Government PowerPoint Template - Michigan Association for Local

Report
Effective Internal Control,
Establishing an Internal Audit Function,
and Compliance Plans
2014 Governmental Accounting For Local Public Health
September 11, 2014
Presented by:
Stephen W. Blann, CPA, CGFM, CGMA
Director of Governmental Audit Quality
Rehmann
2
Session Outline
• Effective internal control
– COSO Framework
• Internal audit function
– GFOA Best Practices
• Compliance Plans
– Internal control over compliance
3
Overview of Internal Control
• Internal Control—Integrated Framework
– COSO Report (1992 & 2013)
– Committee of Sponsoring Organizations (AICPA,
AAA, IIA, IMA, FEI)
– Codified in Auditing Standards by AICPA, GAO, and
PCAOB (SOX)
4
Overview of Internal Control
• Management’s responsibilities
– Effectiveness
– Efficiency
– Compliance
– Financial Reporting
• Internal controls are the framework
management establishes to ensure it meets
these responsibilities
5
Overview of Internal Control
• Limitations of internal controls
– Cost vs. benefit
– No “perfect” system
– Management override
6
Overview of Internal Control
• Responsibility for internal control
– Management is primarily responsible
• Independent auditors “gain an understanding” – not a
substitute for management
• Internal auditors work for management
– The governing body is ultimately responsible
7
Overview of Internal Control
• Management is responsible for:
– Design
– Implementation
– Monitoring
– Reporting
8
The Internal Control Framework
•
•
•
•
•
9
The Control Environment
Risk Assessment and Monitoring
Control-related Policies and Procedures
Information and Communication
Monitoring
The Internal Control Framework
Control Environment
•
•
•
•
10
Management’s attitude / example
Communication
The Internal Auditor
The Audit Committee
The Internal Control Framework
Risk Assessment and Monitoring
• Changes in:
– Operating environment
– Personnel
– Information systems / technology
– Rapid growth
– New programs / services
– Structure
11
The Internal Control Framework
Risk Assessment and Monitoring
• Inherent risk
• Prioritization
– Significance
– Likelihood
12
The Internal Control Framework
Control-Related Policies
• Essential tasks of an accounting system
– Assemble data
– Analyze, classify, and record data
– Report on data
– Maintain accountability over assets
13
The Internal Control Framework
Control-Related Policies
• Management’s implicit assertions
– Existence / occurrence
– Completeness
– Rights / obligations
– Allocation / valuation
– Presentation / disclosure
14
The Internal Control Framework
Control-Related Policies
• Policies and procedures
– Authorization
– Properly designed
records
– Security of assets and
records
– Segregation of
incompatible duties
15
–
–
–
–
Periodic reconciliations
Periodic verifications
Analytical review
Timely external
reporting (GAAP)
The Internal Control Framework
Information and Communication
• Information needs
– Appropriate content
– Timely / current
– Accurate
– Accessible
• Methods of communication
• Accounting policies and procedures manual
16
The Internal Control Framework
Monitoring
• Purpose (smoke alarm)
• Ongoing
• Evaluation of internal controls (internal audit)
17
Evaluating Internal Controls
• Identify control cycles
• Document processes
• Identify potential risks
http://www.coso.org/Guidanceonmonitoring.htm
18
Evaluating Internal Controls
• Identify compensating controls
– Authorization
– Properly designed
records
– Security of assets and
records
– Segregation of
incompatible duties
19
–
–
–
–
Periodic reconciliations
Periodic verifications
Analytical review
Timely external
reporting (GAAP)
Establishing an
Internal Audit Function
• GFOA Best Practices:
– Establishment of an Internal Audit Function
– Enhancing Management Involvement with
Internal Control
– Audit Committees
http://www.gfoa.org/best-practices
20
GFOA Best Practices
• Government Finance Officers Association of
the United States and Canada
– Professional organization
– Issues best practices and advisories on a variety of
topics relevant to government financial
management
21
GFOA Best Practices
• A BP identifies specific policies and procedures
as contributing to improved government
management. It aims to promote and facilitate
positive change rather than merely to codify
current accepted practice. Partial
implementation is encouraged as progress
toward a recognized goal.
22
GFOA Best Practice
Establishment of an Internal Audit Function
• Definition of an “internal auditor”:
– any audit professional who works directly for
management, at some level, and whose primary
responsibility is helping management to fulfill its
duties as effectively and efficiently as possible.
