NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.

Slides:



Advertisements
Similar presentations
Internal Control Integrated Framework
Advertisements

MONITORING OF SUBGRANTEES
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Presented by YOUR NAME THE DATE
…by your side. …working collaboratively. …to add value.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Internal Control.
Auditing Computer-Based Information Systems
The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit
Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Internal Auditing and Outsourcing
Minnesota’s Internal Control Initiative National Association of State Comptrollers March 25, 2011 Speaker Jeanine Kuwik, MBA, CPA, CISA Director of Internal.
Central Piedmont Community College Internal Audit.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Chapter 3 Internal Controls.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
A DEPARTMENTAL PERSPECTIVE Drive Value through Compliance with the Green Book – Stop Checking the Box.
City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Agency Risk Management & Internal Control Standards (ARMICS)
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
FACILITATOR Prof. Dr. Mohammad Majid Mahmood Art of Leadership & Motivation HRM – 760 Lecture - 25.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Chapter 9: Introduction to Internal Control Systems
University of Minnesota Internal\External Sales “The Internal Sales Review Process” An Overview of What Happens During the Review.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Chapter 3-Auditing Computer-based Information Systems.
Regional Accreditation Workshop For Asia and Eastern Europe Manila, Philippines th March, 2012.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
Illinois Office of the Comptroller Financial Training Workshop 2016.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Audit Findings.
Roles and Responsibilities of the Audit Committee
Internal control - the IA perspective
The Elements of appropriate Internal Controls
Presentation transcript:

NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s Office of Budget / Office of Comptroller Operations

 Pennsylvania’s Internal Control Structure  Statewide Audit Committee - Functions of the Audit Committee - Goals and Objectives of the Committee - Frequency of Committee Meetings - Questions?  Single Audit Finding Prompts need to improve Access Controls with SAP’s Governance Risk Compliance - Background - Overview - Challenges - Actions - Useful Tools - Sample internal flowcharts & reporting - Questions? Agenda 2 NASC Presentation – March

Examples of Internal Controls in Pennsylvania 3 NASC Presentation – March 2014 Implement controls through effective policies & procedures: General System Controls/data security System access controls Month-end closing processes and reconciliations Methods for identifying and assessing risk: Recommendations of Audit Committee/Audit findings/MLCs System Development Life cycle Reviews /Post implementation reviews Examining new programs and areas most vulnerable (e.g., systems, financial reporting, operational) Control Environment Risk Assessment Control Activities Components Process Methods for maintaining integrity, ethics and competency: Governor’s Code of Conduct/Ethics Disclosure Forms Statewide Audit Committee/Bureau of Internal Audits Auditor General Audits & Inspector General Investigations Bureau of Quality Assurance Independent annual audits Continuous IC Training & Employee Development/Standards Increased accounting and auditing entry level requirements 3

PA’s Process to Ensure Effective Internal Controls 4 NASC Presentation – March 2014 Information & Communication Components Process Information must be disseminated timely: Monthly /Quarterly/Comprehensive Annual Financial Reporting Required Communications with Management on Audit findings & Required Resolutions Quarterly Audit Committee Meetings/Annual Audit Plan/Findings Policy communications, e.g., New OMB Grant Reform standards Entity-wide business process communications On-line and classroom training for fraud detection and prevention, ethics, accountability and transparency requirements 4

PA’s Process to Ensure Effective Internal Controls  Monitoring Activities Methods to continuously monitor internal controls include: Monitoring of role assignments & segregation of duties Continuous control payment monitoring Performance metrics and analysis/ management dashboards Quality assurance processes to ensure compliance with laws, regulations, and policies. Weekly system access Controls risk reporting Inventory and Fixed Asset monitoring Management reviews/System Development Life Cycle Reviews Components Process 5

6 NASC Presentation – March 2014 Questions or Comments? PA’s Process to Ensure Effective Internal Controls 6

 The audit committee reviews and discusses the following with the external auditors:  Annual financial statements (CAFR)  Single Audit report and findings  Significant written communications between the independent auditors and management (i.e. management letter, unadjusted audit differences)  Significant disputes or difficulties with management encountered during the audit  Matters required to be discussed in accordance with SAS 114, “The Auditors Communication with Those Charged with Governance” Functions of an Audit Committee 7 NASC Presentation – March

Internal Controls  Review the following with the internal auditors:  Significant risks or exposures facing the Commonwealth, as well as steps taken by management to mitigate these risks  The audit scope and plan for the internal auditors  Any significant findings and recommendations, from internal audits, along with management’s response  Any difficulties the internal audit team encountered in the course of their audits Functions of an Audit Committee 8 NASC Presentation – March

