ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services.

Slides:



Advertisements
Similar presentations
INTERNAL CONTROLS.
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Massachusetts Department of Elementary & Secondary Education
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Internal Controls 101 RDML K. Taylor | DHS CFO Brief | 25 JAN 2010 Assistant Commandant For Resources.
1 Brown Bag Luncheon: ARMICS Stage 2 Update Presented By: Susan Petersen January 9, 2008.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Copyright © 2007 Prentice-Hall. All rights reserved 1 Internal Control & Cash Chapter 8.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
INTERNAL CONTROLS. Session Objectives Understand why an organization should have internal controls Understand the key components of internal controls.
INTERNAL CONTROL OVER FINANCIAL REPORTING
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
1 Brown Bag Luncheon: ARMICS Update Presented By: Steve Kimata and Susan Herod July 23, 2008.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Chapter 6 Cash and Internal Control. Cash  Cash:  Readily available to pay debts  Various forms of cash:  Coin and currency on hand  Cash on deposit.
Central Piedmont Community College Internal Audit.
An Educational Computer Based Training Program CBTCBT.
Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.
Transaction Processing and the Internal Control Process Small Business Information Systems Professor Barry Floyd.
1 INTERNAL CONTROLS Matthew Pakos School Improvement Grant Programs May 23, 2011.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Monitoring Internal Control Systems Johann Rieser Senior Auditor, Ministry of Finance, Vienna.
Internal Control in a Financial Statement Audit
PASBO Conference 3/14/ School District Business Operations – Efficiencies and Internal Controls Matthew J. Malinowski Business Manager Susquehanna.
EEC Internal Control Plan (ICP) FY2013. Direction from Secretary Malone Acting EEC Commissioner Thomas Weber shall initiate a top-to-bottom review of.
Internal Control in a Financial Statement Audit
Agency Risk Management & Internal Control Standards (ARMICS)
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Internal Controls and Fraud Convery Describe an Internal Controls System and its elements Identify specific Internal Control issues in a NPO Consider.
Internal Control 7. Management Issues Related to Internal Control OBJECTIVE 1: Identify the management issues related to internal control.
Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
INTERNAL CONTROLS What are they? Why should I care?
Enhancing the Effectiveness, Efficiency, Transparency, and Accountability of Operations of the Philippine Information Agency through Improvement of Internal.
Session 11 & 12. Auditing standard of I.A. & A.D. Prescribes: Auditor should report about weakness in Internal Control of management (Para 7.1.) Weakness.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 4.3: Internal Control & Audit.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Cash Reconciliations and Cash Handling WASBO Accounting Conference March, 2016.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
SUNY Maritime College Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal.
Internal Control.
Defining Internal Control
Internal Controls Towson University
Internal controls 01-Nov-2017.
Unit 11 October 22, 2017.
Internal Controls The comments made by the presenter represent the presenter’s opinions only; these comments and opinions do not necessarily represent.
Presentation transcript:

ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services

We all know where the donuts are!!

What is ARMICS ARMICS is the Agency Risk Management and Internal Control Standards implemented by the Virginia Department of Accounts in ARMICS is the Agency Risk Management and Internal Control Standards implemented by the Virginia Department of Accounts in Every Agency of the Commonwealth must comply with these standards. Every Agency of the Commonwealth must comply with these standards. These standards help to maintain Virginia’s ranking as the Best Managed State. These standards help to maintain Virginia’s ranking as the Best Managed State.

What is ARMICS continued: ARMICS is meant to help agencies with their business practices. ARMICS is meant to help agencies with their business practices. ARMICS helps provide a framework for sound accounting and operational practices. ARMICS helps provide a framework for sound accounting and operational practices.

