770 likes | 1.04k Views
8/29/2012. 3. Department of Administration. Division of Internal Audits Internal Financial PostAuditsManagement Review. . . . . . 8/29/2012. 4. Why You're Here. NAC 353A.100
E N D
1. 8/29/2012 1
Thanks for attending Internal Controls Training E-Class
Thanks for attending Internal Controls Training E-Class
2. 8/29/2012 2 Internal Controls Training Steve Weinberger, CPA.
Financial Manager
Division of Internal Audits
(775) 687-0130
sweinberger@iaudits.nv.gov
3. 8/29/2012 3 Department of Administration
Division of Internal Audits
Internal Financial Post
Audits Management Review
Before we continue with our internal controls discussion, let’s take a quick look at the Division of Internal Audits.
The Division of Internal Audits is part of the Department of Administration. The division consist of three sections; Internal Audits, Financial Management and Post Review.
The Chief of the Division reports to the Director of the Department of Administration
Before we continue with our internal controls discussion, let’s take a quick look at the Division of Internal Audits.
The Division of Internal Audits is part of the Department of Administration. The division consist of three sections; Internal Audits, Financial Management and Post Review.
The Chief of the Division reports to the Director of the Department of Administration
4. 8/29/2012 4 Why You’re Here NAC 353A.100
“Training for administration of budgetary accounts”
Head of each agency
Employees who administer budgetary accounts
“Shall attend Internal Controls Training every 5 years”
5. 8/29/2012 5 Overview Training consists of
Pre-test
Presentation
Post Test
Total time approximately 3 hours
This training class consists of a pre-test, a PowerPoint presentation, and a post test.
The class should take approximately 3 hours.This training class consists of a pre-test, a PowerPoint presentation, and a post test.
The class should take approximately 3 hours.
6. 8/29/2012 6 Presentation Description Internal Control Requirements for the State of Nevada
Controls for Major Fiscal Areas
Current Issues for the State
The presentation is intended to be a high level review of the design and implementation of internal control systems.
It will also discuss how internal control systems are administered in the State of Nevada.The presentation is intended to be a high level review of the design and implementation of internal control systems.
It will also discuss how internal control systems are administered in the State of Nevada.
7. 8/29/2012 7 Presentation Objective Understand State Internal Control Requirements
Familiarize with Basic Controls for Major Fiscal Processes
Notify you of Current Issues
This presentation is designed to:
Help you understand the basic design of an internal control system.
Enable you to design internal controls for your fiscal processes.
Evaluate your existing internal controls.
This presentation is designed to:
Help you understand the basic design of an internal control system.
Enable you to design internal controls for your fiscal processes.
Evaluate your existing internal controls.
8. 8/29/2012 8 What are Internal Controls (I/C’s)? Prevent and detect fraud
Protect assets
Comply with laws
Reliability of financial reporting
Accomplish specific goals
Before we go any further, we may want to explain what an internal control system is. Internal control is defined as a process created by management designed to help the organization:
Prevent and detect fraud
Protect or safeguard assets
Comply with laws and regulations
Offer limited assurance of the reliability of financial reporting
Accomplish specific goals or objectives
Before we go any further, we may want to explain what an internal control system is. Internal control is defined as a process created by management designed to help the organization:
Prevent and detect fraud
Protect or safeguard assets
Comply with laws and regulations
Offer limited assurance of the reliability of financial reporting
Accomplish specific goals or objectives
9. 8/29/2012 9 Who’s Responsible for I/C’s Management
Designs
Implements
Monitors
The responsibility for having an adequate internal control system lies solely with management.
Management is responsible for:
Designing the internal control system
Implementing the system, and
Monitoring and reviewing the system for adequacy
The responsibility for having an adequate internal control system lies solely with management.
Management is responsible for:
Designing the internal control system
Implementing the system, and
Monitoring and reviewing the system for adequacy
10. 8/29/2012 10 Now let’s get back to our discussion on internal controls.
