1 / 19

Managing a Small Audit Office:

Managing a Small Audit Office:. The Office of Inspector General at the SEC (1989-2004). Topics:. 1. Background : IG Act and SEC OIG 2. Lessons we learned 3. Case Studies of two audits. Prelude: the SEC Office of Internal Audit (1985-89). Creation of office Staffing of office

yolanda-hensley
Download Presentation

Managing a Small Audit Office:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing a Small Audit Office: The Office of Inspector General at the SEC (1989-2004)

  2. Topics: 1. Background : IG Act and SEC OIG 2. Lessons we learned 3. Case Studies of two audits

  3. Prelude: the SEC Office of Internal Audit (1985-89) • Creation of office • Staffing of office • Organizational location

  4. Background • Inspector General Act • Audits and investigations • Reporting • Independence and access • Similar Offices • Yellow Book standards

  5. Background • Our office • 5 auditors, 2 attorney investigators, 2 managers, plus contractors • Audit assignments: SEC programs (securities markets), Information Technology, Administrative/Financial

  6. Lessons learned: Staffing Experience Quality of staff (pay) Maximize value Staffing increases

  7. Lessons learned: Dealing with Auditees --Positive, constructive, give credit --Modify reports (auditee buy-in) --Focus on improvements, not on workpapers and reports (ends rather than means) --Different offices tend not to communicate

  8. Lessons learned: Quality Control for Audits • Meet standards, but no more: minimalism (hard enough) • Reduces administrative costs and helps ensure compliance • Minimalism for supervision too • Usefulness of peer reviews (improvements suggested: legal review, staff rotation)

  9. Lessons learned: Risk Assessments • Quantitative risk assessment • Administrative costs • Preference of staff • Role of judgment • Qualitative risk assessment • Relation to Annual and Strategic Plans

  10. Lessons learned: Audit Coverage • Gradual increase • Financial/administrative, then Information Technology, then programs • Avoidance of complex policy questions • Congress, Commissioners, GAO coverage • Limited staff and expertise • Coverage where most useful and other coverage lacking

  11. Lessons Learned: Audit Coverage • Consider other options to full scale audit • For example • Audit Memorandum rather than report • No audit or limited audit: brief senior management on significant, pressing issues (if they agree to take action without full audit, saves time) • Inspection or special project

  12. Lessons learned: Information Technology contractors • IT: major problems, major expenses, insufficient attention by others • Too much work for one staff • Hired several contractors with option years: expertise, flexibility, increased coverage • Conflict of interest and confidentiality issues

  13. Case studies • Information Technology capital planning • Disgorgement waivers

  14. IT Capital Planning • First audit • No formal process and procedures • Assisted management in developing one • Follow-up Audit • Processes still informal, ad hoc, not in full compliance with statutes and regulations • Resistance and lack of understanding from some staff; poor communication between IT Office and program offices

  15. IT Capital Planning • Risks greater because of large increases in IT budget • Audit helped educate SEC staff, enhanced controls, and established authority of IT Office over Capital Planning • Many briefings, auditees helped identify solutions (buy-in) • Used standard evaluation frameworks (GAO, OMB, etc.)

  16. Disgorgement Waivers • Auditor divorce • Did research on hidden assets—public data bases • Applied personal research to Disgorgement audit • “Ill-gotten” assets from securities law violations—returned to investors

  17. Disgorgement Waivers • Disgorgement often waived because of inability to pay, based on defendant’s sworn statement • Enforcement not checking for hidden assets and relying on good faith of defendant • Auditor realized that violators not trustworthy, controls not adequate

  18. Disgorgement Waivers • Convinced Enforcement to hire contractor and implement procedures to locate hidden assets • OIG reported significant problem in Semi-Annual Report: internal control weakness, materiality of assets involved • Problem got media attention, several news articles published

  19. Contact information • egbertn@sec.gov • 202-942-4462; fax 202-942-9653 • www.sec.gov; www.ignet.gov

More Related