UT_Southwestern_风险与内部控制ppt课件

1、herainingost An EducationalComputer Based Training ProgramCBT.Effectively Controlling RiskUT SouthwesternGeneral Compliance Training .Effectively Controlling RiskIn order to achieve the goals of providing the highest levels of medical education, biomedical research and patient care, UT Southwestern

2、must have effective internal controls. There needs to be an appropriate balance between controls and risks is necessary to provide reasonable assurance that the medical centers operations will be effective,efficient and in compliance with laws and regulations.Effectively Controlling RiskWhat is the

3、purpose of this training?Why is it necessary?What is internal control?What are the components of internal control?Where can I learn more?.Effectively Controlling RiskWhat is the purpose of this training?Provide employees with the training and tools to evaluate internal control at the activity, proce

4、ss and department levels. Two tools available to achieve this goal are the:Risk and Control Self-Assessment GuidelineRisk Assessment and Control Activities Worksheet.Effectively Controlling RiskWhy is it necessary?Highly publicized frauds at other public institutions have caused concerns among UT Sy

5、stem and component administrators.What was determined to bethe problem? WEAK INTERNAL CONTROLS.Effectively Controlling Risk What is internal control?:Internal control is a process, effected by UT Southwesterns governing board, administration, faculty, and staff, designed to provide reasonable assura

6、nce regarding the achievement of objectives in the following categories:Effectiveness and efficiency of operations,Reliability of financial reporting, andCompliance with applicable laws and regulations.Effectively Controlling RiskInternal Control Process5 ComponentsEstablish Control EnvironmentPerfo

7、rm Risk AssessmentImplement Control ActivitiesCommunicate InformationMonitor Performance.Internal Control ProcessEstablish Control EnvironmentThe control environment is the control consciousness of an organization.The control environment includes the integrity and ethical values of its people, their

8、 competence, and the way they do business.Internal Control ProcessElements of the Control EnvironmentStandards of Conduct Guide Regents Rules, Business Procedures Memorandums, etc.Department standards of conductHuman resources policies and proceduresDepartment policies and proceduresConflicts of int

9、erest-disclosure formsEthics GuideHonestyZero tolerance.Internal Control Process Perform Risk AssessmentRisk assessment is the identification and analysis of risks associated with achieving your objectives.Risk assessment helps to form a basis for determining how to manage identified risks.Internal

10、Control Process What is our risk? With internal controls, RISK is . . .The possibility that the organization will NOT:Achieve its goalsOperate effectively and efficientlyProtect itself from lossProvide reliable financial data (reports)Comply with applicable laws, regulations, policies, and procedure

11、sRISK.Internal Control ProcessPerform Risk AssessmentComponents and Departments must define their goals and objectives in relation to their:Mission,Operations,Financial reporting,Compliance, andSignificant activities or processes.Then, they must identify and analyze potential risks by asking certain

12、 questions:What could go wrong?What must go right?What is the significance of our risks?What is the likelihood of occurrence?.Internal Control ProcessPerform Risk AssessmentQuestions employees should consider:What business are you in?Who are your customers?What do they need and want?What does that s

13、ay about what you are trying to accomplish?How will you know you have been successful?.Internal Control ProcessPerform Risk AssessmentA risk is ANYTHING that could jeopardize the achievement of a goal or objective.For each goal or objective, identify your risks.Be comprehensive, by considering exter

14、nal and internal factors.Internal Control ProcessPerform Risk AssessmentFor each identified risk, estimate the potential significance (cost, safety, institutional image) and likelihood of occurrence.Focus on the major risks, and determine how those risks should be managed and minimized to acceptable

15、 levels.Internal Control ProcessImplement Control ActivitiesControl activities are the policies and procedures that help ensure that actions identified as necessary to manage risks are carried out properly and in a timely manner.Control activities should be proactive, value-added, and cost effective

16、.Internal Control ProcessImplement Control ActivitiesRisksControlsProperly balancing risks and controls makes good business sense!.Internal Control ProcessImplement Control ActivitiesExamples of Control Activities at UT Southwestern:Approvals, authorizations, and verificationsHaving written policies

17、 and procedures and limits to authorityReconciliationsExplanations of the difference between two sets of data AND taking corrective action.Internal Control ProcessImplement Control ActivitiesExamples of Control Activities at UT Southwestern, continued. . . Reviews of performance For components, depa

18、rtments, and individual employees Security of AssetsLimiting access, keeping records, and making periodic counts to compare to our records.Internal Control ProcessImplement Control ActivitiesExamples of Control Activities at UT Southwestern, continued . . .Segregation of DutiesMake sure no one perso

19、n can initiate, approve, record and reconcile transactionsControls over Information SystemsGeneral controls over access and development, as well as specific controls within applications.Internal Control ProcessCommunicate InformationReliable and relevant information, from both internal and external

20、sources, must be identified and communicated to employees.Information should be processed and communicated in a timely manner and in a form that is usable.Internal Control ProcessCommunicate InformationWhat information is relevant and reliable?Job responsibilitiesGoals and objectivesInformation to a

21、ssess risksPolicies and proceduresLaws and regulationsPerformance indicatorsCustomer feedbackPerformance evaluations.Internal Control ProcessCommunicate InformationHow should we communicate?Methods include one-on-one, staff meetings, telephone calls, , memos, and reportsONLY communicate information