The Objectives of ARMICS To provide reasonable assurance of the integrity of all fiscal processes related to: Submission of transactions to the Commonwealth’s general ledger Submission of transactions to the Commonwealth’s general ledger Submission of deliverables required by financial statement directives Submission of deliverables required by financial statement directives Compliance with laws and regulations Compliance with laws and regulations Safeguarding and Stewardship over the Commonwealth’s assets Safeguarding and Stewardship over the Commonwealth’s assets

What we have done at DBHDS Internal Audit? July – September 2009 July – September 2009 –Facility and Central Office ARMICS Review by Internal Audit –Issued reports with recommendations for FY –Found that ARMICS work is being done. –Recommended that more testing be completed. –ARMICS Presentation to the Facility Finance Staff

Internal Controls Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories: – –Effectiveness and efficiency of operations – –Reliability of financial reporting – –Compliance with applicable laws and regulations1

Internal Controls con’t Internal controls can be thought of as proactive measures to prevent inappropriate charges and to ensure compliance.2 Internal controls can be thought of as proactive measures to prevent inappropriate charges and to ensure compliance.2

4 Purposes of Internal Controls Promote orderly, economical, efficient and effective operations, and produce quality products and services consistent with the organization's mission. Safeguard resources against loss due to waste, abuse, mismanagement, errors and fraud.5

4 Purposes of Internal Controlscont’d Promote adherence to laws, regulations, contracts and management directives. Develop and maintain reliable financial and management data, and accurately present that data in timely reports. 5

5 Components of Internal Controls: Control Environment Control Environment Risk Assessment Risk Assessment Control Activities Control Activities Information and Communication Information and Communication Monitoring Monitoring

Control Environment The internal control environment encompasses: The internal control environment encompasses: –the policies, processes and skills that exist within a department to ensure only valid financial transactions are recorded.2

Control Environment cont’d Control Environment includes: Control Environment includes: –Management Philosophy –Oversight by Agency’s Governing Board –Integrity and Ethical Values (Develop a code of Ethics)‏ –Organizational Structure –Assignment of Authority and Responsibility –Work Force Competence –Human Resource Development

Risk Assessment An ongoing process of identifying, and analyzing potential risk events. The management of the risks to achieving the objectives of internal control. possible impact of these risks on the achievement of objectives.3 Determination of the possible impact of these risks on the achievement of objectives.3

Risk Assessment Cont’d Management must assess the risk of unexpected potential events and any expected events that could have a significant impact on the agency. Management must assess the risk of unexpected potential events and any expected events that could have a significant impact on the agency. All operational and control objectives throughout the organization should be identified.5 All operational and control objectives throughout the organization should be identified.5 Risk assessment should be done annually. Risk assessment should be done annually.

Control Activities The policies, procedures, techniques, and mechanisms that help ensure that management's response to reduce risks identified during the risk assessment process is carried out. Examples: 4 –Review and Approval –Verifications and Reconciliations –Security over assets –Segregation of duties

Control Activities continued: Develop and assess agency-level control activities applicable to: – –All significant fiscal processes – –Accounting administration – –The general ledger – –Information systems

Information and Communication “Information and Communication” involves identifying, capturing, and communicating relevant information in a form and timeframe that enables people to carry out their responsibilities. Effective communication occurs down, across, and up the agency. Effective communication occurs down, across, and up the agency. An effective information and communication process will assure that all personnel receive a clear message from top management that internal control responsibilities must be taken seriously. An effective information and communication process will assure that all personnel receive a clear message from top management that internal control responsibilities must be taken seriously.

Monitoring: Reviewing policies and procedures and updating them for any changes. Reviewing policies and procedures and updating them for any changes. Testing Testing Documentation of issues discovered during testing Documentation of issues discovered during testing Follow-up to ensure corrective actions have been taken Follow-up to ensure corrective actions have been taken

Keys to Strong Internal Controls Documenting the Policies and Procedures of your Organization. Documenting the Policies and Procedures of your Organization. Documenting the Internal Control strengths and weaknesses Documenting the Internal Control strengths and weaknesses Completing corrective actions for internal control weaknesses. Completing corrective actions for internal control weaknesses. Assessing Risk Assessing Risk Testing of Procedures and Controls Testing of Procedures and Controls

Documenting the Policies and Procedures What is done on a day to day basis What is done on a day to day basis Policies and Procedures should be complete and reviewed for changes annually Policies and Procedures should be complete and reviewed for changes annually This may identify areas that should be focused on for testing and it could identify process changes. This may identify areas that should be focused on for testing and it could identify process changes.