Internal controls have become a major concern over the last 15 years
for:
Congress
Federal and State regulators
Public Accountants
Attorneys
Internal Auditors
This is due largely to major corporate scandals costing stockholders and corporate employees billions of dollars. Here are some of the more significant scandals:
Now let’s get back to our discussion on internal controls.
Internal controls have become a major concern over the last 15 years
for:
Congress
Federal and State regulators
Public Accountants
Attorneys
Internal Auditors
This is due largely to major corporate scandals costing stockholders and corporate employees billions of dollars. Here are some of the more significant scandals:
11. 8/29/2012 11
Remember these Guys?
12. 8/29/2012 12 Kenneth LayEnron CEO and chairman of Enron from 1986 until his resignation on January 23, 2002
Convicted of 10 counts of Securities Fraud
Died of Heart Attack Oct 2006
13. 8/29/2012 13 David DuncanPartner at Arthur Andersen R.I.P. Auditor In charge of Enron Audit
Fired for leading a document-shredding brigade
Which was “against company policy”
14. 8/29/2012 14 Scott Sullivan CFO WorldCom Indicted $7 billion accounting fraud at the “disgraced US telecom giant”
15. 8/29/2012 15 Dennis Kozlowski Ex Tyco CEO
16. 8/29/2012 16 That’s Enough!
Pres. Bush signs first in a series of legislation requiring
Management to establish and maintain internal controls
External auditors to report in writing on adequacy of internal controls As part of a national response to the corporate scandal phenomenon, President Bush signed the Sarbanes-Oxley Act In July of 2002. This was the first in a series of legislation that required:
Corporate managers to establish and maintain internal control systems,
External auditors to report in writing on the adequacy of internal controls.
Legal penalties for not establishing and maintaining internal controls
CPA firms to include an opinion stating whether effective internal controls were maintained by management in the audited financial statements.
As part of a national response to the corporate scandal phenomenon, President Bush signed the Sarbanes-Oxley Act In July of 2002. This was the first in a series of legislation that required:
Corporate managers to establish and maintain internal control systems,
External auditors to report in writing on the adequacy of internal controls.
Legal penalties for not establishing and maintaining internal controls
CPA firms to include an opinion stating whether effective internal controls were maintained by management in the audited financial statements.
17. 8/29/2012 17 State of Nevada Government entities required to have internal controls
External auditors review ours
Comprehensive Annual Financial Report (CAFR)
This new legislation eventually found its way to governmental entities.
Our external auditors are now required to include any major internal control problems and accounting errors in the CAFR.
In the past, such problems could be reported verbally to state management.
This new legislation eventually found its way to governmental entities.
Our external auditors are now required to include any major internal control problems and accounting errors in the CAFR.
In the past, such problems could be reported verbally to state management.
18. 8/29/2012 18 State of Nevada External auditors report in CAFR
Major control problems
Major accounting errors
CAFR available to media The CAFR is available to the media.
Consequently, we need to do what we can to prevent major internal control problems from being reported in the CAFR and maybe even in the newspaper.
This is why having internal control systems that are deemed adequate by our auditors is so important.
The CAFR is available to the media.
Consequently, we need to do what we can to prevent major internal control problems from being reported in the CAFR and maybe even in the newspaper.
This is why having internal control systems that are deemed adequate by our auditors is so important.
19. 8/29/2012 19 Internal Controls - Nevada Now let’s turn our discussions to internal control issues regarding State
Of Nevada agencies.Now let’s turn our discussions to internal control issues regarding State
Of Nevada agencies.
20. 8/29/2012 20 Internal Controls – Nevada Internal Control Requirements
Legislated at 3 levels:
Statutory Requirement
Uniform System of Internal Controls
Agencies’ Written Procedures
In Nevada, internal control requirements for State agencies are administered by:
Statute
A uniform system of internal controls designed by the Department of Administration
Internal control policies and procedures written by agenciesIn Nevada, internal control requirements for State agencies are administered by:
Statute
A uniform system of internal controls designed by the Department of Administration
Internal control policies and procedures written by agencies
21. 8/29/2012 21 Internal Controls – Nevada Statutory Requirement
NRS 353A – “Internal Accounting and Administrative Control”
Legislates internal control requirements
Internal control requirements for state agencies are legislated by NRS 353A.
