Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Standard format has been developed by SALGAG  Auditing compliance with s125, but restricted to specific components specified in s129.

Published byMillicent Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: " Standard format has been developed by SALGAG  Auditing compliance with s125, but restricted to specific components specified in s129."— Presentation transcript:

1

2  Standard format has been developed by SALGAG  Auditing compliance with s125, but restricted to specific components specified in s129

3  General audit concepts apply: ◦ Reasonable assurance ◦ Sufficient appropriate evidence ◦ Materiality ◦ Risk ◦ Etc.  Auditor must understanding “suitable criteria” against which to assess Council ◦ E.g. Better Practice Model ◦ Discuss with Council, refer to Internal Control Policy ◦ If not Better Practice Model, consider appropriateness

4  Staff training and awareness programs  Controls within key business processes  Processes to identify and monitor implementation of mitigating actions required to ensure that compliance obligations are met  A monitoring plan to test key controls on a periodic basis and report exceptions  Procedures for identifying, assessing, rectifying and reporting compliance incidents and breaches  Periodic sign off by management and/or external third party outsourced service providers as to compliance with obligations  A compliance governance structure that establishes responsibility for the oversight of compliance control activities

5  Components of internal control should be present, functioning effectively, and working together. ◦ Control Environment ◦ Risk Assessment ◦ Control Activities ◦ Information and Communication ◦ Monitoring Activities

6  Weaknesses will contribute towards forming an opinion that multiple significant deficiencies in internal control exist  Casts doubt over reliability of internal control activities e.g. risk of controls being ignored / bypassed either deliberately or though lack of knowledge / human error

7  Demonstrated commitment to integrity and ethical values – “tone at the top” and throughout  Responses to audit management letters  Codes of conduct  Mission and value statements  Oversight in the development and performance of internal control –audit committee, internal audit  Attitude to external and internal audit

8  Policies (e.g. fraud, whistleblowers, internal control)  Existence and maturity of audit committee  Training and awareness programs  Penalties / consequences for breaches clearly defined and enforced  Good staff selection, appointment and probation processes, aimed at attracting and retaining competent staff aligned to strategic objectives (e.g. preference for internal appointments)

9  Must be documented  Weaknesses contribute towards forming an opinion that Council has not given adequate attention to ensuring that internal controls are sufficient, and that multiple significant deficiencies in internal control are likely to exist as a result.  Without a risk assessment, Council has no basis for prioritising controls or responses to control weaknesses

10  Risk tolerance  Risk identification – including fraud risks and involving input from a range of staff and managers across Council  Risk analysis - consider probability of occurrence and severity  Risk evaluation - which risks are to be treated and the priority for treatment  Risk treatment  Communication, monitoring and review

11

12 Failure of a Control activity could either:  Individually, result in a material weakness; or  Result in a material weakness when considered in aggregate with other control weaknesses Better Practice Model “Part 2” contains examples of control activities. These are not mandatory.

13  Must consider implementing, document if not  Acceptable reasons could be: ◦ Alternative / compensating control ◦ Cost / benefit ◦ Not applicable / practical

14  Applicability dependent on risk profile, size, functions  Prioritisation should depend on risk  Can be important

15 Risk Based approach, sample basis  High Risk Business Cycles e.g.: ◦ Procurement ◦ Cash ◦ Payroll  High Risk Controls e.g.: ◦ EFT Security ◦ Delegations  Councils CSA may guide sample selection

16  Should have in place for key business processes  Absence of policy / procedure decreases likelihood of control being exercised consistently, or in accordance with the intention of Council  Should be authorised, reviewed regularly, sanctions for wrong-doing, supported by adequate training / communication

17  Weaknesses in the information and communication cycle will contribute towards forming an opinion that multiple significant deficiencies in internal control are more likely to exist ◦ Training and awareness programs ◦ External Communication (e.g. requirement for POs, no gifts, communication with bank re online security, required # of signatories, etc)

18  Controls may be designed effectively, but not operating effectively i.e. frequently ignored / bypassed either deliberately or though lack of knowledge / human error.  Without Monitoring, on what basis is CEO certifying compliance with s125?  No particular monitoring methodology specified in the Better Practice Model.