Documenting the Internal Controls ARMICS Internal Control Questionnaire ARMICS Internal Control Questionnaire –The questionnaires should be sent out again in FY 2010 –Review for completeness as well as internal control problems. From the Policies and Procedures as well as the Questionnaires, identify the internal controls as well as the weaknesses. From the Policies and Procedures as well as the Questionnaires, identify the internal controls as well as the weaknesses.

Internal Control Corrective Actions: If you identify an internal control weaknesses: If you identify an internal control weaknesses: –Prepare a plan to correct this weakness and document it in the policies and procedures –Give a time frame that this corrective action will be implemented –Document compensating controls if there are any

Assessing Risk The risk of control failures should be identified The risk of control failures should be identified Ensure that time is spent in the areas assessed as having a high risk. Ensure that time is spent in the areas assessed as having a high risk.

Testing Think like and Auditor Think like and Auditor –Focus on what could happen –Be observant –Look for control weaknesses –Test for compliance Review your policies and procedures Review your policies and procedures Know the applicable regulations Know the applicable regulations –Procurement, Commonwealth, Federal Regulations etc..

Testing continued: Areas to test: Areas to test: –Fiscal processes Payroll Payroll Accounts Payable Accounts Payable Cashiering Cashiering Revenue/Accounts Receivable Revenue/Accounts Receivable Reconciliations Reconciliations Financial Reporting Financial Reporting Fixed Assets Fixed Assets

Testing continued: Areas to test: Areas to test: –Other Processes Pharmacy Pharmacy Physical Security over your facility Physical Security over your facility IT Access controls IT Access controls

Examples of Testing Procedures – Payroll Trace employees from employee list or CIPPS 10 to P3 form (comp status change form approving employment) Trace employees from employee list or CIPPS 10 to P3 form (comp status change form approving employment) Payroll approval process Payroll approval process Review list of 1099’s created. Test to see if they should have been on Payroll. Review list of 1099’s created. Test to see if they should have been on Payroll. Related testwork – Look at I9’s Related testwork – Look at I9’s

Examples of Testing Procedures – Accounts Payable Look at who has access to setup vendors and process (release) payments. They should not be the same person. Look at who has access to setup vendors and process (release) payments. They should not be the same person. Review the vendor list for reasonableness Review the vendor list for reasonableness Test a sample of invoices paid during the year to see if they have been approved and have supporting documentation Test a sample of invoices paid during the year to see if they have been approved and have supporting documentation

Examples of Testing Procedures – Cashiering The person collecting the money should not be the same person entering the deposit into the system and making the deposit. The person collecting the money should not be the same person entering the deposit into the system and making the deposit. Test the reconciliations to see that they are approved and done correctly. Test the reconciliations to see that they are approved and done correctly. Segregation of duties is key here Segregation of duties is key here

Examples of Testing Procedures – Revenue/AR Review the AR list. Make sure that there are not old receivables on the list that should be written off. Review the AR list. Make sure that there are not old receivables on the list that should be written off. Cash management testing. Ensure that receipts are deposited timely. Cash management testing. Ensure that receipts are deposited timely. Ensure that the deposits are reconciled to the source documents and the accounting system. Ensure that the deposits are reconciled to the source documents and the accounting system.

Examples of Testing Procedures – Reconciliations The reconciliations between FMS and CARS as well as the bank reconciliations should be done monthly and approved. The reconciliations between FMS and CARS as well as the bank reconciliations should be done monthly and approved. The outstanding check list should not have checks over 180 days old on it. The outstanding check list should not have checks over 180 days old on it. The reconciling items should be cleared timely. The reconciling items should be cleared timely.

