Risk Assessment Documentation vsn1 by 15kX36D

VIEWS: 4 PAGES: 27

									Documentation of Internal Controls over - Financial Reporting
Internal control is a process designed to provide reasonable assurance regarding the
achievement of objectives in the following categories: a) reliability of financial
reporting, b) effectiveness and efficiency of operations, and c) compliance with
applicable laws and regulations. The following information documents the controls in
place over the objective of reliability in financial reporting.


Attributes of Reliable Financial Reporting:
* Complies with Generally Accepted Accounting Principles
     Financial reporting objectives are consistent with generally accepted
     accounting principles.
* Supports Informative Disclosures
     Financial statements are informative of matters that may affect their use,
     understanding and interpretation. Information presented is classified and
     summarized in a reasonable manner, neither too detailed nor too condensed.

* Reflects Entity's Activities
     The financial statements reflect the underlying transactions and events in a
     manner that presents the financial position, results of operations, and cash
     flows within a range of acceptable limits.
* Are Supported by Relevant Financial Statement Assertions
     Supporting the objectives is a series of financial statement assertions that
     underlie an entity's financial statements, with relevance depending on
     circumstances.

  Category of Objectives             Assertions
  Account Balances                   Completeness (AB-Comp) - All assets, liabilities, and equity
                                     interests that should have been recorded have bee recorded.
                                     Existence (AB-E)- Assets, liabilities, and equity interests exist.
                                     Rights and Obligations (AB-RO)- The entity holds or controls the
                                     rights to assets, and liabilities are the obligations of the entity.
                                     Valuation and Allocation (AB-V,Alloc)- Assets, liabilities, and equity
                                     interests are included in the financial statements at appropriate
                                     amounts.

  Transaction Classes                Accuracy (TC-Acc) - Amounts and other data relating to recorded
                                     transactions and events have been recorded appropriately.
                                     Classification (TC-Class) - Transactions and events have been
                                     recorded in the proper accounts.
                                     Completeness (TC-Comp) - All transactions and events that should
                                     have been recorded have been recorded.
                                     Cutoff (TC-Cut) - Transactions and events have been recorded in
                                     the correct accounting period.
                                     Occurrence (TC-O) - Transactions and events that have been
                                     recorded have occurred and pertain to the entity.

  Presentation and Disclosure        Accuracy and Valuation (PD-Acc,V) - Financial and other
                                     information are disclosed fairly and at appropriate amounts.
                                     Classification and Understandability (PD-Class,U) - Financial
                                     information is appropriately presented and described and
                                     disclosures are clearly expressed.
                                     Completeness (PD-Comp) - All disclosures that should have been
                                     included in the financial statements have been included.
                                     Occurrence and Rights and Obligations (PD-O,RO) - Disclosed
                                     events and transactions have occurred and pertain to the entity.

Required Financial Reporting:
     Annual Financial Report/Financial Statement Worksheets
     Schedule of Expenditures of Federal Awards - SEFA / Statewide Reporting - Single Audit
     Statewide Reporting - Comprehensive Annual Financial Report (CAFR)
     Statewide Reporting - Budgetary Compliance Report
al Reporting
Documentation of Internal Controls over - Financial Reporting
STEP 1
Complete the "Control Environment" questionnaire. Add additional pages as necessary.


STEP 2
Complete the "Risk Assessment" questionnaire. Add additional pages as necessary.



STEP 3
Please identify your entity type by placing an "X" in the appropriate box below and using the Load Processes button.

   Colleges/Universities/Technical Colleges
                                                                    Load Processes
   School Districts


Identify significant processes and financial systems by placing an "X" in the box
preceding the process name. Add any processes or system not listed using the               What is a Signficant
                                                                                            Process/System?
blank lines.
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                                                                                      COSO
                          Question                                                                  Information/Comments                                               Ref     Policy
1     Is there an audit committee or equivalent charged with    List the members of the committee, including names and titles.
      oversight of financial reporting and disclosure?          Name                      Title                                  Any financial reporting expertise?      2.4




2     Identify the responsibilities of the committee:
    a Describe how the minutes of the meetings of the                                                                                                                    2.5
      committee are prepared and retained. Provide the
      minutes to the auditor for review.
    b Describe how the committee oversee the work of both                                                                                                                2.6
      internal and external auditors.

    c Describe any interaction the committee has with                                                                                                                    2.7
      regulatory auditors, as necessary? Regulatory auditors
      would include performance auditors, federal auditors,
      Board of Regents Auditors etc.
    d Describe times when the committee meets privately                                                                                                                  2.9
      with internal and external auditors to discuss relevant
      matters.
3     Describe the normal number and nature of meetings
      held by the committee in an annual period.


