Will it Blend? Coordinating Internal Controls & Process Remediation to Achieve Sustainable Financial Audit Success John Bower, CPA CDR Colin Campbell, USCG 1

2 LUCASFILM

Why We’re Here Federal Financial Management Improvement Act (1982) improving info for decisions & accountability CFO Act of 1990 CFO in all executive agencies DHS Financial Accountability Act (2004) CFO agency; Internal Controls Over Financial Reporting DHS Audit Requirement Target Act (2012) clean financial statement audit by

Agenda Audit Remediation & Internal Controls The Internal Controls Cycle Tools Best Practices Roadmap to Success Summary & Questions 4

Audit Remediation Division Remediation Internal Controls Fix long-standing audit discrepancies Drive efficient & effective business practices. 5

Internal Controls Division Remediation Internal Controls Monitor efficiency & effectiveness. Subject matter expertise, training, & guidance Manage annual statement of assurance 6

Internal Controls - Refresher 7 Compensating Manual Automated

Internal Controls - Refresher 8 Detective Preventative

Issues Duplicate requests/pushback frustrated field Can’t identify remediated area hindered internal controls work Remediation not aware of new gaps hindered remediation No Internal Controls input on remediation internal control testing failure risk 9 Remediation Internal Controls

10 Internal Controls Blendtec

Pivot – New Strategy Integrate Remediation & Internal Controls controls ensure sustainment “One-stop shop” for audit issues keep the customer satisfied, engaged, committed Eliminate repetitive calls for data less work for everyone! Keeping the OIG Auditors away reduce “audit fatigue” 11

The Internal Controls Cycle 1) Determine Scope 2) Perform Materiality Assessment 3) Perform Risk Assessment 4) Document Process and Procedures 5) Develop Testing Plan 6) Perform Test of Design 7) Perform Test of Effectiveness 8) Evaluate Test Results 9) Report Results to Management 10) Create Corrective Action Plan 11) Roll Forward and Monitoring 12) Statement of Assurance 12

Planning Risk Assessment - Determine Scope - Perform Materiality Assessment - Perform Risk Assessment Evaluate the Controls at the Process Level Documentation of Interviews and Walkthroughs - Document Processes and Procedures - Develop Testing Plan - Perform Tests of Design Test Controls at the Transaction Level Test of Operating Effectiveness Documentation - Perform Test of Effectiveness Conclude, Report and Correct -Testing Remediation of New Controls Implemented During the Fiscal Cycle -Gaining Comfort of Period Not Tested - Evaluate Test Results - Report Results to Management - Develop Substantive Testing Plan - Develop and Implement Corrective Action Plan - Perform Roll Forward & Monitoring Statement of Assurance A-123DHSUSCG

The Internal Controls Cycle 1) Determine Scope 2) Perform Materiality Assessment 3) Perform Risk Assessment 4) Document Process and Procedures 5) Develop Testing Plan 6) Perform Test of Design 7) Perform Test of Effectiveness 8) Evaluate Test Results 9) Report Results to Management 10) Create Corrective Action Plan 11) Roll Forward and Monitoring 12) Statement of Assurance 14 Fails TOE Fails TOD High Risk

The Internal Controls Cycle 1) Determine Scope 2) Perform Materiality Assessment 3) Perform Risk Assessment 4) Document Process and Procedures 5) Develop Testing Plan 6) Perform Test of Design 7) Perform Test of Effectiveness 8) Evaluate Test Results 9) Report Results to Management 10) Create Corrective Action Plan 11) Roll Forward and Monitoring 12) Statement of Assurance 15 Remediated

16 US Coast Guard

Process Flow 17

Remediation Begins: Workflow Report 18 FY2013 Operating Materials and Supplies Workflow Report FY2013 Ref. No. RiskControl ObjectiveControl Activities FY2013 Control Status Why Corrective Action is Necessary 16.2Donations/transfers are received without proper valuation support. Ensure proper support for donations/transfers is received before recording it in the system. No control activity identified. Compensating control exists through the execution of the Monthly Valuation Sustainment process. High Residual Risk The process for accounting for donated and transferred stock items was presented to the FMAOB in Q1 of FY2013. As an outcome of this meeting, interim policy was issued prescribing the proper accounting treatment for donated and transferred stock items. A procedure defining the proper accounting treatment for donated and transferred in stock items has not yet been promulgated. 35.1Account balances do not reconcile with the stock ledger and errors are outstanding. Ensure stock ledger and general ledger reconcile so balances are stated accurately on financial reports. Quarterly, the Financial Program conducts the Stock Ledger to General Ledger Reconciliation procedure to ensure that account balances are accurately reflected on the financial reports. Reconciling errors are investigated and supporting documentation is retained. Failed TODDuring FY2013 Test of Design, the Internal Control Assessment Team obtained the stock to general ledger reconciliation package for the 1st Quarter of FY2013. The team noted several discrepancies between the two ledgers were identified however, documentation was not available to support the cause and required adjustment for all reconciling errors, including a $425,901 variance between two sub-accounts. This resulted in unsupported adjustments to the general ledger.

Incorporate control gaps into plan 19

20 US Coast Guard

Discuss Control Gaps w/ KPOs Capture all policy/procedures? Control gaps factually accurate/correctly captured? Policies/procedures been updated? Process changed? 21

Discuss Control Gaps w/ KPOs Process in remediation? Cost-benefit of proposed solution? Targeted resolution date? 22

CodeDescription LLong-term Remediation Effort: Do Not Test SShort-Term Remediation Effort: Do Not Test UUnder Investigation: Need more information to Determine Appropriate Corrective Action TRemediation completed: Control is recommended for testing Remediation tracks and monitors efforts until they are determined to be ready for testing. 23 Prioritize & Identify

Build Relationships Hit the Road Together Key Command Visits Leadership Forums & Conferences Monthly Audit Status Updates Limited ‘Marketing’ Internal Communications Magazine Articles Command Master Chief Network 24

Messaging Standard 101 Briefings Field, KPOs, SES/Flags Marketing Comptroller Newsletter “Tone at the top” Commandant Video Executive Management Council 25

US Coast Guard

27 Roadmap to Success: Controls

Transition: Effort 28

Transition: Responsibility 29

30 US Coast Guard

Audit Readiness Progress 31

Internal Control Progress 32

Coast Guard Successes Enhanced programs Unmodified opinion: financial statements Reduction to 2 material weaknesses Improved field understanding of benefits Improved field responsibility of controls Continued dedication & commitment from the top down to the field 33

34 US Coast Guard

Focus Areas : Balance Sheet 2013: Clean opinion: Financial Statements Congress: clean financial audit by FY 2013 Continue improving internal controls 2014+: Sustainment, ICOFR Maintain clean opinion on the financial statements Unmodified opinion: ICOFR audit 35

Summary Coordination & Integration Tone at the Top It’s Not Hard, Just Hard to Do Sometimes. Communicate Collaboration Leads to Compliance No such thing as remediation for a healthy program Pigs and Chickens 36

Questions? CDR Colin Campbell CG-845 (202) John Bower CG-85 (202)