RISK MANAGEMENT INTERNAL CONTROLS.ppt … CONTROLS: CHECK LIST 6. Are properly printed pre-numbered receipt books with an adequate number of copies used? 7. Is a register of receipt

RISK MANAGEMENT & INTERNAL CONTROLS

RISK MANAGEMENT

� OPERATIONAL• Loss arising from system failure, human error, or

external events.• Controls: segregation of duties, access control,

authorisation & reconciliation procedures, staff education, grievance procedures, backups, reliable data.

� MARKET• Significant fluctuations in the market.

RISK MANAGEMENT

� CREDIT� Financial assets

• Cash• Accounts receivable

� LIQUIDITY RISK� Proper management of working capital,

capital expenditure, actual versus forecast cash flows.

ASSESSING FRAUD RISK1. Do one or two key employees appear to

dominate the company?2. Do any key employees appear to have a

close association with vendors?3. Do any key employees have outside

business interest that might conflict with their job duties?

4. Does the firm conduct pre-employment background checks to identify previous dishonest or unethical behaviour?

ASSESSING FRAUD RISK (Continuing)

5. Does the firm educate employees about the importance of ethics and anti-fraud?

6. Does the firm provide a secure channel to report fraud/theft?

7. Is job or assignments rotation mandatory for employees who handle cash receipts and accounting duties?

8. Is the level of authority clearly identified and communicated to the bank?

ASSESSING FRAUD RISK (Continuing)

9. Are there policies and procedures addressing the identification, classification and handling of proprietary information?

10. Do employees who have access to proprietary information sign non-disclosure agreements?

11. Is there a company policy that address the receipt of gifts, discounts and services offered by a supplier or client?

12. Are the firm’s financial goals and objectives realistic?

Indemnity Insurance

� AFF (AIIF)� AON (PI & Court Bonds)� Professional Negligence� Refer to Policy on requirements

� In possession of FFC� Covers all costs fees & expenses incurred in

the investigation, defense or settlement of my claim

� Limit – R1 562 500 / annum

Indemnity Insurance� Excess – R20 000 / R35 000� Free insurance� Exclusions:

� Trading losses� Investment advice� Bridging finance

� Commercial brokers� Buying additional cover (top up cover)� AON� Shackelton

Misappropriation of Trust Funds

� AFF� Theft of trust moneys� Indemnify members of public – not

practitioner� Fund of last resort� Excussion� Separate insurance cover for firm to cover

this type of eventuality required

Asset Insurance� Buildings� Movable property (office contents)� Loss of income / accounts receivable� Public liability� Employers liability

Life & Disability Insurance

� Annuity / Provident Fund� Decision postponed� Low priority on expenditure list� Ignorance to type of environment creating risk� Incentive to support staff� Legal Provident Fund

Marketing

� Internal� Image protection� Reputational damage

• Appearances• Staff (Jnr & Snr)

� Complaint handling� Progress reports� Fees – properly structured & accounted

Marketing

� External� Clients needs regularly accessed� Remain relevant – anticipate client needs� Branding� Network� Social media� Webpage� Legal topics - newspapers

- functions� Rules & Rulings - Anti-competative

Marketing

� Competative Edge

� Product?� Price?� Advertise?� Time?� Client care?

INTERNAL CONTROLS: CHECK LIST

A. Accounting Records and General1. Are the accounting records, including

lists of trust ledger balances, retained for at least five years from the date of the last entry therein?

2. Are all accounting records written up monthly?

3. Are all accounting records kept in a neat, legible and comprehensive fashion?


4. Are employees’ duties clearly defined?5. Are the duties of accounting staff

rotated?6. Are all employees required to take

regular holidays and are their duties then assumed by other employees?

7. Are all employees in positions of trust covered by adequate fidelity insurance?


B. Banking Accounts1. Are separate trust and business banking

accounts maintained?2. Are there any investments accounts in

operation?3. Who has authority to open and call up?4. Proper recording?5. Regular balance statements?

Investment accounts (cont)

� Procedure to obtain prior written consent?� Detailed record kept?� Regular review?� Review by person other than those who

maintain a register, account, or records of investments.


C. Remittances Received by Mail1. Is the mail collected from the post office

by a responsible official?2. Is all mail opened by at least two

persons?3. Are the mail openers independent of the

bookkeeping and cash receipts function?


4. Is there a record of all moneys received by mail?

5. Is this record subsequently checked with actual receipts by an independent person?

6. Is this checking function adequately evidenced?


D. Receipts and Banking1. Is the trust account cash kept separate

from business account cash?2. Are receipts made out immediately for all

amounts received?3. Are full particulars always shown on

receipts?4. Are the originals of all cancelled receipts

stapled to the cancelled copies?5. Is the cash office secure against access by

anybody?


6. Are properly printed pre-numbered receipt books with an adequate number of copies used?

7. Is a register of receipt books maintained?8. Are unused receipt books under the control of

a responsible official who has nothing to do with cash receipts?

9. Are all receipts banked intact daily?10. Are receipts regularly compared with details of

the bank stamped deposit slips by an independent employee?


E. Cheque Payments1. Are cheque preparers independent of the

persons who:a. approve vouchers for paymentb. sign cheques?2. Are cheques made payable to third

parties such as Banks, etc. always made payable to “ABC for credit of account XYZ”?


