Inherently, MCPD is subject toconsiderable overtime hours due to the department's need tooperate 24 hours a day, 7 days a week. While the County and MCPD have instituted recent actions to better monitor overtime use, the average overtime expense per employee has remained consistent over the last five years.
Some examples of incompatible duties are: Ideally, separate employees will perform each of the four major duties. In general, the flow of transaction processing and related activities should be designed so that the work of one individual is either independent of, or serves to check on, the work of another.
Such arrangements reduce the risk of undetected error and limit opportunities to misappropriate assets or conceal intentional misstatements in the financial statements. When duties cannot be sufficiently segregated due to the small size of a unit, it is important that mitigating controls, such as a detailed supervisory review of the activities, be put in place to reduce risks.
To meet the needs of their customers, managers delegate authority to staff so that decisions and related actions can occur in a timely manner. Delegation of Authority DOA is the formal process in which one person delegates the authority and responsibility to another person to carry out specific activities.
Typically a manager will delegate to a subordinate a certain authority for a specific transaction e. However the person who delegated the work remains accountable for the outcome of the delegated work.
If DOA is done properly the University can save time and money while building the skills of its workforce. Managers should develop a framework in which they document the types of transactions and related dollar thresholds in which they delegate their authority to another individual.
This documentation needs to be maintained as personnel change within their unit. It should include at a minimum: Managers need to ensure that individuals who received delegated authority have been properly trained and are well versed in University policies that govern the authority delegated.
At least annually, the DOA framework needs to be reviewed for appropriateness to ensure University objectives are being achieved while limiting risk to an acceptable level. Perform the monthly supervisory review to: If supporting documentation is not provided, request the cardholder to provide it or obtain a copy from the vendor.
Validate the business appropriateness of items purchased. If questionable transactions are identified, contact the cardholder for an explanation of the transaction. Validate the explanation with other departmental personnel, if possible e. If the cardholder is not able to appropriately support or explain a questionable transaction, contact the Senior Business Officer or their designee and the Purchasing Card Administrator.
Ensure that Purchasing policies are being followed: Sign and date the monthly statement to document that the review has taken place. Types of cash typically on hand include cash receipts, petty cash accounts, and change funds.
The following principles of good cash handling will be discussed in greater detail: Cash handling duties can be divided into four stages: Ideally, all four stages would be performed by different individuals. The purpose of this segregation of duties is to minimize the opportunity for an employee to misappropriate funds and avoid detection.
In a smaller department, it may not be feasible to fully segregate all of the cash-related duties. In these circumstances, the department may rely on compensating controls to mitigate the risk that cash is misappropriated e.
Keep all cash in a safe until it is deposited. For areas with regular cash receipts, a drop safe is recommended to limit access to the contents of the safe. Regardless of the type of safe used, limit access to supervisory and authorized personnel only.Developing an Internal Audit Plan SCHFMA –Finance and Reimbursement Workshop November 15, Directors Should Ask about Internal Audit Second Edition John Fraser, CA, CIA, CISA management of risk and internal control.
The audit committee is responsible for ensuring that management has implemented an effective system of internal control to manage the.
For example, management should identify the risks associated with the project and decide how to deal with them with internal audit, acting as a consultant on risk and control matters.
Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports SECURITIES AND EXCHANGE COMMISSION. Proper risk management and internal control help organizations understand the risks they are exposed to, put controls in place to counter threats, and effectively pursue their objectives.
The IT Security Audit course is designed to provide practical view in conducting IT audit and assurance in one organization. The course is designed to support professional staffs to expand their understanding of information technology (IT) audit. The course presents a more in-depth view on the fundamentals of IT auditing by highlighting on topics such as: IT audit and control analysis.