Examples of Testing Procedures – Financial Reporting Trace each number back to the support documentation. Trace each number back to the support documentation. Determine that there is an approval process for all financial reports. Determine that there is an approval process for all financial reports. Oversight of the process and support for the numbers is key in this area. Oversight of the process and support for the numbers is key in this area.

Examples of Testing Procedures – Fixed Assets Select a sample of assets purchased. Test to see that they were approved. Select a sample of assets purchased. Test to see that they were approved. The fixed asset list for your organization should be accurate and up to date. The fixed asset list for your organization should be accurate and up to date. Select a sample of assets from the list and find them on the “floor”. Select a sample of assets from the list and find them on the “floor”. Select a sample of assets from the “floor” and find them on the list. Select a sample of assets from the “floor” and find them on the list.

Examples of Testing Procedures – Pharmacy Document the process over pharmacy purchases. Document the process over pharmacy purchases. Test a sample of pharmacy purchases to see that they were approved. Test a sample of pharmacy purchases to see that they were approved. Determine whether the pharmacy is secure. Determine whether the pharmacy is secure. Select a sample of pharmacy inventory from the list and find them on the “floor”. Select a sample of pharmacy inventory from the list and find them on the “floor”. Select a sample from the “floor” and find them on the list. Select a sample from the “floor” and find them on the list.

Examples of Testing Procedures – Physical Security Observe to see whether employees lock their computers when they are away from their computers. Observe to see whether employees lock their computers when they are away from their computers. Review the access controls to the building. Review the access controls to the building. See if the layout of the cashiering office is reasonable as it relates to security. See if the layout of the cashiering office is reasonable as it relates to security.

Examples of Testing Procedures – IT Access Review the list of access levels for your accounting system. Determine if the access is reasonable. Review the list of access levels for your accounting system. Determine if the access is reasonable.

DOA Requirements A new CAPP Manual section on ARMICS will outline future requirements A new CAPP Manual section on ARMICS will outline future requirements –Should be out in FY 2010 June 30, 2010 June 30, 2010 –The same certification that was due June 30, 2009 is due this June 30 th.

Certification to DOA Same as the certification on June 30, Same as the certification on June 30, –Testing is mentioned on the certification. –List any significant weaknesses in internal controls. –A corrective action plan should be completed for these weaknesses.

Corrective Action Plan Summary description of the deficiency in internal control. Summary description of the deficiency in internal control. When the deficiency was identified. When the deficiency was identified. A target date for the completion of the corrective action. A target date for the completion of the corrective action. Agency personnel responsible for monitoring progress of the corrective action. Agency personnel responsible for monitoring progress of the corrective action.

Next Steps for Internal Audit’s review of ARMICS: Issue a combined audit report outlining what was found at the facilities and central office related to ARMICS. Issue a combined audit report outlining what was found at the facilities and central office related to ARMICS. Follow-up with the facilities and central office based on their individual reports. Follow-up with the facilities and central office based on their individual reports. Provide guidance for the future ARMICS work. Provide guidance for the future ARMICS work. Monitor the DOA requirements Monitor the DOA requirements

References: 1.University of California – “ 1.University of California – “UNDERSTANDING INTERNAL CONTROLS” University of Rochester - ControlEnvironment.doc 3.RSM McGladry – “A Success Story” Newsletter_PDFs/Fundamentals/Fund_1stQ2 003.pdf 3.RSM McGladry – “A Success Story” Newsletter_PDFs/Fundamentals/Fund_1stQ2 003.pdf

References cont’d 4.Office of Financial Management – State of Washington. 4.Office of Financial Management – State of Washington Office of the New York State Comptroller “Standards for Internal Controls” cs/intcontrol_stds.pdf 5.Office of the New York State Comptroller “Standards for Internal Controls” cs/intcontrol_stds.pdf

Questions???

Contact Information: ARMICS ARMICS – click on the ARMICS link on the right hand side of the page Randy Sherrod, CPA Randy Sherrod, CPA –DBHDS Internal Audit Manager –

THANK YOU!