NRS 353A defines Internal Accounting and Administrative Control as a method through which agencies can:
Safeguard assets
Check accuracy & reliability of accounting records
Promote efficient operations
Adhere to managerial policies
Internal control requirements for state agencies are legislated by NRS 353A.
NRS 353A defines Internal Accounting and Administrative Control as a method through which agencies can:
Safeguard assets
Check accuracy & reliability of accounting records
Promote efficient operations
Adhere to managerial policies
22. 8/29/2012 22 Internal Controls - Nevada NRS 353A.020
Mandates a Uniform System of Internal Controls
Segregation of duties
Limit access to assets
Authorizations and Record Keeping
Practices followed in performance of duties
Effective system of internal review Pursuant to NRS 353A.020 the Department of Administration has established a uniform system of internal accounting and administrative controls for State agencies. This is a set of control procedures intended to address:
An organizational plan to provide segregation of duties
A plan to limit access to assets
Procedures for authorizations and record keeping to provide an accurate accounting system
A system of practices to be followed in performance of duties
An effective system of internal review
Pursuant to NRS 353A.020 the Department of Administration has established a uniform system of internal accounting and administrative controls for State agencies. This is a set of control procedures intended to address:
An organizational plan to provide segregation of duties
A plan to limit access to assets
Procedures for authorizations and record keeping to provide an accurate accounting system
A system of practices to be followed in performance of duties
An effective system of internal review
23. 8/29/2012 23 Internal Controls - Nevada Uniform System of Internal Controls
Self Assessment Questionnaire (SAQ)
Control Activities
Monitoring
SAQ available at
dintaud.state.nv.us The uniform set of internal accounting and administrative controls were written in the form of questions and consolidated into the Self Assessment Questionnaire (SAQ). The purpose of this is to provide agencies with a way to determine if they are in compliance with the uniform set of controls by answering these questions about their agency.
The SAQ includes control questions for all material fiscal areas including Revenues, Accounts Receivable, Purchasing, and others. It also includes questions on monitoring procedures for agencies’ self-evaluation of their internal controls.
The SAQ is available on our website at dintaud.state.nv.us click on the Financial Management link.
The uniform set of internal accounting and administrative controls were written in the form of questions and consolidated into the Self Assessment Questionnaire (SAQ). The purpose of this is to provide agencies with a way to determine if they are in compliance with the uniform set of controls by answering these questions about their agency.
The SAQ includes control questions for all material fiscal areas including Revenues, Accounts Receivable, Purchasing, and others. It also includes questions on monitoring procedures for agencies’ self-evaluation of their internal controls.
The SAQ is available on our website at dintaud.state.nv.us click on the Financial Management link.
24. 8/29/2012 24 Internal Controls - Nevada Self-Assessment Questionnaire
SAQ Revenues.doc
25. 8/29/2012 25 Internal Controls - Nevada Agencies’ Written Procedures
NRS 353A.020 (3) Requires agencies develop written procedures to:
Address control activities on SAQ
Address monitoring procedures on SAQ Nevada State agencies are required by NRS 353A.020 (3) to develop written procedures to carry out the uniform system of internal accounting and administrative controls adopted by the Department of Administration.
As previously stated the uniform system of internal accounting and administrative controls is documented in the Self-Assessment Questionnaire (SAQ)
Consequently, agencies must develop written procedures that address all the applicable control activities noted in the SAQ.
Applicable refers to transactions actually performed by the agency. For example, if an agency does not receive grants the grant questions in the SAQ would be not be applicable.Nevada State agencies are required by NRS 353A.020 (3) to develop written procedures to carry out the uniform system of internal accounting and administrative controls adopted by the Department of Administration.
As previously stated the uniform system of internal accounting and administrative controls is documented in the Self-Assessment Questionnaire (SAQ)
Consequently, agencies must develop written procedures that address all the applicable control activities noted in the SAQ.
