Upload
tran-viet-ha
View
231
Download
0
Embed Size (px)
Citation preview
8/11/2019 Using IC to Manage Risk
1/35
8/11/2019 Using IC to Manage Risk
2/35
Agenda
Background
Requirements
Implementation
8/11/2019 Using IC to Manage Risk
3/35
Internal Control Legislation
1950 Accounting and Auditing Act
1982 Federal Managers FinancialIntegrity
Act
1990 Chief Financial Officers Act
1994 Government Management Reform
Act
1996 Federal Financial ManagementImprovement Act
8/11/2019 Using IC to Manage Risk
4/35
What are Internal Controls?
Anything you do to successfully
achieve your mission/goal legally and
efficiently
Objectives of controls:
Effective and efficient operations
Reliable financial reporting
Compliance with laws and regulations
Applies to all aspects of life
8/11/2019 Using IC to Manage Risk
5/35
Internal Control Standards
Treadway Commission:Internal Control Guidance
Control Environment
Risk
Assessment
Activities
M
GAO Standards COSO Framework
8/11/2019 Using IC to Manage Risk
6/35
Internal Control Standards
Control Environment
Risk
Assessment
Control
Activities
M
GAO Standards
Control Environment: Tone at the
Top
Risk Assessment: Threats to
Mission
Control Activities: Design &
Operation
Monitoring: Test Schedule
Information & Communication:
Up and down the Organization
8/11/2019 Using IC to Manage Risk
7/35
Government Implementation:
Assess Controls
8/11/2019 Using IC to Manage Risk
8/35
Elements of an IC Program
Mission
Objectives
Risks
Control Activities
8/11/2019 Using IC to Manage Risk
9/35
Internal GoalsManagement:
Acknowledge it responsibility forestablishing and maintaining ICs
Apply IC objectives: Effective and efficient operations
Reliable financial reporting
Compliance with laws and regulations
Understand that ICs exist (or should) at every
level and in every process of theorganization
Realize that good internal control leads tofinancial reporting integrity
8/11/2019 Using IC to Manage Risk
10/35
8/11/2019 Using IC to Manage Risk
11/35
Planning Phase
Identify assessable units
Establish governance body
Determine material contributors
Identify/document key businessprocesses
Perform risk assessment
Identify key controls
Develop 3-yr control assessmentschedule
Develop test methodology
8/11/2019 Using IC to Manage Risk
12/35
Divide and Conquer !!
Establish Assessable Units
8/11/2019 Using IC to Manage Risk
13/35
8/11/2019 Using IC to Manage Risk
14/35
8/11/2019 Using IC to Manage Risk
15/35
Identify Material
ContributorsLook at the Budget/Financials2010 2009 Change 2010 2009 Change 2010 2009 Change
Assets:
Cash and investments............. $ 10.7$ 10.4 $ 0.3 $ 4.6 $ 4.6 $ - $15.3 $ 15.0 $ 0.3Capital assets (net).................. 28.6 26.7 1.9 0.1 0.1 - 28.7 26.8 1.9
All other assets......................... 7.9 7.1 0.8 1.6 1.4 0.2 9.5 8.5 1.0Total assets.............................. 47.2 4 4.2 3.0 6.3 6.1 0.2 53.5 50.3 3.2
Liabilities:
Accounts payable..................... 5.9 6.0 (0.1) 0.9 0.9 - 6.8 6.9 (0.1)All other current liabilities.... 4.2 3.7 0.5 4.1 2.1 2.0 8.3 5.8 2.5
Total current liabilities............ 10.1 9.7 0.4 5.0 3.0 2.0 15.1 12.7 2.4Bonds payable.......................... 9.8 8.5 1.3 - - - 9.8 8.5 1.3
All other long-term liabilities 3.8 2.8 1.0 2.5 2.5 - 6.3 5.3 1.0Total long-term liabilities........ 13.6 11.3 2.3 2.5 2.5 - 16.1 13.8 2.3
Total Liabilities........................ 23.7 21.0 2.7 7.5 5.5 2.0 31.2 26.5 4.7
Government Business-type Total
8/11/2019 Using IC to Manage Risk
16/35
8/11/2019 Using IC to Manage Risk
17/35
8/11/2019 Using IC to Manage Risk
18/35
Perform Risk Assessment Assess Risk: Document from flowcharts
Property, Plant and EquipmentBuildings & Structures
Disposals Subprocess
Staff AccountantReal Property
Accountability OfficerDistrict Engineer
Hand Receipt Holderor Realty Specialist
Receives notice ofapproved disposal
Start
B
B
A
Receives notice of
approved disposaland notifies thestaff accountant
Approves
Disposal
Generates Record ofDisposal in RD 72
screen within in REMIS
to add disposal info toassets record
Instructs HandReceipt Holder of
what to do withasset
Notifies staffaccountant that
the asset has beendisposed of in
REMIS
Completes disposalrequest document and
forwards to districtengineer and RPAO
Verifies that all
requireddocuments are
included, properlyand accuratelycompleted, and
approved.
