Shared Services and Third Party Assurance: Panel May 19, 2016.

Slides:



Advertisements
Similar presentations
Debt Management Strategy: Governance and Transparency
Advertisements

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Development of internal control: methodology and responsibility
Office of the Auditor General of Canada CANADA’S ADOPTION OF INTERNATIONAL STANDARDS ON AUDITING 20 FACTS PREPARERS of FINANCIAL STATEMENTS SHOULD KNOW.
Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept
Performing a Fiduciary Review of Trust Administration FIRMA April 2009 Independent Fiduciary Services ® Independent Fiduciary Services, Inc.  th.
Areti Moularas, Senior Manager
Dr. Julian Lo Consulting Director ITIL v3 Expert
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
IS Audit Function Knowledge
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit
Moving from money well accounted for to money well spent UK Information Technology Summit May 2005 Helen McDonald A/Chief Information Officer Treasury.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Purpose of the Standards
Australia’s Experience in Utilising Performance Information in Budget and Management Processes Mathew Fox Assistant Secretary, Budget Coordination Branch.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Session 4: Good Governance: How SAIs influence Good Governance in Public Administration Zahira Ravat 27 & 28 May 2014.
Chicagoland IASA Spring Conference
Information Technology Audit
Internal Auditing and Outsourcing
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Audit of Public Procurement
UNM and Health System Internal Audit Departments Internal Audit Department Orientation Manu Patel, Internal Audit Director Purvi Mody, Executive Director,
Chapter 5 Internal Control over Financial Reporting
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Roles and Responsibilities
1 1 UNDP’s Financial Management and Assurance March 2007.
S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.
Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
1 Governance, accountability and performance reporting in the public sector Des Pearson Executive in Residence August 2013.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Achieving the MDGs: RBA Training Workshop Module 6: Investments in Public Management May 9-12, 2005.
Practical Investment Assurance Framework PIAF Copyright © 2009 Group Joy Pty. Ltd. All rights reserved. Recommended for C- Level Executives.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.
Reallocation in the budget process Strategic Reviews around the world Cutting Tools: How to Cut Risks, consequences, sustainability Practical Considerations.
ISSAI 400 Compliance Auditing
Casualty Loss Reserve Seminar General Session II September 9, 2003 Section 302/404 of Sarbanes-Oxley Act What Actuaries Need to Know Jan A. Lommele, FCAS,
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
PUBLIC–PRIVATE PARTNERSHIP (PPP) FRAMEWORK AND GUIDELINES Syed M. Ali Zaidi, P.Eng. PM(Stanford), Ph.D. Director, Strategic Partnerships Alberta Infrastructure.
Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”
Performance Budgeting in the Government of Canada: Transitioning from Surplus to Deficit Reduction Presented to: The Peterson-Pew Commission's International.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Audit Committee in the Public Sector 30 September 2015 Corporate Executives: Barry Wheeler.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Effective Board Governance & role of the Audit Committee Presentation by Cluster Audit Committee – July / August 2012.
Improving Compliance with ISAs Presenters: Al Johnson & Pat Hayle.
 Planning an audit of cost statements, records and other related documents is considered necessary to ensure achievement of audit objectives with available.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
An exposure to COMPLIANCE AUDIT By- Vishal Chawre DAG(A/c & VLC) O/o AG(A&E), Nagpur.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Wendy Birkinshaw, A/Director, Service Transformation
INTRODUCTION TO Compliance audit METHODOLGY and CAM
Policy on Transfer Payments Renewal
Taking the STANDARDS Seriously
Briefing to the Portfolio Committee on Police Audit outcomes of the Police portfolio for the financial year 13 October 2015.
Internal Audit’s Role in Preventing Fraud and Corruption
Operational Risk Management
Portfolio Committee on Communications
Presentation transcript:

Shared Services and Third Party Assurance: Panel May 19, 2016

Department to department service provision – Examples: Shared Services Canada, Financial Management System shared clusters and Pay Centre; External service provider. Purpose of the presentation: To present an overview of the shared service (service provider) assurance activities being applied on to the following: 2

Definition – Service provider Sourcing arrangements linked to a range of mechanisms in which the Government use organizational partnerships:  between departments, or  outside the public sector, to improve performance in conducting operations or delivering programs services to citizens and businesses. 3

Enterprise Approach Benefits Achieved Cost and Effort Optimizing Departmentally Optimize to Government as a Whole Diminishing Returns 4

