1 / 18

An Auditor s Perspective on Internal Management Controls

2. Quotation ?. Each agency is responsible for completing the Annual Statement of Assurance once each year. Agencies should make a concerted effort to quickly complete their internal control checklists for all assessable units on time, so they can get back to their real mission of supporting the wa

china
Download Presentation

An Auditor s Perspective on Internal Management Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. 1 An Auditor’s Perspective on Internal Management Controls Managers’ Internal Control (MIC) Program Conference December 7, 2006 Presented by Leon Peek, Program Director Defense Financial Auditing Service

    2. 2 Quotation ? Each agency is responsible for completing the Annual Statement of Assurance once each year. Agencies should make a concerted effort to quickly complete their internal control checklists for all assessable units on time, so they can get back to their real mission of supporting the war fighter. It is the auditor’s responsibility to establish effective controls and find deficiencies in internal control.

    3. 3 History of Internal Control Program Federal Managers’ Financial Integrity Act of 1982 (FMFIA) OMB Circular A-123 Internal Control Systems (Aug ’86) Management Accountability and Control (June ‘95) Management’s Responsibility for Internal Control (Dec ’04) DoD Instruction 5010.40 Management Control (MC) Program Procedures (Aug ’96) Managers’ Internal Control (MIC) Program Procedures(Jan ’06)

    4. 4 FMFIA Requirements for Internal Control Each agency must establish controls that reasonably ensure that: Obligations & costs are in compliance with applicable law; Funds and property are safeguarded against waste, loss and unauthorized use or misappropriation; Revenues & expenses are properly recorded and accounted for so that financial reports are reliable and accountability over assets is maintained.

    5. 5 Discussion Topics The 3 Objectives of Internal Control The 5 Standards/Components for Meeting these Objectives, and Reporting Internal Control Deficiencies

    6. 6 Objectives of Internal Control Internal Control is an integral component of an organization’s management that provides reasonable assurance that the following objectives are being achieved: Effectiveness and efficiency of operations Reliability of financial reporting, and Compliance with applicable laws and regulations.

    7. 7 5 Standards/Components of Internal Control Control Environment Risk Assessment Control Activities Information and Communication Monitoring

    8. 8 Control Environment The organizational structure and culture created by management that demonstrates its commitment to such things as: Employee competence & management’s commitment to competence in the workplace. Appropriate delegation of authority/responsibility Reporting hierarchy Compensating and disciplining personnel “Tone at the top”

    9. 9 Risk Assessment Identification of internal and external risks that may prevent the organization from meeting its objectives. Should consider previous findings from internal and external auditors The results of the assessment (e.g. high, medium, low) should determine the extent of testing and review of processes and transactions.

    10. 10 Items that could Increase Risk when doing a Risk Assessment Lack of written guidance Complex transactions done manually New personnel or significant personnel changes Related party transactions New technology, new systems Inability to establish priorities Lack of specific performance measures for a program/activity Accounting estimates

    11. 11 Control Activities Include policies, procedures, and mechanisms in place to help ensure that your agency is able to meet its objectives. Examples: Proper segregation of duties Physical controls over assets General and application controls over information systems Planning and reporting systems

    12. 12 Information and Communications Obtaining an understanding of the information systems that identify, capture, and exchange information to enable people to properly carry out their responsibilities. Does the entity effectively communicate requirements from top to bottom (& vice versa)? Does the entity have effective procedures to communicate with outside organizations? What is the quality of system generated information?

    13. 13 Monitoring Monitoring the effectiveness of the controls in place should be a part of the normal course of business. Potential questions! - Does management do self assessments? - Is preparing the Annual Statement of Assurance only a fire drill? - Is there a systematic process in place for communicating and addressing deficiencies?

    14. 14 Reporting Requirements for Internal Control Weaknesses A-123 defines 2 types of weaknesses: Reportable Conditions: significant (more than inconsequential) weaknesses Material Weaknesses: Material reportable conditions which should be reported externally.

    15. 15 Reportable Conditions FMFIA Overall: Significant control deficiencies that should be communicated because they could adversely affect the entity’s ability to meet is internal control objectives. Financial Reporting: A control deficiency that adversely affects the entity’s ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP, so there is more than a remote likelihood that a misstatement (more than inconsequential) in financial statements would not be prevented or detected.

    16. 16 Material Weaknesses FMFIA Overall: A reportable condition(s), which is significant enough to report to the next higher level (external reporting) Financial Reporting Weakness: A reportable condition(s) that results in more than a remote likelihood that a material misstatement in financial statements would not be prevented or detected.

    17. 17 Statements of Assurance that Auditors Might Question No reportable conditions or material weaknesses Internal/external auditors have identified several weaknesses, but management does not report Material weaknesses for DoD not reported because entity thinks weakness is someone else’s problem Giving a qualified statement of assurance when numerous material weaknesses are reported High level of materiality

    18. 18 Additional Information on Internal Control “Government Auditing Standards,” June 2003 (Yellow Book) “Government Auditing Standards—2006 Exposure Draft,” June 9, 2006 “American Institute of Certified Public Accountants Codification of Auditing Standards,” (AICPA Standards) Government Accountability Office/President’s Council on Integrity and Efficiency Financial Audit Manual (GAO/PCIE FAM) Accounting Standards Financial Accounting Standards Board (FASB) Statement of Financial Concepts No. 2 Federal Accounting Standards Advisory Board (FASAB) “Standards for Internal Control in the Federal Government,” GAO/AIMD-00-21.3.1, November 1999 (Green book) Revised Frequently Asked questions Regarding OMB Circular A-123, “Management’s Responsibility for Internal Control,” Appendix A, April 2006

More Related