Applicable refers to transactions actually performed by the agency. For example, if an agency does not receive grants the grant questions in the SAQ would be not be applicable.
26. 8/29/2012 26 Internal Controls - Nevada Agencies’ Written Procedures
Financial Management Assistance
Self Assessment Questionnaire
Templates
Contact us with any questions
(775)-687-0120
The financial management section of the Department of Internal audit is available to assist agencies in developing their written procedures.
We recommend using the Self Assessment Questionnaire as a guideline for your written procedures.
We also have templates available to assist you in preparing your written procedures.The financial management section of the Department of Internal audit is available to assist agencies in developing their written procedures.
We recommend using the Self Assessment Questionnaire as a guideline for your written procedures.
We also have templates available to assist you in preparing your written procedures.
27. 8/29/2012 27 Internal Controls - Nevada
Financial Management Web Page
dintaud.state.nv.us
Click on Financial Management link
28. 8/29/2012 28 Internal Controls - Nevada State Monitoring Requirements
NRS 353A.025 - Agency Self Assessment
Agencies periodically self-assess internal controls
SAM 2418 (Revised)
Annually complete SAQ
Annually test a sample of transactions using “Testing of Transactions” on our website at
dintaud.state.nv.us. Agencies are required to self assess their internal control systems as follows:
Periodic monitoring of internal control systems is required by statute. (NRS 353A.025)
Section 2400 of the SAM manual has been revised to provide additional instruction for agency self assessments. Agencies are required to annually assess both their written internal control procedures and their actual controls in practice for compliance with the uniform system of internal controls (as noted in the SAQ)
The self assessment questionnaire should be used to evaluate actual procedures in practice, by observing and interviewing the people performing the procedures.
When evaluating your written procedures, you should verify that your procedures contain the control activities in the SAQ. There is a cross reference column on the SAQ where you can list the page number and paragraph of you procedures that address the control activity.
Agencies should also test a sample of 3 to 5 transactions for each type of transaction they have for compliance with their written procedures and the SAQ. A “Testing of Transactions” checklist is available on our website.
Agencies are required to self assess their internal control systems as follows:
Periodic monitoring of internal control systems is required by statute. (NRS 353A.025)
Section 2400 of the SAM manual has been revised to provide additional instruction for agency self assessments. Agencies are required to annually assess both their written internal control procedures and their actual controls in practice for compliance with the uniform system of internal controls (as noted in the SAQ)
The self assessment questionnaire should be used to evaluate actual procedures in practice, by observing and interviewing the people performing the procedures.
When evaluating your written procedures, you should verify that your procedures contain the control activities in the SAQ. There is a cross reference column on the SAQ where you can list the page number and paragraph of you procedures that address the control activity.
Agencies should also test a sample of 3 to 5 transactions for each type of transaction they have for compliance with their written procedures and the SAQ. A “Testing of Transactions” checklist is available on our website.
29. 8/29/2012 29 Internal Controls - Nevada Biennial Report on Internal Controls
NRS 353A.025 (2)
Due July 1 of each even numbered year
Are actual processes adequate?
Are written procedures adequate?
Do written procedures agree with actual processes?
Signed by head of agency
“Report on Internal Controls” available at
dintaud.state.nv.us
The results of Agencies’ self assessments are eventually reported to the Department of Administration as follows:
Per NRS 353A.025 Agencies are required to report to the Director of Administration whether their internal controls are in compliance with the uniform system of internal accounting and administrative controls.
This report is due July 1st of each even numbered year.
Agencies are requested to complete the “Report on Internal Controls” form. (Available on our website)
In this report, agencies note whether their actual procedures are adequate meaning they comply with the uniform system (or the SAQ)
Agencies note whether their written procedures are adequate
And whether their written procedures agree with actual practices
The results of Agencies’ self assessments are eventually reported to the Department of Administration as follows:
Per NRS 353A.025 Agencies are required to report to the Director of Administration whether their internal controls are in compliance with the uniform system of internal accounting and administrative controls.
