Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.

Similar presentations


Presentation on theme: "Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September."— Presentation transcript:

1 Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September 11, 2014

2 Presented by: Stephen W. Blann, CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann 2

3 Session Outline Effective internal control – COSO Framework Internal audit function – GFOA Best Practices Compliance Plans – Internal control over compliance 3

4 Overview of Internal Control Internal Control—Integrated Framework – COSO Report (1992 & 2013) – Committee of Sponsoring Organizations (AICPA, AAA, IIA, IMA, FEI) – Codified in Auditing Standards by AICPA, GAO, and PCAOB (SOX) 4

5 Overview of Internal Control Management’s responsibilities – Effectiveness – Efficiency – Compliance – Financial Reporting Internal controls are the framework management establishes to ensure it meets these responsibilities 5

6 Overview of Internal Control Limitations of internal controls – Cost vs. benefit – No “perfect” system – Management override 6

7 Overview of Internal Control Responsibility for internal control – Management is primarily responsible Independent auditors “gain an understanding” – not a substitute for management Internal auditors work for management – The governing body is ultimately responsible 7

8 Overview of Internal Control Management is responsible for: – Design – Implementation – Monitoring – Reporting 8

9 The Internal Control Framework The Control Environment Risk Assessment and Monitoring Control-related Policies and Procedures Information and Communication Monitoring 9

10 The Internal Control Framework Control Environment Management’s attitude / example Communication The Internal Auditor The Audit Committee 10

11 The Internal Control Framework Risk Assessment and Monitoring Changes in: – Operating environment – Personnel – Information systems / technology – Rapid growth – New programs / services – Structure 11

12 The Internal Control Framework Risk Assessment and Monitoring Inherent risk Prioritization – Significance – Likelihood 12

13 The Internal Control Framework Control-Related Policies Essential tasks of an accounting system – Assemble data – Analyze, classify, and record data – Report on data – Maintain accountability over assets 13

14 The Internal Control Framework Control-Related Policies Management’s implicit assertions – Existence / occurrence – Completeness – Rights / obligations – Allocation / valuation – Presentation / disclosure 14

15 15 The Internal Control Framework Control-Related Policies – Authorization – Properly designed records – Security of assets and records – Segregation of incompatible duties – Periodic reconciliations – Periodic verifications – Analytical review – Timely external reporting (GAAP) Policies and procedures

16 The Internal Control Framework Information and Communication Information needs – Appropriate content – Timely / current – Accurate – Accessible Methods of communication Accounting policies and procedures manual 16

17 The Internal Control Framework Monitoring Purpose (smoke alarm) Ongoing Evaluation of internal controls (internal audit) 17

18 Evaluating Internal Controls Identify control cycles Document processes Identify potential risks 18

19 19 Evaluating Internal Controls – Authorization – Properly designed records – Security of assets and records – Segregation of incompatible duties – Periodic reconciliations – Periodic verifications – Analytical review – Timely external reporting (GAAP) Identify compensating controls

20 Establishing an Internal Audit Function GFOA Best Practices: – Establishment of an Internal Audit Function – Enhancing Management Involvement with Internal Control – Audit Committees 20

21 GFOA Best Practices Government Finance Officers Association of the United States and Canada – Professional organization – Issues best practices and advisories on a variety of topics relevant to government financial management 21

22 GFOA Best Practices A BP identifies specific policies and procedures as contributing to improved government management. It aims to promote and facilitate positive change rather than merely to codify current accepted practice. Partial implementation is encouraged as progress toward a recognized goal. 22

23 GFOA Best Practice Establishment of an Internal Audit Function Definition of an “internal auditor”: – any audit professional who works directly for management, at some level, and whose primary responsibility is helping management to fulfill its duties as effectively and efficiently as possible. 23

24 GFOA Best Practice Establishment of an Internal Audit Function Role(s) of an internal auditor: – Monitoring the design and proper function of internal control policies and procedures – Function as an additional level of control – Conduct performance audits – Special investigations and studies 24

25 GFOA Best Practice Establishment of an Internal Audit Function Recommendations: – Every government should either Establish a formal internal audit function; Assign internal audit responsibilities to its regular employees; or Hire a CPA firm (other than the independent auditor) for this purpose 25

