Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated.

Similar presentations

Presentation on theme: "Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated."— Presentation transcript:

1 Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated

2 Agenda Background Requirements Implementation

3 Internal Control Legislation – 1950 Accounting and Auditing Act – 1982 Federal Managers Financial Integrity Act – 1990 Chief Financial Officers Act – 1994 Government Management Reform Act – 1996 Federal Financial Management Improvement Act

4 What are Internal Controls? Anything you do to successfully achieve your mission/goal legally and efficiently Objectives of controls: –Effective and efficient operations –Reliable financial reporting –Compliance with laws and regulations Applies to all aspects of life

5 Internal Control Standards Treadway Commission: Internal Control Guidance Control Environment Risk Assessment Activities M Information Communication GAO StandardsCOSO Framework

6 Internal Control Standards Control Environment Risk Assessment Control Activities M Information Communication GAO Standards Control Environment: Tone at the Top Risk Assessment: Threats to Mission Control Activities: Design & Operation Monitoring: Test Schedule Information & Communication: Up and down the Organization

7 Government Implementation: Assess Controls

8 Elements of an IC Program Mission Objectives Risks Control Activities

9 Internal Goals Management: Acknowledge it responsibility for establishing and maintaining ICs Apply IC objectives: –Effective and efficient operations –Reliable financial reporting –Compliance with laws and regulations Understand that ICs exist (or should) at every level and in every process of the organization Realize that good internal control leads to financial reporting integrity

10 Three Step Process Planning Phase Testing Phase Reporting Phase

11 Planning Phase Identify assessable units Establish governance body Determine material contributors Identify/document key business processes Perform risk assessment Identify key controls Develop 3-yr control assessment schedule Develop test methodology

12 Divide and Conquer !! Establish Assessable Units

13 Divide and Conquer !! Establish Assessable Units

14 Establish Governance Establish a governance body who will: –Have decision-making leaders as members –Identify material business lines/ processes –Know flowcharted business process –Identify risks and assess materiality –Document internal controls –Test internal controls –Report on control effectiveness –Develop corrective action plans

15 Identify Material Contributors Look at the Budget/Financials Change Change Change Assets: Cash and investments $ 10.7 $ 10.4 $ 0.3 $ 4.6 $ 4.6 $ - $15.3 $ 15.0 $ 0.3 Capital assets (net) All other assets Total assets Liabilities: Accounts payable (0.1) (0.1) All other current liabilities Total current liabilities Bonds payable All other long-term liabilities Total long-term liabilities Total Liabilities Government Business-typeTotal

16 Identify Key Business Processes Capital Assets: –What processes add to balances? –What processes decrease balances? –What systems support the processes? –Where do the processes take place? –Where do the managers exist in the states organization chart?

17 Document Key Processes

18 Perform Risk Assessment Assess Risk: Document from flowcharts

19 IT Assertions Completeness Accuracy Validity Restricted Access

20 Financial Assertions Completeness Obligations/Rights Valuation Existence/Occurrence Reporting/Presentation Look for Risk of Misstatement

21 Identify Key Controls Document from flow charts

22 Document Key Controls IntraGov Accts Rec Not reported Document, document, document high 1 Reimb R/O Track & check low Inspect Preliminary Control Assessment

23 Develop Key Control Assessment Schedule All key controls are assessed at least once every three years Some more: –High risk –Change in: Law System Key personnel

24 Control Testing Options: 3-Year Plan Control Risk Test Low High Develop Corrective Action Plan If: Changes in: -Personnel? -Process? -System? Yes Annually for 3 years No Rotate to 3-year plan

25 Testing Phase Entity-Level Assessment Control Testing: –Process level –Transaction level –Include automated systems –Remember service providers

26 Entity-Level Assessment Evaluate Internal Control at Entity Level – GAO G: Internal Control Management and Evaluation Tool – Use GAO Internal Control Standards

27 Control Testing Test key controls – Develop test plan and document – Decide on the appropriate test method – Establish tolerance level for error, document – Identify sample size: OMB recommendations – Test and document Consider dependencies – Service provider process controls – SAS 70 reports???

28 Reporting Phase Identifying Material Weaknesses Developing Corrective Action Plans Preparing Statement of Assurance

29 Identify Material Weaknesses At assessable unit level At subagency/department level At Agency/ Bureau/ Department level Management has the discretion to make the determination! OMB generous with Material Weakness definitions

30 Basis for Assurance Deficiencies can be: –Single deficiency –Significant deficiency –Material weakness Determines level of assurance –Cannot be unqualified if material weakness exists

31 Develop Corrective Actions Managers: Process Owners develop corrective actions plans and timelines Governance body concurs or non- concurs Published in Annual Financial Report (PAR) for feds Should be monitored by leadership Fed report periodically on progress to Office of Management and Budget

32 Corrective Action Plans Plan well Divide corrective steps into small manageable pieces – governance body should approve Develop realistic target dates Monitor progress continuously

33 Statement of Assurance Report on effectiveness of internal control Separate statements of assurance: – for operations and administration – for systems (Sec 4) – for financial reporting Report options: – Prescribed format for statement – Defined qualifiers: Unqualified Qualified No Assurance

34 Internal Control Reporting


Download ppt "Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated."

Similar presentations

Ads by Google