In the Private Sector… Service organization is providing services to one or more user entities. User entity may identify need for assurance over an activity that relies on the controls at a service organization. Specifically: Assurance over whether controls exist and are suitably designed to meet objectives Assurance over whether controls are operating effectively throughout the specified period Under the standards for reporting on controls at a service organization, Canadian Standard on Assurance Engagements (CSAE) 3416, the service auditor obtains assurance: whether the controls at the service organization were suitably designed throughout a specified period (type 1 report); whether the controls at the service organization were suitably designed and were operating effectively throughout a specified period (type 2 report). CSAE 3416 allows service auditors to rely on relevant internal audit work carried out by service organization’s internal audit function. 5

In the Federal Government… Areas of consideration:  Internal control over financial reporting  Financial system  Service provision for procurement, HR, Internal Audit  Shared Services Canada  Ministerial accountability 6

Service Provider –example ICFR reporting The department relies on other organizations for the processing of certain transactions that are recorded in its financial statements, including: Department A for common administrative services and support to the programs; Public Services and Procurement Canada (PSPC), for centrally administering the payment of salaries and providing accommodations and cheque-issuing services; Department of Justice for legal services; Treasury Board Secretariat for information to calculate various employee benefit amounts; and, Medicare inc. for providing claims administration for the Interim Federal Health Program (IFHP). The department will need to continue working with these organizations to determine how they can assist with our departmental PIC objectives. 7

Levels of departmental internal controls System of ICFR System of ICFM System of IC DM as accounting officer Broad system of internal control CFO System of internal control over financial management ADMs System of internal control in their area of responsibility Policy requirements focus on ICFR 8

Assessment of Key Controls Assessment Design effectiveness: – key controls documented – in place as designed – aligned with risks Operational effectivenesss: – key controls functioning over time Entity level (tone from the top) General IT level 3 levels of controls Risk-based approach Start with annual financial statements - Identify key accounts - key risks and materiality Business process level 9

Consider: Key control objectives following the COSO 2013 framework. Key control objectives from the Control Objectives for Information and Related Technology (COBIT) 5 framework developed by the Institute of Information Systems Audit and Control Association (ISACA). Specific element for Privacy and Security. Control Framework 10

 Set enterprise governance to establish clear, coherent GoC direction and ensure tight coordination.  Set operational governance for common and shared services  Establish an enterprise portfolio management office to support governance, oversight, plan investments, track savings, etc. Get Governance in Place Getting Started: Service Provider Common procedure and practice changes across GoC  Identify performance indicators.  Identify reporting requirements and information standards.  Develop common business processes for key services  If external, begin new procurement approaches. 11

Roles and responsibilities (some examples) Deputy Heads (DH) –As accounting officer, the DH is responsible for measures taken to maintain effective systems of Ics and sign the Statement of Management of Responsibility Chief Financial Officers (CFOs) –Lead departmental role for financial management (incl. a key source of expertise) –Lead and coordinate the planning and execution of the assessments and sign the Statement of Management of Responsibility Senior Departmental Managers –Responsible for maintaining effective systems of ICs in the programs for which they are responsible –Contribute to the assessment of key risks and controls in their area of responsibility Chief Audit Executives (CAE) –Lead departmental role for internal audit (incl. a key source of expertise) –Assessment results can inform future internal audit plans –Internal audit findings can be leveraged to support the assessment Chief Information Officers (CIO) –Lead departmental role for IT infrastructure and system applications (incl. a key source of expertise) –Contribute to assessments of IT systems and application controls Departmental Audit Committees (Where applicable) –Provide objective advice and recommendations to Deputy Heads –Timing and scope of engagement to be determined by the Deputy Head 12

Options… At the highest level, to be able to rely on service organizations a user entity could:  Obtain assurance through 3 rd party auditor directly performing audits to gather sufficient and appropriate evidence over the appropriate design and effectiveness of service organization controls;  Directly perform internal or external audits in service organizations;  Rely on internal audit work carried out at service organizations;  Request management attestation. 13

Conclusion:  Who approve the scope of the assurance product?  What authority does a user entity have over conducting assurance activities at a service organization (e.g. access to people and records)?  Service level agreement or Memorandum of Understanding?  What would be included in the agreement? (e.g. services being provided, relevant controls at service organization, complementary controls, access rights, etc.)  Who should conduct these engagements?  How should findings be communicated and to whom?  Service organization have a Quality Assurance and Improvement Program?  What avenues of recourse are possible and appropriate? 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.