Download presentation
Presentation is loading. Please wait.
Published byKaela Tarry Modified over 10 years ago
1
Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated
2
Agenda Background Requirements Implementation
3
Internal Control Legislation – 1950 Accounting and Auditing Act – 1982 Federal Managers Financial Integrity Act – 1990 Chief Financial Officers Act – 1994 Government Management Reform Act – 1996 Federal Financial Management Improvement Act
4
What are Internal Controls? Anything you do to successfully achieve your mission/goal legally and efficiently Objectives of controls: –Effective and efficient operations –Reliable financial reporting –Compliance with laws and regulations Applies to all aspects of life
5
Internal Control Standards Treadway Commission: Internal Control Guidance Control Environment Risk Assessment Activities M Information Communication GAO StandardsCOSO Framework
6
Internal Control Standards Control Environment Risk Assessment Control Activities M Information Communication GAO Standards Control Environment: Tone at the Top Risk Assessment: Threats to Mission Control Activities: Design & Operation Monitoring: Test Schedule Information & Communication: Up and down the Organization
7
Government Implementation: Assess Controls
8
Elements of an IC Program Mission Objectives Risks Control Activities
9
Internal Goals Management: Acknowledge it responsibility for establishing and maintaining ICs Apply IC objectives: –Effective and efficient operations –Reliable financial reporting –Compliance with laws and regulations Understand that ICs exist (or should) at every level and in every process of the organization Realize that good internal control leads to financial reporting integrity
10
Three Step Process Planning Phase Testing Phase Reporting Phase
11
Planning Phase Identify assessable units Establish governance body Determine material contributors Identify/document key business processes Perform risk assessment Identify key controls Develop 3-yr control assessment schedule Develop test methodology
12
Divide and Conquer !! Establish Assessable Units
13
Divide and Conquer !! Establish Assessable Units
14
Establish Governance Establish a governance body who will: –Have decision-making leaders as members –Identify material business lines/ processes –Know flowcharted business process –Identify risks and assess materiality –Document internal controls –Test internal controls –Report on control effectiveness –Develop corrective action plans
15
Identify Material Contributors Look at the Budget/Financials 2010 2009 Change 2010 2009 Change 2010 2009 Change Assets: Cash and investments............. $ 10.7 $ 10.4 $ 0.3 $ 4.6 $ 4.6 $ - $15.3 $ 15.0 $ 0.3 Capital assets (net).................. 28.6 26.7 1.9 0.1 0.1 - 28.7 26.8 1.9 All other assets......................... 7.9 7.1 0.8 1.6 1.4 0.2 9.5 8.5 1.0 Total assets.............................. 47.2 4 4.2 3.0 6.3 6.1 0.2 53.5 50.3 3.2 Liabilities: Accounts payable..................... 5.9 6.0 (0.1) 0.9 0.9 - 6.8 6.9 (0.1) All other current liabilities.... 4.2 3.7 0.5 4.1 2.1 2.0 8.3 5.8 2.5 Total current liabilities............ 10.1 9.7 0.4 5.0 3.0 2.0 15.1 12.7 2.4 Bonds payable.......................... 9.8 8.5 1.3 - - - 9.8 8.5 1.3 All other long-term liabilities 3.8 2.8 1.0 2.5 2.5 - 6.3 5.3 1.0 Total long-term liabilities........ 13.6 11.3 2.3 2.5 2.5 - 16.1 13.8 2.3 Total Liabilities........................ 23.7 21.0 2.7 7.5 5.5 2.0 31.2 26.5 4.7 Government Business-typeTotal
16
Identify Key Business Processes Capital Assets: –What processes add to balances? –What processes decrease balances? –What systems support the processes? –Where do the processes take place? –Where do the managers exist in the states organization chart?
17
Document Key Processes
18
Perform Risk Assessment Assess Risk: Document from flowcharts
19
IT Assertions Completeness Accuracy Validity Restricted Access
20
Financial Assertions Completeness Obligations/Rights Valuation Existence/Occurrence Reporting/Presentation Look for Risk of Misstatement
21
Identify Key Controls Document from flow charts
22
Document Key Controls IntraGov Accts Rec Not reported Document, document, document high 1 Reimb R/O Track & check low Inspect Preliminary Control Assessment
23
Develop Key Control Assessment Schedule All key controls are assessed at least once every three years Some more: –High risk –Change in: Law System Key personnel
24
Control Testing Options: 3-Year Plan Control Risk Test Low High Develop Corrective Action Plan If: Changes in: -Personnel? -Process? -System? Yes Annually for 3 years No Rotate to 3-year plan
25
Testing Phase Entity-Level Assessment Control Testing: –Process level –Transaction level –Include automated systems –Remember service providers
26
Entity-Level Assessment Evaluate Internal Control at Entity Level – GAO-01-1008G: Internal Control Management and Evaluation Tool – Use GAO Internal Control Standards
27
Control Testing Test key controls – Develop test plan and document – Decide on the appropriate test method – Establish tolerance level for error, document – Identify sample size: OMB recommendations – Test and document Consider dependencies – Service provider process controls – SAS 70 reports???
28
Reporting Phase Identifying Material Weaknesses Developing Corrective Action Plans Preparing Statement of Assurance
29
Identify Material Weaknesses At assessable unit level At subagency/department level At Agency/ Bureau/ Department level Management has the discretion to make the determination! OMB generous with Material Weakness definitions
30
Basis for Assurance Deficiencies can be: –Single deficiency –Significant deficiency –Material weakness Determines level of assurance –Cannot be unqualified if material weakness exists
31
Develop Corrective Actions Managers: Process Owners develop corrective actions plans and timelines Governance body concurs or non- concurs Published in Annual Financial Report (PAR) for feds Should be monitored by leadership Fed report periodically on progress to Office of Management and Budget
32
Corrective Action Plans Plan well Divide corrective steps into small manageable pieces – governance body should approve Develop realistic target dates Monitor progress continuously
33
Statement of Assurance Report on effectiveness of internal control Separate statements of assurance: – for operations and administration – for systems (Sec 4) – for financial reporting Report options: – Prescribed format for statement – Defined qualifiers: Unqualified Qualified No Assurance
34
Internal Control Reporting
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.