Embed Size (px)
Citation preview
Slide 1
Internal Controls 101
June 23, 2011
Slide 2
Introductions
• Tim Waterman – General Dynamics Advanced Information Systems (GDAIS)
• Keith Rivers – United Technologies (UTC)
• Sam Onwuanaibe - Harris Corporation
• Benjamin Lindorf - Institute for Defense Analyses
Slide 3
• Over 7,200 employeeso 75% hold security clearances
• Headquarters in Fairfax, VA
• Many locations including customer sites
Delivering end-to-end intelligence and cyber mission integration and solutions to defense, intelligence and
homeland security communities
General Dynamics
Advanced Information Systems
Slide 4
Internal Controls
• Internal controls are designed to provide reasonable assurance that objectives are achieved in the following categories:o Effectiveness and efficiency of operationso Compliance with laws and regulationso Reliability of financial reporting = Sarbanes Oxley
• Internal controls are evaluated at two levels:o Entity-level (contains control environment)o Activity-level (transaction-level)o Examples of each on the following slide
Slide 5
Internal Controls (cont.)
• Internal controls are evaluated at two levels:o Entity-level Example
The company has policies and procedures for all major business processes, they are reviewed on a regular basis and updated, if necessary. All policies and procedures are located on the Company's intranet and are accessible by all employees.
o Activity-level (transaction-level) Example Each timecard is approved by the employee’s supervisor, or
designated alternate in the event of supervisor absence.
Slide 6
Life Cycle of an Internal Control
Risk Assessment
Define & Document
Operate / Perform
Validate / Test Effectiveness
Report
Slide 7
Life Cycle of an Internal Control (cont.)
• Example of Vendor Management Controlso Risk = Fictitious vendors are input to the system, allowing for
fictitious cash disbursementso Control #1 = New vendors are added in Oracle by the
Purchasing department and the accounts payable department has inquiry only access to this vendor information
o Control #2 = Oracle only allows the user (accounts payable department) to pay an established vendor
Risk Assessment
Define & Document
Operate / Perform
Validate / Test Effectiveness
Report
Slide 8
Examples of GD Controls
Ethics Controls:o There is an Ethics Officer at CHQ and at each business unito There is an Ethics Helpline to facilitate anonymous reports o The organization publicizes the existence and importance of the
GD Standards of Business Ethics and Conduct to employees on an annual basis
o All new hires complete an Ethics Acknowledgement Form, which acknowledges that the employee has received and read the GD Standards of Business Ethics and Conduct
o Employees are required to participate in ethics training every other year
o Corporate Internal Audit performs implementation and follow-up reviews of each of the Ethics Programs
Slide 9
Examples of GD Controls
• Other Controls:o Each business unit and Corporate Internal Audit conducts a
detailed annual Risk Assessment that is updated periodically throughout the year
o All finance new hires have a background and credit check completed prior to start date (background check for all new hires)
o Each business unit has created its own Delegation of Authority (DOA) subject to the CHQ DOA, and is used to scrutinize transactions in the conduct of its business
o The company has policies and procedures for all major business processes Policies and procedures are reviewed on a regular basis and updated,
if necessary All policies and procedures are located on the Company’s intranet, or
equivalent, and are accessible by employees
