Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Finance and Administration 1 NASC Annual Conference Friday, March 25, 2011 Phoenix, Arizona The Mississippi Experience.

Similar presentations


Presentation on theme: "Department of Finance and Administration 1 NASC Annual Conference Friday, March 25, 2011 Phoenix, Arizona The Mississippi Experience."— Presentation transcript:

1 Department of Finance and Administration 1 NASC Annual Conference Friday, March 25, 2011 Phoenix, Arizona The Mississippi Experience

2 2 2 NASC Multi-State Consortium on Internal Control Purpose History Tools Mississippis Internal Control Journey DFAs Initial Role in Internal Control How We Planned to Move Forward Steps That Were Taken ARRA Monitoring of Internal Controls Where Are We Now and Where Do We Go from Here Resources Key Points

3 3 3 First conference call meeting of the Multi- State Consortium on Internal Control (MSC) was convened October, 2006 Goals were developed Vision and Mission Statements were crafted NASC Multi-State Consortium on Internal Control

4 4 4 Vision Statement: To provide a low cost COSO/CobiT- based Web-enabled enterprise risk assessment and monitoring tool to state and local governments. Mission Statement: The Multi-State Consortium on Internal Controls mission is to educate and support the use of good internal controls. It is our goal to achieve standardization, consistency, and expand utilization by providing a low cost, accessible mechanism for establishing, assessing, monitoring, and reporting on enterprise risk for governments. NASC Multi-State Consortium on Internal Control

5 5 Control Activities – These policies and procedures help ensure management directives are carried out Information and Communication – Pertinent information must be identified, captured and communicated in a form and time frame that supports all other control components Monitoring – Internal control systems need to be monitored – a process that assesses the quality of the systems performance over time Control Environment – The control environment sets the tone of an organization, influencing the control consciousness of its people Risk Assessment – Every entity faces a variety of risks from external and internal sources that must be assessed both at the entity and the activity level Internal Control - Integrated Framework, COSO Quality Assurance – COSO

6 6 6 Implement SAS 112 and improve state documentation of internal controls Open dialogue and sharing among states Post various state statutes related to Internal Controls on NASC web site Post state internal control documents on NASC web site Research automated tool to standardize and monitor internal controls Invite various vendors to demo GRC software Demo Massachusetts online Assessment Tool Develop Guidebook, Glossary, and Internal Control Questionnaire NASC Multi-State Consortium on Internal Control

7 7 7 October, 2006, the first conference call meeting of the Multi-State Consortium on Internal Control (MSC) was convened and it was determined what the group wanted to gain from their participation in the MSC Open dialogue and sharing among states Post various state statutes on NASC web site Automated tool to standardize and monitor internal control Invite various vendors to demo GRC software Eventually participants decided their respective states did not have the funds to purchase GRC software at that time NASC Multi-State Consortium on Internal Control

8 8 8

9 9 9 Guidance by DFA on Internal Controls In MAAPP Manual Statutes In 2006 DFA decided to place more emphasis on education and training on internal controls and compliance with laws and regulations at the agency level. MS DFAs Role As It Related to Internal Controls in State Agencies

10 10 Plan to Move Forward Strengthen the internal control sections of the MAAPP manual and make them more user- friendly. Emphasize internal controls at the agency level. Alert agency executive directors and other agency managers of managements responsibility related to internal control requirements. Provide training on internal controls for agency staff and ongoing technical assistance. 10

11 11 Enforce requirement of written annual internal control assessment by agency management providing assurances on internal control. Consider statutory revisions addressing changes needed in regard to annual assessment/assurances and reporting to DFA. Develop pre-audit criteria that would allow selection of types of documents and volume percentages of review by BFC. 11 Plan to Move Forward

12 12 Plan to Move Forward Establish pre-audit criteria for each agency based upon strength of that agencys internal control system. Upgrade staff qualification requirements and associated salary levels to allow the hiring of individuals who could provide training to agencies on internal control and who could audit the agency assessments of their internal control to determine validity. 12

13 13 Next Steps Taken Held meeting for agency executive and finance directors on internal controls and risk and SAS 112 in February, 2007 Issued updated MAAPP manual sections which included interactive risk assessments during 2008 DFA Executive Director issued memo requiring agencies to develop internal control plan and submit risk assessments and certification annually in February,

14 14 Next Steps Taken Agencies were required to submit first risk assessments and certification letter by June 1, 2009 Agency Training September, 2009 for agencies on SAS 112/115 and Risk Assessments Next assessments and certification was due December 31, 2009 Contracted with KPMG to assist DFA in monitoring of agency internal controls over ARRA funds Most recent assessments were due from agencies December 31,

