Advanced Managerial Accounting

Module 9: Internal Controls & Fraud Prof. Dr. Avo Schnbohm

www.avoschoenbohm.de

Learning landscape for today

Repetition

1 2
Internal Controls

Student Risk Maps Great Plains Energy Case Study

3
Internal Controls Exercises

4 5
2

Prof. Dr. Avo Schnbohm

Course Outline Schedule

# Date
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Topic
No class on 2011-10-19

Case

2011-10-05 Advanced Managerial Accounting - An Introduction 2011-10-12 Strategic Management Accounting - Striving for Superior Performance 2011-10-26 Value Based Management & Cash Control 2011-11-02 Design of Management Control Systems & Excellence Programs 2011-11-09 2011-11-16 2011-11-23 2011-11-30 2011-12-07 2011-12-14 2011-12-21 2012-01-04 2012-01-11 2012-01-18 2012-01-25 Cost Accounting Review Budgeting and & Variance Analysis Beyond Budgeting and Rolling Forecasts Enterprise Risk Management Internal Controls & Forensinc Accounting Behavioral Accounting and Negotiation Skills for Controllers Sustainability Accounting and Value Generation Repetition and Discussion Capital Budgeting and Business Modelling Exercises & Group Assignments Final Session and Questions Missouri Solvents Apple 2010 Dow Chemical ING Great Plaines SocGen ENEL VC Investment

Prof. Dr. Avo Schnbohm

Learning Objectives

After studying this module you should be able to:

1. 2.

Define internal controls and understand the importance of internal controls Improve the internal control system in various situations

" Let our advance worrying become advance thinking and planning Winston Churchill

Prof. Dr. Avo Schnbohm

Internal Control Framework

Definition

Internal control is a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations

Prof. Dr. Avo Schnbohm

Internal Controls Definition

Discussion of the older COSO definition

Internal control is a process. It's a means to an end, not an end in itself. Internal control is effected by people. It's not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and board. Internal controls are established to further strengthen: The reliability and integrity of information. Compliance with policies, plans, procedures, laws and regulations. The safeguarding of assets. The economical and efficient use of resources. The accomplishment of established objectives and goals for operations or programs.
6

Prof. Dr. Avo Schnbohm

MYTHS:
Internal control starts with a strong set of policies and procedures. Internal control: Thats why we have internal auditors!

FACTS:
Internal control starts with a strong control environment. While internal auditors play a key role in the system of control, management is the primary owner of internal control. Internal control is integral to every aspect of business. Internal control makes the right things happen the first time. Internal controls should be built into, not onto business processes.

Internal control is a finance thing. Internal controls are essentially negative, like a list of thou-shalt-nots. Internal controls take time away from our core activities of making products, selling, and serving customers.
Source: Institute of Internal Auditors, 2003

Prof. Dr. Avo Schnbohm

Internal Control Framework

In everyday business life
Monitoring: Monthly reviews of performance reports Internal audit function Information & Communication: Vision and values survey Issue resolution calls Reporting Corporate communications (e-mail, meetings)

MONITORING INFORMATION AND COMMUNICATION CONTROL ACTIVITIES

Control Activities: Purchasing limits Approvals Security Reconciliations Specific policies

RISK ASSESSMENT CONTROL ENVIRONMENT

Control Environment: Tone from the top Corporate Policies Organizational authority
Prof. Dr. Avo Schnbohm

Risk Assessment: Monthly Risk Control meetings Internal audit risk assessment
8

Types of Internal Control

Prevention techniques
are designed to provide reasonable assurance that only valid transactions are recognized, approved and submitted for processing. Therefore, many of the preventive techniques are applied before the processing activity occurs. In most situations, preventive techniques are likely to be more effective in a strong control environment, when management authorization criteria are well-defined and properly communicated.

Control type definitions: Preventive Manual // Preventive System

Segregation of duties (Preventive-Manual) Business systems integrity and continuity controls, e.g., application design standards, change controls, security controls, systems backup and recovery (Preventive System) Physical safeguard and access restriction controls (human, financial, physical and information assets) (Preventive-Manual) Effective planning/budgeting process (Preventive-Manual) Effective "whistle blowing" processes (Preventive-Manual)

Prof. Dr. Avo Schnbohm

Types of Internal Control

Detection techniques
are designed to provide reasonable assurance that errors and irregularities are discovered and corrected on a timely basis. Detection techniques normally are performed after processing has been completed. They are particularly important in an environment that has relatively weak preventive techniques. That is, when front-end approval and processing techniques do not provide reasonable assurance that unacceptable transactions are prevented from being processed or do not assure that all approved transactions are processed accurately. In this case, after-the-fact techniques become more important in detecting and correcting processing errors.

Control type definitions: Detective Manual // Detective - System

Prof. Dr. Avo Schnbohm

Reconciliation of batch balance reports to control logs maintained by originating departments. (Detective Manual) Reconciliation of cycle inventory counts with perpetual records. (Detective Manual) Review and approval of reference file maintenance (was-is) reports. (Detective Manual) Comparison of reported results with plans and budgets. (Detective Manual) Reconciliation of subsidiary ledger balances with the general ledger. (Detective Manual) Reconciliation of interface amounts exiting one system and entering another. (Detective System) Review of on-line access and transaction logs. (Detective System)
10

The Limitations of Internal Control

Most internal control measures can be circumvented or overcome. Collusion is when two or more employees work as a team with the purpose to defraud the firm.

Prof. Dr. Avo Schnbohm

11

The Fraud Triangle

Introduction The term "Fraud Triangle" was coined in the 1950s by Donald Cressey. Cressey was one of the nations leading experts on the sociology of crime. Cressey stated all frauds need three elements to take place: opportunity, pressure and rationalization. Business owners can limit opportunity to some extent but pressure and rationalization are not easily contained. 2. What are some easy ways to limit the opportunity to commit fraud?

http://youtu.be/BEppB2ZG1eM
Prof. Dr. Avo Schnbohm 12

The Fraud Triangle

and how to break it

Prof. Dr. Avo Schnbohm

13

Risk Management and Internal Control

Conclusive Remarks

Spectacular Fraud Stories of the recent past raised the profile and importance of risk management and internal controls Management Accountants often work in the sphere of influence of fraud and internal controls A reflected handling of risk management and internal control system should be natural for any trained management accountant

Prof. Dr. Avo Schnbohm

14

Thank you for your attention!