1 / 27

Building the Internal Audit Function

Building the Internal Audit Function. Commonwealth of Massachusetts Office of the Comptroller. NASC – March 26, 2009 Kathy Sheppard, Deputy Comptroller. Agenda. Risk Never Sleeps. Environmental Internal. External. Possible Outcomes. Theft of cast iron decorative trim

ami
Download Presentation

Building the Internal Audit Function

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building the Internal Audit Function Commonwealth of Massachusetts Office of the Comptroller NASC – March 26, 2009 Kathy Sheppard, Deputy Comptroller

  2. Agenda

  3. Risk Never Sleeps Environmental Internal External

  4. Possible Outcomes • Theft of cast iron decorative trim from Longfellow Bridge (September, 2008) • Cheating on time sheets (September, 2008)

  5. Managing Risk What we asked … • If you are managing everything • Are You Really Managing Anything?

  6. Managing Risk Where we wanted to be… • Effective Controls • Efficient Use of Resources • Empowering People to Manage their Business

  7. Managing Risk How we started… • Delegation • Re-deployment of Resources • Enhanced Policies and Training including …

  8. Focus on Internal Controls …Internal controls: • Tools that help managers be effective and efficient • Avoid serious problems • Overspending • Operational failures • Violations of law

  9. Focus on Internal Control • Help rather than act as barriers. • Make sense within each organization’s unique operating environment. • Day to day responsibilities of managers and staff are not stand-alone practices. • Cost effective

  10. Focus on Internal Control PARTNER WITH YOUR PEERS ACTUAL SAO FINDING • Findings: Area Office vs. Central Office • A recent audit of the Central Office disclosed that (they) do not have a complete and updated ICP. Audit of the Area Office found that officials believe that the ICP should be developed and administered by (their) Central Office. • Resolution: • Internal control plan needed improvement. Central Office officials recognized the need to revise and update the ICP and therefore hired an Internal Control Officer • Without a complete ICP in place, there is inadequate assurance that the Department will achieve its missions and objectives efficiently, effectively, and in compliance with applicable state laws and regulations; provide guidance in the event of employee turnover; and properly safeguard its assets against loss, theft, or misuse.

  11. Focus on Internal Control The Internal Control Plan • High level summary of risks and controls • Tool to achieve agency objectives • Based on CTR guidelines & COSO model • http://www.mass.gov/osc

  12. Focus on Internal Control What’s Not in the Plan … but… • Strategic Plan – refer to • All objectives and risk events • Risk Assessment – detail of each event, its impact, your response, etc. • Policies and Procedures – refer to • Disaster Recovery Plan – refer to

  13. QUALITY ASSURANCE BUREAU • Quality Assurance Visits • Internal Controls • Internal Audit Function • Single Audit Liaison

  14. QUALITY ASSURANCE BUREAU SUPPORTS • Bureau Advisory • Departments • Education • Continuous Audit

  15. QUALITY ASSURANCE BUREAU • Risk Assessment • Site Selection • Scheduling • Data Mining • Desk Review • Site Prep • Site Visit • Reporting

  16. InSite is OnSite

  17. InSite is OnSite

  18. InSite is OnSite

  19. InSite is OnSite

  20. InSite is OnSite

  21. InSite is OnSite

  22. InSite is OnSite

  23. InSite is OnSite

  24. InSite is OnSite

  25. Risk Management Workshop • Communications • Information • Training

More Related