E N D
1. Presented to:
Anyone who would listen
May 25, 2010
Greg Bitz Audit Readiness:It is Like a Root Canal
3. A High Level Look at What An ERP has to do today….
4. Everyone Contributes to Auditability– Bottom Line Up Front Essentially, auditability is:
Well-controlled business processes to satisfy:
Generally Accepted Accounting Principles (GAAP)
Compliance with Federal Financial Management Regulations (FMR, FFMIA, FMFIA, etc.)
Ability to verify the existence of well-controlled processes through substantive and transaction testing
5. A High Level Look at What An ERP has to do today….
8. Lessons Learned: Assertion to Audit Being a leader in DoD Audit Readiness, DON has a unique opportunity to analyze our progress and collect key lessons learned through testing, corrective action, audit assertions, and all other “audit readiness” activities. The ongoing USMC SBR Audit it is currently proving to be a wealth of helpful information when approaching and undergoing an audit.
A list of major lessons learned can be grouped into four areas: Financial Environment, Human Resource Management, Data Management, and Auditor to Auditee Communication
Financial Environment – “Know Your Environment”
-Understand the flow of events and transactions from recognition through recording to reporting (transaction all the way to the Financial Statement)
-Know how to approach Prepared by Client Lists (PBC)
-Reconciliation of: Funds Balance With Treasury, Unadjusted Trial Balance to Adjusted Trial Balance, Delivered Orders-Unpaid to A/P, etc.
-Know the location of Source Docs (have them readily available)
Human Resource Management – “People Make the Difference”
-Quality people are needed in the auditee organization as well as in the external service providers (e.g. DFAS, BTA, etc.)
-Constant education of both auditor and auditee (training)
-Must have the “Will to Win” – Audit is unrelenting – Commitment must be full and unwavering
Data Management – “Transmitting Timely and Accurate Information”
-Sample retrieval, submission, and tracking, as well as follow-up question management – A central, well organized tracking mechanism must be in place to account for the large number data/documents constantly being transferred
-Sample Testing
-DoD/DON information security requirements (Encryption/Decryption, Information Assurance, Personally Identifiable Information, etc.)
-Data requirements are large and complex – requires constant focus
Auditor-Auditee Communication – “Simple in Concept… Monumental in Execution”
-Know how to communicate with the auditor – Answer the questions asked honestly and thoroughly, but do not give more information than asked for – Be courteous, polite and professional
-Assure clear understanding by all parties of business activities
-We know our business better than anyone, so be confident
Being a leader in DoD Audit Readiness, DON has a unique opportunity to analyze our progress and collect key lessons learned through testing, corrective action, audit assertions, and all other “audit readiness” activities. The ongoing USMC SBR Audit it is currently proving to be a wealth of helpful information when approaching and undergoing an audit.
A list of major lessons learned can be grouped into four areas: Financial Environment, Human Resource Management, Data Management, and Auditor to Auditee Communication
Financial Environment – “Know Your Environment”
-Understand the flow of events and transactions from recognition through recording to reporting (transaction all the way to the Financial Statement)
-Know how to approach Prepared by Client Lists (PBC)
-Reconciliation of: Funds Balance With Treasury, Unadjusted Trial Balance to Adjusted Trial Balance, Delivered Orders-Unpaid to A/P, etc.
-Know the location of Source Docs (have them readily available)
Human Resource Management – “People Make the Difference”
-Quality people are needed in the auditee organization as well as in the external service providers (e.g. DFAS, BTA, etc.)
-Constant education of both auditor and auditee (training)
-Must have the “Will to Win” – Audit is unrelenting – Commitment must be full and unwavering
Data Management – “Transmitting Timely and Accurate Information”
-Sample retrieval, submission, and tracking, as well as follow-up question management – A central, well organized tracking mechanism must be in place to account for the large number data/documents constantly being transferred
-Sample Testing
-DoD/DON information security requirements (Encryption/Decryption, Information Assurance, Personally Identifiable Information, etc.)
-Data requirements are large and complex – requires constant focus
Auditor-Auditee Communication – “Simple in Concept… Monumental in Execution”
-Know how to communicate with the auditor – Answer the questions asked honestly and thoroughly, but do not give more information than asked for – Be courteous, polite and professional
-Assure clear understanding by all parties of business activities
-We know our business better than anyone, so be confident
9. The DoD Business “Control Continuum” displays the broad spectrum of possible internal control environments. The Continuum begins with a “Playground Rules” environment, in which no control is present. At the opposite end of the spectrum is complete control, akin to the environment of checks and balances present in dealing with nuclear reactor safety (absolutely necessary when lives are at stake).
Obviously the ultimate goal is complete control, but the realist goal is to close the gap between the current state (Qualified Assurance) and Financial Auditability (Reasonable Assurance). Obtaining this goal will provide the apparent benefit of being auditable, but other benefits will be produced as well:
-Controls that are in place and tested (confidence in the control environment, auditable processes)
-More standard processes
-Implementing more capable systems
-Improved operational efficiency (streamlined organization, cost savings)
-Reduced vulnerability to fraud/waste (tighter control)
-Sustained public trust/confidence (stewardship)
The DoD Business “Control Continuum” displays the broad spectrum of possible internal control environments. The Continuum begins with a “Playground Rules” environment, in which no control is present. At the opposite end of the spectrum is complete control, akin to the environment of checks and balances present in dealing with nuclear reactor safety (absolutely necessary when lives are at stake).
Obviously the ultimate goal is complete control, but the realist goal is to close the gap between the current state (Qualified Assurance) and Financial Auditability (Reasonable Assurance). Obtaining this goal will provide the apparent benefit of being auditable, but other benefits will be produced as well:
-Controls that are in place and tested (confidence in the control environment, auditable processes)
-More standard processes
-Implementing more capable systems
-Improved operational efficiency (streamlined organization, cost savings)
-Reduced vulnerability to fraud/waste (tighter control)
-Sustained public trust/confidence (stewardship)
10. What is the Significance of These Dates? What is the significance of these dates?
1990
1996
2000
2007
2017What is the significance of these dates?
1990
1996
2000
2007
2017