This report is due July 1st of each even numbered year.
Agencies are requested to complete the “Report on Internal Controls” form. (Available on our website)
In this report, agencies note whether their actual procedures are adequate meaning they comply with the uniform system (or the SAQ)
Agencies note whether their written procedures are adequate
And whether their written procedures agree with actual practices
30. 8/29/2012 30 Report on Internal Controls
Report on Internal Controls.doc
31. 8/29/2012 31 Internal Controls - Nevada NRS 353A.025 (4)
Submitted first Monday in February every odd numbered year
Report includes:
Did not submit “Report on Internal Controls”
Not submitted timely
No effective method of internal review
Identification of agencies with weaknesses
Extent and types of such weaknesses
Agencies’ self assessment results are then reported to top State officials as follows:
Per NRS 353A.025(4) The Department of Administration is required to compile the information reported from agencies on the “Report on Internal Controls Form” and report the following to the Governor, the Director of the Legislative Counsel Bureau, and the Legislative Auditor:
Agencies failing to submit the “Report on Internal Controls”
Agencies submitting the report late
Agencies that could not effectively review their internal control system
Agencies with material internal control weaknesses
The extent and type of such weaknesses
Agencies’ self assessment results are then reported to top State officials as follows:
Per NRS 353A.025(4) The Department of Administration is required to compile the information reported from agencies on the “Report on Internal Controls Form” and report the following to the Governor, the Director of the Legislative Counsel Bureau, and the Legislative Auditor:
Agencies failing to submit the “Report on Internal Controls”
Agencies submitting the report late
Agencies that could not effectively review their internal control system
Agencies with material internal control weaknesses
The extent and type of such weaknesses
32. 8/29/2012 32 Major Fiscal Processes Risks, Controls, and Other Issues for:
Revenues
Purchasing & Expenditures
Payroll and Personnel
Contracts
Travel
33. 8/29/2012 33 Revenues Cash, Checks, Money Orders
Most liquid asset
Risk – Embezzlement
34. 8/29/2012 34 Revenues Four Stages
Receiving
Depositing
Recording
Reconciling
35. 8/29/2012 35 Revenues Control Activities
Receiving
Checks
Restrictively Endorse Checks
Numeric must agree with written amount
No postdated checks, no foreign checks
Record or log Immediately (voids initialed by supervisor)
Cash
Pre-numbered multi part receipt
Large amount – 2 people receive
Count in presence of customer
36. 8/29/2012 36 Revenues Security
Funds should not be left unattended
Limit access to funds
Lock doors when counting or preparing deposit
Secure funds during break
Don’t commingle with petty cash
37. 8/29/2012 37 Revenues Control Activities
Receiving
NRS 353.1467
Payments of $10,000 or more by electronic transfer of money.
All Agency Memo.pdf
38. 8/29/2012 38 Revenues Control Activities
Depositing
$$ handled by as few people as possible
Segregate depositing from receiving
Prepare in secure area
Secure funds until deposit
Locked file cabinet, safe, etc.
Change combo, keys, as necessary
NRS 353.250 Bank Deposits
Every Thursday
$10k or more - next working day
39. 8/29/2012 39 Revenues Control Activities
Recording
Post to ledgers (A/R, Sales, Fees, etc.)
Segregate from receiving the $$$
Segregate from depositing the $$$
40. 8/29/2012 40 Revenues Control Activities
Reconciling
Segregate from receiving and depositing
Daily – A/R payments, sales, permits issued to $$$ received
Daily - Bank deposit to $$$ received
Weekly or Monthly - A/R payments, sales, permits issued to BSR
Monthly – Review A/R delinquency reports
Payments, sales, permits need controls
Sales – secure inventory
A/R payments – limit access to ledger
Permits issues – secure inventory, use pre-numbered forms
41. 8/29/2012 41 Purchasing and Expenditures
Risk of billing schemes
Purchase non-existent items
From fake vendors
Purchase real items for personal use
Fake claims or reimbursements
Most expensive employee theft
Let’s try analyzing the risks identified for Purchasing. Purchasing is the most risky fiscal area in terms of fraud.
