Upload
mricky
View
139
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
STATEMENT OF AUDITING STANDARDS 112 (SAS112)STATEMENT OF AUDITING STANDARDS 112 (SAS112)Communicating Internal Control Matters Identified in an AuditCommunicating Internal Control Matters Identified in an AuditUC Riverside June 2007UC Riverside June 2007 1
" Today's audit environment encourages transparency and
accountability. Therefore, an integrated
campuswide effort is needed to effectively
steward the funds entrusted to UCR.”
Chancellor Córdova
2
1- Why SAS1121- Why SAS1122- What is SAS1122- What is SAS1123- Impact of 3- Impact of SAS112 SAS112 4- Internal Control4- Internal Control5- Minimizing risk5- Minimizing risk -Sponsored -Sponsored Project AdminProject Admin -Dept. operations-Dept. operations6- What to do?6- What to do?
AGENDAAGENDA
3
WorldCom WorldCom Enron Enron
- American Institute of Certified - American Institute of Certified Public AccountantsPublic Accountants
For non-profit organizations For non-profit organizations (UCR)(UCR)
- SAS 112- SAS 112
Why SAS112?Why SAS112?
- United States Federal Law and SEC- United States Federal Law and SEC For Public CompaniesFor Public Companies
-Sarbanes–Oxley (SOX):-Sarbanes–Oxley (SOX):Requires Requires
conducting an conducting an assessment of the assessment of the effectiveness of effectiveness of internal controls internal controls by management, by management,
to be audited and to be audited and approved by the approved by the company’s company’s independentindependent accountantsaccountants
SAS112 is our SOXSAS112 is our SOX
4
Northwestern University (2003). Fine = $5.5m
Harvard University (2004). Fine = $2.6m
Florida International University (2005). Fine= $11.5m
University of Alabama Birmingham (2005). Fine =$3.4 m
Non-Compliance Fine$ - Contract & GrantsNon-Compliance Fine$ - Contract & Grants
Mayo Foundation (Mayo Clinics). Fine = $6.5m
University of California (2002). Fine =$1.8 m
5
What is SAS112?What is SAS112?Establishes standards for communicating internal Establishes standards for communicating internal control issues relating to:control issues relating to:
-integrity of financial reportingintegrity of financial reporting-compliance with applicable laws and regulationcompliance with applicable laws and regulation
Establishes standards that classifies Establishes standards that classifies communicated control issues as:communicated control issues as:
- control deficiencies- control deficiencies - significant deficiencies - significant deficiencies - material weaknesses- material weaknesses
SAS112 standards have been adopted SAS112 standards have been adopted by the federal agencies and the by the federal agencies and the Government Audit Standards has been Government Audit Standards has been updated to incorporate SAS112updated to incorporate SAS112
6
Impact of SAS 112 on UCRImpact of SAS 112 on UCR
Due to significant changes in the evaluation of control exceptions
and more stringent audit standards, UCR is more likely to encounter
control issues being identified and reported
- - Increased scrutiny- Larger audit samples
- More evidence and documentation required during audits
-Lower audit materiality thresholds
SAS 112 requires disclosure of deficiencies to Regents and
others7
Impacts of deficiencies and weaknesses disclosures:Impacts of deficiencies and weaknesses disclosures:
-negative impact on reputation -negative impact on reputation -increased internal and external audits-increased internal and external audits-audit disallowances, fines and penalties-audit disallowances, fines and penalties-potential impact on resource allocation-potential impact on resource allocation-negative impact on sponsored project funding-negative impact on sponsored project funding
8
Control Issues withControl Issues with - Ledger reconciliation & review- Ledger reconciliation & review - Certified effort reports- Certified effort reports - Cost Transfers- Cost Transfers - Expenditure monitoring- Expenditure monitoring - Budget variance analysis- Budget variance analysis - Cash handling/ Revenue monitoring - Payroll processing- Payroll processing - Timekeeping & billing- Timekeeping & billing - Fiscal Year End Processes - Fiscal Year End Processes
Generally, internal controls Generally, internal controls at UCR are in order and adequate, at UCR are in order and adequate,
but there are departments,but there are departments,functions and areas where functions and areas where
we noted….we noted….
9
Internal Control
Internal control is broadly defined as a process, effected by the UC
Regents, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the
following categories:
•Effectiveness and efficiency of operations.
•Reliability of financial reporting. •Compliance with applicable laws and
regulations.
INTERNAL CONTROL
INTERNAL CONTROL
101
Who is responsible for implementing internal controls?
11
PrincipalPrincipalInvestigatorInvestigator
&&Project Project
PersonnelPersonnelDepartments Departments
(Chair/ (Chair/ Director, Director,
MSO, Staff)MSO, Staff)
CentralCentral Offices Offices
((Accounting, Audit & Accounting, Audit & Advisory Services, Advisory Services,
AP&B, OR,AP&B, OR,etc.)etc.)
