Scribd Logo
Upload

Welcome to Scribd!

  • Using Internal Control To Manage Risk: Mary C. Braun, CPA, CGFM Management Concepts, Incorporated

    Uploaded by

    Tran Viet Ha
    21 views35 pages
    The document discusses using internal controls to manage risk in government organizations. It provides background on legislation requiring internal controls and describes the five components of internal control according to the Committee of Sponsoring Organizations (COSO) framework. It then outlines a three phase process for implementing and testing internal controls that includes planning, testing, and reporting phases. The planning phase involves identifying assessable units, processes, risks, and key controls to develop a three-year testing schedule.

    Original Description:

    IC

    Original Title

    Using IC to Manage Risk

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses using internal controls to manage risk in government organizations. It provides background on legislation requiring internal controls and describes the five components of internal control according to the Committee of Sponsoring Organizations (COSO) framework. It then outlines a three phase process for implementing and testing internal controls that includes planning, testing, and reporting phases. The planning phase involves identifying assessable units, processes, risks, and key controls to develop a three-year testing schedule.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    21 views35 pages

    Using Internal Control To Manage Risk: Mary C. Braun, CPA, CGFM Management Concepts, Incorporated

    Uploaded by

    Tran Viet Ha
    The document discusses using internal controls to manage risk in government organizations. It provides background on legislation requiring internal controls and describes the five components of internal control according to the Committee of Sponsoring Organizations (COSO) framework. It then outlines a three phase process for implementing and testing internal controls that includes planning, testing, and reporting phases. The planning phase involves identifying assessable units, processes, risks, and key controls to develop a three-year testing schedule.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 35

    Using Internal Control to

    Manage Risk
    Mary C. Braun, CPA, CGFM
    Management Concepts, Incorporated

    Agenda
    Background
    Requirements
    Implementation
    Internal Control Legislation
    1950 Accounting and Auditing Act
    1982 Federal Managers Financial Integrity
    Act
    1990 Chief Financial Officers Act
    1994 Government Management Reform
    Act
    1996 Federal Financial Management
    Improvement Act

    What are Internal Controls?
    Anything you do to successfully
    achieve your mission/goal legally and
    efficiently
    Objectives of controls:
    Effective and efficient operations
    Reliable financial reporting
    Compliance with laws and regulations
    Applies to all aspects of life
    Internal Control Standards
    Treadway Commission:
    Internal Control Guidance
    Control Environment
    Risk
    Assessment
    Activities
    M
    GAO Standards COSO Framework
    Internal Control Standards
    Control Environment
    Risk
    Assessment
    Control
    Activities
    M
    GAO Standards
    Control Environment: Tone at the
    Top

    Risk Assessment: Threats to
    Mission

    Control Activities: Design &
    Operation

    Monitoring: Test Schedule

    Information & Communication:
    Up and down the Organization
    Government Implementation:
    Assess Controls

    Elements of an IC Program
    Mission
    Objectives
    Risks
    Control Activities
    Internal Goals
    Management:
    Acknowledge it responsibility for
    establishing and maintaining ICs
    Apply IC objectives:
    Effective and efficient operations
    Reliable financial reporting
    Compliance with laws and regulations
    Understand that ICs exist (or should) at every
    level and in every process of the
    organization
    Realize that good internal control leads to
    financial reporting integrity

    Three Step Process
    Planning Phase

    Testing Phase

    Reporting Phase
    Planning Phase
    Identify assessable units
    Establish governance body
    Determine material contributors
    Identify/document key business
    processes
    Perform risk assessment
    Identify key controls
    Develop 3-yr control assessment
    schedule
    Develop test methodology


    Divide and Conquer !!
    Establish Assessable Units
    Divide and Conquer !!
    Establish Assessable Units

    Establish Governance
    Establish a governance body who will:
    Have decision-making leaders as members
    Identify material business lines/ processes
    Know flowcharted business process
    Identify risks and assess materiality
    Document internal controls
    Test internal controls
    Report on control effectiveness
    Develop corrective action plans

