Internal Controls FMC September 2015 Agenda Introduction Internal Controls and the BCR/CAFR Green Book Current State Vision for the Future Internal Controls and the BCR/CAFR SAO is responsible for compiling the BCR/CAFR However, the data in the BCR/CAFR is comprised of agency information TeamWorks data Trial Balance shells for non-TeamWorks agencies Year-end reporting forms Controls are needed to ensure BCR/CAFR is completed accurately SAO needs to know that controls are in place at each organization such that an accurate BCR/CAFR can be produced Internal Controls and the BCR/CAFR Very complex process to compile the BCR/CAFR FY 2014 Based on information received from agencies and other sources SAO: • Prepared 387 trial balances • Received ~1,600 year-end forms and trial balances from agencies • Posted 1,730 journal entries with ~11,000 lines of data From COSO to Green Book COSO Green Book Standards for Internal Control – The “Green Book” What’s in Green Book? Federal Level Reflects federal internal control standards required per Federal Managers’ Financial Integrity Act (FMFIA) Serves as a base for OMB Circular A-123 Written for government • Leverages the COSO Framework • Uses government terms What’s in Green Book? State Level May be an acceptable framework for internal control on the state and local government level under OMB Uniform Guidance for Federal Awards Written for government • Leverages the COSO Framework • Uses government terms What’s in Green Book? Auditor Level Provides standards for management Provides criteria for auditors Can be used in conjunction with other standards, e.g. Yellow Book The Green Book • Core definition of internal control • Three categories of objectives and five components of internal control • Each of the five components of internal control are required for effective internal control • Important role of judgment in designing, implementing and operating an internal control system and evaluating its effectiveness • Fundamental concepts underlying five components articulated as principles • Consideration given to operations, compliance, and non-financial reporting objectives Fundamental Concepts of Internal Control Internal control is defined as a “process, effected by an entity’s oversight body, management, and other personnel, designed to provide reasonable assurance that the objectives of an entity will be achieved.” a) b) c) d) Objectives are defined Controls are designed Controls are in place Objectives are achieved An internal control system is defined as a “continuous built-in component of operations, effected by people that provides reasonable assurance, not absolute assurance, that an entity’s objectives will be achieved.” The COSO Framework • Relationship of Objectives and Components • Direct relationship between objectives (which are what an entity strives to achieve) and the components (which represent what is needed to achieve the objectives) • COSO depicts the relationship in the form of a cube: • • • The three objectives are represented by the columns The five components are represented by the rows The entity’s organization structure is represented by the third dimension Source: COSO Green Book –Component, Principle, Attribute Revised Green Book: 5 Components and 17 Principles Documentation Requirements If management determines a principle is not relevant, management supports that determination with documentation that includes the rationale of how, in the absence of that principle, the associated component could be designed, implemented, and operated effectively. Consider cost/benefit Where are we now? Where do we go from here? Current State The state has opportunities to improve the internal controls oversight relative to financial reporting, federal compliance, and financial operations across the enterprise. Decentralized without enterprise level guidance and oversight. Potential lack of sufficient documentation of risks and controls and/or documentation prepared by the auditors. Future in Georgia Redefine the statewide internal control program Identify the common framework (Green Book) Update standards and policies Provide communication and training to agencies Provide necessary support to agencies related to risk assessments Compliance monitoring Future in Georgia Agency management needs to ensure they understand and assess the risks and ensure they have appropriate and sufficient internal controls 1) Financial Reporting 2) Federal Compliance 3) Financial Operations Agency Head Responsibilities Going forward, the head of each executive agency will certify annually that the agency head has reviewed the agency’s internal control systems, and that these systems are in compliance with standards and policies established by SAO. Reactions • Shock • Resistance • Delay Controls around Financial Reporting Process For BCR/CAFR reporting, are controls in place for management to know: Are capital asset balances correct (beginning balances, CY additions, CY deductions) and are they in the right category (building, infrastructure, etc.)? Are all leases included in the form? Do they contain the right FMV amounts? Have all estimates of uncollectible receivables been provided on the allowance for doubtful accounts forms? Have all revenues and expenditures/expenses been recorded properly (per applicable basis of accounting) and posted to the correct G/L account? Have all significant commitments and notification of significant subsequent events been provided to SAO? Controls around Financial Reporting Process For BCR/CAFR reporting, are controls in place for management to know (continued): Are items reported correct by fund (Budget Fund, Capital Projects Fund, Revenue Collections Fund, Agency Fund, etc.)? Have all accruals of revenue based on encumbrances been reported properly? Is the classification of funding sources used for GAAP reporting of fund balances correct (nonspendable, committed, restricted, assigned, unassigned)? Have all cash and investments been reported properly on the Cash and Deposit form? Are all Receivables and Payables to/from organizations within the State reported correctly on the Interorganzation Transactions form? Cash example Fund example Fund source & Form example Lease example Lease example Where to Find Information The Yellow Book is available on GAO’s website at: www.gao.gov/yellowbook The Green Book is available on GAO’s website at: www.gao.gov/greenbook For technical assistance, contact information as follows: yellowbook@gao.gov or greenbook@gao.gov or call (202) 512-9535