Financial Internal Control Advisory Services

 Adding value and strengthening the management of financial risk and systems of internal control across campus.


Overview

The University of Wisconsin-Madison (UW-Madison or the University) has a stewardship and oversight responsibility to ensure financial resources are governed efficiently and effectively through strong and well-established systems of internal control.

The University has taken steps to assess its approach to managing financial risk and identifying opportunities to evolve and strengthen its financial control environment towards ensuring accurate and reliable financial statements, protecting assets against loss and abuse, and enabling compliance with laws and regulations to which the University is subject.

Operating in a highly decentralized environment and given the increasing risks and regulatory requirements, the University is subject to multiple financial risks that mitigating requires establishing a systematic, consistent, sustainable, and adaptable approach towards ongoing identification and assessment of financial risk and evaluation of systems of internal control over financial and related operational processes.

Emphasizing the importance of a collaborative and engaged participatory culture, the University developed a leadership led initiative to adopt and implement the Committee of Sponsoring Organizations of the Treadway Commission Internal Control – Integrated Framework (COSO Framework).

The COSO Framework enables the University to develop and implement systems of internal control adaptable to changing business processes and supporting systems. COSO Framework assists others with guidance in the performance of their duties regarding financial internal control by providing an understanding of what constitutes a system of internal control and insight into when financial controls are being applied effectively.

As one of the pillars of the leadership led initiative, the Division of Business Services (DoBS or the Division) established the Financial Internal Control Advisory Services (FICAS) function to identify opportunities to evolve and strengthen systems of internal control over financial and related operational processes, and assist UW-Madison Divisions designing, implementing, and sustaining a sound financial control environment.

Definition & Mission

Definition

Financial Internal Control Advisory Services (FICAS) is an independent objective advisory function designed to help sustain and improve systems of internal control over financial and related operational processes, develop systems of internal control that adapt to changing business processes and technology environments, help mitigate financial risk, and support sound decision-making and governance of financial and related operational processes.

FICAS is intended to be a catalyst for adding value and strengthening the management of financial risk and systems of internal control across campus by providing insight and recommendations based on analysis and assessments of financial risk and systems of internal control over financial and related operational processes.

Mission

Collaborate with business partners across campus to enable good business practice in support of UW-Madison instruction and research mission.

Goals and Objectives

Financial Internal Control Advisory Services will strive to:

  • Develop a charter defining its role, responsibilities, authority, and scope of work.
  • Plan, design, and implement a systematic and sustainable approach to assess UW-Madison financial risk, and evaluate the effectiveness of systems of internal control over financial and related operational processes.
  • As a member of the DoBS Leadership Team, assess the Division’s financial risk and evaluate its systems of internal controls over financial and related operational processes, and develop and implement best practices to mitigate financial risks deemed Division’s priorities.
  • Assist UW-Madison Divisions assessing financial risk and evaluating systems of internal control over financial and related operational processes, and develop and implement best practices to mitigate financial risks deemed Divisional priorities.
  • As deemed helpful towards the accomplishment of its goals, develop and provide financial risk assessment and evaluation of internal control guidance.
  • Develop financial internal control training programs as deemed beneficial to UW-Madison Divisions based on assessed financial risk and internal control evaluation and discovery efforts.

Strategic Aim

In an effort to meet its stakeholders’ expectations in the wake of growth, administration transformation, and emerging financial risks, the following strategies will guide FICAS’ practice to achieve its goals and objectives:

This is an accordion element with a series of buttons that open and close related content panels.

Enhancing Excellence

  • Launch new initiatives to promote excellence and influence a culture change through partnerships and collaborative structures.
  • Draw attention to areas of interest, and gain commitment to react to sector and market changes, trends, and best practices.
  • Stimulate and sustain new sources and methods of participation to influence knowledge and skills and improve overall efficiency and effectiveness of financial risk assessment and evaluation of systems of internal control.
  • Operate within a culture nurtured by UW-Madison organizational structure.

Sustainability

  • Sustain a high quality function that is widely recognized and constantly adapting to its stakeholders developing needs.
  • Demonstrate a well-led, managed, and governed activity, and sustain intellectual, economic, social, and environmental development.
  • Rely on self-accountability, self-evaluation, customer satisfaction, and collaborative and participative relationships.
  • Maintain independence, objectivity, professionalism, integrity, and uphold highest professional and ethical standards.

