1 / 25

The New Audit Risk Assessment Standards: What s the Impact

Why New Auditing Standards?. Auditing profession continually reviews practices and makes necessary improvementsPost Enron and Sarbanes-OxleyHigher expectations of auditors Need to maintain audit quality in changing business environment. Objectives of the Risk Assessment Auditing Standards. Obtain

corbin
Download Presentation

The New Audit Risk Assessment Standards: What s the Impact

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. The New Audit Risk Assessment Standards: What’s the Impact

    2. Why New Auditing Standards? Auditing profession continually reviews practices and makes necessary improvements Post Enron and Sarbanes-Oxley Higher expectations of auditors Need to maintain audit quality in changing business environment

    3. Objectives of the Risk Assessment Auditing Standards Obtain more detailed information about the entity’s operations, business objectives and strategies and the risks to achieving these objectives

    4. Continued… Gain a more thorough understanding of the entity’s internal control Ensure entity management clearly accepts responsibility for all financial information and the financial statements

    5. What Must Your Auditor Understand About the Governmental Entity? Industry, regulatory, other external factors Nature of the government Objectives, strategies and related business risks Measurement of financial performance Internal control

    6. Purpose Provide effectiveness and efficiency in operations Ensure reliable financial reporting Comply with laws and regulations

    7. What Must Your Auditor Understand About Your Internal Controls? COSO elements Information Technology Information system Initiation through reporting, including the financial reporting process For the significant classes of transactions

    8. Continued… Control Activities Authorization Segregation of duties Safeguarding of assets Reconciliations

    10. COSO Committee of Sponsoring Organizations (of the Treadway Commission) Private sector initiative created to: provide a common definition of internal control provide a framework against which internal control systems can be assessed and improved COSO is a private sector initiative created to provide a common definition of internal control and provide a framework against which internal control systems can be assessed and improved. This report is the standard that U.S. companies use to evaluate internal controls. Here’s a little history, In 1977 the U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs. In response, a private-sector initiative, called the Treadway Commission was formed in October 1985. The Treadway Commission issued its initial report in 1987, and recommended that the organizations sponsoring the Commission (COSO) work together on a report to develop integrated guidance on internal control. The report was issued in 1992 and re-published with minor amendments in 1994, was titled "Internal Control - Integrated Framework." This report presented a common definition of internal control and a framework against which internal control systems can be assessed and improved. COSO is a private sector initiative created to provide a common definition of internal control and provide a framework against which internal control systems can be assessed and improved. This report is the standard that U.S. companies use to evaluate internal controls. Here’s a little history, In 1977 the U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs. In response, a private-sector initiative, called the Treadway Commission was formed in October 1985. The Treadway Commission issued its initial report in 1987, and recommended that the organizations sponsoring the Commission (COSO) work together on a report to develop integrated guidance on internal control. The report was issued in 1992 and re-published with minor amendments in 1994, was titled "Internal Control - Integrated Framework." This report presented a common definition of internal control and a framework against which internal control systems can be assessed and improved.

    11. Internal Control: Is a process Affected by people Provides only “Reasonable Assurance” Geared towards the achievement of objectives Key Concepts of the COSO Framework The COSO framework involves several key concepts: Internal control is a process. It is a means to an end, not an end in itself. Internal controls are affected by people. It’s not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories The COSO framework involves several key concepts: Internal control is a process. It is a means to an end, not an end in itself. Internal controls are affected by people. It’s not merely policy manuals and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories

    12. “Internal Control Defined” – Per COSO Provide reasonable assurance to achieve objectives in: Effectiveness/efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations The COSO framework defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: The COSO framework defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

    13. Five Key Elements of Internal Control Control environment Risk Assessment Control Activities Information and Communication Monitoring

    14. Control Environment Foundation for other components “Tone at the Top” Influences the control consciousness of its people Provides discipline and structure Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control . Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. Since you are the ones who establish the control environment for your agency, we will spend more time on this component than the other 4Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control . Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. Since you are the ones who establish the control environment for your agency, we will spend more time on this component than the other 4

    15. Risk Assessment Managing Change Changes in governmental operations New personnel New or revised information systems Rapid growth Incorporating new technologies Restructurings Accounting changes (new accounting pronouncements) Risk assessment is the process used to identify analyze and manage the potential risks that could hinder or prevent you from achieving your objectives What affect will the risk if its realized have on the agency? Then, management has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the Internal control objectives of efficient and effective operations, reliable financial reporting, and compliance with laws and regulations. Risk assessment is the process used to identify analyze and manage the potential risks that could hinder or prevent you from achieving your objectives What affect will the risk if its realized have on the agency? Then, management has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the Internal control objectives of efficient and effective operations, reliable financial reporting, and compliance with laws and regulations.

