SUNY MaritimeInternal ControlProgramSUNY MaritimeInternal ControlProgram
New York StateInternal Control Act of 1987New York StateInternal Control Act of 1987
Establish and maintain guidelines for a system of internal controls.Establish and maintain guidelines for a system of internal controls.
Establish and maintain a system of internal controls and a programof internal control review.Establish and maintain a system of internal controls and a programof internal control review.
Make available to all a clear and concise statement emphasizingthe importance of internal controls and the related responsibility ofeach employee.Make available to all a clear and concise statement emphasizingthe importance of internal controls and the related responsibility ofeach employee.
Designate an Internal Control Officer.Designate an Internal Control Officer.
Implement training and education efforts to ensure all haveadequate awareness and understanding. Implement training and education efforts to ensure all haveadequate awareness and understanding.
Periodically evaluate need for internal audit function.Periodically evaluate need for internal audit function.
SUNY Maritime’s InternalControl ProgramSUNY Maritime’s InternalControl Program
Internal Control (IC) Steering CommitteeInternal Control (IC) Steering Committee
Internal Control Officer – Elizabeth PraetoriusInternal Control Officer – Elizabeth Praetorius
Segmentation of Campus or Assessable Units for IC Review(33 assessable units identified)Segmentation of Campus or Assessable Units for IC Review(33 assessable units identified)
Vulnerability Assessments of All Units - Every 3 YearsVulnerability Assessments of All Units - Every 3 Years
Internal Control Reviews and Follow-upInternal Control Reviews and Follow-up
Annual IC Summary & Certification – Due end of MarchAnnual IC Summary & Certification – Due end of March
IC Program Training by Staff LevelIC Program Training by Staff Level
(Staff, Supervisors/ Managers, Executive Staff)(Staff, Supervisors/ Managers, Executive Staff)
Internal Controls …Internal Controls …
Internal controls are the safeguards and managementInternal controls are the safeguards and management
oversight designed to prevent, detect, and correctoversight designed to prevent, detect, and correct
program and operational breakdowns and to ensureprogram and operational breakdowns and to ensure
that goals are met.that goals are met.
Internal controls are the first defense to prevent and todetect fraud.Internal controls are the first defense to prevent and todetect fraud.
Are safeguards, but they do not guarantee successAre safeguards, but they do not guarantee success
Reflect the qualities of management – good and badReflect the qualities of management – good and bad
Will succeed or fail depending on the attention people give itWill succeed or fail depending on the attention people give it
Are built into an organization, not an added feature – part ofthe cultureAre built into an organization, not an added feature – part ofthe culture
Impact every aspect of the organizationImpact every aspect of the organization
Key Elements of InternalControlKey Elements of InternalControl
Well defined missionWell defined mission
Accountability (at all levels)Accountability (at all levels)
CommunicationCommunication
The purpose of internal control is to ensure weconsistently do the right things the right way toachieve the right objectives, while managingrisks that could prevent this. The purpose of internal control is to ensure weconsistently do the right things the right way toachieve the right objectives, while managingrisks that could prevent this.
COSO’s Internal Control FrameworkCOSO’s Internal Control Framework
9
Control Activities
Policies/procedures that ensuremanagement directives arecarried out.
Range of activities includingapprovals, authorizations,verifications, recommendations,performance reviews, assetsecurity and segregation ofduties.
Monitoring
Assessment of a control system’sperformance over time.
Combination of ongoing andseparate evaluation.
Management and supervisoryactivities.
Internal audit activities.
Control Environment
Sets tone of organization-influencingcontrol consciousness of its people.
Factors include integrity, ethicalvalues, competence, authority,responsibility.
Foundation for all othercomponents of control.
Information and Communication
Pertinent information identified,captured and communicated in atimely manner.
Access to internal and externallygenerated information.
Flow of information that allows forsuccessful control actions frominstructions on responsibilities tosummary of findings formanagement action.
Risk Assessment
Risk assessment is the identificationand analysis of relevant risks toachieving the entity’s objectives,forming the basis for determiningcontrol activities.
An Effective ControlEnvironmentAn Effective ControlEnvironment
Is a product of …Is a product of …
Management’s philosophy, style and supportive attitudeManagement’s philosophy, style and supportive attitude
CompetenceCompetence
Ethical valuesEthical values
IntegrityIntegrity
Morale of the organization’s peopleMorale of the organization’s people
Organizational structureOrganizational structure
Accountability relationshipsAccountability relationships
![MCj03983830000[1]](data/images/img12.png)
Management should:Management should:
Lead by example to foster ethical values and integrity inthe organization.Lead by example to foster ethical values and integrity inthe organization.
