MRO Internal Controls Accounting and Financial Management March 28, - - PowerPoint PPT Presentation

MRO Internal Controls

Accounting and Financial Management March 28, 2019

1

The purpose of this presentation is to update the MRO Board of Directors on MRO’s internal control environment, documentation, and compliance oversight. It is meant to provide information to assist the board in fulfilling its mandate to review the adequacy and integrity of the organization’s accounting and financial controls.

2

MRO’s internal controls are a component of MRO’s broader compliance and ethics program. MRO’s compliance and ethics program ensures all facets of internal compliance are managed and includes guidelines that make for a comprehensive control environment.

3

MRO’s Corporate Compliance and Ethics Program

4

Who: Tone at the Top What: Corporate Programs and Policies Why: Laws and Regulations How: Prevent, Detect, Correct

Who? Tone at the Top

The Who: MRO is governed by its bylaws and under its bylaws, the business

and affairs of the company are managed by or under the direction of the MRO Board of Directors. The board has established three board committees to help it carry out its work, including the:

• Finance and Audit Committee (FAC)
• Governance and Personnel Committee (GPC)
• Organizational Group Oversight Committee (OGOC)

The FAC has primary responsibility for oversight of the implementation and

• peration of MRO’s Internal Program for Corporate Compliance and Ethics.

The GPC has responsibility for particular aspects of the program. The OGOC is responsible for oversight of MRO’s organizational groups and the representatives serving on industry groups established by NERC.

5

Compliance and Ethics Oversight

The FAC is responsible for:

• Monitoring the integrity of the company’s financial reporting
• Ensuring that the company has adopted an internal control structure,

including the adoption of appropriate policies and procedures, consistent with the company’s size and complexity

• Monitoring the external auditor’s independence to ensure the external auditor

is ultimately accountable to the board

• Monitoring compliance with the Sarbanes-Oxley Act of 2002 as appropriate

for a nonprofit organization that does not issue stock

• Monitoring compliance with any debt covenants
• Reviewing the company’s procedures related to finance to ensure

compliance with applicable laws and regulations

6

Compliance and Ethics Oversight

The Chief Compliance Officer is responsible for:

• Developing and implementing compliance policies and procedures
• Providing guidance to employees regarding policies and procedures
• Providing guidance, with the assistance of General Counsel, regarding compliance

with laws, rules, and regulations

• Coordinating, developing, and participating in communications, education, and

training

• Ensuring contractors (vendors, billing services, etc.) are aware of the requirements
• f MRO’s Program for Corporate Compliance and Ethics
• Maintaining an anonymous reporting system (hotline) and responding to concerns,

complaints, and questions related to the Program for Corporate Compliance and Ethics

• Coordinating internal investigations and implementing corrective action

7

What? Corporate Programs and Policies

The What: Corporate compliance is the process of making sure

that our organization and its staff follow the laws, regulations, standards, and ethical practices that apply to our organization. MRO also has to conform to certain obligations governed by the Federal Energy and Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC).

8

Corporate Compliance and Ethics Program

Compliance is a prevalent business concern, partly because of an ever-increasing number of regulations that require companies to be vigilant about their regulatory compliance requirements. Sarbanes-Oxley Act (SOX) Health Insurance Portability and Accountability Act (HIPAA) Dodd-Frank Act Federal Information Security Management Act (FISMA)

9

Corporate Compliance and Ethics Program

MRO has modeled its compliance and ethics program after the Federal Sentencing Guidelines for Organizations’ seven elements for an effective compliance and ethics program. Those elements are: Establish policies, procedures and controls to prevent and detect criminal conduct Exercise effective compliance and ethics oversight Exercise due diligence to avoid delegation of authority to unethical individuals Communicate and educate employees on compliance and ethics programs Monitor, audit and evaluate the compliance and ethics programs for effectiveness Promote and enforce the program through appropriate incentives and disciplinary measures Respond appropriately to criminal conduct that is detected and take steps to prevent further similar conduct

• U.S. Sentencing Commission, Guidelines Manual, Ch. 8, Pt. B2 (2008), at 1.