Determines Assets needfor disposal throughperiodic inspections
Changes assetstatus within
CEFMS from inservice to retiredRejects
Disposal
A
CEFMS transfers
asset value intobuildings or
structures awaitingdisposal account
Forwards DisposalRequest
Document to
RPAO as notice tostart the disposal
process
Receives and reviews
Disposal requestdocument and
approves or rejectsdisposal request
BS.4
Changes asset status inCEFMS from Retired
to Disposed
Disposes of assetwithin REMIS inRD 82 screen
BS.3
CEFMS transfers assetvalue to appropriate
SGL accounts removingthe value from the
financial statements.
8/11/2019 Using IC to Manage Risk
19/35
8/11/2019 Using IC to Manage Risk
20/35
Financial Assertions
Completeness
Obligations/Rights
Valuation Existence/Occurrence
Reporting/Presentation
Look for Risk of Misstatement
8/11/2019 Using IC to Manage Risk
21/35
Identify Key ControlsDocument from flow charts
Property, Plant and EquipmentBuildings & Structures
Disposals Subprocess
Staff AccountantReal Property
Accountability OfficerDistrict Engineer
Hand Receipt Holder
or Realty Specialist
Receives notice of
approved disposal
Start
B
B
A
Receives notice of
approved disposal
and notifies the
staff accountant
Approves
Disposal
Generates Record of
Disposal in RD 72
screen within in REMIS
to add disposal info to
assets record
Instructs Hand
Receipt Holder of
what to do with
asset
Notifies staff
accountant that
the asset has been
disposed of in
REMIS
Completes disposal
request document and
forwards to district
engineer and RPAO
Verifies that all
requireddocuments are
included, properly
and accurately
completed, and
approved.
Determines Assets needfor disposal through
periodic inspections
Changes asset
status within
CEFMS from in
service to retiredRejects
Disposal
A
CEFMS transfers
asset value into
buildings or
structures awaiting
disposal account
Forwards Disposal
Request
Document to
RPAO as notice to
start the disposal
process
Receives and reviews
Disposal request
document and
approves or rejects
disposal request
BS.4
Changes asset status in
CEFMS from Retired
to Disposed
Disposes of asset
within REMIS in
RD 82 screen
BS.3
CEFMS transfers asset
value to appropriate
SGL accounts removing
the value from the
financial statements.
8/11/2019 Using IC to Manage Risk
22/35
Document Key Controls
IntraGovAccts Rec
Notreported
Entity
Preparer
Control
Number
Account/ Line
Item/Event
Business Cycle,
Accounting
Application Assertion Risk
Inherent
Risk
InternalControl
Currently In
Place
Control
Risk
Internal Control
Test Method Used
Risk Analysis
Account Line: Accounts Receivable
Document, document, document
high1 Reimb R/OTrack &check
low Inspect
Preliminary
Control Assessment
8/11/2019 Using IC to Manage Risk
23/35
Develop Key Control
Assessment Schedule All key controls are assessed at least
once every three years
Some more: High risk
Change in:
Law System
Key personnel
8/11/2019 Using IC to Manage Risk
24/35
Control Testing Options:
3-Year Plan
ControlRisk
Risk TestLow
High
DevelopCorrective Action Plan
If:
Changes in:
-Personnel?-Process?-System?
Yes
Annually for 3 years
No
Rotate to 3-year plan
8/11/2019 Using IC to Manage Risk
25/35
Testing Phase
Entity-Level Assessment
Control Testing:
Process level
Transaction level
Include automated systems
Remember service providers
8/11/2019 Using IC to Manage Risk
26/35
8/11/2019 Using IC to Manage Risk
27/35
Control Testing
Test key controls
Develop test planand document
Decide on the appropriate test method
Establish tolerance level for error,
document Identify sample size:
OMB recommendations
Test and document
Consider dependencies
Service provider process controls
SAS 70 reports???
8/11/2019 Using IC to Manage Risk
28/35
Reporting Phase
Identifying Material Weaknesses
Developing Corrective Action Plans
Preparing Statement of Assurance
8/11/2019 Using IC to Manage Risk
29/35
Identify Material Weaknesses
At assessable unit level At subagency/department level
At Agency/ Bureau/ Department level
Management has the discretion to makethe determination!
OMB generous with
Material Weakness
definitions
8/11/2019 Using IC to Manage Risk
30/35
Basis for Assurance
Deficiencies can be:Single deficiency
Significant deficiency
Material weakness
Determines level of assurance
Cannot be unqualified if materialweakness exists
8/11/2019 Using IC to Manage Risk
31/35
Develop Corrective Actions
Managers: Process Owners developcorrective actions plans and timelines
Governance body concurs or non-concurs
Published in Annual Financial Report(PAR) for feds
Should be monitoredby leadership
Fed report periodically on progress toOffice of Management and Budget
8/11/2019 Using IC to Manage Risk
32/35
Corrective Action Plans
Plan well
Divide corrective steps into small
manageable piecesgovernance bodyshould approve
Develop realistic target dates
Monitor progress continuously
8/11/2019 Using IC to Manage Risk
33/35
8/11/2019 Using IC to Manage Risk
34/35
Internal Control Reporting
8/11/2019 Using IC to Manage Risk
35/35