Download presentation
Presentation is loading. Please wait.
Published byMelvyn Leonard Modified over 9 years ago
1
Auditors: Why do they ask all those questions? LGC Resource April 2015 Penny Austin, Assistant Director – IS Local Government Audit
2
Why those questions? Professional Standards Internal Controls Fraud Applicable Laws Data Analytics
3
Professional Standards GAO Yellow BookAICPA StandardsOMB Uniform Guidance
4
Internal Controls Processes effected by an entity’s management and other personnel designed to provide assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
5
COSO (Committee of Sponsoring Organizations) of the Treadway Commission
6
Simple Definition Internal controls are common sense procedures that address: What could go wrong? What steps should be taken to prevent those events from happening?
7
Personal Internal Control System Locking your car when you leave it in the parking lot Comparing your receipts to your credit card statement Balancing your personal check book
8
Why are Internal Controls Important? Protect the strong from temptation Protect the weak from opportunity Protect the innocent from false accusation From Once upon Internal Control by James Ulvog, CPA
9
Opportunity PressureRationalization FRAUD TRIANGLE
10
FRAUD Frauds discovered in the recent years. Committed by one person Trusted employee Internal controls were either nonexistent or not monitored
11
Examples of Good Internal Controls
12
Effective Controls- Cash Receipts and Deposits Separate cash drawers Prenumbered cash receipts- 9-2-103, TCA Stamp checks “for deposit only” as soon as they are received Drawer checkout procedures Deposit timely- 3 day deposit law Deposit Receipts Intact
13
Effective Controls- Cash Receipts and Deposits (cont.) Deposit slips should be itemized Sign- “You must receive an official receipt or your transaction is not complete” Segregate Duties- Employees responsible for receipting should NOT also be responsible for posting receipts to the accounting records.
14
Effective Controls- Disbursements Disbursements by official prenumbered checks Review documentation Do not sign blank checks Segregate duties between writing checks, signing, distribution, and posting to the accounting records
15
Effective Controls- Bank Reconciliations One employee should be responsible for opening the bank statement, reviewing it, and initialing. A separate employee should reconcile the bank statement monthly Bank reconciliations should be reviewed by an employee not responsible for reconciling the statement.
16
Effective Controls- Procurement Establish clear lines of authority for approving purchases before they occur Purchase orders Verify availability of appropriations before purchases are approved Payments for purchases should only be made after documentation that the goods or services were received Segregate duties between approval, payment and updating the accounting records
17
Effective controls- Journal Entries (JE’s) Use a standard journal entry form Supervisory review and approval of all journal entries Segregate duties between preparation of the JE, Approval of the JE, and posting to the records Supervisory review that all JE’s were properly posted to the records
18
Effective IS Controls Proper back-up procedures Daily backups should be stored in a secure location within the office. Weekly backups should be rotated to a secure, fireproof off-site location. A backup log documenting the location of all backups should be maintained. Backups should be tested.
19
Effective IS Controls (cont.) Password Maintenance All users should have a unique login and password. Shared logins should not be used. Passwords should remain confidential. Passwords should be changed every 90 days. Passwords of former employees should be immediately disabled.
20
Effective IS Controls (cont.) Disaster Recovery Planning Specific steps to follow to restore system Emergency phone numbers of personnel and vendors Backup storage location Manual procedures to follow until the system is restored
21
Effective IS Controls (cont.) Policies and procedures manual Operating system and application security Start-up/shut down procedures Back-up procedures Hardware software maintenance procedures Daily, monthly, and year-end procedures Output distribution list Hardware disposal policy Virus prevention policy
22
Effective IS Controls (cont.) Loading Operating System Updates Restricting Physical Access to System Proper Application Controls Adequate audit trail exists. Audit logs are maintained and reviewed.
23
Audit Logs and Other Reports TnCIS Delete Log Report Out-of Court Payments Report Trustee Audit Changes By Date Report Unprorated Receipts Report Maximum Posting Date Report Fund Offices Payroll Check Change Report Maximum Posting Date Report
24
Applicable Laws
25
City Charters/ Private Acts Budgeting Laws Purchasing Laws Fees and Taxes Filing Requirements Electronic Commerce
26
Applicable Laws TCA 6-54-903 – Requires cities to submit their travel policies to the Comptroller TCA 7-52-602 – Requires municipal electric systems to submit a business plan to the Comptroller TCA 5-8-505 – Requires county officials to file an annual financial report with the county mayor and county clerk
27
Applicable Laws TCA 47-10-119 – Requires all local governments who implement an electronic business system to file a statement with the Comptroller TCA 4-30-103 – Requires all local governments who implement a new technology platform to file a statement with the Comptroller
28
New Legislation Amendment to Financial Integrity Act requiring counties, municipalities, and metro governments to establish internal controls Amendment requiring local governments to close their accounting records no later than two months after fiscal year-end Amendment to CMFO Act changing the penalty provisions
29
Data Analytics
30
www.comptroller.tn.gov/la
40
Questions?
41
Penny Austin Penny.Austin@cot.tn.gov
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.