3. Are all trust account cheques preprinted to “order”?

4. Are cash cheques and bearer cheques prohibited?

5. Are cancelled cheques marked cancelled and kept available for subsequent inspection?

6. Signing powers.


6. Are all cheques accompanied by properly authorised vouchers when presented for signature?

Forged vouchers(fictitious creditors)

Forged bank statementsRelevant ledger account

7. Is the signing of cheques in blank prohibited?


F. Petty Cash1. Does the petty cashier have exclusive

control over the petty cash and responsibility therefore?

2. Are all payments supported by properly authorised petty cash slips and vouchers (where applicable)?

3. Are all paid slips and vouchers marked “paid” to prevent re-use?


4. Has a reasonable limit been set for individual payments?

5. Is the float fixed at a reasonable level having regard to the level of expenditure?

6. Periodically examined by a responsible person?

7. Is the cash counted and agreed to the petty cash book?


G. Control of Pre-numbered Stationery1. Is the following stationery consecutively

pre-numbered and numerically and physically controlled?

a) Receipt books - Business- Trust

b) Cheque books - Business- Trust

c) Fee notes


2. Are all orders for the printing of controlled stationery authorised by a responsible official?

3. Is the physical control of such stationery vested in a responsible official or a person divorced from the effecting or recording of transactions?

The Trust Reconciliation

� 1. Are bank reconciliations prepared monthly?

� 2. Such recons prepared by employee independent of cash receipts and payment functions?

� 3. Does the reconciler exercise physical control over bank statements and issued cheques?

Trust Reconciliation (cont)

� Do the bank recon procedure include:� A comparison of paid cheques with the cash

book as to names, dates and amounts?� Accounting for numerical sequence of paid

cheques?� Regular follow –up on long outstanding

cheques and deposits?� Reviewed?


H. Computerised Accounting

Data Capture� Are all source entries independently

totalled prior to being captured?2. Is a permanent record kept in a register

of these batch totals together with a description of the entries processed?


3. Are all source documents or source entries:a) Sequentially numbered?b) Processed in sequence?4. Where computer postings are made directly

from the source document (i.e. where there is no book of prime entry) are all prime documents sequentially numbered, batched and permanently filed?


Security of Information/Data Resident on the Computer

1. Does the computerised system generate an audit trail of the following:

a) Transfers between the trust accounts and business accounts.

b) Transactions processed to the trust accounts.c) All deleted, amended and/or inactive trust

accounts?


Security Over Programs1. Are there defined responsibilities

regarding testing, documenting and approving the implementation or modification of computer programs?


Security Over Data Access1. Is there effective security against

unauthorised access to programs and data files?

2. Are there controls to ensure that computer programmers do not have access to the live data files?

3. Is access restricted by an effective password control?

Internet fraud

� Phishing� Fraudsters pretend to be a trusted corporation

or bank. Requested to obtain valuable information.

� “ Dear Client, A payment has been made to your account. To view the details of the

payment, please click here to login. <http://www.milan-ipe.com/login-nedbank-secure-payment/index.php> Please ensure that you enter the One Time Pin that will be sent to your cell phone immediately after your login.

If you have any questions or would like more information, please contact our support centre”

Phishing (cont)� “Account Update Notice�

� Dear Valued Clients,�

� ABSA has initiated protective procedures to secure the online banking accounts of our customers from identity theft and phishing attempts.

� As a result of this newly implanted security program, we will require you to bear with us as we work to increase the security of your account.

� Please follow the instructions as we will be sending you SMS messages for verification purposes. � We would suspend your access for safety reasons until you upgrade. follow the link below�

�

� Please go to: https:important/server/upgrade/absa.co.za <http://www.papayacomputer.com/tmp/arr/ssl/o-upgrade/server/update-profile/cs.servers.php>

�

� You will also need to verify your TVN upon request. �

� Thank You�

�

� Terms Of Use | Banking Regulations | Privacy Policy | Security Centre | Site Map

Tips to Prevent

� Never access internet banking using a link or a favorite.

� Always open your browser and type in address.

� Never allow browser to save pin.� Hover your mouse over any hyperlinks to

reveal the actual URL.� Use a secure site – secure protocol –

https://

Tips (cont)� Avoid opening unsolicited emails and

attachments that may cause viruses, malware and spyware.

� Ensure that your antivirus and antispyware is up to date. - keyloggers

� Do not make use of public terminals(internet cafes,hotels,libraries,etc)

� Secure payment sites when shopping on line.


Back-up1. Is there a formal back-up procedure that is

followed?2. Are data files backed-up regularly?3. Are multiple versions of the back-up

maintained?4. Are back-up files stored in a safe alternative

location?5. Are back-up files frequently tested to ensure

that they are not corrupt?


I. Scams & Money Laundering1. Have manuals, policies and procedures

been developed and implemented to ensure compliance with provisions of anti-money laundering legislation?

2. Forged letterheads.

Documents

RISK MANAGEMENT INTERNAL CONTROLS.ppt … CONTROLS: CHECK LIST 6. Are properly printed pre-numbered receipt books with an adequate number of copies used? 7. Is a register of receipt