Internal Controls
FMC September 2015
Agenda
Introduction
Internal Controls and the BCR/CAFR
Green Book
Current State
Vision for the Future
Internal Controls and the BCR/CAFR
 SAO is responsible for compiling the BCR/CAFR
 However, the data in the BCR/CAFR is comprised
of agency information
 TeamWorks data
 Trial Balance shells for non-TeamWorks agencies
 Year-end reporting forms
 Controls are needed to ensure BCR/CAFR is
completed accurately
 SAO needs to know that controls are in place at each
organization such that an accurate BCR/CAFR can be
produced
Internal Controls and the BCR/CAFR
Very complex process to compile the
BCR/CAFR
 FY 2014
 Based on information received from
agencies and other sources SAO:
• Prepared 387 trial balances
• Received ~1,600 year-end forms and trial
balances from agencies
• Posted 1,730 journal entries with ~11,000
lines of data
From COSO to Green Book
COSO
Green Book
Standards for Internal Control –
The “Green Book”
What’s in Green Book?
Federal Level
 Reflects federal internal control standards
required per Federal Managers’ Financial
Integrity Act (FMFIA)
 Serves as a base for OMB Circular A-123
 Written for government
• Leverages the COSO Framework
• Uses government terms
What’s in Green Book?
State Level
 May be an acceptable framework for internal
control on the state and local government level
under OMB Uniform Guidance for Federal
Awards
 Written for government
• Leverages the COSO Framework
• Uses government terms
What’s in Green Book?
Auditor Level
 Provides standards for management
 Provides criteria for auditors
 Can be used in conjunction with other
standards, e.g. Yellow Book
The Green Book
• Core definition of internal
control
• Three categories of objectives
and five components of
internal control
• Each of the five components
of internal control are
required for effective internal
control
• Important role of judgment in
designing, implementing and
operating an internal control
system and evaluating its
effectiveness
• Fundamental concepts
underlying five components
articulated as principles
• Consideration given to
operations, compliance, and
non-financial reporting
objectives
Fundamental Concepts of Internal Control
 Internal control is defined as a “process, effected by
an entity’s oversight body, management, and other
personnel, designed to provide reasonable assurance
that the objectives of an entity will be achieved.”
a)
b)
c)
d)
Objectives are defined
Controls are designed
Controls are in place
Objectives are achieved
 An internal control system is defined as a “continuous
built-in component of operations, effected by people
that provides reasonable assurance, not absolute
assurance, that an entity’s objectives will be
achieved.”
The COSO Framework
• Relationship of Objectives and Components
•
Direct relationship between objectives (which are what an entity strives
to achieve) and the components (which represent what is needed to
achieve the objectives)
• COSO depicts the relationship
in the form of a cube:
•
•
•
The three objectives are represented
by the columns
The five components are represented
by the rows
The entity’s organization structure is
represented by the third dimension
Source: COSO
Green Book –Component, Principle, Attribute
Revised Green Book:
5 Components and 17 Principles
Documentation Requirements
 If management determines a principle is not
relevant, management supports that
determination with documentation that
includes the rationale of how, in the absence of
that principle, the associated component could
be designed, implemented, and operated
effectively.
 Consider cost/benefit
Where are we now?
Where do we go from here?
Current State
The state has opportunities to improve the
internal controls oversight relative to
financial reporting, federal compliance, and
financial operations across the enterprise.
Decentralized without enterprise level
guidance and oversight.
Potential lack of sufficient documentation
of risks and controls and/or documentation
prepared by the auditors.
Future in Georgia
Redefine the statewide internal control
program




Identify the common framework (Green Book)
Update standards and policies
Provide communication and training to agencies
Provide necessary support to agencies related to
risk assessments
 Compliance monitoring
Future in Georgia
Agency management needs to ensure
they understand and assess the risks
and ensure they have appropriate and
sufficient internal controls
1) Financial Reporting
2) Federal Compliance
3) Financial Operations
Agency Head Responsibilities
Going forward, the head of each executive
agency will certify annually that the
agency head has reviewed the agency’s
internal control systems, and that these
systems are in compliance with standards
and policies established by SAO.
Reactions
• Shock
• Resistance
• Delay
Controls around Financial Reporting Process
 For BCR/CAFR reporting, are controls in place for
management to know:
 Are capital asset balances correct (beginning balances, CY additions,
CY deductions) and are they in the right category (building,
infrastructure, etc.)?
 Are all leases included in the form? Do they contain the right FMV
amounts?
 Have all estimates of uncollectible receivables been provided on the
allowance for doubtful accounts forms?
 Have all revenues and expenditures/expenses been recorded
properly (per applicable basis of accounting) and posted to the
correct G/L account?
 Have all significant commitments and notification of significant
subsequent events been provided to SAO?
Controls around Financial Reporting Process
 For BCR/CAFR reporting, are controls in place for
management to know (continued):
 Are items reported correct by fund (Budget Fund, Capital Projects
Fund, Revenue Collections Fund, Agency Fund, etc.)?
 Have all accruals of revenue based on encumbrances been reported
properly?
 Is the classification of funding sources used for GAAP reporting of
fund balances correct (nonspendable, committed, restricted,
assigned, unassigned)?
 Have all cash and investments been reported properly on the Cash
and Deposit form?
 Are all Receivables and Payables to/from organizations within the
State reported correctly on the Interorganzation Transactions form?
Cash example
Fund example
Fund source & Form example
Lease example
Lease example
Where to Find Information
 The Yellow Book is available on GAO’s website at:
www.gao.gov/yellowbook
 The Green Book is available on GAO’s website at:
www.gao.gov/greenbook
 For technical assistance, contact information as
follows:
yellowbook@gao.gov or greenbook@gao.gov
or call (202) 512-9535