130 likes | 290 Views
Office of the Under Secretary of Defense (Comptroller). Service Provider Support of Audit Readiness. March 14, 2011. Office of the Under Secretary of Defense (Comptroller). Agenda. Background Service Provider Role and Approach Supply Existence and Completeness Example.
E N D
Office of the Under Secretary of Defense (Comptroller) Service Provider Support of Audit Readiness March 14, 2011
Office of the Under Secretary of Defense (Comptroller) Agenda • Background • Service Provider Role and Approach • Supply Existence and Completeness Example
FIAR: Why Important? Background and Context • Comply with Laws:Laws require financial statement audits • Verify Correct Allocation of Funds:Verify that all resources are allocated to approved mission priorities in a legal manner • Make Better Use of Resources:Provide better information for timely, informed decision-making and identify unused funds • Increase Public Trust:Reassure the public and Congress that DoD is a good steward DoD Only Federal Agency Without a Positive Audit Opinion…“It is unacceptable”
Streamlined FIAR Approach Established August 2009 • Focus on information DoD uses to manage • Budgetary data • Asset counts / location (existence and completeness) • Main emphasis: Improve information • Focus on internal controls and source documentation • Use audits to verify success or identify problems • Seek cost-effective approach for lower priority information • Primarily historical valuations of assets • This approach has created unified support for initiatives • Goal and Law: Auditable statements by 2017 We Need to Move From Strategy to Tactical Execution
Call to Action “It is unacceptable to me that the Department of Defense cannot produce a financial statement that passes all financial audit standards.” “I’ve directed the Department to cut in half the time it will take to achieve audit readiness for the Statement of Budgetary Resources so that by 2014 we will have the ability to conduct a full-budget audit.” • Also: • Increased effort on property accountability • Review financial controls within 2 years • Course-based certification for financial managers
What Successful Audit Requires Focus on Budget Statement and Asset Accountability • Doing the day-to-day job right is the starting point • Verify that each transaction is recorded and supported • Invoice • Proof of receipt, issuance, transfer, or disposal of goods / services • Contract • Verify “checkbook” balances with transaction-level detail • Strong, consistent financial systems and management controls reassure auditors and allow limited sample sizes
Logistics Role in FIAR Priorities Budgetary Priority: • Contract Pay (contracts for weapons systems and major service contracts) • Vendor Pay (contracts for equipment, supplies, and services) • Reimbursable Agreements (depot maintenance, transportation, etc.) • Supply requisition (general fund activities purchasing from working capital fund activities) Mission Critical Assets (does not include value of property): • Military Equipment • Real Property • General Equipment • Inventory , Supply
Service Provider Role • Auditors must consider the Service Provider’s internal controls if the services provided are a material part of the Reporting Entity’s processes or systems • To support its customers a service provider must: • Document its internal control activities, • Test control operating effectiveness, and • Test Key Supporting Documents (KSDs) • Provide auditors access to data and/or Key Supporting Documents during the audit. • Obtain an unqualified Service Auditor’s Report (SSAE 16) to support the customers financial statement audit or allow all customer auditors to perform their own testing (OMB 07-04)
Assessable Unit Strategies • Reporting entities and service providers must develop a strategy for each assessable unit. A comprehensive and well-defined strategy will: • Help ensure all significant processes, systems, risks and documentation are included in the scope • Allow for the development of interim outcomes to measure and demonstrate progress • Improve the accuracy of reported timelines • Reduce efforts on non-key areas • Before starting Discovery efforts, develop the assessable unit strategy by: • Defining scope of assessable unit • Identifying all key risks of financial misstatement and related outcomes • Establishing roles and responsibilities • Determine how much reliance will be placed on controls for the assessable unit examination
Supply E&C – Roles and Responsibilities Reporting Entity/Service Provider Acquisition/Contracting (e.g., SPS) APSR Sales/Issuance/Disposals General Ledger and/or DDRS-AFS Reporting Entity and/or DISA Systems Environment DLA DFAS NOTE: The reporting entity has overall responsibility to ensure all relevant risks and controls are addressed for their audit readiness assertions and audits. 11
Supply E&C – Considerations when Scoping Systems 2. IT controls must be reliable for APSR systems, unless components have implemented manual controls to ensure all inventory is recorded, processed and reported completely, accurately and timely. Acquisition/Contracting (e.g., SPS) 1. IT controls must be reliable for acquisition and sales/disposal systems if automated controls, system reports or electronic records are relied upon to ensure all inventory is recorded, processed and reported completely, accurately and timely. 1. IT controls must be reliable for acquisition and sales/disposal systems if automated controls, system reports or electronic records are relied upon to ensure all inventory is recorded, processed and reported completely, accurately and timely. APSR Sales/Issuance/Disposals General Ledger and/or DDRS-AFS 3. IT controls must be reliable for general ledger systems (or DDRS-AFS) unless components have implemented manual controls to ensure all inventory is recorded, processed and reported completely, accurately and timely. 12
How Can a Service Provider Best Support its Customers? • Use the FIAR Service Provider Methodology to prepare to support customer audit readiness assertions and subsequent financial statement audits • Develop a memorandum of understanding with reporting entities setting forth the expectations of both entities • Communicate, communicate, and communicate with your customers • Obtain an unqualified SSAE No. 16 report • DISA has a qualified SAS 70 • DFAS has an unqualified DCPS SAS 70 (future scope to include disbursing and accounting operations / systems) 13