1 / 44

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans. 2014 Governmental Accounting For Local Public Health September 11, 2014. Presented by:. Stephen W. Blann , CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann. Session Outline.

styer
Download Presentation

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Effective Internal Control,Establishing an Internal Audit Function,and Compliance Plans 2014 Governmental Accounting For Local Public Health September 11, 2014

  2. Presented by: Stephen W. Blann, CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann

  3. Session Outline • Effective internal control • COSO Framework • Internal audit function • GFOA Best Practices • Compliance Plans • Internal control over compliance

  4. Overview of Internal Control • Internal Control—Integrated Framework • COSO Report (1992 & 2013) • Committee of Sponsoring Organizations (AICPA, AAA, IIA, IMA, FEI) • Codified in Auditing Standards by AICPA, GAO, and PCAOB (SOX)

  5. Overview of Internal Control • Management’s responsibilities • Effectiveness • Efficiency • Compliance • Financial Reporting • Internal controls are the framework management establishes to ensure it meets these responsibilities

  6. Overview of Internal Control • Limitations of internal controls • Cost vs. benefit • No “perfect” system • Management override

  7. Overview of Internal Control • Responsibility for internal control • Management is primarily responsible • Independent auditors “gain an understanding” – not a substitute for management • Internal auditors work for management • The governing body is ultimately responsible

  8. Overview of Internal Control • Management is responsible for: • Design • Implementation • Monitoring • Reporting

  9. The Internal Control Framework • The Control Environment • Risk Assessment and Monitoring • Control-related Policies and Procedures • Information and Communication • Monitoring

  10. The Internal Control FrameworkControl Environment • Management’s attitude / example • Communication • The Internal Auditor • The Audit Committee

  11. The Internal Control FrameworkRisk Assessment and Monitoring • Changes in: • Operating environment • Personnel • Information systems / technology • Rapid growth • New programs / services • Structure

  12. The Internal Control FrameworkRisk Assessment and Monitoring • Inherent risk • Prioritization • Significance • Likelihood

  13. The Internal Control FrameworkControl-Related Policies • Essential tasks of an accounting system • Assemble data • Analyze, classify, and record data • Report on data • Maintain accountability over assets

  14. The Internal Control FrameworkControl-Related Policies • Management’s implicit assertions • Existence / occurrence • Completeness • Rights / obligations • Allocation / valuation • Presentation / disclosure

  15. Authorization Properly designed records Security of assets and records Segregation of incompatible duties Periodic reconciliations Periodic verifications Analytical review Timely external reporting (GAAP) The Internal Control FrameworkControl-Related Policies • Policies and procedures

  16. The Internal Control FrameworkInformation and Communication • Information needs • Appropriate content • Timely / current • Accurate • Accessible • Methods of communication • Accounting policies and procedures manual

  17. The Internal Control FrameworkMonitoring • Purpose (smoke alarm) • Ongoing • Evaluation of internal controls (internal audit)

  18. Evaluating Internal Controls • Identify control cycles • Document processes • Identify potential risks http://www.coso.org/Guidanceonmonitoring.htm

  19. Authorization Properly designed records Security of assets and records Segregation of incompatible duties Periodic reconciliations Periodic verifications Analytical review Timely external reporting (GAAP) Evaluating Internal Controls • Identify compensating controls

  20. Establishing anInternal Audit Function • GFOA Best Practices: • Establishment of an Internal Audit Function • Enhancing Management Involvement with Internal Control • Audit Committees http://www.gfoa.org/best-practices

  21. GFOA Best Practices • Government Finance Officers Association of the United States and Canada • Professional organization • Issues best practices and advisories on a variety of topics relevant to government financial management

  22. GFOA Best Practices • A BP identifies specific policies and procedures as contributing to improved government management. It aims to promote and facilitate positive change rather than merely to codify current accepted practice. Partial implementation is encouraged as progress toward a recognized goal.

  23. GFOA Best PracticeEstablishment of an Internal Audit Function • Definition of an “internal auditor”: • any audit professional who works directly for management, at some level, and whose primary responsibility is helping management to fulfill its duties as effectively and efficiently as possible.