26 GFOA Best Practice Establishment of an Internal Audit Function Recommendations: – The internal audit function should be formally established by charter, enabling resolution, or other appropriate legal means – Internal auditors should follow the GAO’s Government Auditing Standards, including standards applicable to independence 26

27 GFOA Best Practice Establishment of an Internal Audit Function Recommendations: – The head of the internal audit function should possess at least a college degree and relevant experience; a professional certification is encouraged (CIA, CPA, CISA) – The annual internal audit work plan and all reports of internal auditors should be made available to the audit committee 27

28 GFOA Best Practice Enhancing Management Involvement w/ IC Purpose of internal control: – Adequately protect public funds by prudent management – Provide a reasonable basis for finance officers to assert the financial information they provide can be relied upon 28

29 GFOA Best Practice Enhancing Management Involvement w/ IC Stakeholders in internal control: – Independent auditors provide assistance in meeting internal control-related responsibilities, but are not a substitute for management’s direct and informed involvement with internal controls – Elected officials must ensure that managers who report to them fulfill their responsibilities in implementing IC 29

30 GFOA Best Practice Enhancing Management Involvement w/ IC Recommendations: – Financial managers should obtain information and training needed to meaningfully take responsibility for internal control – Obtain sound understanding of COSO’s comprehensive framework of internal control 30

31 GFOA Best Practice Enhancing Management Involvement w/ IC Recommendations: – Internal control procedures should be documented – Design a practical means for lower level employees to report instances of management override of controls that could be indicative of fraud – Internal controls should be monitored and reevaluated for adequacy 31

32 GFOA Best Practice Enhancing Management Involvement w/ IC Recommendations: – Evaluations of controls should include effectiveness and timeliness of corrective action for identified deficiencies – Control effectiveness requires a baseline for future monitoring, which should be adjusted for changes in controls – Corrective action plans should have timetables and be monitored 32

33 GFOA Best Practice Audit Committees There are 3 groups responsible for the quality of financial reporting: – Governing body – Financial management – Independent auditors The governing body must be seen as “first among equals” 33

34 GFOA Best Practice Audit Committees Audit Committees are a practical means for a governing body to provide much needed independent review and oversight of: – the government’s financial reporting processes, – internal controls, and – the independent auditors 34

35 GFOA Best Practice Audit Committees Selected recommendations: – The governing body of every state and local government should establish an audit committee – The audit committee should be formally established by charter, enabling resolution, or other appropriate legal means 35

36 GFOA Best Practice Audit Committees Selected recommendations: – The documentation establishing the audit committee should prescribe the scope of the committee’s responsibilities, its structure, and membership requirements – The audit committee should be directly responsible for the appointment, compensation, retention, and oversight of the independent auditor 36

37 GFOA Best Practice Audit Committees Selected recommendations: – All members should possess or obtain a basic understanding of governmental financial reporting and auditing – The committee should have access to the services of at least one financial expert (either a committee member or outside party engaged for this purpose) 37

38 GFOA Best Practice Audit Committees Selected recommendations: – The audit committee should provide independent review and oversight of a government’s financial reporting processes, internal controls and independent auditors – The audit committee should have access to the reports of internal auditors, as well as access to annual internal audit work plans 38

39 Compliance Plans Internal control over compliance – Differences and similarities with IC over financial reporting – Existing and new requirements for grants – Auditor involvement 39

40 Compliance Plans Existing requirements: – OMB Circulars A-102 Common Rule and A-110 Administrative Requirements – Requires management to establish and maintain internal controls designed to provide reasonable assurance of compliance with Federal laws, regulations and program compliance requirements 40

41 Compliance Plans New Uniform Grant Guidance (2 CFR 200): – Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award – Consistent with COSO 41

42 Compliance Plans Auditor involvement – Yellow Book engagements (material to financial statements) – Single audit (material to major federal programs) – Other (Medicare, etc.) 42

43 Questions? 43

44 For more information... Stephen W. Blann, CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann 44


Download ppt "Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September."

Similar presentations


Ads by Google