1 / 38

FALL 2006 FOCUS November 14-15, 2006 APA UPDATE

FALL 2006 FOCUS November 14-15, 2006 APA UPDATE. Bill Cole, Deputy Auditor Auditor of Public Accounts. Discussion Topics. NCAA Reporting – The Second Year Risk Assessment Standards Auxiliary Enterprise Project SJR 51- Data Security Capital Appropriations Available

camdyn
Download Presentation

FALL 2006 FOCUS November 14-15, 2006 APA UPDATE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FALL 2006FOCUSNovember 14-15, 2006APA UPDATE Bill Cole, Deputy Auditor Auditor of Public Accounts

  2. Discussion Topics • NCAA Reporting – The Second Year • Risk Assessment Standards • Auxiliary Enterprise Project • SJR 51- Data Security • Capital Appropriations Available • Audit Timing and Scheduling • Timely Financial Reporting

  3. NCAA Reporting – The 2nd Year • Most control work has been completed • Waiting on completion of the Schedules • Reporting issues • Complimentary tickets • Indirect costs • Advisory services

  4. Risk Assessment Standards

  5. AICPA Standards Assessment Suite Of Standards • Statements on Auditing Standards (SAS) Nos. 104-111 • Most far-reaching changes in standards in 20 years • Amends or revises 8 existing standards

  6. AICPA Standards Assessment Suite Of Standards • Amends SAS 1, Due Professional Care (104) • Amends SAS 95, GAAS (105) • Audit Evidence (106) • Audit Risk and Materiality (107) • Planning and Supervision (108) • Understanding the Entity and Assessing Risks (109) • Performing Audit Procedures and Evaluating Evidence (110) • Amends SAS 39, Audit Sampling (111)

  7. Assessment Suite Of StandardsObjectives • More in-depth understanding of entity and internal control • More rigorous assessment of risks of misstatement • Improved linkage between assessed risks and audit procedures performed

  8. Understanding Entity/Assessing Risks • Gaining understanding about entity, its environment, internal controls • Brainstorming session • Evaluate internal control design and implementation • Identify and assess risks to design additional procedures • Consider risks at financial and assertion levels • Identify significant risks (Required testing of those identified)

  9. Performing Procedures • Do procedures that respond to risks • Overall response • Procedures at assertion level • Always perform: • Tests for assertions for transactions, account balances, and disclosures • F/S tie to the accounting records • Material JEs and F/S adjustments

  10. New Assertions

  11. Assertions Used by Auditors • Occurrence and Existence • Transactions, events that have been recorded have occurred and pertain to the entity • Assets, liabilities, and equity interests exist • Disclosed events and transactions have occurred and pertain to the entity

  12. Assertions Used by Auditors • Rights and Obligations • The entity holds or controls the rights to assets, and liabilities are obligations of the entity

  13. Assertions Used by Auditors • Completeness • All transactions and events that should have been recorded have been recorded • All assets, liabilities, and equity interests that should have been recorded have been recorded • All disclosures that should have been included in the financial statements have been included

  14. Assertions Used by Auditors • Accuracy and Valuation • Amounts and other data relating to the recorded transactions and events have been recorded appropriately • Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded • Financial and other information are disclosed fairly at the appropriate amounts

  15. Assertions Used by Auditors • Cut-Off • Transactions and events have been recorded in the correct accounting period

  16. Assertions Used by Auditors • Classification / Understandability • Transactions and events have been recorded in the proper accounts • Financial information is appropriately presented and described and disclosures are clearly expressed

  17. How Does This Impact You? • Auditors have responsibility for risk assessment • First place to start, what is management’s assessment of risk? • ARMICS – State Comptroller’s Directive

  18. Auxiliary Enterprises Project

  19. Auxiliary Enterprises Project • Still a work-in-progress, but completion is getting closer • Tuition vs. Mandatory Fees • What services are covered? • Guidance is outdated • Similar activities accounted for differently • Accounting principles have changed • Inconsistencies in accounting and monitoring A/E

  20. Auxiliary Enterprises Project • Draft findings • Develop principle-based definition of activities funded by mandatory fees • Update and refine auxiliary enterprise guidance • Identifying activities as auxiliaries • Accounting procedures • Allocation of debt service and indirect costs • Consistent guidance for outsourced auxiliaries • Application of self-supporting activities

  21. Auxiliary Enterprises Project • Draft findings • Best practices for A/E management • Monitoring for self-supporting basis • Documenting and approving transfers • Develop specific, consistent procedures for preparing the Schedule of A/E Revenues and Expenses • Develop specific, consistent procedures for preparing a separate Schedule of A/E Reserves

  22. SJR51 – Information Security

  23. SJR51 – Information Security • 2006 General Assembly passed SJR No. 51, directing the APA to report on the adequacy of the security of state government databases and data communications from unauthorized uses. • Focusing data security efforts on only databases and data communications does not consider the amount and nature of information held by the Commonwealth; nor does it consider the various methods of storing and using potentially sensitive information.

  24. SJR51 – Information Security • As part of this review, we compiled from available sources, the industry concerned best practices for an information security program. • We evaluated the Commonwealth’s information security programs against the best practices of the industry and as a means of completing the review survey checklist.

  25. SJR51 – Information Security • Information Security Program Objectives and Issues • A well-defined, clear and documented information security program will minimize unauthorized uses of information contained within databases and transmitted through data communication lines. A lack of sufficient policies, procedures and standards creates a highly diversified information security environment, which limits an organization’s ability to govern information security at an enterprise level.

  26. SJR51 – Information Security • Roles and Responsibilities for IT Security in the Commonwealth • Role of VITA • Role of Agencies (including roles of information security officers)

  27. SJR51 – Information Security • Review survey checklist (120 questions) administered by APA with each agency and institution • Results evaluated judging key components (30-40 questions) • Rating of policies and procedures • Non-existent • Inadequate • Adequate • Model

  28. Capital Appropriations Available

  29. Capital Appropriations Available • Fund 0811 – General Obligation Bonds • Fund 0817 – 21st Century Bond Program • DOA has issued Accounting Procedures for these programs available on their web site. • Some Colleges had to make significant prior period adjustments due to overstating appropriations.

  30. DOA Instructions • Calculate project to date allotments since 1993 by adding prior year expenditures to current allotments. • Compare to prior year appropriation revenue from previously reported in the financial statements. • Difference is current year appropriation revenue or reversion.

  31. Revenue and Receivables • Appropriations available are generally equal to current year allotments less current year expenditures including payables. • Current year appropriation revenue is generally equal to current year allotments less beginning appropriations available.

  32. Issues • Note that allotments and not appropriations are used to compute revenue and receivables. • When appropriations are used or prior year revenue is not excluded, appropriation revenue can be significantly overstated.

  33. Conclusion • APA and DOA will work together to address accounting issues and clarify instructions.

  34. Audit Timing

  35. AUDIT TIMING • Scheduling and Specialties • NCAA – interim work on controls, final work when Schedule is completed • Research & Development – interim work on controls, final work when SEFA is completed • Student Financial Aid – interim work on controls, final work when FISAP is completed • Payroll and Revenue – interim work on controls, final work when financial statements and notes are completed • Acquisitions and Capital Assets – interim work on controls, final work when financial statements and notes depending on specialists’ schedules

  36. Timely Financial Reporting

  37. Timely Financial Reporting • Financial Management Standard • Timeliness • Accuracy • Deadlines are only going to get tighter • Closing books timely • Start early • Documentation of financial reporting process

  38. QUESTIONS?

More Related