    Identify Material
    Contributors
    Look at the Budget/Financials
    2010 2009 Change 2010 2009 Change 2010 2009 Change
    Assets:
    Cash and investments............. $ 10.7 $ 10.4 $ 0.3 $ 4.6 $ 4.6 $ - $15.3 $ 15.0 $ 0.3
    Capital assets (net).................. 28.6 26.7 1.9 0.1 0.1 - 28.7 26.8 1.9
    All other assets......................... 7.9 7.1 0.8 1.6 1.4 0.2 9.5 8.5 1.0
    Total assets.............................. 47.2 4 4.2 3.0 6.3 6.1 0.2 53.5 50.3 3.2
    Liabilities:
    Accounts payable..................... 5.9 6.0 (0.1) 0.9 0.9 - 6.8 6.9 (0.1)
    All other current liabilities.... 4.2 3.7 0.5 4.1 2.1 2.0 8.3 5.8 2.5
    Total current liabilities............ 10.1 9.7 0.4 5.0 3.0 2.0 15.1 12.7 2.4
    Bonds payable.......................... 9.8 8.5 1.3 - - - 9.8 8.5 1.3
    All other long-term liabilities 3.8 2.8 1.0 2.5 2.5 - 6.3 5.3 1.0
    Total long-term liabilities........ 13.6 11.3 2.3 2.5 2.5 - 16.1 13.8 2.3
    Total Liabilities........................ 23.7 21.0 2.7 7.5 5.5 2.0 31.2 26.5 4.7
    Government Business-type Total
    Identify Key Business Processes
    Capital Assets:
    What processes add to balances?
    What processes decrease balances?
    What systems support the processes?
    Where do the processes take place?
    Where do the managers exist in the states
    organization chart?
    Document Key Processes
    Property, Plant and Equipment Buildings & Structures
    Disposals Subprocess
    Staff Accountant
    Real Property
    Accountability Officer
    District Engineer
    Hand Receipt Holder
    or Realty Specialist
    Receives notice of
    approved disposal
    Start
    B
    B
    A
    Receives notice of
    approved disposal
    and notifies the
    staff accountant
    Approves
    Disposal
    Generates Record of
    Disposal in RD 72
    screen within in REMIS
    to add disposal info to
    assets record
    Instructs Hand
    Receipt Holder of
    what to do with
    asset
    Notifies staff
    accountant that
    the asset has been
    disposed of in
    REMIS
    Completes disposal
    request document and
    forwards to district
    engineer and RPAO
    Verifies that all
    required
    documents are
    included, properly
    and accurately
    completed, and
    approved.
    Determines Assets need
    for disposal through
    periodic inspections
    Changes asset
    status within
    CEFMS from in
    service to retired Rejects
    Disposal
    A
    CEFMS transfers
    asset value into
    buildings or
    structures awaiting
    disposal account
    Forwards Disposal
    Request
    Document to
    RPAO as notice to
    start the disposal
    process
    Receives and reviews
    Disposal request
    document and
    approves or rejects
    disposal request
    BS.4
    Changes asset status in
    CEFMS from Retired
    to Disposed
    Disposes of asset
    within REMIS in
    RD 82 screen
    BS.3
    CEFMS transfers asset
    value to appropriate
    SGL accounts removing
    the value from the
    financial statements.
    Perform Risk Assessment
    Assess Risk: Document from flowcharts


    Property, Plant and Equipment Buildings & Structures
    Disposals Subprocess
    Staff Accountant
    Real Property
    Accountability Officer
    District Engineer
    Hand Receipt Holder
    or Realty Specialist
    Receives notice of
    approved disposal
    Start
    B
    B
    A
    Receives notice of
    approved disposal
    and notifies the
    staff accountant
    Approves
    Disposal
    Generates Record of
    Disposal in RD 72
    screen within in REMIS
    to add disposal info to
    assets record
    Instructs Hand
    Receipt Holder of
    what to do with
    asset
    Notifies staff
    accountant that
    the asset has been
    disposed of in
    REMIS
    Completes disposal
    request document and
    forwards to district
    engineer and RPAO
    Verifies that all
    required
    documents are
    included, properly
    and accurately
    completed, and
    approved.
    Determines Assets need
    for disposal through
    periodic inspections
    Changes asset
    status within
    CEFMS from in
    service to retired Rejects
    Disposal
    A
    CEFMS transfers
    asset value into
    buildings or
    structures awaiting
    disposal account
    Forwards Disposal
    Request
    Document to
    RPAO as notice to
    start the disposal
    process
    Receives and reviews
    Disposal request
    document and
    approves or rejects
    disposal request
    BS.4
    Changes asset status in
    CEFMS from Retired
    to Disposed
    Disposes of asset
    within REMIS in
    RD 82 screen
    BS.3
    CEFMS transfers asset
    value to appropriate
    SGL accounts removing
    the value from the
    financial statements.
    IT Assertions
    Completeness
    Accuracy
    Validity
    Restricted Access
    Financial Assertions
    Completeness
    Obligations/Rights
    Valuation
    Existence/Occurrence
    Reporting/Presentation