Communicate its commitment to Internal Controls.Communicate its commitment to Internal Controls.
Establish training programs to support staff development.Establish training programs to support staff development.
Foster positive employee morale and have a supportiveattitude in the organization.Foster positive employee morale and have a supportiveattitude in the organization.
Managing RiskManaging Risk
Internal control is to a large extent about managing risks.Internal control is to a large extent about managing risks.
Risks to the College can be categorized under five headings:Risks to the College can be categorized under five headings:
1. Strategic1. Strategic
2. Financial2. Financial
3. Compliance3. Compliance
4. Reputational4. Reputational
5. Operational5. Operational
Managing RiskManaging Risk
The cost of internal control should not exceed the benefit derived.
Costs
Benefits
RiskRisk
We must ensure each risk is assessed and handled properly.
How does the Collegemanage risks?How does the Collegemanage risks?
Plans Plans
Policies Policies
Procedures Procedures
Standard operating practices Standard operating practices
Guidelines Guidelines
These, along with the positive attitudes and effortsThese, along with the positive attitudes and efforts
of employees, help minimize risks to the College.of employees, help minimize risks to the College.
Risk AssessmentRisk Assessment
Risk should be assessed at all levels of an organization.Risk should be assessed at all levels of an organization.
Risk measured in terms of likelihood and impact.Risk measured in terms of likelihood and impact.
Risks should be appropriately managed (accepted,controlled, or avoided).Risks should be appropriately managed (accepted,controlled, or avoided).
Corrective actions are essential to effective riskmanagement.Corrective actions are essential to effective riskmanagement.
Control ActivitiesControl Activities
Control activities are tools or processes- both manualand automated - that help prevent or reduce the risksthat can impede accomplishment of the College'sobjectives and mission.Control activities are tools or processes- both manualand automated - that help prevent or reduce the risksthat can impede accomplishment of the College'sobjectives and mission.
Management should establish control activities toeffectively and efficiently accomplish the College'sobjectives and mission.Management should establish control activities toeffectively and efficiently accomplish the College'sobjectives and mission.
![j0198481[1]](data/images/img16.png)
Types of Control andExamplesTypes of Control andExamples
Documentation – Policies and proceduresDocumentation – Policies and procedures
Records – Recording transactions & eventsRecords – Recording transactions & events
Authorization – Approving transactionsAuthorization – Approving transactions
Structure – Separation of dutiesStructure – Separation of duties
Supervision – Monitoring control objectivesSupervision – Monitoring control objectives
Security – Safeguarding resourcesSecurity – Safeguarding resources
Who Is Responsible For Internal Control? Who Is Responsible For Internal Control?
EVERY ONE.EVERY ONE.
Senior management assuresappropriate controls are in place for alloperations.Senior management assuresappropriate controls are in place for alloperations.
Every employee follows controls andreports problems or improvements.Every employee follows controls andreports problems or improvements.
Responsibilities of ManagersResponsibilities of Managers
Maintaining an office environment that encourages thedesign of internal controls (Set the “Tone”).Maintaining an office environment that encourages thedesign of internal controls (Set the “Tone”).
Ensure documentation of policies and procedures.Ensure documentation of policies and procedures.
Identifying the control objectives for the functions andimplementing cost effective controls designed to meetthose objectives.Identifying the control objectives for the functions andimplementing cost effective controls designed to meetthose objectives.
Regularly testing the controls to determine if they areperforming as intended.Regularly testing the controls to determine if they areperforming as intended.
Leadership ResponsibilitiesLeadership Responsibilities
Lead by example Lead by example
Communicate and consult Communicate and consult
Guide efforts towards mission Guide efforts towards mission
Show commitment to internal control Show commitment to internal control
Balance accountability and support Balance accountability and support
Foster good morale Foster good morale
Look for ways to improve Look for ways to improve
Why Are Internal ControlsImportant?Why Are Internal ControlsImportant?
Compliance with applicable laws/policiesCompliance with applicable laws/policies
Accomplishment of the missionAccomplishment of the mission
Relevant and reliable dataRelevant and reliable data
Economical and efficient use of resourcesEconomical and efficient use of resources
Safeguard assetsSafeguard assets
Internal Control CARES!Internal Control CARES!
SummarySummary
Management Sets the ToneManagement Sets the Tone
All Employees Have responsibility for Internal ControlsAll Employees Have responsibility for Internal Controls
Internal Controls is a Part of Everyday OperationsInternal Controls is a Part of Everyday Operations
It’s the LawIt’s the Law
THANK YOU….THANK YOU….