Billing scams have historically been the most popular and expensive type of corporate and governmental purchasing fraud. This scam involves setting up phony vendors who sell non-existent items to the entity, or in our case, the state.
Such a risk should most likely not be accepted and additional resources should be utilized to mitigate this risk. However, analyzing this risk in more detail may help you limit the amount of additional resources required. For example, you can analyze this risk based on the type of item purchased.
Let’s try analyzing the risks identified for Purchasing. Purchasing is the most risky fiscal area in terms of fraud.
Billing scams have historically been the most popular and expensive type of corporate and governmental purchasing fraud. This scam involves setting up phony vendors who sell non-existent items to the entity, or in our case, the state.
Such a risk should most likely not be accepted and additional resources should be utilized to mitigate this risk. However, analyzing this risk in more detail may help you limit the amount of additional resources required. For example, you can analyze this risk based on the type of item purchased.
42. 8/29/2012 42 Purchasing and Expenditures Control Activities
Segregate ordering and receiving
Match - P.O., invoice, receiving document
Vendor numbers
Require outside agency approval
Over 1k
Weapons
Computers
43. 8/29/2012 43 Purchasing and Expenditures Controls for tangible Items
Verify item received
Match to P.O. and invoice
What if for:
membership fees, professional dues or water rights?
Intangible Assets (membership fees, professional licenses)
Intangible assets present more fraud risk than tangible assets.
The risk of purchasing a non-existing item would tend to be high, because there is no physical item to be received besides a certificate or receipt of some kind. Fake certificates and receipts are easy to create. Additionally, it would be relatively easy to create a fake vendor who supposedly sells membership fees.
It would be beneficial to perform additional procedures to verify the existence of the items purchased and the legitimacy of the vendor.
Intangible Assets (membership fees, professional licenses)
Intangible assets present more fraud risk than tangible assets.
The risk of purchasing a non-existing item would tend to be high, because there is no physical item to be received besides a certificate or receipt of some kind. Fake certificates and receipts are easy to create. Additionally, it would be relatively easy to create a fake vendor who supposedly sells membership fees.
It would be beneficial to perform additional procedures to verify the existence of the items purchased and the legitimacy of the vendor.
44. 8/29/2012 44 How to be a millionaire? Meet Paul Constantine Orphan
A 20 year Washoe County employee
Paul was authorized to purchase water capacity for the county
Paul created 2 fake companies
Paul supplied fake invoices to support the purchases
He purchased non-existent water capacity from the fake companies he created
Paul became a millionaire! His boss is not happy
The Washoe County water rights fraud is an example of the high risk associated with purchasing intangible assets. It may have been prevented if someone besides Paul had investigated the vendor.The Washoe County water rights fraud is an example of the high risk associated with purchasing intangible assets. It may have been prevented if someone besides Paul had investigated the vendor.
45. 8/29/2012 45 Purchasing and Expenditures Intangibles Assets
Control Activities
Receiving doesn’t work
Verify vendor
Google
Call them
Big bucks – visit if possible
46. 8/29/2012 46 Purchasing and Expenditures Address for fake company was a plumbing supply storage building
Control Activities
Independent verification of companies
Google
Verify company address
47. 8/29/2012 47 Purchasing and Expenditures Billing Schemes
Red Flags
Vendor’s address same as employee’s
Vendor’s name consists only of initials
Sudden increase in payments to vendor
Vendor’s address is a P.O. box
Invoices for unspecified consulting or poorly defined services
Large billings broken into smaller invoices to not attract attention
Let’s continue our discussion on billing schemes. As we stated before, this is the most common type of corporate fraud and usually involves setting up fictitious vendors. Here are some Red Flags for fictitious vendors:
Vendor’s address same as employee’s
Vendor’s name matches employee’s initials
Checks are written to cash
Vendor’s address is a P.O. box
Missing vendor data (fraudsters often enter the minimum amount of data needed to get a payment, they may not enter a phone number, zip code, etc)
Illogically formatted vendor data (fraudsters can be sloppy, they may miss a digit on a social security, phone number, etc.)
