Presentation is loading. Please wait.

Presentation is loading. Please wait.

NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.

Published byBarnaby Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s."— Presentation transcript:

1 NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s Office of Budget / Office of Comptroller Operations

2  Pennsylvania’s Internal Control Structure  Statewide Audit Committee - Functions of the Audit Committee - Goals and Objectives of the Committee - Frequency of Committee Meetings - Questions?  Single Audit Finding Prompts need to improve Access Controls with SAP’s Governance Risk Compliance - Background - Overview - Challenges - Actions - Useful Tools - Sample internal flowcharts & reporting - Questions? Agenda 2 NASC Presentation – March 2014 2

3 Examples of Internal Controls in Pennsylvania 3 NASC Presentation – March 2014 Implement controls through effective policies & procedures: General System Controls/data security System access controls Month-end closing processes and reconciliations Methods for identifying and assessing risk: Recommendations of Audit Committee/Audit findings/MLCs System Development Life cycle Reviews /Post implementation reviews Examining new programs and areas most vulnerable (e.g., systems, financial reporting, operational) Control Environment Risk Assessment Control Activities Components Process Methods for maintaining integrity, ethics and competency: Governor’s Code of Conduct/Ethics Disclosure Forms Statewide Audit Committee/Bureau of Internal Audits Auditor General Audits & Inspector General Investigations Bureau of Quality Assurance Independent annual audits Continuous IC Training & Employee Development/Standards Increased accounting and auditing entry level requirements 3

4 PA’s Process to Ensure Effective Internal Controls 4 NASC Presentation – March 2014 Information & Communication Components Process Information must be disseminated timely: Monthly /Quarterly/Comprehensive Annual Financial Reporting Required Communications with Management on Audit findings & Required Resolutions Quarterly Audit Committee Meetings/Annual Audit Plan/Findings Policy communications, e.g., New OMB Grant Reform standards Entity-wide business process communications On-line and classroom training for fraud detection and prevention, ethics, accountability and transparency requirements 4

5 PA’s Process to Ensure Effective Internal Controls  Monitoring Activities Methods to continuously monitor internal controls include: Monitoring of role assignments & segregation of duties Continuous control payment monitoring Performance metrics and analysis/ management dashboards Quality assurance processes to ensure compliance with laws, regulations, and policies. Weekly system access Controls risk reporting Inventory and Fixed Asset monitoring Management reviews/System Development Life Cycle Reviews Components Process 5

6 6 NASC Presentation – March 2014 Questions or Comments? PA’s Process to Ensure Effective Internal Controls 6

7  The audit committee reviews and discusses the following with the external auditors:  Annual financial statements (CAFR)  Single Audit report and findings  Significant written communications between the independent auditors and management (i.e. management letter, unadjusted audit differences)  Significant disputes or difficulties with management encountered during the audit  Matters required to be discussed in accordance with SAS 114, “The Auditors Communication with Those Charged with Governance” Functions of an Audit Committee 7 NASC Presentation – March 2014 7

8 Internal Controls  Review the following with the internal auditors:  Significant risks or exposures facing the Commonwealth, as well as steps taken by management to mitigate these risks  The audit scope and plan for the internal auditors  Any significant findings and recommendations, from internal audits, along with management’s response  Any difficulties the internal audit team encountered in the course of their audits Functions of an Audit Committee 8 NASC Presentation – March 2014 8

9  Oversee the internal and external auditing and reporting process  Provide direction for the Commonwealth’s limited internal audit resources  Review and approve the Commonwealth annual audit plan to promote accountability and ensure management maintains appropriate internal controls  Review audit findings and recommendations and directs the necessary follow-up to ensure appropriate corrective action is initiated across state agencies. Goals and Objectives of the Committee 9 NASC Presentation – March 2014 9

10 PA has been moving forward with five strategic goals. These strategic goals are as follows:  Established a Commonwealth-wide audit committee.  Facilitate Control Self Assessment sessions with agency heads and management  Complete a Commonwealth-wide audit risk assessment  Develop an annual audit plan based on risk  Established a Bureau of Quality Assurance to provide continuous monitoring for improper payments, compliance, and continuous process improvements. Enterprise Risk Management (ERM) 10 NASC Presentation – March 2014 10

