1 / 51

The Role and Benefits of a State Audit Committee

The Role and Benefits of a State Audit Committee. Presented by: Joe Bell , Chief Audit Executive, State of Ohio, OBM Office of Internal Audit Maria Jackson , Assistant Chief Auditor, Information Systems Audit Office of Dave Yost, Ohio Auditor of State. Presentation ‘Kickoff’.

Download Presentation

The Role and Benefits of a State Audit Committee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Role and Benefits of a State Audit Committee Presented by: Joe Bell, Chief Audit Executive, State of Ohio, OBMOffice of Internal Audit Maria Jackson, Assistant Chief Auditor, Information Systems Audit Office of Dave Yost, Ohio Auditor of State

  2. Presentation ‘Kickoff’

  3. Session Objectives You will learn how: • An effective audit committee improves overall governance • Coordinated monitoring/auditing improves organizational controls • Reducing repeat audit comments allows for more efficient audits and enables auditors to focus on emerging issues

  4. Today’s Game Plan

  5. Today’s Game Plan • An early Penalty – Impact of “Coingate” • TheIIA’s 3 Lines of Defense • Reaching the End Zone – IA Capability Model • Building the Audit Team - OIA & SAC • Teamwork – AOS & OIA working together

  6. Penalty Situation

  7. “Coingate”

  8. Evolution of Internal Audit in Ohio

  9. IIA’s 3 Lines of Defense

  10. IIA’s Three Lines of Defense

  11. Risk

  12. 3 Groups Responsible for Risk Management • Own & Manage Risks • Oversee Risks • Provide Independent Assurance

  13. 1st Line of Defense: Operational Management • Own and Manage Risks • Day to Day Performance of Internal controls • Responsible for Corrective Actions

  14. 2nd Line of Defense: Risk Management & Compliance Functions Ensures the 1st Line is properly designed, in place, and operating effectively. • Risk Management Function • Compliance Function • Controllership Function

  15. 3rd Line of Defense: Internal Audit • Provides assurance on effectiveness of governance, risk management, & internal control. • High level of independence & objectivity. • Broad scope.

  16. External Audit & Regulators • Outside the Organization Structure • Additional Line of Defense when Coordinated Effectively • Limited Scope

  17. Coordinating the 3 Lines of Defense

  18. Building the Audit Team

  19. Building the Audit Team in Ohio

  20. Building the Audit Team in Ohio Point A - 2007 • Decentralized, ad hoc Internal Audit functions in a few agencies. • No Audit Committee • Many external audit issues. Point B - 2014 • Centralized Office of Internal Audit, aligned to IIA Standards • Established State Audit Committee • Improvement in Internal Control

  21. Audit Landscape in Ohio • OBM Office of Internal Audit • State Audit Committee • Ohio Auditor of State • Ohio Inspector General • Federal Oversight Agencies

  22. Ohio Reporting Relationships

  23. OIA Team Composition

  24. OIA Roles • Assurance • Internal and system control effectiveness • Business process effectiveness • Evaluate and improve effectiveness of risk management, control and governance • Consulting • Document process maps • New programs, IT systems, and process consulting • Training and education • Business process and internal control design

  25. Legal Authority for Office of Internal Audit • Ohio Revised Code Section 126.45 created OIA within the Office of Budget and Management. • Requires OIA to conduct internal audits of certain state agencies • Requires an annual audit plan • Requires reporting audit recommendations to the State Audit Committee.

  26. State Audit Committee • Fivemember committee meets quarterly • Assists Governorand Director of the OBMin oversight responsibilities: • Financial Reporting, • Internal Controls, • Risk Assessment, • Audit Processes, • Compliance: Laws, Rules, & Regulations.

  27. Independent State Audit Committee:

  28. Audit Committee Composition • Chairperson, Governor Appointed, external to state management. • Two appointed by the House Speaker, • Two appointed by Senate President, • Not More Than Two from Same Party • Three-year Term, One Reappointment

  29. Required SA Committee Expertise At least one member who is • Financial Expert • Certified Public Accountant • Familiar with Governmental Accounting • Representative of the Public • Familiar with Information Technology

  30. Key Functions of Audit Committee • Review annual OIA plan • Review OIA preliminary reports • Review OIA conformance to IIA Standards (Peer Review) • Review State of Ohio CAFR • Review financial statements with external auditor (Auditor of State)

  31. Audit Committee Continuous Improvement • Audit Charter – Annual Review • Event Calendar – Cover All Responsibilities • Meeting Evaluation – Assess content/adequacy • Annual Evaluation – OIA • Audit Committee Self-evaluation • Financial reporting • OIA • External Audit • Management and Other Reporting

  32. OIA Continuous Improvement

  33. Reaching the ‘Goal Line’

  34. Capability Model: Governance Adapted from the IIA’s Internal Audit Capability Model (IA-CM) for the Public Sector

  35. Teamwork

  36. Dave Yost, Ohio Auditor • One of five independently elected statewide offices. • Four year term, 2 consecutive terms max

  37. Ohio Auditor of State • ORC 117.10 – The Auditor of State shall audit all public offices as provided in this chapter. • Audits all public offices – 5800 entities • 600 of 800 staff are financial auditors • Performs financial audits of state agencies, boards and commissions 37

  38. AOS State Region • Exclusively audits state agencies • Performs financial audits of state agencies, boards and commissions • Includes the Information System Audit group (ISA), which analyzes information systems and performs “SOC 1” audits

  39. Ohio Auditor of State Information Systems Audit Group • Section of Financial Audit • 3 Groups (North, South, State) • 26 Auditors

  40. Working together • Meet biannually to discuss audit plans and to provide update on current audits. • Rely on work completed by OIA. • OIA consults with agencies to remediate significant audit comments. • OIA uses AOS work for background information.

  41. What Gets Measured Gets Done • Audit Timelines established and reported on quarterly • Audit comment status • Committee may request agency to appear and report on remediation • Number of Audit Comments • Audit Progress and Difficulties

  42. Benefits • Increased Accountability • Audits are more timely. • Comments are remediated. • Controls are improved.

  43. Benefits • Controls built in to the process instead of after the fact. • Greater awareness of the importance of financial reporting and the role of audit. • Improved cooperation among auditors.

  44. Benefits • Improved cooperation between clients and auditors. • Increased focus on emerging issues. • ERM • COSO • Cyber Security

  45. 2 Minute Warning

  46. Summary Points • A well-designed audit committee enhances effective governance • Embracing the ‘3 Lines of Defense’ model promotes an effective and coordinated focus on continuous internal control improvement • Transparency and accountability of audit comment remediation leads to more effective and value-added audits

  47. Thank You!

  48. Contact Information Joe Bell, CPA, CIA, CGAP Chief Audit Executive, State of Ohio OBM Office of Internal Audit Joe.bell@obm.state.oh.us 614.466.1985 http://obm.ohio.gov/InternalAudit/

More Related