15 15 Language from February, 2009 DFA Executive Director Letter Agencies are required to develop a written internal control plan. Information on how to prepare an agency Internal control plan is provided in Sub-Section of the Internal Control Section of the MAAPP Manual. Agencies are also required to maintain adequate written documentation for activities conducted in connection with risk assessments, internal control reviews and follow-up actions. This documentation is to be available for review by agency management, the Office of State Auditor and DFA- OFM. 15

16 16 Annually, each agency director and chief financial officer shall sign and submit a letter to DFA-OFM certifying that internal controls within the agency have been evaluated in accordance with guidelines established. See example of letter located in Sub- Section of the Internal Control Section of the MAAPP Manual. This letter will report the results of the agency's compliance, including an attached summary description of material internal control weaknesses and significant deficiencies, if any, and a brief corrective action plan. 16 Language from February, 2009 DFA Executive Director Letter

17 17 Exhibit 4: Managements Commitment to Professional and Technical Competence

18 18 Agency Y – 2009 Control Environment Assessment Tools Exhibit 2: Managements Philosophy

19 19 Agency Y – 2010 Control Environment Assessment Tools Exhibit 2: Managements Philosophy

20 20 Agency Z – 2009 Control Environment Assessment Tools Exhibit 2: Managements Philosophy

21 21 Agency Z – 2010 Control Environment Assessment Tools Exhibit 2: Managements Philosophy

22 22 Agency Response to Internal Controls December, 2010

23 23 Agencies contracting for assistance completing the IC Assessment 2009 six agencies (4 large, 1 medium, and 1 small) 2010 three agencies (2 large and 1 medium) Agency Commitment

24 24 Pre-Audit Selection Table

25 25 Pre-Audit Selection Table Example

26 26 ARRA Monitoring A Risk Assessment Spreadsheet was used to assign risk to each grant Financial Risk (maximum 25 points) 1512 Expended Amount 12/31/ Reporting Compliance (used checklist) Internal Control Risk (maximum 35 points) Single Audit Findings OMB/GAO Risk Other Reports 12/31/09 Risk Assessments 26

27 27 ARRA Monitoring A Risk Assessment Spreadsheet was used to assign risk to each grant Public Interest Risk (maximum 10 points) All Executive Agencies considered medium at a minimum Public records request or inquiries Operational Risk (maximum 30 points) Time to spend funds Subrecipient Type Subrecipient Count Discretion New Program Type of Expenditure Overall Risk (maximum 100 points) 27

28 28 ARRA Monitoring Interviews were conducted with each agency receiving ARRA funds – 23 agencies and 67 grants KPMG was given agencies 12/31/09 assessments Overall risk assessment score and individual assessment scores determined order agency onsite monitoring was performed 28

29 29 ARRA Monitoring Template developed for agency field work Governance/Oversight/Management Human Capital General Accounting Purchasing and Disbursements Procurement/Acquisition Allowable Costs – Activities Allowed or Unallowed Fixed Assets Disbursements Cash Receipts General Cash Management Program Income 29

30 30 ARRA Monitoring Template developed for agency field work Grants Management Program Requirements Matching Requirements Eligible Activities Eligible Participants (selection of subrecipients) Reporting ARRA 1512 Reporting Performance and Other Reporting GAAP Financial Statement Reporting Subrecipient Monitoring 30

31 31 ARRA Monitoring Template developed for agency field work Davis-Bacon Act Compliance Contract Monitoring Information Systems Special Provisions/Additional Steps 31

32 32 Observations are communicated to each agency during an exit interview conducted by both DFA and KPMG Agencies are verbally provided with next steps related to the observations Agencies are sent a letter by DFA detailing the observations, leading practices of the agency, and next steps ARRA Monitoring

33 33 Agencies are more focused on internal controls: Develop internal control plans Assess risk and submit to DFA Submit agency director certifications to DFA Monitor ARRA grants Where We Are

34 34 NASC Multi-State Consortium on Internal Control DFA Home Page MAAPP Manual OFM Internal Control Memos & Presentations Resources

35 35 The Mississippi Experience Leila Malatesta Office of Fiscal Management, Director Department of Finance and Administration NASC Annual Conference Friday, March 25, 2011 Phoenix, Arizona


Download ppt "Department of Finance and Administration 1 NASC Annual Conference Friday, March 25, 2011 Phoenix, Arizona The Mississippi Experience."

Similar presentations


Ads by Google