TO: U. T. System Employees
FROM: William H. Cunningham
RE: Control Self-Assessment Workshop
Thank you for attending today’s workshop.
Not long ago, a series of highly publicized frauds occurred in higher education which led to the formation of a System-wide committee to study internal control throughout The University of Texas System. The committee recommended, among other things, an internal control training program for employees. The first U. T. System course on internal control was entitled Effectively Controlling Risks--A Balancing Act. It was taught throughout the U. T. System to all department chairs, directors, deans, and other senior administrators. The course lasted approximately two hours and provided administrative officials a high-level understanding of internal control.
This Control Self-Assessment Workshop is designed to facilitate a department’s self-assessment of its internal control over operations, financial reporting, and compliance activities. The workshop is divided into two sessions. The first session explains how to self-assess internal control over a department’s significant activities and processes. The second session, held a few weeks later, is a series of Risk/Control Worksheet presentations by the department’s employees. Public entities and private companies all over the United States and Canada are finding that control self-assessment workshops are a highly effective way to enhance and to monitor internal control.
An important message to be communicated in this workshop is that internal control is, to some degree, everyone’s responsibility. Therefore, I encourage you to participate actively in the workshop, to perform a thorough control self-assessment, and to take steps to ensure that internal control within the U. T. System is adequately designed, properly executed, and effective.
Acknowledgments
This workshop is a presentation of internal control concepts and applications as described in Internal Control--Integrated Framework which is published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. Member organizations of the Treadway Commission are as follows:
- American Institute of Certified Public Accountants
- American Accounting Association
- The Institute of Internal Auditors
- Institute of Management Accountants
- Financial Executives Institute
Since its publication in September of 1992, Internal Control--Integrated Framework has become the generally accepted internal control standard in the United States. The material presented in this participant's manual is a highly summarized compendium of COSO's publication. Internal Control--Integrated Framework may be obtained from the AICPA Order Department by calling 1-800-862-4272.
The internal control questionnaires which are presented as appendices to this manual are derived from Control Assessment Tool (CAT), a software program which provides computer support for control self-assessments. More information about CAT may be obtained from the Association of College and University Auditors (ACUA) at 708-922-1034.
This manual and associated materials were developed by:
Scott Scarborough, CPA, CIA
The University of Texas System Audit Office
201 West 7th Street ASH 5
Austin, Texas 78701
Risk and Control Self-Assessment Guidelines
Session #1 (1 of 2)
Introduction 1
Acknowledgments 2
Workshop Objectives 5
Self-Assessment Process 6
Internal Control Defined 7
Internal Control Process 8
Control Environment 9
Case Study 10
Control Environment Tips 11
Control Environment Evaluation 12
Goals & Objectives 13
Group Exercise 14
Risk Assessment 15
Individual Exercise 16
Session #1 (2 of 2)
Risk Assessment Tips 17
Risk / Control Worksheet 18
Sample Worksheet 19
Sample Flowchart 20
Control Activities 21
Approvals 22
Reconciliations 23
Reviews 24
Asset Security 25
Segregation of Duties 26
Information Systems 27
General Controls 28
Application Controls 29
Individual Exercise 30
Information & Communication 31
Monitoring 32
Session #1 To Do List 33
Worksheet Checklist 34
Summary Test 35
Session #1 Evaluation 36
Session #2
Worksheet Presentations 37
Testing & Reporting 38
Model Report 39
Internal Auditors’ Report 40
Session #2 To Do List 41
Testing Plan - Part I 42
Testing Plan - Part II 43
Workshop Evaluation 44
Sample Risk/Control Worksheets
Appendix A: Travel Worksheet 45
Appendix B: Travel Flowchart 46
Appendix C: Budgeting Worksheet 47
Appendix D: Budgeting Flowchart 48
Appendix E: Purchasing Worksheet 49
Appendix F: Purchasing Flowchart 50
Appendix G: Vacation/Sick Leave Worksheet 51
Appendix H: Vacation/Sick Leave Flowchart 52
Appendix I: Evaluating Employees Worksheet 53
Appendix J: Evaluating Employees Flowchart 54
Appendix K: Property & Equipment Worksheet 55
Appendix L: Property & Equipment Flowchart 56
Internal Control Questionnaires
Appendix M: Gifts, Grants, and Contracts 57
Appendix N: Budgeting and Accounting 58
Appendix O: Cash Receipts 59
Appendix P: Electronic Data Processing 60
Appendix Q: Expenditures (Non-Payroll) 61
Appendix R: Inventory 62
Appendix S: Moveable Equipment 63
Appendix T: Organization and Management 64
Appendix U: Personnel and Payroll 65
Appendix V: Petty Cash 66
Appendix W: Purchasing and Leasing 67
Appendix X: Revenue 68
Appendix Y: Accounts Receivable 69