Let’s continue our discussion on billing schemes. As we stated before, this is the most common type of corporate fraud and usually involves setting up fictitious vendors. Here are some Red Flags for fictitious vendors:
Vendor’s address same as employee’s
Vendor’s name matches employee’s initials
Checks are written to cash
Vendor’s address is a P.O. box
Missing vendor data (fraudsters often enter the minimum amount of data needed to get a payment, they may not enter a phone number, zip code, etc)
Illogically formatted vendor data (fraudsters can be sloppy, they may miss a digit on a social security, phone number, etc.)
48. 8/29/2012 48 Purchasing and Expenditures Claims and Reimbursements
Victims of Crime Program
Employee Embezzlement
Case worker gave 50K to family members
Case worker verified loss of wages
49. 8/29/2012 49 Purchasing and Expenditures Claims and Reimbursements
Controls
Verify Claim (lost wages) with 3rd party
Involve second person in process
50. 8/29/2012 50 Purchasing and Expenditures Pay-and-Return Schemes
Employee intentionally overpays vendor
Vendor refunds overpayment to company
Employee embezzles refund
51. 8/29/2012 51 Procurement Cards US Bank
Available to all Agencies
Internal Control Template
Procurement Card Administrator Approval
Cardholder Agreement Form
52. 8/29/2012 52 Procurement Cards Internal Controls - Purchase
Purchases Authorized
Within Budget
Complies with SAM Rules – Purchasing
No Sales Tax, No Services
Signed Receiving Document
53. 8/29/2012 53 Procurement Cards Internal Controls – Audit
Review Billing Statements
Proper Authorizations
Supporting Doc’s
No Sales Tax, No Services
No Unauthorized Merchants or Categories
54. 8/29/2012 54 Payroll & Personnel Risk of:
Erroneous salaries
Fraudulent reporting of hours
55. 8/29/2012 55 Payroll & Personnel Erroneous salaries
Controls
Compare ESMT to
payroll report or HRDW
Classified or unclassified listing
Compare CAT 01 budget to actual
56. 8/29/2012 56 Payroll & Personnel Fraudulent reporting of hours
Controls
Supervisor approves time sheet
Maintain documentation for:
Annual Leave
Comp Leave
Flex Leave
Sick Leave
57. 8/29/2012 57 Payroll & Personnel Fraudulent reporting of hours (cont’d)
Controls
Compare time sheets to:
Leave documentation
Internal time tracking
58. 8/29/2012 58 Payroll & Personnel Other Reconciliations:
HRDW to BSR
Review any non-automated JV’s
Notify Central Payroll of any variances
Time sheets to Payroll Register
Ensure NEATS entries recorded in Advantage
59. 8/29/2012 59 Contracts Risks
Bribes and kickbacks
Undisclosed conflicts of interest
Accepting illegal gratuities
Economic extortion
60. 8/29/2012 60 Contracts Pay to Play
“$25,000 Club”
In October 2006, it was revealed that Patricia Blagojevich, a licensed real estate broker, earned $113,700 in commissions from the owners of a company that holds a no-bid contract with the state Department of Children and Family Services.
$25,000 Club
In the midst of the Rezko trial, the Chicago Tribune reported on what it called a "$25,000 Club" in which 75% of businesses, unions and individuals that gave a $25,000 donation to Rod Blagojevich's political campaign received benefits from the State of Illinois, including state contracts and appointments to state boards.In October 2006, it was revealed that Patricia Blagojevich, a licensed real estate broker, earned $113,700 in commissions from the owners of a company that holds a no-bid contract with the state Department of Children and Family Services.
$25,000 Club
In the midst of the Rezko trial, the Chicago Tribune reported on what it called a "$25,000 Club" in which 75% of businesses, unions and individuals that gave a $25,000 donation to Rod Blagojevich's political campaign received benefits from the State of Illinois, including state contracts and appointments to state boards.