  24. GFOA Best PracticeEstablishment of an Internal Audit Function • Role(s) of an internal auditor: • Monitoring the design and proper function of internal control policies and procedures • Function as an additional level of control • Conduct performance audits • Special investigations and studies

  25. GFOA Best PracticeEstablishment of an Internal Audit Function • Recommendations: • Every government should either • Establish a formal internal audit function; • Assign internal audit responsibilities to its regular employees; or • Hire a CPA firm (other than the independent auditor) for this purpose

  26. GFOA Best PracticeEstablishment of an Internal Audit Function • Recommendations: • The internal audit function should be formally established by charter, enabling resolution, or other appropriate legal means • Internal auditors should follow the GAO’s Government Auditing Standards, including standards applicable to independence

  27. GFOA Best PracticeEstablishment of an Internal Audit Function • Recommendations: • The head of the internal audit function should possess at least a college degree and relevant experience; a professional certification is encouraged (CIA, CPA, CISA) • The annual internal audit work plan and all reports of internal auditors should be made available to the audit committee

  28. GFOA Best PracticeEnhancing Management Involvement w/ IC • Purpose of internal control: • Adequately protect public funds by prudent management • Provide a reasonable basis for finance officers to assert the financial information they provide can be relied upon

  29. GFOA Best PracticeEnhancing Management Involvement w/ IC • Stakeholders in internal control: • Independent auditors provide assistance in meeting internal control-related responsibilities, but are not a substitute for management’s direct and informed involvement with internal controls • Elected officials must ensure that managers who report to them fulfill their responsibilities in implementing IC

  30. GFOA Best PracticeEnhancing Management Involvement w/ IC • Recommendations: • Financial managers should obtain information and training needed to meaningfully take responsibility for internal control • Obtain sound understanding of COSO’s comprehensive framework of internal control

  31. GFOA Best PracticeEnhancing Management Involvement w/ IC • Recommendations: • Internal control procedures should be documented • Design a practical means for lower level employees to report instances of management override of controls that could be indicative of fraud • Internal controls should be monitored and reevaluated for adequacy

  32. GFOA Best PracticeEnhancing Management Involvement w/ IC • Recommendations: • Evaluations of controls should include effectiveness and timeliness of corrective action for identified deficiencies • Control effectiveness requires a baseline for future monitoring, which should be adjusted for changes in controls • Corrective action plans should have timetables and be monitored

  33. GFOA Best PracticeAudit Committees • There are 3 groups responsible for the quality of financial reporting: • Governing body • Financial management • Independent auditors • The governing body must be seen as “first among equals”

  34. GFOA Best PracticeAudit Committees • Audit Committees are a practical means for a governing body to provide much needed independent review and oversight of: • the government’s financial reporting processes, • internal controls, and • the independent auditors

  35. GFOA Best PracticeAudit Committees • Selected recommendations: • The governing body of every state and local government should establish an audit committee • The audit committee should be formally established by charter, enabling resolution, or other appropriate legal means

  36. GFOA Best PracticeAudit Committees • Selected recommendations: • The documentation establishing the audit committee should prescribe the scope of the committee’s responsibilities, its structure, and membership requirements • The audit committee should be directly responsible for the appointment, compensation, retention, and oversight of the independent auditor

  37. GFOA Best PracticeAudit Committees • Selected recommendations: • All members should possess or obtain a basic understanding of governmental financial reporting and auditing • The committee should have access to the services of at least one financial expert (either a committee member or outside party engaged for this purpose)

  38. GFOA Best PracticeAudit Committees • Selected recommendations: • The audit committee should provide independent review and oversight of a government’s financial reporting processes, internal controls and independent auditors • The audit committee should have access to the reports of internal auditors, as well as access to annual internal audit work plans

  39. Compliance Plans • Internal control over compliance • Differences and similarities with IC over financial reporting • Existing and new requirements for grants • Auditor involvement

  40. Compliance Plans • Existing requirements: • OMB Circulars A-102 Common Rule and A-110 Administrative Requirements • Requires management to establish and maintain internal controls designed to provide reasonable assurance of compliance with Federal laws, regulations and program compliance requirements

  41. Compliance Plans • New Uniform Grant Guidance (2 CFR 200): • Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award • Consistent with COSO

  42. Compliance Plans • Auditor involvement • Yellow Book engagements (material to financial statements) • Single audit (material to major federal programs) • Other (Medicare, etc.)

  43. Questions?

  44. For more information... Stephen W. Blann, CPA, CGFM, CGMA Director of Governmental Audit Quality Rehmann stephen.blann@rehmann.com www.rehmann.com/government

More Related