Course Title: Financial Decision Making
Course dept. and Number: MOL 667
SCENARIO:
Executive Directors and others in leadership positions rely heavily on internal control systems to guide the day-to-day operations in their organizations. The challenge is even greater for nonprofits. “Board members of nonprofits must be assertive to ensure that adequate internal controls are in place for their organizations. There is no excuse for even the smallest nonprofit not to have an internal control system.”
You are required to identify an organization (a nonprofit or otherwise) and work in your assigned to develop an internal control system assessment using the guidelines provided below.
FINAL PROJECT GUIDELINES
1) Executive Summary (One page) (20 Points)
- What is your problem statement?
- How did you solve the problem?
- What are your conclusions?
2) Internal Control Risk Analysis – Identification and Inventory (40 Points)
- Examples are:
- Document Internal Control Systems within the organization and brief steps. Examples include: (This list is not exhaustive and may not apply to all organizations. Identify key internal control systems to work with)
- Controlling Vendors
- Controlling Travel and cell phones
- Control of credit and debit cards
- Inventory control
- Safeguarding Assets
- Organization data
- Customer databases
- Accounting records
- Hardcopy printouts, records, legal documents
- Reference and training materials
- Billing records
- Computer systems access
- Invoicing
- Purchase order process
- Controlling cash and its cash equivalents
- Reconciliation of bank accounts
- Separation of duties
- Payroll control system
- Hiring process (There could be different processes for different levels)
- Employment termination process
- Fundraising approval and process
- Receiving of funds from fundraising efforts
- Investment decisions
- Appointment of an auditor
- Document Internal Control Systems within the organization and brief steps. Examples include: (This list is not exhaustive and may not apply to all organizations. Identify key internal control systems to work with)
3) Internal Control Risk Analysis – Threat Assessment (40 Points)
- Identify the potential events that could place the internal controls at risk. Consider the following examples.
- Theft
- Conflict of Interest
- Unauthorized access
- Fraud
- Corruption of data
- Vandalism
- Fire
- Flood
- Power loss
- Classify each event by the following types of threats:
- Efficiency of operations
- Effectiveness of operations
- Reliability of financial reporting
- Compliance
- Exposure
- Interruption
- Destruction
- Classify the likelihood of each event as one of the following:
- Low – There is no history, and the threat is unlikely to occur.
- Medium – There is some history, and an assessment has been made that the threat may occur.
- High – There is significant history, and an assessment has been made that the threat is quite likely to occur.
- Rate the impact of each possible event as one of the following:
- Very serious (may compromise the entire organization)
- Serious (may disrupt normal operations, cause significant inconvenience to clients, or be costly to rectify)
- Less serious (may disrupt non-critical operations or cause limited inconvenience to employees)
- Identify the potential consequences as one of the following:
- Loss of privacy
- Loss of trust
- Loss of asset
- Loss of funding
4) Risk Analysis – Risk Assessment (40 Points)
- List the existing safeguards that protect against a potential event. Examples include:
- Organization may have after-hours security
- Surveillance cameras
- Access security to present systems
- In consideration of existing safeguards, is the company still vulnerable to the possible threat?
- Describe the vulnerability. E.g. how can a threat or threat agent attack the asset being protected?
- What is the risk to the company of the event occurring?
- (Risk refers to the company’s ability to protect itself in the face of the event occurring, not to the likelihood of the event happening)
- Rate the potential risk as:
- Low – Requires some attention and consideration for safeguard implementation as good business practice
- Moderate – Requires attention and safeguard implementation in the near future
- High – Requires immediate attention and safeguard implementation
5) Risk Analysis – Recommendations (40 Points)
- Guidelines are:
- In consideration of the potential vulnerability and risk, what additional safeguards are recommended to lower the risk to an acceptable level?
- Describe the proposed measures.
- Include measures for hardening internal control systems.
- For the proposed safeguards, rate the projected risk for each as one of the following:
- Low
- Moderate
- High
- In consideration of the potential vulnerability and risk, what additional safeguards are recommended to lower the risk to an acceptable level?
6) Conclusion (At least half page) (10 Points)
- Concluding comments to the project
- Learning experiences
7) Additional notes and overall presentation: (10 Points)
- List of References used
- You must include details of any referenced material in your project paper
Important:
- Spelling and grammar mistakes will be heavily penalized (use spell-check and grammar-check MS Word function and proof read. Proof-read in your group to eliminate any mistakes you may have overlooked).
- Write professionally
TOTAL POINTS: 200
