RISK MANAGEMENT & INTERNAL CONTROLS
RISK MANAGEMENT OPERATIONAL Loss arising from system failure, human error, or external events. Controls: segregation of duties, access control, authorisation & reconciliation procedures, staff education, grievance procedures, backups, reliable data. MARKET Significant fluctuations in the market.
RISK MANAGEMENT CREDIT Financial assets Cash Accounts receivable LIQUIDITY RISK Proper management of working capital, capital expenditure, actual versus forecast cash flows.
ASSESSING FRAUD RISK 1. Do one or two key employees appear to dominate the company? 2. Do any key employees appear to have a close association with vendors? 3. Do any key employees have outside business interest that might conflict with their job duties? 4. Does the firm conduct pre-employment background checks to identify previous dishonest or unethical behaviour?
ASSESSING FRAUD RISK (Continuing) 5. Does the firm educate employees about the importance of ethics and anti-fraud? 6. Does the firm provide a secure channel to report fraud/theft? 7. Is job or assignments rotation mandatory for employees who handle cash receipts and accounting duties? 8. Is the level of authority clearly identified and communicated to the bank?
ASSESSING FRAUD RISK (Continuing) 9. Are there policies and procedures addressing the identification, classification and handling of proprietary information? 10. Do employees who have access to proprietary information sign non-disclosure agreements? 11. Is there a company policy that address the receipt of gifts, discounts and services offered by a supplier or client? 12. Are the firm s financial goals and objectives realistic?
Indemnity Insurance AFF (AIIF) AON (PI & Court Bonds) Professional Negligence Refer to Policy on requirements In possession of FFC Covers all costs fees & expenses incurred in the investigation, defense or settlement of my claim Limit R1 562 500 / annum
Indemnity Insurance Excess R20 000 / R35 000 Free insurance Exclusions: Trading losses Investment advice Bridging finance Commercial brokers Buying additional cover (top up cover) AON Shackelton
Misappropriation of Trust Funds AFF Theft of trust moneys Indemnify members of public not practitioner Fund of last resort Excussion Separate insurance cover for firm to cover this type of eventuality required
Asset Insurance Buildings Movable property (office contents) Loss of income / accounts receivable Public liability Employers liability
Life & Disability Insurance Annuity / Provident Fund Decision postponed Low priority on expenditure list Ignorance to type of environment creating risk Incentive to support staff Legal Provident Fund
Marketing Internal Image protection Reputational damage Appearances Staff (Jnr & Snr) Complaint handling Progress reports Fees properly structured & accounted
External Marketing Clients needs regularly accessed Remain relevant anticipate client needs Branding Network Social media Webpage Legal topics - newspapers - functions Rules & Rulings - Anti-competative
Marketing Competative Edge Product? Price? Advertise? Time? Client care?
INTERNAL CONTROLS: CHECK LIST A. Accounting Records and General 1. Are the accounting records, including lists of trust ledger balances, retained for at least five years from the date of the last entry therein? 2. Are all accounting records written up monthly? 3. Are all accounting records kept in a neat, legible and comprehensive fashion?
INTERNAL CONTROLS: CHECK LIST 4. Are employees duties clearly defined? 5. Are the duties of accounting staff rotated? 6. Are all employees required to take regular holidays and are their duties then assumed by other employees? 7. Are all employees in positions of trust covered by adequate fidelity insurance?
INTERNAL CONTROLS: B. Banking Accounts CHECK LIST 1. Are separate trust and business banking accounts maintained? 2. Are there any investments accounts in operation? 3. Who has authority to open and call up? 4. Proper recording? 5. Regular balance statements?
Investment accounts (cont) Procedure to obtain prior written consent? Detailed record kept? Regular review? Review by person other than those who maintain a register, account, or records of investments.
INTERNAL CONTROLS: CHECK LIST C. Remittances Received by Mail 1. Is the mail collected from the post office by a responsible official? 2. Is all mail opened by at least two persons? 3. Are the mail openers independent of the bookkeeping and cash receipts function?
INTERNAL CONTROLS: CHECK LIST 4. Is there a record of all moneys received by mail? 5. Is this record subsequently checked with actual receipts by an independent person? 6. Is this checking function adequately evidenced?
INTERNAL CONTROLS: CHECK LIST D. Receipts and Banking 1. Is the trust account cash kept separate from business account cash? 2. Are receipts made out immediately for all amounts received? 3. Are full particulars always shown on receipts? 4. Are the originals of all cancelled receipts stapled to the cancelled copies? 5. Is the cash office secure against access by anybody?
INTERNAL CONTROLS: CHECK LIST 6. Are properly printed pre-numbered receipt books with an adequate number of copies used? 7. Is a register of receipt books maintained? 8. Are unused receipt books under the control of a responsible official who has nothing to do with cash receipts? 9. Are all receipts banked intact daily? 10. Are receipts regularly compared with details of the bank stamped deposit slips by an independent employee?
INTERNAL CONTROLS: E. Cheque Payments CHECK LIST 1. Are cheque preparers independent of the persons who: a. approve vouchers for payment b. sign cheques? 2. Are cheques made payable to third parties such as Banks, etc. always made payable to ABC for credit of account XYZ?