61. 8/29/2012 61 Contracts
Economic Extortion
Bribes & Kickbacks
Used connections
Demanded kickbacks
Companies wanting State contracts
62. 8/29/2012 62 Contracts Controls
$999 limit on direct purchases (SAM)
Contracts of $2K Budget Approval (SAM)
Contracts of $10K BOE approval (SAM)
Contracts of 25K RFP (NRS 333.3)
63. 8/29/2012 63 Contracts Controls (Cont’)
Certified Contract Manager
Contract Monitor
Independent of authorizer
Verifies dates and deliverables
64. 8/29/2012 64 Travel Risks:
Fictitious Expenses
Inflated Actual Expenses
65. 8/29/2012 65 Travel Fictitious Expenses:
Personal stuff (hotels, alcohol)
Fake conventions
Canceled airline tickets, fake seminars or conventions
2 employees claiming mileage when they carpooled.
66. 8/29/2012 66 Travel Inflated Expenses:
Claiming tips (should be incidentals)
Claims in excess of per diem
Using inflated mileage totals
Taking a state car to Disneyland
67. 8/29/2012 67 Travel Controls
Detailed travel policy (per diem, mileage)
Formal review policy
Require original documentation
Look for alterations
Question unusual items
Avoid cash advances
Prosecute offenders
68. 8/29/2012 68 Travel Compensable Mileage and Commute Time
Definitions
Official Duty Station: The Office at 3427 Goni Road, Carson City
Job site: Audit site, airport, other official state business location.
Normal commuting mileage: The actual round trip mileage between the employee’s residence and “official duty station”.
Normal commuting Time: The actual round trip commute time between the employee’s residence and “official duty station”.
69. 8/29/2012 69 Travel Travel beginning and ending at official duty station or job site:
Mileage and time will be compensated for based on round trip.
Travel beginning or ending at employee’s residence
When commuting to or from a “job site”, any mileage (or time) in excess of the employee’s “normal commuting mileage” (or time) is compensable.
70. 8/29/2012 70 Travel Fair Labor Standards Act (FLSA)
Back and forth to work not compensable (unless employee works while commuting)
Regardless if Official Duty Station or Jobsite
71. 8/29/2012 71 Travel Travel Cards – US Bank
Ghost Account – State pays (air only)
Individual Liability - Individual pays
72. 8/29/2012 72 Travel Corporate Travel (Ghost Card)
Reconcile and pay monthly
Monthly supervisory review
73. 8/29/2012 73 Travel Individual Liability Cards
Travel Card Administrator (TCA)
Track cards
Ensure cardholders paying timely
Late payments affect our rebate
Use for business only
Follow normal travel claim reimbursement rules
74. 8/29/2012 74 ARRA American Recovery and Reinvestment ACT
Reporting Requirements
Who?
Anyone receiving ARRA $$$
Primary recipients can report for subrecipients
When?
10th day after end of calendar quarter
First report due October 10th
75. 8/29/2012 75 ARRA American Recovery and Reinvestment ACT
Reporting Requirements
What?
Amount of funds received and spent
List of projects and activities funds spent on
Estimate of jobs creates and retained
Details on sub-awards
76. 8/29/2012 76 Thank You Thank you for taking this class
Good luck on the test!
Thanks for taking this class.
Hopefully, you’ve realized the importance of being familiar with the COSO framework for establishing and evaluating internal controls, and the way internal controls are administered in the State of Nevada.
Please feel free to contact the Division of Internal Audits Financial Management section with any questions or comments at:
775-687-0120 or
diainformation@iaudits.nv.gov
Good Luck on the post-test!
Thanks for taking this class.
Hopefully, you’ve realized the importance of being familiar with the COSO framework for establishing and evaluating internal controls, and the way internal controls are administered in the State of Nevada.
Please feel free to contact the Division of Internal Audits Financial Management section with any questions or comments at:
775-687-0120 or
diainformation@iaudits.nv.gov
Good Luck on the post-test!