Upload
macey-hugh
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
STATEMENT OF AUDITING STANDARDS 112 (SAS112)STATEMENT OF AUDITING STANDARDS 112 (SAS112)Communicating Internal Control Matters Identified in an AuditCommunicating Internal Control Matters Identified in an AuditUC Riverside June 2007UC Riverside June 2007
" Today's audit environment encourages transparency and
accountability. Therefore, an integrated
campuswide effort is needed to effectively
steward the funds entrusted to UCR.”
Chancellor Córdova
1- Why SAS1121- Why SAS1122- What is SAS1122- What is SAS1123- Impact of 3- Impact of SAS112 SAS112 4- Internal Control4- Internal Control5- Minimizing risk in 5- Minimizing risk in dept. operationsdept. operations6- What to do?6- What to do?
AGENDAAGENDA
WorldCom WorldCom Enron Enron
- American Institute of Certified - American Institute of Certified Public AccountantsPublic Accountants
For non-profit organizations For non-profit organizations (UCR)(UCR)
- SAS 112- SAS 112
Why SAS112?Why SAS112?
- United States Federal Law and SEC- United States Federal Law and SEC For Public CompaniesFor Public Companies
-Sarbanes–Oxley (SOX):-Sarbanes–Oxley (SOX):Requires Requires
conducting an conducting an assessment of the assessment of the effectiveness of effectiveness of internal controls internal controls by management, by management,
to be audited and to be audited and approved by the approved by the company’s company’s independentindependent accountantsaccountants
SAS112 is our SOXSAS112 is our SOX
Northwestern University (2003). Fine = $5.5m
Harvard University (2004). Fine = $2.6m
Florida International University (2005). Fine= $11.5m
University of Alabama Birmingham (2005). Fine =$3.4 m
Non-Compliance Fine$ - Contract & GrantsNon-Compliance Fine$ - Contract & Grants
Mayo Foundation (Mayo Clinics). Fine = $6.5m
University of California (2002). Fine =$1.8 m
What is SAS112?What is SAS112?Establishes standards for communicating internal Establishes standards for communicating internal control issues relating to:control issues relating to:
-integrity of financial reportingintegrity of financial reporting-compliance with applicable laws and regulationcompliance with applicable laws and regulation
Establishes standards that classifies Establishes standards that classifies communicated control issues as:communicated control issues as:
- control deficiencies- control deficiencies - significant deficiencies - significant deficiencies - material weaknesses- material weaknesses
SAS112 standards have been adopted SAS112 standards have been adopted by the federal agencies and the by the federal agencies and the Government Audit Standards has been Government Audit Standards has been updated to incorporate SAS112updated to incorporate SAS112
Impact of SAS 112 on UCRImpact of SAS 112 on UCR
Due to significant changes in the evaluation of control exceptions
and more stringent audit standards, UCR is more likely to encounter
control issues being identified and reported
- Increased scrutiny- Increased scrutiny- Larger audit samples- Larger audit samples
- More evidence and documentation - More evidence and documentation required during auditsrequired during audits
- Lower audit materiality thresholds- Lower audit materiality thresholds
Impact of SAS 112 on UCRImpact of SAS 112 on UCR
SAS 112 requires UCR to disclose deficiencies to 3rd parties:
RegentsSponsors (Federal, State &
Private)3rd party creditors
Accrediting agenciesRating agencies
Insurers
Impacts of deficiencies and weaknesses disclosures:Impacts of deficiencies and weaknesses disclosures:
-negative impact on reputation for UC, UCR, VCA, and -negative impact on reputation for UC, UCR, VCA, and DepartmentDepartment-increased internal and external audits-increased internal and external audits-audit disallowances, fines and penalties-audit disallowances, fines and penalties-potential negative impact on resource allocation-potential negative impact on resource allocation
Control Issues withControl Issues with - Ledger reconciliation & review- Ledger reconciliation & review - Budget variance analysis- Budget variance analysis - Revenue monitoring - Cash handling - Payroll processing- Payroll processing - Timekeeping & billing- Timekeeping & billing - Cost Transfers- Cost Transfers - Fiscal Year End Processes - Fiscal Year End Processes - PAN Reviews- PAN Reviews
Generally, internal controls Generally, internal controls at UCR are in order and adequate, at UCR are in order and adequate,
but there are departments,but there are departments,functions and areas where functions and areas where
we noted….we noted….
The campus goals, related to SAS112, are to:The campus goals, related to SAS112, are to: - Enhance understanding of Internal Controls- Enhance understanding of Internal Controls - Minimize Control Issues- Minimize Control Issues
Internal Control
Internal control is broadly defined as a process, effected by the UC
Regents, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the
following categories:
•Effectiveness and efficiency of operations.
•Reliability of financial reporting. •Compliance with applicable laws and
regulations.
INTERNAL CONTROL
INTERNAL CONTROL
Executive Executive ManagementManagement
Departments Departments (Chair/ (Chair/
Director, Director, MSO, Staff)MSO, Staff)
CentralCentral Offices Offices
((Accounting, Audit & Accounting, Audit & Advisory Services, Advisory Services,
AP&B, OR,AP&B, OR,etc.)etc.)
PARPARTNETNERSRSHIPHIP
Control Units Control Units (Deans/VC(Deans/VC & CFAO)& CFAO)
Minimizing the Risks Department Head:
Oversees and is integrated into the financial management process
Ensures proper controls and monitoring procedures are in place
Ensures financial reports are accurate and meaningful Ensure SAAs, transactors and reviewers are
appropriately trained and supported in their key business process roles
Minimizing the Risks
Timely reconciliation and review of monthly ledgers Budget to Actual review
Analysis of causes for variances Review of payroll transactions by financial staff
and responsible manager Regular review of financial reports by
department manager and business officer Evidence of ledger reconciliation and review
New Ledger Recon Tool-coming soon
Minimizing the Risk
Timely resolution of errors Frequent and late cost transfers can be a symptom of a
deficiency Ensure sufficient segregation of duties
No one person should have complete control over the key processing functions for financial transactions
Provides for prevention and detection Errors Inappropriate activities
Post Audit Notification (PAN) Reviews Payroll/Personnel System and UCRFS transactions Timely Adequate
What to do:What to do:
•TrainingTraining
1- Self-report1- Self-report
2-Assistance2-Assistance
Everyone is responsibleEveryone is responsible
•Control AssessmentControl Assessment
When issues are identified:When issues are identified:
3-Escalate/Remediate3-Escalate/Remediate
4-Proactive Approach4-Proactive Approach
When control issues When control issues or policy non-complianceor policy non-complianceare recurring and systemicare recurring and systemic::
It will be transparent It will be transparent and there will be consequencesand there will be consequences
Contacts
Gretchen Bolar, Vice Chancellor-Academic Planning & Budget [email protected]
Bobbi McCracken, Asst. Vice Chancellor-Financial Services [email protected]
Mike Jenson, Director-Audit & Advisory Services [email protected]
Bruce Morgan, Asst. Vice Chancellor-Office of Research [email protected]
Toffee Jeturian, Asst. Director-Audit & Advisory Services [email protected]
Marc Guerra, Director-Financial Control & Accountability [email protected]