Internal Audit – How the Internal Audit Function Facilitates Internal Controls

Office of the City Auditor

City of Tallahassee

1

Internal Audits and Internal Controls

Session Purpose: How does an internal audit function assist management in ensuring an entity has established an adequate internal control framework as provided for by COSO and the GAO Green Book (Standards for Internal Control in the Federal Government )

2

COSO

• Committee of Sponsoring Organizations of the Treadway Commission (COSO): Comprised of five agencies: – American Accounting association

– AICPA

– Institute of Internal Auditors

– Institute of Management Accountants

– Financial Executives International

3

GAO GREEN BOOK

• Standards for Internal Control in the Federal Government

• Issued by the Government Accountability Office (GAO)

• Last updated in September 2014

• Green Book adapts COSO principles for a government environment

4

COSO Definition of “Internal Controls”

“A process effected by an entity that provides reasonable assurance that the entity’s objectives will be achieved.” Objectives include:

• Effective and Efficient Operations

• Reliability of reporting

• Compliance with applicable laws, regulations, and policies

5

Green Book Definition of “Internal Controls”

• “A process effected by an entity’s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. These objectives and related risks can be broadly classified into one or more of the following three categories:”

– Operations (effectiveness and efficiency)

– Reporting (reliability)

– Compliance (with applicable laws and regulations)

6

COSO and Green Book Internal Control Components

• Control Environment

• Risk Assessment

• Control Activities

• Information and Communication

• Monitoring Activities

7

COSO and Green Book Internal Control Components

8

COSO: Internal Audit

“Internal auditors play an important role in evaluating the effectiveness of control systems. As an independent function reporting to top management, internal audit is able to assess the internal controls systems implemented by the organization and contribute to ongoing effectiveness. As such, internal audit often plays a significant monitoring role.”

9

Green Book: Internal Audit

• Section 16.07 of the Green Book provides that internal audits play an important role in Monitoring Activities by performing independent, objective evaluations of control design and testing of internal controls.

• Internal audits provide greater objectivity as they are performed by reviewers that do not have responsibility for the activities being evaluated.

10

11

City Auditor’s Office

• Follow both GAGAS and IIA Standards

• All Audits are Performance Audits

• Complete average 20 audits annually

• Undergo an external peer review every three years

12

13

Document 2B - Office of the City Auditor Organization Chart

BACK

CITY AUDITORT. Bert Fletcher

ADMINISTRATIVE SPECIALIST IIMichelle Davis

SENIOR IT AUDITOR

Patrick Cowen

AUDIT MANAGERDennis Sutton

SENIOR AUDIT MANAGER

Don Hancock

SENIOR AUDITORCameisha Smith

SENIOR AUDITORVanessa Spaulding

OFFICE OF THE CITY AUDITOROrganization Chart

July 14, 2015

14

What we Audit Any City department, activity, or function

(except the Mayor and City Commission Offices)

Any entity that receives City funds as a grant, loan, or contract recipient

Joint City/County entities – Blueprint (Capital Infrastructure)

– CRA (Redevelopment)

– Consolidated Dispatch Agency (City/County/Sheriff)

15

Annual Audit Plan

Required by City charter

Over 250 auditable topics and areas

– List updated each year

Conduct an annual risk analysis

– All topics/areas are ranked

16

Risk Factors

1. Size of Operation/Fiscal Impact

2. Experience of Management

3. Complexity of Operations/Activity

4. Public Sensitivity

5. Threats to Public Health, Safety and Welfare

6. Susceptibility to Fraud, Waste, & Abuse

17

Other Sources for Planned Audit

1. Audit Shop awareness

2. Solicited Input from:

Mayor and Commissioners

City Leadership

City Advisory Boards

Independent Ethics Board

Neighborhood Associations

18

Citywide Cash Controls • One main revenue office but 26 other City locations

where revenues and receipts are collected

• Based Audit Program on City Internal Control Policy, which in turn was based on COSO Access to and Accountability for Resources

Direct Activity management

Segregation of Duties

Physical Controls

Execution of Transactions and Events

Recording of Transactions and Events

Information Processing

Documentation

19

Citywide Cash Controls (Continued)

1. Collections stored in unlocked cabinets and drawers (or purses and books!)

2. Permits and receipts not controlled or accounted for

3. Management not reviewing collection reports 4. Duties not adequately segregated 5. Checks not endorsed for days 6. Collections not timely deposited 7. Lack of electronic transfers 8. No documented transfers of custody

20

Audit of the Animal Services Center

• Inadequate segregation of duties in regard to adoption fees

• First identified in Citywide Cash Controls Audit (no changes made other than allegedly increased managerial reviews)

• New comprehensive audit conducted based on citizen concerns

• Audit identified scheme - estimated $80,000 adoption fees diverted

• Former employee convicted • Enhanced controls subsequently

implemented

21

Audit of Electric and Gas Revenues GAS

• Complex Meters with Billing System multipliers

• Over $1 million in unbilled consumption identified

• Some significant over billed consumption also

ELECTRIC

• Very technical – lot of reliance on electric staff

• Focused on accuracy of meters through meter testing

• Audit procedures identified 2 commercial customers getting free electricity

• Audit found $1.6 million billing error

22

Annual Citywide Disbursements Audit

• 350,000 transactions totaling over $1 billion

• Stratification and Categorization Applied

Payroll

Retirement

Energy Acquisitions

All Other

• Multiple criteria applied to each sample item

• Comprehensive testing

23

Annual Citywide Disbursements Audit (Continued)

• Relied Upon by external auditors • Findings:

Lack of control over time and attendance records Overpaid an insurance provider $53,000 Competitive procurement practices not followed Duplicate payments identified Extra pay period included in retirement benefit determinations Ineligible former employees and dependents inappropriately

allowed to participate in the City’s health insurance program

• Unique improvements: Revision to retirement ordinances Efficiencies for frequently paid vendors Implementation of an automated payroll time and attendance

system

24

Investments

• Size: Pension ($1 billion) and Non-Pension ($600 million)

• Audits addressed:

– Investment Performance

– Investment policy in accordance with best practices

– Investments properly diversified

– Investments allowable types (e.g., not too risky or overly conservative)

– Whether internal controls were adequate

25

Investments (continued)

Findings • Earnings allocation errors resulted in over $2

million of City earnings being incorrectly allocated

• Inadequate and untimely reconciliations of investment and custodian statements

• Capability for incompatible duties regarding transfer of funds

26

Audit of Commercial Insurance Acquisition

• Excess coverages purchased for property, liability and workers compensation

• Fees and premiums averaged $3.6 million annually

• Same broker and companies selected every year even though competitive processes used

27

Audit of Commercial Insurance Acquisition

• Audit recommended alternative competitive procurement process

• Selected broker not allowed to receive commission from selected providers and carriers to ensure no conflict of interest

• Actual savings of $434,000 realized in first full year new process used.

28

29