22、to those who need itCommunicate up, down, and across the organization.Internal Control ProcessMonitor PerformanceMonitoring involves evaluating internal control performance over time to determine whether controls are:adequately designed,properly executed, andeffective.How do we know?.Internal Contro

23、l ProcessMonitor PerformanceInternal controls are adequately designed and properly executed if all five internal control components are present and functioning as designed: Control environment Risk assessment Control activities Information and communication Monitoring.Internal Control ProcessMonitor

24、 PerformanceInternal controls are effective if administrators believe:They understand the extent to which the objectives of their operations are being achieved,Financial statements are reliable, andLaws and regulations are complied with.Internal Control ProcessMonitor PerformanceMonitoring Activitie

25、s Include:Managerial and supervisory monitoringSelf-assessmentsInternal audits.Effectively Controlling RiskSelf-AssessmentWhat is a self-assessment?A self-assessment is a “self-audit of a departments internal control components performed on a periodic basis.Effectively Controlling RiskPerforming a S

26、elf-AssessmentSteps in performing a self-assessment include:Evaluating your strengths and deficienciesTesting the strengthsDocumenting testsDisclosing weaknessesDeveloping an action plan to correct problemsSummarizing and documenting results.Effectively Controlling RiskPerforming a Self-Assessment W

27、hat is a weakness?A material weakness is an internal control shortcoming which increases the risk ofirregularities, illegal acts, errors, waste, ineffectiveness, or conflicts of interestabove a REASONABLE level.Effectively Controlling RiskSummaryWhat does all this have to do with me?Internal control

28、 effectiveness is primarily determined by the knowledge and commitment of ALL UT Southwestern employees.By knowing the internal control policies and procedures and complying with all laws and regulations, YOU can help the medical center achieve its goals.This training is an internal control activity

29、!.Effectively Controlling RiskWhere can I learn more?UT Southwestern Internal Audit Department.Ask your supervisor or a UT Southwestern Institutional Compliance Committee member.Test Your KnowledgeFollowing are several questions to test your knowledge of the information presented. Answer all questio

30、ns correctly to receive credit for the training. .Question #1The major problem which caused recent frauds at other Texas institutions was weak internal controls?TRUEFALSE.Sorry, the correct answer is .Highly publicized frauds at other public institutions have caused concerns among UT System and comp

31、onent administrators.What was determined to bethe problem? WEAK INTERNAL CONTROLS.Question #1The major problem which caused recent frauds at other Texas institutions was weak internal controls?TRUEFALSE.Question #2Which of the following are components of the internal control process?ESTABLISHING A C

32、ONTROLENVIRONMENTPERFORMING A RISKASSESSMENTBOTH OF THE ABOVE.Sorry, the correct answer is .5 ComponentsEstablish Control EnvironmentPerform Risk AssessmentImplement Control ActivitiesCommunicate InformationMonitor Performance.Question #2Which of the following are components of the internal control

33、process?ESTABLISHING A CONTROLENVIRONMENTPERFORMING A RISKASSESSMENTBOTH OF THE ABOVE.Question #3With internal controls, RISK includes the possibility that our organization will NOT achieve its goals and protect itself from loss?TRUEFALSE.Sorry, the correct answer is . With internal controls, RISK i

34、s . . .The possibility that the organization will NOT:Achieve its goalsOperate effectively and efficientlyProtect itself from lossProvide reliable financial data (reports)Comply with applicable laws, regulations, policies, and proceduresRISK.Question #3With internal controls, RISK includes the possi

35、bility that our organization will NOT achieve its goals and protect itself from loss?TRUEFALSE.Question #4Control Activities should be . . .RESTRICTIONS ON ANEMPLOYEES AUTHORITYPROACTIVE, VALUE-ADDED,AND COST-EFFECTIVEBOTH OF THE ABOVE.Control activities are the policies and procedures that help ens

36、ure that actions identified as necessary to manage risks are carried out properly and in a timely manner.Control activities should be proactive, value-added, and cost effective.Sorry, the correct answer is .Question #4Control Activities should be . . .RESTRICTIONS ON ANEMPLOYEES AUTHORITYPROACTIVE,

37、VALUE-ADDED,AND COST-EFFECTIVEBOTH OF THE ABOVE.Question #5Some examples of control activities at UT Southwestern include reconciliations and having written policies and procedures?TRUEFALSE.The correct answer is .Examples of Control Activities at UT Southwestern:Approvals, authorizations, and verif

38、icationsHaving written policies and procedures and limits to authorityReconciliationsExplanations of the difference between two sets of data AND taking corrective action.Question #5Some examples of control activities at UT Southwestern include reconciliations and having written policies and procedur

39、es?TRUEFALSE.Question #6Which of the following is relevant information for UT Southwestern employees?JOB RESPONSIBILITIESPOLICIES AND PROCEDURESCUSTOMER FEEDBACKALL OF THE ABOVE.Sorry, the correct answer is .What information is relevant and reliable?Job responsibilitiesGoals and objectivesInformation to assess risksPolicies and proceduresLaws and regulationsPerformance ind