Fall 2015 Issue of Horizons

PUBLIC SECTOR

internal control and competence is rarely the result of chance. The governing body can support this attribute of a strong control environment by underwriting effective personnel development, education, professional credentialing, compensation and advancement programs, to the extent allowed by budgetary constraints. Risk Assessment Why is it that fire logs contain the warning “Flammable,” hairdryers the warning “Do not use in the bathtub”, or fishing hooks the warning “Harmful if swallowed”? We won’t devote any space here to speculating, but suffice it to say that risks surround us. It’s a daunting challenge to effectively address the risks assessed and considered by an organization, much less those that escape identification. This means an effective system of internal control will benefit from periodic collaboration between management and the governing body in exploring the internally and externally posed operational, reporting and compliance risks. Each party brings a unique perspective to the discussion and the whole is certainly greater than the sum of the parts. Once relevant risks are identified, elected officials and management can collectively brainstorm the most appropriate response. Not all risks are created equal. The risk of error (unintentional) is inherently different than the risk of fraud (intentional) and therefore related controls must be designed accordingly. There may be no more important element of internal control over financial reporting than the governing body’s obligation to oversee management’s responsibility to protect the assets of the organization from misappropriation. Foundational to this oversight is the understanding of the three aspects of the fraud triangle: opportunity, pressure and rationalization. Elected officials can support

Independent Oversight Although elected officials may occasionally assist management with internal control, the governing body is independent and should provide accountability over management’s responsibility for internal control. One possible best practice to apply such accountability is to routinely invite management to board or audit/finance committee meetings to educate the elected officials on how management executes internal control over the organization’s various financial activities. For example, in one quarter management could describe the controls it applies to the cash disbursement process, and in the following quarter, the controls applied to the payroll process. Assignment or Committee Delegation of Oversight Responsibility Controls over financial reporting is obviously not elected officials’ only fiduciary responsibility and clearly not every elected official will possess the skills necessary to provide such financial oversight. 1. Consider ensuring that at least one member possesses such skills and designate him/her as the “financial expert” similar to that required of public company audit committees by the Sarbanes-Oxley Act, or 2. Delegate its internal control oversight responsibilities to a committee of the governing body such as an audit or finance committee whose responsibilities are limited to only such matters. Under this structure, it is important that a governing body official be an effective communicator liaison between the board and the committee. “You better cut the pizza in four slices, cause I ain’t hungry enough for six.” (Yogi Berra). If anyone else but Yogi said that, we’d likely conclude there was a competency issue. Quality employees generally provide the best opportunity for an effective system of Therefore, a governing body may:

page 52 | horizons Fall 2015