    Look for Risk of Misstatement
    Identify Key Controls
    Document from flow charts
    Property, Plant and Equipment Buildings & Structures
    Disposals Subprocess
    Staff Accountant
    Real Property
    Accountability Officer
    District Engineer
    Hand Receipt Holder
    or Realty Specialist
    Receives notice of
    approved disposal
    Start
    B
    B
    A
    Receives notice of
    approved disposal
    and notifies the
    staff accountant
    Approves
    Disposal
    Generates Record of
    Disposal in RD 72
    screen within in REMIS
    to add disposal info to
    assets record
    Instructs Hand
    Receipt Holder of
    what to do with
    asset
    Notifies staff
    accountant that
    the asset has been
    disposed of in
    REMIS
    Completes disposal
    request document and
    forwards to district
    engineer and RPAO
    Verifies that all
    required
    documents are
    included, properly
    and accurately
    completed, and
    approved.
    Determines Assets need
    for disposal through
    periodic inspections
    Changes asset
    status within
    CEFMS from in
    service to retired Rejects
    Disposal
    A
    CEFMS transfers
    asset value into
    buildings or
    structures awaiting
    disposal account
    Forwards Disposal
    Request
    Document to
    RPAO as notice to
    start the disposal
    process
    Receives and reviews
    Disposal request
    document and
    approves or rejects
    disposal request
    BS.4
    Changes asset status in
    CEFMS from Retired
    to Disposed
    Disposes of asset
    within REMIS in
    RD 82 screen
    BS.3
    CEFMS transfers asset
    value to appropriate
    SGL accounts removing
    the value from the
    financial statements.
    Document Key Controls
    IntraGov
    Accts Rec
    Not
    reported
    Entity
    Preparer
    Control
    Number
    Account/ Line
    Item/Event
    Business Cycle,
    Accounting
    Application Assertion Risk
    Inherent
    Risk
    Internal
    Control
    Currently In
    Place
    Control
    Risk
    Internal Control
    Test Method Used
    Risk Analysis
    Account Line: Accounts Receivable
    Document, document, document
    high
    1
    Reimb
    R/O
    Track &
    check
    low
    Inspect
    Preliminary
    Control Assessment
    Develop Key Control
    Assessment Schedule
    All key controls are assessed at least
    once every three years
    Some more:
    High risk
    Change in:
    Law
    System
    Key personnel
    Control Testing Options:
    3-Year Plan
    Control
    Risk
    Risk
    Test
    Low
    H
    i
    g
    h

    Develop
    Corrective Action Plan
    If:
    Changes in:
    -Personnel?
    -Process?
    -System?
    Yes
    Annually for 3 years
    No
    Rotate to 3-year plan
    Testing Phase
    Entity-Level Assessment
    Control Testing:
    Process level
    Transaction level
    Include automated systems
    Remember service providers
    Entity-Level Assessment
    Evaluate Internal Control at Entity Level
    GAO-01-1008G: Internal Control
    Management and Evaluation Tool
    Use GAO Internal Control Standards

    Control Testing
    Test key controls
    Develop test plan and document
    Decide on the appropriate test method
    Establish tolerance level for error,
    document
    Identify sample size:
    OMB recommendations
    Test and document
    Consider dependencies
    Service provider process controls
    SAS 70 reports???

    Reporting Phase
    Identifying Material Weaknesses
    Developing Corrective Action Plans
    Preparing Statement of Assurance
    Identify Material Weaknesses
    At assessable unit level
    At subagency/department level
    At Agency/ Bureau/ Department level

    Management has the discretion to make
    the determination!

    OMB generous with
    Material Weakness
    definitions
    Basis for Assurance
    Deficiencies can be:
    Single deficiency
    Significant deficiency
    Material weakness
    Determines level of assurance
    Cannot be unqualified if material
    weakness exists
    Develop Corrective Actions
    Managers: Process Owners develop
    corrective actions plans and timelines
    Governance body concurs or non-
    concurs
    Published in Annual Financial Report
    (PAR) for feds
    Should be monitored by leadership
    Fed report periodically on progress to
    Office of Management and Budget
    Corrective Action Plans
    Plan well

    Divide corrective steps into small
    manageable pieces governance body
    should approve

    Develop realistic target dates

    Monitor progress continuously
    Statement of Assurance
    Report on effectiveness of internal control
    Separate statements of assurance:
    for operations and administration
    for systems (Sec 4)
    for financial reporting
    Report options:
    Prescribed format for statement
    Defined qualifiers: Unqualified
    Qualified
    No Assurance



    Internal Control Reporting

    You might also like