Personnel
1     Please list the primary Financial and Information         Title                     Education                              Years of Experience
      Technology Personnel, including Title, Education and
      Years of Experience.
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                              COSO
                         Question
    Please list the primary Financial and Information                                  Information/Comments    Ref     Policy
1   Is there an audit committee or equivalent charged with
    Technology Personnel, including Title, Education and
    oversightExperience. reporting and disclosure?
    Years of of financial




2   Please provide a copy of the entity's Administrative organizational chart.

Integrity and Ethical Values
1   How has top management, including Board members,                                                             1.1
    developed a clear statement of ethical values that is
    understood at all levels of the organization?

2   How has the entity adopted and communicated to                                                               1.1
    employees and board members a formal code of
    conduct, including policies on conflicts of interest, and
    are employees required periodically to make a written
    declaration of compliance? Reference: Georgia Law,
    Code Section 45-10, for example.


3   What processes are in place for management to                                                                1.2
    monitor adherence to policies, principles of integrity
    and ethical values?
4   What actions does management take for known                                                                  1.3
    departures from approved policies, unacceptable
    business practices or conduct that might significantly
    affect the financial reporting process?

Management's Philosophy and Operating Style
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                              COSO
                        Question                                                       Information/Comments    Ref     Policy
1   What policies and procedures have been charged with
    Is there an audit committee or equivalentestablished by                                                      3.2
    oversight of financial reporting and disclosure? for the
    management to provide reasonable assurance
    reliability of accounting entries and estimates? If the
    entries/estimates are automated or created by an
    automated process, please describe the manner in
    which the calculations are made by the information
    technology system.
2   Describe when and whom in management periodically                                                            3.1
    reviews insurance coverage or delegates that task to
    someone?
3   Are employees who handle cash, securities and other                                                          3.1
    valuable assets bonded? Please describe positions and
    bonds.
4   Does management perform internal control activities                                                          3.3
    such as approvals and regular preparation or review of
    reconciliations?
5   Are financial statements submitted to and reviewed by                                                        3.1
    the following: Board? Oversight Body? Management?
    Audit Committee? Indicate specifically which groups
    review the financial statements in the information
    column.

Organizational Structure
1   Is there a low turnover of financial and information                                                         4.1
    technology management positions? Please list any
    recent turnover of key management positions.
2   How does management ensure that key operating                                                                4.2
    positions are adequately staffed, therefore avoiding
    constant crisis?
3   Do related employees, if any, have job assignments                                                           4.2
    that minimize opportunities for collusion? Please
    indicate any specific related employees dealing with
    financial reporting functions.
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                              COSO
                        Question                                                       Information/Comments    Ref     Policy
1  Is there an audit committee or equivalent charged with
   oversight of financial reporting and disclosure?
Financial Reporting Competencies
1   Describe the coordination between Accounting and                                                             5.1
    Information Technology departments, assistingn in
    timely reports and closings?
2   How does management ensure that employees are                                                                5.2
    adequately trained to meet their assigned
    responsibilities?
3   Is rotation of duties enforced by mandatory vacations?                                                       5.1
    If so describe procedures.
4   Does the entity use the current state chart of                                                               5.3
    accounts? If no, please explain why.

Authority and Responsibility
1   Are there formal job descriptions that clearly set out                                                       6.3
    duties and responsibilities? Where are these
    maintained and how are the duties communicated to
    employees?
2   Describe any oversight of the process for defining                                                           6.1
    responsibilities for key financial reporting roles.
3   Describe the oversight of the internal control over                                                          6.2
    financial reporting, including both initiating and
    maintaining the controls.
4   Describe procedures in place to appropriately limit the                                                      6.4
    authority and responsibility of key personnel?

Human Resources
1   Are backgrounds and references of applicants applying                                                        7.2
    for financial, IT, and other key positions verified? If so
    by whom?
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                              COSO
                           Question                                                    Information/Comments    Ref     Policy
1
2       Is there an audit committee or equivalent charged with
        Are financial and information technology personnel                                                       7.3
        oversight of financial reporting and or conferences on
        allowed to attend training sessions disclosure?
        current issues with a potential effect on financial
        reporting? Describe the types of training.
3       Is job performance periodically evaluated and reviewed                                                   7.4
        with employees? Describe any evaluation attributes
        specific to the financial reporting process.
4       Describe the established policies that clearly define                                                    7.1
        management's responsibilities for hiring, training,
        promoting and compensating employees.

