Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management.

Published byIsabella McLain Modified over 10 years ago

Similar presentations

Presentation on theme: "Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management."— Presentation transcript:

1 Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management Christian Fuellgraf, Director Grant Thornton, Global Public Sector Tom Dale, Director Grant Thornton, Global Public Sector

2 Our panelists' point of view Our personal experiences have shaped our perspectives. Indiana Encompass The Ohio State University Marriott French Ministry of Finance Ohio OAKS U.S. National Park Service City of Milwaukee Alameda County, CA Riverside County, CA Kentucky HRIS Implementer Client U.S. Department of the Interior FBMS

3 Overview Internal controls and ERP implementation strategy The State of Ohio experience Putting it together going forward

4 Sharing the message of internal controls Internal controls comprise both a structure and a systematic methodology to help financial, technology and program managers achieve their mission results and safeguard the integrity of programs. They are a means of managing the risk and improving efficiency associated with programs and operations – done properly they are widely accepted and followed.

5 ERP drivers and internal control objectives complement each other Achieve better and more efficient fiscal, program and technology management Improve fiscal accountability and safeguard public assets Improve fiscal accountability and safeguard public assets ERP Drivers Utilize technology to streamline operations, transaction accuracy, and processing times Obtain reasonable assurance of the integrity of all fiscal processes via improved systems Create greater visibility and confidence in state data via technology and technology- enabled processes Blueprint for better and more efficient fiscal, program and technology management Methodology to ensure fiscal accountability and safeguard public assets COSO IC An approach that aligns an organizations processes and procedures to reporting, rules and legal requirements Set of standard practices to provide reasonable assurance of the integrity of all fiscal processes A means to create greater visibility and confidence by legislative leadership, opinion leaders and stakeholders into the fiscal and operational integrity of an agency

6 Common ERP approach This is a good start, but not a complete strategy. Plan Analyze Design Build Test Deploy SDLC Phases Project Management Change Leadership Process Design and Configuration Internal ControlsInformation Technology Training and Documentation ERP Implementation Work Streams

7 Ohio's implementation approach Elected to do a plain vanilla implementation where business processes are adapted to function within the COTS software Focused on meeting requirements and technical compliance rather than significant re-engineering for leading practices Finance and Supply Chain Purchasing General Ledger Accounts Payable Accounts Receivable Financials Data Warehouse/EPM Billing and Receiving Asset Management Budgeting and Planning Human Capital Management Core HR Payroll Time and Labor ePay HCM Enterprise Performance Management (EPM) Benefits Administration COBRA EPM for Benefits Admin & COBRA

8 Results Risk assessment identified 108 issues from across State organizations and applications Multiple SAS-70 findings Management Letter comment in statewide single audit - "significant deficiency in IT controls for HCM application" Risk CategoriesRating Asset Management Budget Management Claims Management Financial Reporting Information Technology Payroll Personnel & Organizational Support Program Management Procurement/Expenditures Revenue Management

9 Implications Vulnerability ratings based on assessment comments and experience Categorized issues into domains: -14 critical -27 high priority Remediation plan in process Four people dedicated to corrective actions plans for next fiscal year

10 Estimated costs of additional changes Enterprise risk management activities - $1.7 million Process-based assessments of four critical risk areas Estimates do not include performing corrective actions, state project team time or agency time Risk areaHours Financial Reporting1,250 IT3,000 Payroll1,400 Procurement & Expenditures 1,550

11 Risks of not including internal controls initially Project Delays – System testing will likely show weakness in security and other controls Data Reliability and Process Integrity Issues – Many potential risks from lack of system acceptance to outright fraudulent activity Audit Findings – Audits may comment upon material weakness in the various functional areas Post Go-Live Rework – On average it is 3-5 times more expensive to address issues post-implementation

12 ERP approach with internal control work stream Plan Analyze Design Build Test Deploy SDLC Phases Project Management Change Leadership Process Design and Configuration Internal Controls Information Technology Training and Documentation ERP Implementation Work Streams

13 Be control conscious Internal controls should be an integral part of the solution analysis, requirements, design and delivery lifecycle – not an afterthought – involve your auditors Actively involve internal control experts throughout the project lifecycle Build internal control work streams into ERP system solicitation requirements Educate and work with your state and agency CIO's – better internal controls are a good thing for everyone!

Download ppt "Addressing Internal Controls in State ERP Systems: Being Proactive Aaron Erickson, Chief Operating Officer State of Ohio, Office of Budget and Management."

Similar presentations

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.

AUDITING : AN OVERVIEW. Auditing defined It is a critical and systematic examination or review of accounting reports, documents, records, procedures and.
What have we done?. Project context Size of state budget: $ 27 Billion Includes the three branches of state government Includes DOT Number of employees:

What have we done?. Project context Size of state budget: $ 27 Billion Includes the three branches of state government Includes DOT Number of employees:
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
Delivery Business Solutions April 29, 20131 Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.

Delivery Business Solutions April 29, Nashville PMI Symposium April 29, 2013 Stephanie Dedmon, PMP Director, Business Solutions Delivery Department.
Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.

Corporate Service Review DEPARTMENT OF BUSINESS AND EMPLOYMENT.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Enterprise Resource Planning ERP Systems

Enterprise Resource Planning ERP Systems
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
The Information Systems Audit Process

The Information Systems Audit Process
1 Brown Bag Luncheon: ARMICS Update Presented By: Steve Kimata and Susan Herod July 23, 2008.

1 Brown Bag Luncheon: ARMICS Update Presented By: Steve Kimata and Susan Herod July 23, 2008.
Information Technology Audit

Information Technology Audit
Eric R. Johnson Hillsborough County, (Tampa) FL

Eric R. Johnson Hillsborough County, (Tampa) FL
Concepts in Enterprise Resource Planning 2 nd Edition Chapter 1 Business Functions, Processes, and Data Requirements.

Concepts in Enterprise Resource Planning 2 nd Edition Chapter 1 Business Functions, Processes, and Data Requirements.
1 Talal Abu Ghazaleh Information Technology International (TAG-ITI)

1 Talal Abu Ghazaleh Information Technology International (TAG-ITI)
Financials – Phase II Kick-Off Meeting September 11, 2008 Brenda Bolander, State Comptroller Michael Grisser, Project Manager.

Financials – Phase II Kick-Off Meeting September 11, 2008 Brenda Bolander, State Comptroller Michael Grisser, Project Manager.
The Microsoft Office 2007 Enterprise Project Management Solution:

The Microsoft Office 2007 Enterprise Project Management Solution:
 OSA MeetingMay 17, 2013.  Project Vision  Scope, Governance, Benefits  Timetables & Next Steps  Realizing the Vision - Procurement  Questions 2.

 OSA MeetingMay 17,  Project Vision  Scope, Governance, Benefits  Timetables & Next Steps  Realizing the Vision - Procurement  Questions 2.

Similar presentations

Ads by Google