    16. Control Activities What could go wrong? What do we need to protect?

    17. Control Activities Establishing Control Objectives Structural plan Provides the framework Accounting system Designed to measure results Personnel policies Designed to employ, train, evaluate Internal control systems are going to vary from one agency to another. The control objectives and features are dependent on the complexity and management objectives for the agency. Regardless of the differences in the size of the agency and its technical specialization, certain characteristics must be present in all systems: A structural plan of the agency that provides the framework for the division of authority, responsibility and duties An accounting system designed to measure results of operations and financial position Personnel policies designed to employ, train, evaluate and compensate employees These objectives are broad and provide reasonable assurance that policies and procedures will be carried out. The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.Internal control systems are going to vary from one agency to another. The control objectives and features are dependent on the complexity and management objectives for the agency. Regardless of the differences in the size of the agency and its technical specialization, certain characteristics must be present in all systems: A structural plan of the agency that provides the framework for the division of authority, responsibility and duties An accounting system designed to measure results of operations and financial position Personnel policies designed to employ, train, evaluate and compensate employees These objectives are broad and provide reasonable assurance that policies and procedures will be carried out. The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.

    18. Control Activities Let’s Dig Deeper… Authorization – ensuring that all transactions are approved by mgmt Validation- ensuring that recorded transactions represent real transactions Capture- ensuring that all transactions are recorded Valuation- Ensuring that all amounts recorded for transactions are accurate While the controls that we’ve talked to about are broad enough to provide management with reasonable assurance that its policies and procedures are being carried out, these objectives are too general to help financial managers design or evaluate a system of internal controls. The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers. Authorization – ensuring that all transactions are approved by mgmt Validation- ensuring that recorded transactions represent real transactions Capture- ensuring that all transactions are recorded Valuation- Ensuring that all amounts recorded for transactions are accurate While the controls that we’ve talked to about are broad enough to provide management with reasonable assurance that its policies and procedures are being carried out, these objectives are too general to help financial managers design or evaluate a system of internal controls. The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers. Authorization – ensuring that all transactions are approved by mgmt Validation- ensuring that recorded transactions represent real transactions Capture- ensuring that all transactions are recorded Valuation- Ensuring that all amounts recorded for transactions are accurate

    19. Control Activities And Just a Little More… Classification – ensuring that all transactions recorded are assigned to the proper categories Cut-off – ensuring that transactions are recorded in the proper accounting period Access – ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets Classification – ensuring that all transactions recorded are assigned to the proper categories Cut-off – ensuring that transactions are recorded in the proper accounting period Access – ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets. Classification – ensuring that all transactions recorded are assigned to the proper categories Cut-off – ensuring that transactions are recorded in the proper accounting period Access – ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets.

    20. Information and Communication What information do people need to do their jobs? What is the best source for this information? Is information communicated accurately? Timely? Biggest problem – Ineffective communication between departments Information relating to programs, operations, and finances is needed to determine if the agency is meeting its goals and objectives, operating efficiently and effectively, (meaning timely and with content that means something to the user) and in compliance with laws and regulations. Communication should occur broadly, with information flowing down, across and up within levels of agency personnel. Should be made on a timely basis to allow effective monitoring of events, activities and transactions allowing for prompt reaction and decisionsInformation relating to programs, operations, and finances is needed to determine if the agency is meeting its goals and objectives, operating efficiently and effectively, (meaning timely and with content that means something to the user) and in compliance with laws and regulations. Communication should occur broadly, with information flowing down, across and up within levels of agency personnel. Should be made on a timely basis to allow effective monitoring of events, activities and transactions allowing for prompt reaction and decisions

    21. Monitoring On-going process Occurs as part of normal operations Approvals Reconciliations Progress reports Budget tracking Nrs 353A.025 requires each agency to periodically review its system of internal accounting and administrative controls to determine if it is in compliance with NRS 353. On or before July 1 of each even numbered year each agency must report whether their system complies with NRS 353A. These reports are then made available to members of the Legislature. On pages 34 –43 and in our agency I/c checklist found on our website, you can assess your system of internal controls. I’ll also be holding meetings in March regarding what the Department expects, and how specifically to accomplish this. Nrs 353A.025 requires each agency to periodically review its system of internal accounting and administrative controls to determine if it is in compliance with NRS 353. On or before July 1 of each even numbered year each agency must report whether their system complies with NRS 353A. These reports are then made available to members of the Legislature. On pages 34 –43 and in our agency I/c checklist found on our website, you can assess your system of internal controls. I’ll also be holding meetings in March regarding what the Department expects, and how specifically to accomplish this.

    22. Monitoring – Annual Review NRS 353A.025 (1) Annually Each Agency is Required to: Evaluate Actual Procedures Using SAQ Evaluate Written Procedures Using SAQ Transaction Testing Using T of T SAQ – “Self Assessment Questionnaire” T of T - “Testing of Transactions Checklist” Both Available on Our Website SteveSteve

    23. Monitoring – Biennial Report NRS 353A.025 (2) Report on Internal Controls Due by July 1 (even years) States if Written Procedures and Actual Procedures are Adequate Use SAQ and T of T completed during Annual Review More Info on Our Website

    24. Tone at the TOP Ethics Seminar on The Anatomy of Ethical Slips in Government May 14th 11:00 – 1:00 Carson City & Las Vegas

    25. Questionnaire Answer honest and objectively Return to Internal Audit by May 9th Internal Audit and Controller’s Office will be helping you to fix any areas of concern

    26. Why This Is Important Keeps audit fees down Any error or adjustment must be reported Keeps your agency out of the CAFR and the press

More Related