Governing Body
1       Does the entity's governing body (Board and/or
        oversight Agency) perform the following duties:
    a   How does the governing body take an active role in
        overseeing the entity's policies and procedures?
    b   Describe the governing body, including information
        related to their knowledge, experience, and time to
        serve effectively?
    c   How and when does the governing body constructively
        challenge management's planned decisions and take
        appropriate action if necessary (for example,
        conducting special investigations)?
    d   How and when does the governing body meet in a
        timely manner with the chief accounting officer and/or
        internal auditors to discuss the reasonableness of the
        financial reporting process, the system of internal
        control, and other significant matters?

    e Does the governing body review the audit report
      produced by the Georgia Department of Audits and
      Accounts? If yes, indicate in the comments.
Control Environment
Instructions
Enter a brief description to each question below to assist the auditor in gaining an
understanding about the entity's control environment.


                                                                                                              COSO
                        Question                                                       Information/Comments    Ref   Policy
    How often audit committee or equivalent charged with
1 f Is there andoes the governing body receive and review
    oversight of financial reporting and disclosure?
    key information, such as financial statements,
    significant contracts, and contract negotiations?

 g What oversight exists in determining the compensation
   and benefits of top management (i.e. Board members,
   Presidents, Superintendents, etc.)?
 h How does the governing body sufficiently involve itself
   in establishing and evaluating the effectiveness of the
   "tone at the top" (e.g., approving the entity's code of
   conduct or policy and procedure manual)?
Risk Assessment
Risk assessment as it relates to the objective of reliable financial reporting involves identification and analysis of the risks of material misstatement, whether by fraud or error.
The entity identifies and analyzes risks to the achievement of financial reporting objectives as a basis for determining how the risks should be managed.

Risk identification includes consideration of the business processes that impact financial statement accounts and disclosures, the competency of entity personnel supporting
the financial reporting objectives, and information technology infrastructure and processes supporting the financial reporting objectives. Consideration should be given for
both internal and external factors and their impact on the achievement of financial reporting objectives.

Identified risks should be analyzed through a process that includes estimating the likelihood of its occurrence and potential impact of the risk.

Managing risks includes implementing controls or other means of mitigating the impact of the risks, such as insurance.

Management should, also, establish triggers for reassessing risks as changes occur that may impact financial reporting objectives.


Instructions
Enter a brief description to each question below to assist the auditor in gaining an understanding about the entity's overall risk assessment.



                Question                                       Yes/No                                              Information/Comments                                                 Policy
Financial Reporting Objectives
 1 Do financial reporting objectives align with the
   requirements of generally accepted accounting
   principles?
 2 Are the accounting principles selected appropriate in
   the circumstances?
 3 Are financial statements informative of matters that
   may affect their use, understanding, and
   interpretation?
 4 Is information presented classified and summarized
   in a reasonable manner, neither too detailed nor too
   condensed?
 5 Do the financial statements reflect the underlying
   transactions and events in a manner that presents
   the financial position, results of operations, and cash
   flows within a range of acceptable limits?
Risk Assessment
 6 For each significant account and disclosure, are
   financial reporting objectives supported by financial
   statement assertions that underlie a company’s
   financial statements, with relevance depending on the
   circumstances?
 7 Does the financial statement presentation reflect the
   idea of materiality?

Financial Reporting Risks
 1 Does the entity’s risk identification include
   consideration of the business processes that impact
   financial statement accounts and disclosures?

 2 Does risk identification and assessment consider the
   competency of company personnel dedicated to
   supporting the financial reporting objectives?
 3 Are information technology infrastructure and
   processes supporting the financial reporting
   objectives included in the financial reporting risk
   assessment?
 4 Has the organization put into place effective risk
   assessment mechanisms that involve appropriate
   levels of management?
 5 Does risk identification consider both internal and
   external factors and their impact on the achievement
   of financial reporting objectives?
 6 Are identified risks analyzed through a process that
   includes estimating the likelihood of the risk occurring
   and the potential impact of the risk?
 7 Has management established triggers for
   reassessment of risks as changes occur that may
   impact financial reporting objectives?

