Docstoc

Internal Controls and the Audit Process

Document Sample
Internal Controls and the Audit Process Powered By Docstoc
					         Overview of
       the Audit Process

Texas State Agency Internal Audit Forum
             July 27, 2009
              Background
This presentation is designed for executives
and employees of Texas state agencies and
institutions of higher education. This is a
general overview of an audit process. The
purpose is to provide information to help
meet auditing, accountability, and
transparency requirements of Americans
Recovery and Reinvestment Act (ARRA).

                                               2
           Table of Contents
• The Audit Process – What to Expect
• Tips For a Smoother Audit
• Receiving the Results and Writing Responses
• Internal Control
• Types of Compliance Requirements and
  Findings
• What do Managers Need to Know?
• Resources
                       --                       3
     The Audit Process – What to Expect
     Most audits or monitoring visits follow this process although the order of
     the steps may vary:

1. Formal notification of the audit from the oversight agency.
2. Advance information request from auditor.
3. Risk assessment.
4. Entrance conference to discuss goals, objectives and timelines.
5. Planning and fieldwork in which auditors ask questions and perform
   testing.
6. Status reports during audit.
7. Exit conference where the draft report is reviewed and discussed.
8. Opportunity for management responses and corrective action plans.
9. Final report is issued.
10.Follow up to ensure that management’s corrective action occurred.


                                                                                  4
      Audit Tips: Communication
• Communicate expectations with the auditors.
• Identify a single point of contact for data
  requests.
• Establish a communication plan with your staff.
• Request topics of discussion in advance so
  meetings are properly staffed.
• Document all requests and responses.
• Have the single point of contact communicate
  with auditors frequently.

                                                    5
     Audit Tips: Communication
• Use your internal auditor to help interpret
  “auditor speak.”*




• Answer the question that is asked. Some of the
  questions may appear strange, such as those
  concerning about fraud, waste, and abuse;
  however, they are required by auditing standards
  and must be asked.
• Explain any anomalies or questioned items.


                                                     6
      Audit Tips: Documentation
• Compile written information in advance of
  meetings.
• Provide the source(s) and preparer(s) of the
  information.
• Be responsive to the request. If you do not
  understand the question being asked or the
  information being requested, follow up. It is
  likely that it is just a difference in terminology.

                                                        7
  Other Tips for a Smoother Audit
• If key employees are scheduled to be on
  vacation or in training when a site visit is
  scheduled, be sure to have other staff
  available to answer questions.
• Coordinate information technology needs,
  such as arranging Internet access or access to
  internal software programs.


                                                   8
        Receiving Audit Results
• Auditors should provide a list of issues or
  findings after every audit.
• Management is typically given one to two
  weeks to provide a written response to the
  findings.




                                                9
  Writing Management Responses
• If there is a finding, identify the root cause of
  the issue.
• Document an action plan that includes the
  name and title of the person responsible for it
  and the timeframe for completion.
• If you disagree with a finding, defend your
  position with facts and documentation.


                                                  10
                 Internal Control
     Internal control is an important part of an
     organization’s management plan that provides
     reasonable assurance of the accomplishment
     of goals and objectives, efficiency of
     operations, reliability of information, and
     compliance with laws and regulations.

*   Internal control is management’s responsibility.


                                                   11
      Compliance Requirements
• The federal audit guidance lists 14 types of
  compliance requirements.
• A compliance audit supplement that contains
  special tests and provisions may be available
  for federal programs.
• These tests and provisions are designed to
  audit the compliance requirements specific to
  the federal program.

                                              12
          14 Types of Compliance
               Requirements
• Activities Allowed or        • Period of Availability of
  Unallowed                      Federal Funds
• Allowable Costs/Cost         • Procurement, and
  Principles                     Suspension and
                                 Debarment
• Cash Management              • Program Income
• Davis-Bacon Act              • Real Property Acquisition
• Eligibility                    Relocation Assistance
• Equipment and Real           • Reporting
  Property Management          • Subrecipient Monitoring
• Matching, Level of Effort,   • Special Tests and
  Earmarking                     Provisions (unique to
                                 each program)

                                                         13
          Categories of Findings

•   *Material Weakness
•   *Material Non-Compliance
•   Significant Deficiency
•   Non-Compliance




                                   14
What do Managers Need to Know?
Executive management should:
• Know about the existence of the compliance
  requirements .
• Review prior findings at the agency .
• Expect to be briefed on the resolution of findings,
  preferably quarterly.
Program managers should :
• Be fully aware of the compliance requirements .
• Provide documentation showing program compliance.
• Discuss the progress and ongoing resolution of issues
  and the actions taken.

                                                          15
               Resources

GAO’s Follow the Money
http://www.gao.gov/recovery/

Recovery
http://www.recovery.gov/



                               16
                 Resources
Texas Comptroller of Public Accounts
Fiscal Management for ARRA reporting
https://fmx.cpa.state.tx.us/fmx/recovery/index.
  php

Texas Recovery website
http://www.cpa.state.tx.us/recovery/

                                                  17
                    Resources
COSO Internal Controls
Guidance on Monitoring Internal Control Systems
http://www.coso.org/documents/COSO_Guidance_On
  _Monitoring_Intro_online1.pdf

Internal Control – Integrated Framework
http://www.coso.org/IC-IntegratedFramework-
   summary.htm
(Introductions available online. Books available for
   purchase.)
                                                       18
                   Resources
GAO Audit References
Yellow Book – Government Auditing Standards
http://www.gao.gov/govaud/ybk01.htm

Green Book – Standards for Internal Control in the
  Federal Government
http://www.gao.gov/products/AIMD-00-21.3.1

Internal Control Management and Evaluation Tool
http://www.gao.gov/new.items/d011008g.pdf
                                                     19
                     Resources
Office of Management and Budget (OMB) Guidance
OMB Circular A-133 Compliance Supplement
http://www.whitehouse.gov/omb/circulars_a133_compliance_09t
   oc/
OMB Circular A-123 Management’s Responsibility for Internal
   Controls
http://www.whitehouse.gov/omb/assets/omb/circulars/a123/a123
   _rev.pdf
OMB Section 1512 Reporting Webinars (July 20-23, 2009)
http://www.whitehouse.gov/Recovery/WebinarTrainingMaterials/



                                                          20
                       Resources
 This information is provided by a subcommittee
                       of the
Texas State Agency Internal Audit Forum (SAIAF).

            It will be updated periodically.
      http://www.dir.texas.gov/sacc/internalaudit/index.htm
http://www.dir.state.tx.us/sacc/internalaudit/sacc_stateagency_in
              ternauditforum-saiaf_arra_traning.htm


                                                               21
                Questions


Please address questions about the information
          in this presentation to your
           Internal Audit Director.




                                             22

				
DOCUMENT INFO