510 likes | 774 Views
The Role and Benefits of a State Audit Committee. Presented by: Joe Bell , Chief Audit Executive, State of Ohio, OBM Office of Internal Audit Maria Jackson , Assistant Chief Auditor, Information Systems Audit Office of Dave Yost, Ohio Auditor of State. Presentation ‘Kickoff’.
E N D
The Role and Benefits of a State Audit Committee Presented by: Joe Bell, Chief Audit Executive, State of Ohio, OBMOffice of Internal Audit Maria Jackson, Assistant Chief Auditor, Information Systems Audit Office of Dave Yost, Ohio Auditor of State
Session Objectives You will learn how: • An effective audit committee improves overall governance • Coordinated monitoring/auditing improves organizational controls • Reducing repeat audit comments allows for more efficient audits and enables auditors to focus on emerging issues
Today’s Game Plan • An early Penalty – Impact of “Coingate” • TheIIA’s 3 Lines of Defense • Reaching the End Zone – IA Capability Model • Building the Audit Team - OIA & SAC • Teamwork – AOS & OIA working together
3 Groups Responsible for Risk Management • Own & Manage Risks • Oversee Risks • Provide Independent Assurance
1st Line of Defense: Operational Management • Own and Manage Risks • Day to Day Performance of Internal controls • Responsible for Corrective Actions
2nd Line of Defense: Risk Management & Compliance Functions Ensures the 1st Line is properly designed, in place, and operating effectively. • Risk Management Function • Compliance Function • Controllership Function
3rd Line of Defense: Internal Audit • Provides assurance on effectiveness of governance, risk management, & internal control. • High level of independence & objectivity. • Broad scope.
External Audit & Regulators • Outside the Organization Structure • Additional Line of Defense when Coordinated Effectively • Limited Scope
Building the Audit Team in Ohio Point A - 2007 • Decentralized, ad hoc Internal Audit functions in a few agencies. • No Audit Committee • Many external audit issues. Point B - 2014 • Centralized Office of Internal Audit, aligned to IIA Standards • Established State Audit Committee • Improvement in Internal Control
Audit Landscape in Ohio • OBM Office of Internal Audit • State Audit Committee • Ohio Auditor of State • Ohio Inspector General • Federal Oversight Agencies
OIA Roles • Assurance • Internal and system control effectiveness • Business process effectiveness • Evaluate and improve effectiveness of risk management, control and governance • Consulting • Document process maps • New programs, IT systems, and process consulting • Training and education • Business process and internal control design
Legal Authority for Office of Internal Audit • Ohio Revised Code Section 126.45 created OIA within the Office of Budget and Management. • Requires OIA to conduct internal audits of certain state agencies • Requires an annual audit plan • Requires reporting audit recommendations to the State Audit Committee.
State Audit Committee • Fivemember committee meets quarterly • Assists Governorand Director of the OBMin oversight responsibilities: • Financial Reporting, • Internal Controls, • Risk Assessment, • Audit Processes, • Compliance: Laws, Rules, & Regulations.
Audit Committee Composition • Chairperson, Governor Appointed, external to state management. • Two appointed by the House Speaker, • Two appointed by Senate President, • Not More Than Two from Same Party • Three-year Term, One Reappointment
Required SA Committee Expertise At least one member who is • Financial Expert • Certified Public Accountant • Familiar with Governmental Accounting • Representative of the Public • Familiar with Information Technology
Key Functions of Audit Committee • Review annual OIA plan • Review OIA preliminary reports • Review OIA conformance to IIA Standards (Peer Review) • Review State of Ohio CAFR • Review financial statements with external auditor (Auditor of State)
Audit Committee Continuous Improvement • Audit Charter – Annual Review • Event Calendar – Cover All Responsibilities • Meeting Evaluation – Assess content/adequacy • Annual Evaluation – OIA • Audit Committee Self-evaluation • Financial reporting • OIA • External Audit • Management and Other Reporting
Capability Model: Governance Adapted from the IIA’s Internal Audit Capability Model (IA-CM) for the Public Sector
Dave Yost, Ohio Auditor • One of five independently elected statewide offices. • Four year term, 2 consecutive terms max
Ohio Auditor of State • ORC 117.10 – The Auditor of State shall audit all public offices as provided in this chapter. • Audits all public offices – 5800 entities • 600 of 800 staff are financial auditors • Performs financial audits of state agencies, boards and commissions 37
AOS State Region • Exclusively audits state agencies • Performs financial audits of state agencies, boards and commissions • Includes the Information System Audit group (ISA), which analyzes information systems and performs “SOC 1” audits
Ohio Auditor of State Information Systems Audit Group • Section of Financial Audit • 3 Groups (North, South, State) • 26 Auditors
Working together • Meet biannually to discuss audit plans and to provide update on current audits. • Rely on work completed by OIA. • OIA consults with agencies to remediate significant audit comments. • OIA uses AOS work for background information.
What Gets Measured Gets Done • Audit Timelines established and reported on quarterly • Audit comment status • Committee may request agency to appear and report on remediation • Number of Audit Comments • Audit Progress and Difficulties
Benefits • Increased Accountability • Audits are more timely. • Comments are remediated. • Controls are improved.
Benefits • Controls built in to the process instead of after the fact. • Greater awareness of the importance of financial reporting and the role of audit. • Improved cooperation among auditors.
Benefits • Improved cooperation between clients and auditors. • Increased focus on emerging issues. • ERM • COSO • Cyber Security
Summary Points • A well-designed audit committee enhances effective governance • Embracing the ‘3 Lines of Defense’ model promotes an effective and coordinated focus on continuous internal control improvement • Transparency and accountability of audit comment remediation leads to more effective and value-added audits
Contact Information Joe Bell, CPA, CIA, CGAP Chief Audit Executive, State of Ohio OBM Office of Internal Audit Joe.bell@obm.state.oh.us 614.466.1985 http://obm.ohio.gov/InternalAudit/