 Oversee the internal and external auditing and reporting process  Provide direction for the Commonwealth’s limited internal audit resources  Review and approve the Commonwealth annual audit plan to promote accountability and ensure management maintains appropriate internal controls  Review audit findings and recommendations and directs the necessary follow-up to ensure appropriate corrective action is initiated across state agencies. Goals and Objectives of the Committee 9 NASC Presentation – March

PA has been moving forward with five strategic goals. These strategic goals are as follows:  Established a Commonwealth-wide audit committee.  Facilitate Control Self Assessment sessions with agency heads and management  Complete a Commonwealth-wide audit risk assessment  Develop an annual audit plan based on risk  Established a Bureau of Quality Assurance to provide continuous monitoring for improper payments, compliance, and continuous process improvements. Enterprise Risk Management (ERM) 10 NASC Presentation – March

Notifications will be provided to the committee when the following occur:  Department of the Auditor General Opens a Special Performance Audit  US Office of the Inspector General Opens an Audit  Department of the Auditor General Releases a Special Performance Audit  US Office of the Inspector General Releases an Audit  BOA Releases a High Profile Audit Audit Committee Communications 10 NASC Presentation – March

 The Audit Committee meets 3-4 times annually  Usually meets at least twice with independent auditors to discuss CAFR and Single audits, auditor adjustments, audit findings, and management letter comments.  Usually meets to approve annual internal audit plan and requests management reviews and audits of risk areas  Agenda is typically set by the Director of the Bureau of Audits  Comptroller and Director of Reporting attend the meetings and provide content. Frequency of Audit Committee Meetings 12 NASC Presentation – March

Audit Committee 13 NASC Presentation – March 2014 Questions or Comments? 13

Background:  Segregation of Duties risks within the Commonwealth’s SAP system resulted in a recurring single audit finding for 8 consecutive years.  Previous attempts were made to address SAP Access Controls: Approva failed since it was not directly integrated with SAP.  Number of users – Large organization with thousands of core users – needed a tool that could analyze large numbers of users with extensive access to multiple modules of SAP. SAP’s Governance, Risk & Compliance Module (GRC) 14 NASC Presentation – March

 “Governance” is how we manage strategic initiatives  “Risk” is the effect of uncertainty on business objectives. Risk management is the process that helps minimize financial losses  “Compliance” goes beyond our conformity with laws and regulations to include all facets that affect integrity, reputation, and our “brand”  SAP’s GRC module provides the Commonwealth with an enterprise view across these activities throughout our organization. 15 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 15

GRC is the system access control tool that helps:  Protect key information  Prevent unauthorized access  Prevent unauthorized transactions  Prevent errors and fraudulent activity  Ensures proper Segregation of Duties (SoD)  Ensure the security & integrity of our financial systems & reporting 16 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 16

Challenges:  The complexity of the GRC module/ significant learning curve.  The complexity and extent of access issues that developed over ten years that SAP was in place.  Little understanding of GRC from a rule set /business perspective  Few resources to dedicate to such a large project  Budget constraints prevented hiring SAP consultants  Minimal guidance on how to best implement the system within our current business environment.  PA’s role assignment process is managed by another state agency and sits outside of SAP.  Multiple agency involvement – role development (OA-IT), role assignment (OA/HR) and risk monitoring (Comptroller) 17 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 17

Year 2010 – Year of Planning and gaining an understanding of the system tools  Small project team developed to coordinate the clean-up of SoD risks.  The group led workshops of technical and business representatives to determine how to identify and resolve risks.  Process is on-going 18 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 18

Tremendous Progress within the last 6 months  Resolving risks identified within our Office of Budget  Systematizing & automating processes  Documenting processes & procedures  Improving communication between agencies  Reporting  And training personnel 19 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 19

The Future:  To continue GRC rollout to agencies with greatest number of risks  Expect the cleanup to benefit the remaining agencies who share same roles/risks.  Expect roles to stay clean going forward using GRC simulation tool.  Most current pain: establishing a process to help agency HR reps interpret SoD risk results before requesting a role for their users. 20 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 20

21 NASC Presentation – March

22 NASC Presentation – March

23 NASC Presentation – March

24 NASC Presentation – March

25 NASC Presentation – March

26 NASC Presentation – March

SAP’s Governance, Risk & Compliance 27 NASC Presentation – March 2014 Questions? 27

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.