10

Internal Controls

MRO has established policies and procedures in order to ensure that (1) officers understand their fiduciary responsibilities and (2) MRO funds and assets are managed properly Given that MRO operates under statutory authorities from government, MRO and its board are responsible for ensuring that operations and the activities within programs meet the regulatory requirements MRO maintains internal controls to provide direction on protecting MRO assets and financial accountability MRO engages in financial risk management to understand, identify, and gain knowledge on what risks are surrounding MRO

11

Why? Laws and Regulations

The Why:

• To help prevent and detect violations of laws and regulations
• To recognize and report illegal or unethical activity
• To avoid waste, fraud, abuse, discrimination, and other practices that disrupt operations
• To prevent major disasters and failures

AND

• To safeguard our assets including staff
• To create reliable financial reporting
• To promote compliance with laws and regulations
• To achieve effective and efficient operations

12

Internal Control Objectives

MRO’s controls are based upon the following objectives:

• Authorization: All transactions are pre-approved by responsible personnel
• Completeness: All valid transactions are included in the accounting records
• Accuracy: All valid transactions are accurate, consistent with the originating transaction data, and

information is recorded in a timely manner

• Validity: All recorded transactions fairly represent the economic events that actually occurred, are

lawful in nature, and have been executed in accordance with management’s general authorization

• Physical Safeguards and Security: Access to physical assets and information systems is controlled

and properly restricted to authorized personnel

• Error Handling: Errors detected at any stage of processing receive prompt corrective action and are

reported to the appropriate level of management

• Segregation of Duties: Duties are assigned to individuals in a manner to ensure that no one individual

can control both the recording function and the procedures relative to processing a transaction

13

How? Prevent, Detect, Correct

Detective - intended to find problems within a company's processes Corrective - mitigates damage

• nce an

irregularity, error,

• r risk has

materialized and prevents future

• ccurrences

14

Preventative Controls:

MRO Management will oversee the following controls:

Background Checks

All staff submit to background testing. Those with financial

• versight submit to

annual testing.

Password Protected Access

Staff are granted necessary access based on role and responsibilities

Segregation of Duties

Having a checks and balances system reduces liability and risk from fraud or financial misconduct

Trained and Certified Staff

Staff that are sufficiently trained and certified in protecting company assets and monitoring activities ensures the prevention

• f asset loss

Vendor/Contractor Validation

Vendors are authenticated for doing work at MRO and on MRO’s systems

15

Detective Controls

MRO has several controls related to its financial activities to mitigate the potential for fraud or financial misconduct

• MRO utilizes a fraud monitoring system with its

financial institution to ensure that pre-authorized transactions are identified and unauthorized activities are caught before clearing the bank

• Banking transactions are reviewed by staff who do not

perform banking functions such as check printing or ACH requests

• MRO maintains a fixed asset list that catalogs all

valuable physical assets; these items are tracked and audited annually

• MRO maintains a review of its financial records, which

corresponds to its financial reports to ensure accuracy

Bank Reconciliations Fixed Asset List Review General Ledger Review

16

Detective Controls, cont.

MRO has additional controls related to its compliance activities to mitigate the potential for fraud or misconduct

• MRO performs various reviews of systems and

processes to check for errors and/or adjust for newly identified risks

• An anonymous hotline is available to bring attention to

any wrongdoing

• External audits are performed independent of staff to

reaffirm that proper controls are in place and to address any potential risk exposure

Annual Reviews Anonymous Hotline External Audits 17

Corrective Controls

When detective control activities identify an error or irregularity, corrective control activities kick in to see what could or should be done to fix it, and puts a new system in place to prevent it the next time around.

• Data backups to restore

data

• Variance reports
• Establish control

procedure

• Staff training

18

Questions?

19