Fraud Risk
 1 Does the entity’s assessment of fraud risks consider
   incentives and pressures, attitudes, and
   rationalizations, as well as opportunity to commit
   fraud?
Risk Assessment
 2 Does the entity’s assessment consider risk factors
   that influence the likelihood of someone committing a
   fraud and the impact of a fraud on financial reporting?

 3 Do responsibility and accountability for fraud policies
   and procedures reside with the management of the
   business or function in which the risk resides?


Summarize the reasoning for this judgment along with any areas that the entity will be addressing to improve the quality of internal control over financial reporting.
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control components and determine specific
controls that have been implemented to mitigate or reduce the risk. Make an assessment of whether the controls are placed in operation and working
effectively.
Control Components
See worksheet for descriptions of the various control components.

                          Acronyms
    FR - Fraud Risk
    M or A - Manual or Automated

                                                                                                                                                                                                   Control Components
                                                                                                                                                                                                                                                   Mitigating Factors

                                                                                                                                                         M or A                                                                                 Control
                                  Risk                                       Assertion        FR                  Control Activities                     or Both   Information and Communication            Monitoring   Reference / Policy   Environment
Mitigating Factors


        Risk Assessment
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control components and determine specific controls
that have been implemented to mitigate or reduce the risk. Make an assessment of whether the controls are placed in operation and working effectively.


Control Components
See worksheet for descriptions of the various control components.

                            Acronyms
    FR - Fraud Risk
    M or A - Manual or Automated

                                                                                                                                                                                                         Control Components
                                                                                                                                                                                                                                                         Mitigating Factors

                                                                                                                                                              M or A                                                                                  Control
                                    Risk                                          Assertion        FR                  Control Activities                     or Both    Information and Communication            Monitoring   Reference / Policy   Environment
Mitigating Factors


        Risk Assessment
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control components and determine specific
controls that have been implemented to mitigate or reduce the risk. Make an assessment of whether the controls are placed in operation and working
effectively.
Control Components
See worksheet for descriptions of the various control components.

                          Acronyms
    FR - Fraud Risk
    M or A - Manual or Automated

                                                                                                                                                                                                   Control Components
                                                                                                                                                                                                                                                   Mitigating Factors

                                                                                                                                                         M or A                                                                                 Control
                                  Risk                                       Assertion        FR                  Control Activities                     or Both   Information and Communication            Monitoring   Reference / Policy   Environment
Mitigating Factors


        Risk Assessment
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control components and determine specific
controls that have been implemented to mitigate or reduce the risk. Make an assessment of whether the controls are placed in operation and working
effectively.
Control Components
See worksheet for descriptions of the various control components.

                          Acronyms
    FR - Fraud Risk
    M or A - Manual or Automated

                                                                                                                                                                                                   Control Components
                                                                                                                                                                                                                                                   Mitigating Factors

                                                                                                                                                         M or A                                                                                 Control
                                  Risk                                       Assertion        FR                  Control Activities                     or Both   Information and Communication            Monitoring   Reference / Policy   Environment
Mitigating Factors


        Risk Assessment
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control components and determine specific
controls that have been implemented to mitigate or reduce the risk. Make an assessment of whether the controls are placed in operation and working
effectively.
Control Components
See worksheet for descriptions of the various control components.

                          Acronyms
    FR - Fraud Risk
    M or A - Manual or Automated

                                                                                                                                                                                                   Control Components
                                                                                                                                                                                                                                                   Mitigating Factors

                                                                                                                                                         M or A                                                                                 Control
                                  Risk                                       Assertion        FR                  Control Activities                     or Both   Information and Communication            Monitoring   Reference / Policy   Environment
Mitigating Factors


        Risk Assessment
Documentation of Internal Controls over - Financial Reporting
Instructions
Identify risk, including fraud risk, associated with each significant process. For each risk identified, review the control
components and determine specific controls that have been implemented to mitigate or reduce the risk. Make an assessment of
whether the controls are placed in operation and working effectively.
Control Components
See worksheet for descriptions of the various control components.




                                                                                                                                                              Control Components
                                                                                                                                                                                                                 Mitigating Factors

                                                                                                                  M or A                                                                                      Control
                             Risk                                            Control Activities                   or Both     Information and Communication               Monitoring   Reference / Policy   Environment   Risk Assessment

								
To top