23
GFOA Best Practice
Establishment of an Internal Audit Function
• Role(s) of an internal auditor:
– Monitoring the design and proper function of
internal control policies and procedures
– Function as an additional level of control
– Conduct performance audits
– Special investigations and studies
24
GFOA Best Practice
Establishment of an Internal Audit Function
• Recommendations:
– Every government should either
• Establish a formal internal audit function;
• Assign internal audit responsibilities to its regular
employees; or
• Hire a CPA firm (other than the independent auditor)
for this purpose
25
GFOA Best Practice
Establishment of an Internal Audit Function
• Recommendations:
– The internal audit function should be formally
established by charter, enabling resolution, or
other appropriate legal means
– Internal auditors should follow the GAO’s
Government Auditing Standards, including
standards applicable to independence
26
GFOA Best Practice
Establishment of an Internal Audit Function
• Recommendations:
– The head of the internal audit function should
possess at least a college degree and relevant
experience; a professional certification is
encouraged (CIA, CPA, CISA)
– The annual internal audit work plan and all
reports of internal auditors should be made
available to the audit committee
27
GFOA Best Practice
Enhancing Management Involvement w/ IC
• Purpose of internal control:
– Adequately protect public funds by prudent
management
– Provide a reasonable basis for finance officers to
assert the financial information they provide can
be relied upon
28
GFOA Best Practice
Enhancing Management Involvement w/ IC
• Stakeholders in internal control:
– Independent auditors provide assistance in
meeting internal control-related responsibilities,
but are not a substitute for management’s direct
and informed involvement with internal controls
– Elected officials must ensure that managers who
report to them fulfill their responsibilities in
implementing IC
29
GFOA Best Practice
Enhancing Management Involvement w/ IC
• Recommendations:
– Financial managers should obtain information and
training needed to meaningfully take
responsibility for internal control
– Obtain sound understanding of COSO’s
comprehensive framework of internal control
30
GFOA Best Practice
Enhancing Management Involvement w/ IC
• Recommendations:
– Internal control procedures should be
documented
– Design a practical means for lower level
employees to report instances of management
override of controls that could be indicative of
fraud
– Internal controls should be monitored and
reevaluated for adequacy
31
GFOA Best Practice
Enhancing Management Involvement w/ IC
• Recommendations:
– Evaluations of controls should include
effectiveness and timeliness of corrective action
for identified deficiencies
– Control effectiveness requires a baseline for future
monitoring, which should be adjusted for changes
in controls
– Corrective action plans should have timetables
and be monitored
32
GFOA Best Practice
Audit Committees
• There are 3 groups responsible for the quality
of financial reporting:
– Governing body
– Financial management
– Independent auditors
• The governing body must be seen as “first
among equals”
33
GFOA Best Practice
Audit Committees
• Audit Committees are a practical means for a
governing body to provide much needed
independent review and oversight of:
– the government’s financial reporting processes,
– internal controls, and
– the independent auditors
34
GFOA Best Practice
Audit Committees
• Selected recommendations:
– The governing body of every state and local
government should establish an audit committee
– The audit committee should be formally
established by charter, enabling resolution, or
other appropriate legal means
35
GFOA Best Practice
Audit Committees
• Selected recommendations:
– The documentation establishing the audit
committee should prescribe the scope of the
committee’s responsibilities, its structure, and
membership requirements
– The audit committee should be directly
responsible for the appointment, compensation,
retention, and oversight of the independent
auditor
36
GFOA Best Practice
Audit Committees
• Selected recommendations:
– All members should possess or obtain a basic
understanding of governmental financial reporting
and auditing
– The committee should have access to the services
of at least one financial expert (either a
committee member or outside party engaged for
this purpose)
37
GFOA Best Practice
Audit Committees
• Selected recommendations:
– The audit committee should provide independent
review and oversight of a government’s financial
reporting processes, internal controls and
independent auditors
– The audit committee should have access to the
reports of internal auditors, as well as access to
annual internal audit work plans
38
Compliance Plans
• Internal control over compliance
– Differences and similarities with IC over financial
reporting
– Existing and new requirements for grants
– Auditor involvement
39
Compliance Plans
• Existing requirements:
– OMB Circulars A-102 Common Rule and A-110
Administrative Requirements
– Requires management to establish and maintain
internal controls designed to provide reasonable
assurance of compliance with Federal laws,
regulations and program compliance
requirements
40
Compliance Plans
• New Uniform Grant Guidance (2 CFR 200):
– Establish and maintain effective internal control
over the Federal award that provides reasonable
assurance that the non-Federal entity is managing
the Federal award in compliance with Federal
statutes, regulations, and the terms and
conditions of the Federal award
– Consistent with COSO
41
Compliance Plans
• Auditor involvement
– Yellow Book engagements (material to financial
statements)
– Single audit (material to major federal programs)
– Other (Medicare, etc.)
42
Questions?
43
For more information...
Stephen W. Blann, CPA, CGFM, CGMA
Director of Governmental Audit Quality
Rehmann
[email protected]
www.rehmann.com/government
44

similar documents