Internal Controls
-
What are internal controls?
Internal controls are the plan of organization and all of the methods (processes and procedures) adopted in an organization to safeguard its assets, check the accuracy and reliability of its accounting and reporting records, promote operational efficiency, and encourage adherence to policies. This definition recognizes that a system of internal control extends beyond the accounting and finance departments to all functions of the organization.
The objectives of our internal control program are:
- Successful achievement of the District’s mission
- Accurate collection, maintenance and reporting of district data
- Safeguarding of assets
- Effective, efficient and economical programs and operations
- Compliance with laws, regulations and policies
Internal controls are everyone’s responsibility! At С³óߣ the internal control environment reflects management’s integrity and its commitment to ethical values. It begins with the School Board and is exemplified by the tone at the top as established by our Superintendent and communicated to all employees.
A strong internal control program promotes:
- Continuous improvement
- Efficiency of operations
- Effective communication
- Accountability
- Risk awareness and planning
- Reliable reporting
Internal control framework:
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provided a common language regarding controls and created an integrated control framework for managing business risks. The framework consists of five interrelated components:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
Requirements of Florida Statutes:
Florida Statutes require that school districts establish and maintain internal controls designed to:
- Prevent and detect fraud, waste, and abuse
- Promote and encourage compliance with applicable laws, rules, contracts, grant agreements, and best practices
- Support economical and efficient operations
- Ensure reliability of financial records and reports
- Safeguard assets
-
What is meant by fraud, waste and abuse?
According to Florida Statutes:
“Fraud” means obtaining something of value through willful misrepresentation, including, but not limited to, intentional misstatements or intentional omissions of amounts or disclosures in financial statements to deceive users of financial statements, theft of an entity’s assets, bribery, or the use of one’s position for personal enrichment through the deliberate misuse or misapplication of an organization’s resources.
“Waste” means the act of using or expending resources unreasonably, carelessly, extravagantly, or for no useful purpose.
“Abuse” means behavior that is deficient or improper when compared with behavior that a prudent person would consider a reasonable and necessary operational practice given the facts and circumstances. The term includes the misuse of authority or position for personal gain. -
How are internal controls classified?
Directive controls ensure a particular outcome is achieved. Examples include guidelines, training and incentives.
Preventive controls are designed to reduce the chance that errors or irregularities may occur. For example, tone at the top, authorization, segregation of duties and password protection.
Detective controls are designed to detect errors or irregularities after they have occurred so that they can be corrected. Examples include reconciling the bank statement and performing periodic inventories of property.
Corrective (or compensating) controls correct undesirable outcomes that have occurred or reduce risk to an acceptable level when other controls have failed or are not cost-effective. Examples include close supervision and management review.
Everyone plays a part in the district’s internal control system. Management ensures that controls are in place and every employee makes sure the internal control system functions by following the controls and reporting any breakdowns in them. Internal Board Audit examines the adequacy and effectiveness of the District’s internal controls and makes recommendations where control improvements are needed. -
What do good internal controls involve?
- Risk assessment
Managers should identify and analyze relevant risks to the achievement of business unit goals and objectives by determining what could go wrong, what areas have more risk, what assets are at risk, and who is in positions of risk. Risks may include:
Damage to reputation and public image
Revenues not received
Assets not used efficiently
Assets not used properly
Assets diverted to outside or personal use
Unreliable, untimely or unavailable information needed for decision making
- Reasonable assurance
Internal controls should provide reasonable assurance that the objectives of the systems will be accomplished.
- Supportive attitude
Managers and employees should maintain and demonstrate a positive and supportive attitude towards internal controls at all times.
- Competent personnel
Managers and employees should have personal and professional integrity and maintain a level of competence that allows them to accomplish their assigned duties. They should also understand the importance of establishing and implementing good internal controls.
Personal and professional integrity is demonstrated when you:
Commit to honesty and fairness
Respect the organization and authority
Adhere to laws and policies
Respect the rights of all employees
Commit to excellence
Control objectives
- Control techniques
Our specific standards of internal control involve the following techniques:
Documentation – adequate records of all internal control systems and all transactions and events should be maintained.
Records – all transactions and events should be recorded promptly and accurately.
Authorization – all transactions and events should be authorized and executed by persons within the scope of their authority.
Structure – key duties and responsibilities in authorizing, processing, recording and reviewing transactions should be separated.
Supervision – adequate supervision should be provided to ensure that internal control objectives are achieved.
Security – access and accountability for assets and records should be limited to authorized individuals.
-
What can jeopardize internal controls?
- Inadequate segregation of duties
- Inappropriate access to assets
- Inadequate knowledge of District policies and procedures
- When control procedures are performed in a perfunctory manner (e.g., when a reviewing manager signs a document without adequate review and evaluation)
- Overridden controls
- When inherent limitations cannot be overcome by compensating controls