19  Control Self Assessment (“Control Track”) is the leading practice  2 Approaches: 1) Desktop review 2) Testing  If CSA is performed properly and honestly, and is supported by appropriate work papers and independent review, it may be used by auditors to guide testing

20  If a Council identifies a control failure in a timely manner via CSA, and implements an appropriate action plan to correct the failure, the auditor can take this into consideration when forming an opinion as to whether a control failure represents a material weakness.

21  A deficiency, or combination of deficiencies, such that there is a reasonable possibility that a material non-compliance with law will not be prevented, detected, or corrected on a timely basis. (consider likelihood vs. magnitude); or  Multiple significant deficiencies which, considered collectively, result in a determination that a material weakness exists. A significant deficiency = a deficiency, or combination of deficiencies less severe than a material weakness, yet are important enough to warrant the attention of Council.

22  Per ASAE 3100:  Considered in the context of quantitative and qualitative factors: ◦ relative magnitude of instances of detected or suspected non compliance ◦ the nature and extent of the effect of these factors on the evaluation of compliance with the requirements as measured by the suitable criteria ◦ the interests of the intended users.  Professional Judgment

23  Consider importance of control, e.g.:  Policies ◦ Key Control = policy exists and is approved ◦ Secondary controls = reviewed regularly, sanctions for wrong-doing, supported by adequate training / communication  Reconciliations ◦ Key Control = key accounts reconciled ◦ Secondary Control = other accounts reconciled

24  Consider other factors: ◦ Length of control failure ◦ Existence of compensating controls ◦ Type of control that has failed (e.g. detective, corrective, preventative, directive) ◦ Has failure been identified by Council? ◦ Action plans in place to address – timely, appropriate ◦ The risk being managed by the control

25  Bank reconciliations too infrequent, not supported by appropriate independent review, not integrated with system (e.g. on spreadsheets only)  Weak online banking / EFT security (e.g. excessive access, excessive dollar value limits, password sharing)  Inadequate physical security over cash collections (e.g. not in locked safe, excessive staff access)  Lack of significant contracts

26  Lack of segregation of duties without compensating controls (e.g. detective controls, IT controls) – segregate recording, authorising, approving transactions and handling the related asset.  Lack of documented delegations  Lack of authorisation for transactions  Lack of security over blank cheques, inc. pre- signing blank cheques, access to blank cheques

27  Weak General Ledger access restrictions – (without these, internal controls can be overridden, segregation of duties may be unachievable) ◦ General Journal entry controls ◦ Master-file access (e.g. rates, payroll, vendor)  General ledger / sub ledger reconciliations not performed  Inadequate budget monitoring process  Insufficient insurance (public liability, plant and equipment)  Policies lacking and/or not reviewed

28  Lack of management review ◦ Fortnightly payroll reports, inc. bona-fide (current vs standard pay) ◦ EFT payment reports ◦ Master file changes reports ◦ Budget vs actual expenditure ◦ Rate rebates ◦ Aged debtors ◦ Leave balances (AL, LSL) ◦ Job costing / works order report

29  Lack of documented key procedures – written step-by-step, screenshots, process maps  Excessive manual processes without sufficient checking (e.g. manual termination payment / leave calculations, manual reconciliations)  Lack of appropriate off-site backup of data, program and documentation.  Lack of registers (contracts, grants, elected member expenses, etc.)

Download ppt " Standard format has been developed by SALGAG  Auditing compliance with s125, but restricted to specific components specified in s129."

Similar presentations

INTERNAL CONTROLS.

INTERNAL CONTROLS.
FINANCIAL MANAGEMENT SYSTEM Balance sheet Profit and loss Sales Claims/Warranty Stock Payroll Purchases Assets Cash Taxation Borrowings Risk DisclosuresManagement.

FINANCIAL MANAGEMENT SYSTEM Balance sheet Profit and loss Sales Claims/Warranty Stock Payroll Purchases Assets Cash Taxation Borrowings Risk DisclosuresManagement.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Internal Controls What Are They And Why Should I Care? 1.

Internal Controls What Are They And Why Should I Care? 1.
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.

Internal Control Over Governmental Financial Reporting Presented by Israel Gomez, CPA, Partner Marc Grace, CPA, Manager.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing

Review of Introduction to Auditing
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.

INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.

Auditing Standards IFTA\IRP Audit Guidance Government Auditing Standards (GAO) Generally Accepted Auditing Standards (GAAS) International Standards on.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Similar presentations

Ads by Google