Risk Management 



Definition : Risk-based approach to managing an enterprise, integrating concepts of internal control, Sarbanes-Oxley Act and strategic planning. Includes methods and processes used by organizations to manage risks and seize opportunities related to achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy and monitoring progress. (Source: Wikipedia) Page 1

ERM Framework  Methods

to identify, analyze, monitor and respond to risks and opportunities

 Potential

strategies: Avoiding risks Reducing likelihood or impact of risk Identifying alternatives Identify ways to share or transfer risk Page 2

Internal Auditing  Definition:

an independent, objective assurance activity designed to evaluate and improve an organization’s effectiveness of risk management and internal control processes.

Note: While internal auditors are not independent of organization that employs them – the auditing staff should maintain an attitude of independence and objectivity in conducting their procedures.

Page 3

Internal Audit Primary Objective: Evaluation of Internal Controls Evaluation includes procedures to assess:  Effectiveness and efficiency of operations  Reliability of financial and management reporting  Compliance with laws and regulations  Safeguarding of Assets

Page 4

Overview of Internal Audit Procedures Based on fact that you understand your own organization and its internal controls  Identify source of key risks  Identify the management practices used to control specific risks  Establish standard internal audit procedures (risk-based sampling and testing) for each functional area to be audited  Conduct the audit  Report on the audit  Follow-up on findings Page 5

Internal Audit Reports Each audit finding should include “5 C’s”:     

Condition: What problem is identified Criteria: What standard that was not met Cause: Why did the problem occur Consequence: What is risk/negative outcome or opportunity lost because of finding Corrective action: What should be done to correct or cure finding – what has been agreed to and by what date

Page 6

Reports – cont’d 

Executive Summary of findings and recommendations are helpful



Detailed listing of findings with objective data sources indicated



Report on ‘counseling’ done with staff on how to make corrections (Whereas a third party auditor would only advise management of findings – our internal audits can provide useful instruction to staff that may be not be performing tasks as policy or procedures would dictate – CAUTION: some findings may require reporting to management and not addressing directly with employee involved)

Page 7

Quality of Internal Audit Reports  Objectivity  Clarity

– use simple layman’s language  Accuracy  Brevity – be concise as possible  Timeliness – important to prepare and issue report promptly after audit is completed Page 8

VALUE ADDED  Identify

and make corrections when staff are not following procedures correctly  Increased accuracy of financial information  Potentially deter fraud  Increased staff interaction and understanding of overall organization  Opportunity to “catch someone doing something right” and acknowledge them Page 9

Foundation Communities Organization overview

A 25 year old nonprofit serving Austin and Dallas/Ft. Worth Areas of Texas Seventeen Properties -Four Supportive Housing Properties Thirteen Family Properties 2,673 Rental Units (all but three NTX properties are self-managed) Services Include: Learning Centers (preschool, afterschool and adult education programs), Case Management for ELI families and SRO residents, Financial Literacy Coaching, Volunteer Income Tax Preparation, Matched Savings programs, Saving Green program, Health Insurance enrollment assistance Healthy Living Programs – nutrition and exercise activities Page 10

FC Internal Audit Activities Goal of conducting an internal audit at each property at least once per year Identified risks include:  Staff not following our financial management policy and procedures  Detect and deter fraudulent activities such as misappropriated rent collections, fraudulent purchases or theft of assets  Prevent inaccuracies/misstatements in security deposit liabilities, prepaid and delinquent rent balances  Resident qualifications comply with LURA Page 11

Internal Audit Procedures   

   

Personnel verification Vacant unit verification File audit – match rent & security deposit to Rent Roll software, review income certification in compliance with LURA and background check pass at application Deposit sample accuracy of data Shop equipment inventory physical observation Record retention Petty cash balance/procedures/security Page 12

Reporting  Accounting

staff conduct audits and submit to CFO for review  Shared with property manager and supervisor following review  Follow-up on findings and agreed remedies

Page 13

Added values  

 

Gets accounting staff onsite – familiar with property staff and physical assets Helps identify problems especially with new staff that may not have been trained adequately or misunderstood their training Correction of security deposit liabilities and other lease/rent related account balances Detect and deter fraudulent activity Page 14

Discussion:  What

is the risk of fraudulent activity within your organization? Identify three ways a fraud could occur.  How did or would you detect it?  What kind of internal audit procedure would you use to identify and detect it?

Page 15

Please send me your ideas on other areas to audit and areas of financial or compliance risk.

Ann Clift Foundation Communities, Inc. 3036 South First Street Austin, TX 78704 512-610-4032 [email protected]

Page 17

NOTES: