Internal Controls and the

Internal Auditor
Presented By:
Richard Kudlik, CPA
 Interrelated Components

 Control Environment
 Risk Assessment
 Control Activities
 Information and Communication
 Monitoring
What is an Internal Control?
 Internal control is broadly defined as a
process, ……..
 effected by an entity's board of directors,
management and other personnel,………
 designed to provide reasonable
assurance……..
 regarding the achievement of objectives in the
following categories:
 Protect District assets.
 Effectiveness and efficiency of operations.
 Reliability of financial reporting.
 Compliance with applicable laws and regulations.
Limitations of Internal Control
1. Management Override
 Management may override the structure to commit fraud or
misstate the financial statements.
2. Human Errors
 Human errors may arise from misunderstanding of
instructions, mistakes of judgment, and personal
carelessness, distractions, or fatigue.
3. Collusion
 Collusion may circumvent the separation of duties.
4. Changing Conditions
 Conditions may change, weakening a system that was
adequate at a point in time.
5. Combination of duties
 One employee is performing conflicting job duties (lack of
segregation of duties).
 Control Characteristics
 When identifying controls within
processes – consider the characteristics
of those controls
Preventative
 Controls that minimize the possibility of an
error or deliberate misstatement
 Examples: building access cards, segregation of
duties, no price change without supervisor’s
access code
Detective
 Controls that detect misstatements and allow
them to be corrected
 Examples: reconciliations, edit reports, security
violation reports
 Activities vs. Controls
ACTIVITY CONTROL
Purchase orders are prepared and ‘locked’ (from Match invoice to purchase order (preventative,
edits) Management review)

Proof of Delivery note is prepared on receipt of Proof of delivery note is matched to invoice
fixed asset (Detective, Management review)

Payroll system produces an edit report of all All changes are reviewed for proper authorization
employee changes (Detective, Authorization)
 Tests of Internal Controls &
Investigations
 Random change fund counts
 Review of bank reconciliations
 Observation of physical inventories
 Review of cash handling procedures
 Tests of compliance with applicable laws
and/or regulations (i.e. sub-recipient
monitoring)
 Tests of procedures of purchasing,
accounts payable, auxiliary operations
and foundations
 Controls over Cash
 Segregation of Duties
 Physical Control Over Cash
 Accurate and Timely Recording
 Proper Execution of Transactions
 Appropriate Documentation
 Controls Over Information
Processing
 Management Review
 Balancing Risk & Control
 Primary Categories of Risk –
 Errors
 Omissions
 Delay
 Fraud
 Characteristics of Fraud
 Motivation
 Opportunity
 Personal Characteristics
 AICPA Internal Control
Checklist
 Ethical Environment
 Risk Assessment and Control
Activities
 Audit Committee Effectiveness
 Internal Auditing Function
Effectiveness
 What Can You Do at Your
District?
 Set the tone at the top
 Have written policies and procedures
 Have adequate segregation of duties
 Review transactions for authorization
 Provide channel for employees to
communicate suspected improprieties
 Cross-train staff
 Ensure that staff take vacation time
 Perform operational/performance audits
 Hire an Internal Auditor
 Internal Audit Function
Typical tasks performed by Internal
Auditors:
 Facilitate External Audit
 Tests of Internal Controls &
Investigations
 Special Projects
 Provide Training
 Use of Resources
 Facilitate External Audits
 Negotiate contract
 Setup planning meetings with key
personnel
 Coordinate timing of fieldwork
 Ensure completion of all tasks
 Review financial reports
 Verify billings against contract
 Resolve audit findings
 Special Projects
 General Obligation Bond
 Software Conversions
 Student Housing
 Regulatory Audits; interpretation of
regulatory changes
 Document Retention/Imaging
 Independent Contractor Process/
Reporting
 Requirements of System Office (i.e.
Noncredit Course Self Assessment)
 Training
 Ethics
 Sarbanes/Oxley Act of 2002
 1099 Reporting
 Internal Controls – Why They are
Important
 Use of Resources
 Education Code/State Constitution
 Community College Internal
Auditors (CCIA)
 Institute of Internal Auditors (IIA)
 IRS and FTB Rules and Regulations
 Internal Policies & Procedures
 Conferences
 Department of Education
 System Office
 Board Policy for Internal
Audit
It should include the following, at a minimum:
 Access to all records, properties &
personnel
 No direct responsibilities/authority over any
process reviewed
 Cannot develop & install procedures which
they audit
 Provide written memorandum to
management subsequent to completion of
audit
 Code of Ethics
 Reporting Requirements

Board of Trustees

Chancellor

Vice Chancellor
Internal Auditor
Of Admin. Services
 Is It Worth It?
Salary. . . . . $75,000

Benefits. . . . . $25,000

Having a scapegoat
when things go Priceless!!!
wrong. . . . .
Questions?
 Contact Information
Richard Kudlik, Director of Internal
Audit
Coast Community College District
1370 Adams Avenue
Costa Mesa, CA 92626
(714) 438-4602
[email protected]