INTERNAL CONTROLS: CHECK LIST 3. Are all trust account cheques preprinted to order? 4. Are cash cheques and bearer cheques prohibited? 5. Are cancelled cheques marked cancelled and kept available for subsequent inspection? 6. Signing powers.
INTERNAL CONTROLS: CHECK LIST 6. Are all cheques accompanied by properly authorised vouchers when presented for signature? Forged vouchers(fictitious creditors) Forged bank statements Relevant ledger account 7. Is the signing of cheques in blank prohibited?
INTERNAL CONTROLS: F. Petty Cash CHECK LIST 1. Does the petty cashier have exclusive control over the petty cash and responsibility therefore? 2. Are all payments supported by properly authorised petty cash slips and vouchers (where applicable)? 3. Are all paid slips and vouchers marked paid to prevent re-use?
INTERNAL CONTROLS: CHECK LIST 4. Has a reasonable limit been set for individual payments? 5. Is the float fixed at a reasonable level having regard to the level of expenditure? 6. Periodically examined by a responsible person? 7. Is the cash counted and agreed to the petty cash book?
INTERNAL CONTROLS: CHECK LIST G. Control of Pre-numbered Stationery 1. Is the following stationery consecutively pre-numbered and numerically and physically controlled? a) Receipt books - Business - Trust b) Cheque books - Business - Trust c) Fee notes
INTERNAL CONTROLS: CHECK LIST 2. Are all orders for the printing of controlled stationery authorised by a responsible official? 3. Is the physical control of such stationery vested in a responsible official or a person divorced from the effecting or recording of transactions?
The Trust Reconciliation 1. Are bank reconciliations prepared monthly? 2. Such recons prepared by employee independent of cash receipts and payment functions? 3. Does the reconciler exercise physical control over bank statements and issued cheques?
Trust Reconciliation (cont) Do the bank recon procedure include: A comparison of paid cheques with the cash book as to names, dates and amounts? Accounting for numerical sequence of paid cheques? Regular follow up on long outstanding cheques and deposits? Reviewed?
INTERNAL CONTROLS: CHECK LIST H. Computerised Accounting Data Capture Are all source entries independently totalled prior to being captured? 2. Is a permanent record kept in a register of these batch totals together with a description of the entries processed?
INTERNAL CONTROLS: CHECK LIST 3. Are all source documents or source entries: a) Sequentially numbered? b) Processed in sequence? 4. Where computer postings are made directly from the source document (i.e. where there is no book of prime entry) are all prime documents sequentially numbered, batched and permanently filed?
INTERNAL CONTROLS: CHECK LIST Security of Information/Data Resident on the Computer 1. Does the computerised system generate an audit trail of the following: a) Transfers between the trust accounts and business accounts. b) Transactions processed to the trust accounts. c) All deleted, amended and/or inactive trust accounts?
INTERNAL CONTROLS: CHECK LIST Security Over Programs 1. Are there defined responsibilities regarding testing, documenting and approving the implementation or modification of computer programs?
INTERNAL CONTROLS: CHECK LIST Security Over Data Access 1. Is there effective security against unauthorised access to programs and data files? 2. Are there controls to ensure that computer programmers do not have access to the live data files? 3. Is access restricted by an effective password control?
Internet fraud Phishing Fraudsters pretend to be a trusted corporation or bank. Requested to obtain valuable information. Dear Client, A payment has been made to your account. To view the details of the payment, please click here to login. <http://www.milan-ipe.com/login-nedbanksecure-payment/index.php> Please ensure that you enter the One Time Pin that will be sent to your cell phone immediately after your login. If you have any questions or would like more information, please contact our support centre
Phishing (cont) Account Update Notice Dear Valued Clients, ABSA has initiated protective procedures to secure the online banking accounts of our customers from identity theft and phishing attempts. As a result of this newly implanted security program, we will require you to bear with us as we work to increase the security of your account. Please follow the instructions as we will be sending you SMS messages for verification purposes. We would suspend your access for safety reasons until you upgrade. follow the link below Please go to: https:important/server/upgrade/absa.co.za <http://www.papayacomputer.com/tmp/arr/ssl/oupgrade/server/update-profile/cs.servers.php> You will also need to verify your TVN upon request. Thank You Terms Of Use Banking Regulations Privacy Policy Security Centre Site Map
Tips to Prevent Never access internet banking using a link or a favorite. Always open your browser and type in address. Never allow browser to save pin. Hover your mouse over any hyperlinks to reveal the actual URL. Use a secure site secure protocol https://
Tips (cont) Avoid opening unsolicited emails and attachments that may cause viruses, malware and spyware. Ensure that your antivirus and antispyware is up to date. - keyloggers Do not make use of public terminals(internet cafes,hotels,libraries,etc) Secure payment sites when shopping on line.
INTERNAL CONTROLS: Back-up CHECK LIST 1. Is there a formal back-up procedure that is followed? 2. Are data files backed-up regularly? 3. Are multiple versions of the back-up maintained? 4. Are back-up files stored in a safe alternative location? 5. Are back-up files frequently tested to ensure that they are not corrupt?
INTERNAL CONTROLS: CHECK LIST I. Scams & Money Laundering 1. Have manuals, policies and procedures been developed and implemented to ensure compliance with provisions of anti-money laundering legislation? 2. Forged letterheads.