PARPARTNETNERSRSHIPHIP
Control Units Control Units (Deans/VC(Deans/VC & CFAO)& CFAO)
12
$0$10,000,000$20,000,000$30,000,000$40,000,000$50,000,000$60,000,000$70,000,000$80,000,000
FY03/04 FY04/05 FY05/06
State Agencies
Private
Local GovernmentFederal Government
Source FY03/04 FY04/05 FY05/06
1 Year % Increase/D
ecrease
2 Year % Increase/Decrea
se
Federal Government $36,970,256 $47,197,544 $53,447,911 13% 45%
Local Government $1,553,189 $1,936,147 $2,217,444 15% 43%
Private $14,358,686 $14,711,554 $13,544,906 -8% -6%
State Agencies $5,788,019 $5,985,849 $4,950,031 -17% -14%
Total $58,670,150 $69,831,094 $74,160,292 6% 26%Source: 2005-06 Annual Report on Contract & Grant ExpendituresSource: 2005-06 Annual Report on Contract & Grant Expenditures
Growth in Direct Contract and Grant ExpendituresGrowth in Direct Contract and Grant ExpendituresFiscal Year 2003/04 to Fiscal Year 2005/06
(a)
(a) 26% increase from FY03/04 13
UCR’s Challenge
Increasing extramural support while managing risk
Our GoalFacilitating Faculty Success!
14
efforteffortreportingreporting
cost transfers
overdraft
review of monthly
statements
cost sharing
physical inventory
sub-recipientmonitoring
award close-out
POTENTIALPOTENTIAL RISKS RISKS IN C&GIN C&GAREAAREA
15
FALL 2006
16
C&G Risk: Effort Reports
Symptoms of deficiencies Incomplete or missing reports Late reporting
Major area of concern for Federal Government
Current Efforts New on-line system coming
Resolution of deficiency Remove unsubstantiated costs
17
C&G Risk: Cost Transfers Symptom of Deficiency
High volume Late transfers (may require revised effort reports)
Improper documentation and/or allocation methodology
Major area of concern for Feds Current Efforts
Enhancing Business Rules Resolution of deficiency
Reversal of charges18
C&G Risk: Award Closeout
Symptom of Deficiency Delinquent Financial Reports Delinquent Technical Reports
Area of concern for Feds Current Efforts
Improving notification process Resolution
Future funding withheld for specific awards
Funding to institution withheld 19
Minimizing Risks in Sponsored Project Administration
Training C&G Workshops (to be expanded) Ethics Awareness
Tools Enterprise Reporting System Ledger Recon/Review System
(coming soon) Policies
C&G Manual UCR Research Administration Roles
& Responsibilities (in development)20
Minimizing Risks in Sponsored Project Administration
Timely review of monthly statements Budget to Actual
Anticipate unspent balances or overdrafts Review payroll transactions Regularly meetings/discussion between PIs
administrative staff Immediately report discrepancies
Communication Timely resolution
21
Minimizing Risks in Sponsored Project Administration
Timely return of certifications: Effort Reports Cost sharing Reports Impacts Financial Reports and Award
Close-Out Monitor Sub-recipient’s progress on
project compared to billing statements Potential impact on award close-out
Timely submission of Technical Reports
22
SAS112-Campus DepartmentsSAS112-Campus Departments
General Internal Controls to Minimize RiskGeneral Internal Controls to Minimize Risk
23
Minimizing Risk-Departmental
Department Head: Oversees and is integrated into the financial
management process Ensures proper controls and monitoring procedures
are in place Ensures financial reports are accurate and
meaningful Ensure SAAs, transactors and reviewers are
appropriately trained and supported in their key business process roles
24
Minimizing Risks-Departmental
Timely reconciliation and review of monthly ledgers Budget to Actual review
Analysis of causes for variances Review of payroll transactions by financial staff
and responsible manager Regular review of financial reports by
department manager and business officer Evidence of ledger reconciliation and review
Timely resolution of errors Frequent and late cost transfers can be a
symptom of a deficiency
25
Minimizing Risks-Departmental
Ensure sufficient segregation of duties No one person should have complete control over
the key processing functions for financial transactions
Provides for prevention and detection Errors Inappropriate activities
Post Audit Notification (PAN) Reviews Payroll/Personnel System and UCRFS
transactions Timely Adequate
26
What to do:What to do:
•TrainingTraining
1- Self-report1- Self-report
2-Assistance2-Assistance
Everyone is responsibleEveryone is responsible
•Control AssessmentControl Assessment
When issues are identified:When issues are identified:
3-Escalate/Remediate3-Escalate/Remediate
4-Proactive Approach4-Proactive Approach
When control issues When control issues or policy non-complianceor policy non-complianceare recurring and systemicare recurring and systemic::
It will be transparent It will be transparent and there will be consequencesand there will be consequences
27
Contacts
Gretchen Bolar, Vice Chancellor-Academic Planning & Budget [email protected]
Bobbi McCracken, Asst. Vice Chancellor-Financial Services [email protected]
Mike Jenson, Director-Audit & Advisory Services [email protected]
Bruce Morgan, Asst. Vice Chancellor-Office of Research [email protected]
Toffee Jeturian, Asst. Director-Audit & Advisory Services [email protected]
Marc Guerra, Director-Financial Control & Accountability [email protected]
28