Committee of Sponsoring Organization of the Treadway Commission Internal Control – Integrated Framework

The Committee Of Sponsoring Organizations of the Treadway Commission Internal Control – Integrated Framework (COSO Framework) provides a guide for UW-Madison to develop effective and efficient systems of internal control, intended to adapt to changing business processes and systems, mitigate financial risk to acceptable levels within a division’s risk appetite, and support sound decision-making and governance of financial and related operational processes.

COSO Framework
COSO Framework

The COSO Framework provides for three (3) objectives:

This is an accordion element with a series of buttons that open and close related content panels.

Operations Objectives

Pertaining to the effectiveness and efficiency of a division’s operation and safeguarding of assets against loss.

Reporting Objectives

Pertaining to internal and external financial and non-financial reporting and may encompass accuracy and reliability, timeliness, transparency, or other terms as set by regulators, recognized standards, or UW Madison policies

Compliance Objectives

Pertaining to the adherence to applicable federal and state laws and regulations to which UW Madison and divisions are subject.

The COSO Framework consists of five (5) components and seventeen (17) principles representing the fundamental concepts associated with each component.

This is an accordion element with a series of buttons that open and close related content panels.

Control Environment

Is the set of standards, processes, and structures that provide the basis for carrying out internal control activities.

Risk Assessment

Involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risk assessment forms the basis of how risk will be managed.

Control Activities

Are actions established through policies and procedures that help ensure that management directives to mitigate risk are carried out. Control activities are performed at all levels and at various stages within business processes and over technology environments.

Information and Communication

Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Communication is the means by which information is disseminated throughout the entity, top-down, bottom-up, and across.

Monitoring Activities

Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five (5) components of internal control is present and functioning. Ongoing evaluations (built into business processes) provide timely information. Separate evaluations (conducted periodically) vary in scope and frequency depending on risk assessment, ongoing evaluations, and management considerations.

The COSO Integrated Framework Components and Principles

image of COSO Internal Control Framework Principles
Image COSO Internal Control Framework Principles

The COSO Framework sets forth the requirements for an effective system of internal control. It requires that each of the five (5) components and relevant principles is present and functioning.

  • Present refers to the determination that the components and relevant principles exist in the design and implementation of the system of internal control to achieve specified objectives.
  • Functioning refers to the determination that the components and relevant principles continue to exist in the operations and conduct of the system of internal control to achieve specified objectives.

The COSO Framework also sets forth the requirements for the five (5) components operating together in an integrated manner. Operating together refers to the determination that all five (5) components collectively reduce, to an acceptable level, the risk of not achieving an objective. Components should not be considered discretely; instead, they operate together as an integrated system. Components are interdependent with a multitude of interrelationships and linkages among them, particularly the manner in which principles interact within and across components.

When a major deficiency exists with respect to the presence and functioning of a component or relevant principle, or with respect to the components operating together in an integrated manner, a division cannot conclude that it has met the requirements for an effective system of internal control.

When a system of internal control is determined to be effective, management would have reasonable assurance, relative to the application within a division’s structure, that the division:

  • Achieves effective and efficient operations when external events are considered unlikely to have a significant impact on the achievement of objectives, or where the division can reasonably predict the nature and timing of external events and mitigate their impact to an acceptable level.
  • Understands the extent to which operations are managed effectively and efficiently when external events may have a significant impact on the achievement of objectives or where a division can reasonably predict the nature and timing of external events and mitigate their impact to an acceptable level.
  • Prepares reports in conformity with applicable rules, regulations, and standards or with a division’s specified reporting objectives.
  • Complies with applicable laws, rules, regulations, and standards.

COSO Framework requires judgment in designing, implementing, and conducting internal control and assessing its effectiveness. The use of judgment, within the boundaries established by laws, rules, regulations, and standards, enhances a division’s ability to make better decisions about internal control, but cannot guarantee perfect outcomes.

Contact

Find Purchasing Services

Financial Internal Control Advisory Services
21 N. Park Street
Madison, WI 53715

Email Purchasing Services

Imad Mouchayleh, Director
mouchayleh@wisc.edu

Call Purchasing Services

608-890-3764