11 Notifications will be provided to the committee when the following occur:  Department of the Auditor General Opens a Special Performance Audit  US Office of the Inspector General Opens an Audit  Department of the Auditor General Releases a Special Performance Audit  US Office of the Inspector General Releases an Audit  BOA Releases a High Profile Audit Audit Committee Communications 10 NASC Presentation – March 2014 11

12  The Audit Committee meets 3-4 times annually  Usually meets at least twice with independent auditors to discuss CAFR and Single audits, auditor adjustments, audit findings, and management letter comments.  Usually meets to approve annual internal audit plan and requests management reviews and audits of risk areas  Agenda is typically set by the Director of the Bureau of Audits  Comptroller and Director of Reporting attend the meetings and provide content. Frequency of Audit Committee Meetings 12 NASC Presentation – March 2014 12

13 Audit Committee 13 NASC Presentation – March 2014 Questions or Comments? 13

14 Background:  Segregation of Duties risks within the Commonwealth’s SAP system resulted in a recurring single audit finding for 8 consecutive years.  Previous attempts were made to address SAP Access Controls: Approva failed since it was not directly integrated with SAP.  Number of users – Large organization with thousands of core users – needed a tool that could analyze large numbers of users with extensive access to multiple modules of SAP. SAP’s Governance, Risk & Compliance Module (GRC) 14 NASC Presentation – March 2014 14

15  “Governance” is how we manage strategic initiatives  “Risk” is the effect of uncertainty on business objectives. Risk management is the process that helps minimize financial losses  “Compliance” goes beyond our conformity with laws and regulations to include all facets that affect integrity, reputation, and our “brand”  SAP’s GRC module provides the Commonwealth with an enterprise view across these activities throughout our organization. 15 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 15

16 GRC is the system access control tool that helps:  Protect key information  Prevent unauthorized access  Prevent unauthorized transactions  Prevent errors and fraudulent activity  Ensures proper Segregation of Duties (SoD)  Ensure the security & integrity of our financial systems & reporting 16 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 16

17 Challenges:  The complexity of the GRC module/ significant learning curve.  The complexity and extent of access issues that developed over ten years that SAP was in place.  Little understanding of GRC from a rule set /business perspective  Few resources to dedicate to such a large project  Budget constraints prevented hiring SAP consultants  Minimal guidance on how to best implement the system within our current business environment.  PA’s role assignment process is managed by another state agency and sits outside of SAP.  Multiple agency involvement – role development (OA-IT), role assignment (OA/HR) and risk monitoring (Comptroller) 17 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 17

18 Year 2010 – Year of Planning and gaining an understanding of the system tools  Small project team developed to coordinate the clean-up of SoD risks.  The group led workshops of technical and business representatives to determine how to identify and resolve risks.  Process is on-going 18 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 18

19 Tremendous Progress within the last 6 months  Resolving risks identified within our Office of Budget  Systematizing & automating processes  Documenting processes & procedures  Improving communication between agencies  Reporting  And training personnel 19 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 19

20 The Future:  To continue GRC rollout to agencies with greatest number of risks  Expect the cleanup to benefit the remaining agencies who share same roles/risks.  Expect roles to stay clean going forward using GRC simulation tool.  Most current pain: establishing a process to help agency HR reps interpret SoD risk results before requesting a role for their users. 20 NASC Presentation – March 2014 SAP’s Governance, Risk & Compliance Module (GRC) 20

21 21 NASC Presentation – March 2014 21

22 22 NASC Presentation – March 2014 22

23 23 NASC Presentation – March 2014 23

24 24 NASC Presentation – March 2014 24

25 25 NASC Presentation – March 2014 25

26 26 NASC Presentation – March 2014 26

27 SAP’s Governance, Risk & Compliance 27 NASC Presentation – March 2014 Questions? 27

Download ppt "NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s."

Similar presentations

Internal Control Integrated Framework

Internal Control Integrated Framework
MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
…by your side. …working collaboratively. …to add value.

…by your side. …working collaboratively. …to add value.
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.

Prepared by Wa'el Bibi,CPA,CIA,CISA1 Internal Control Integrated Framework An Overview.. Bibi Consulting COSO’s Source: COSO’s Internal Control Integrated.
Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.

Effective Internal Control, Establishing an Internal Audit Function, and Compliance Plans 2014 Governmental Accounting For Local Public Health September.
Internal Control.

Internal Control.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Purpose of the Standards

Purpose of the Standards

Similar presentations

Ads by Google