ARMICS Update
advertisement
ARMICS Update: May 14, 2008 FOCUS Photo by Karl Steinbrenner ARMICS Update: FOCUS Presentation Best Practices Room for Improvement Flexibility Where do we go from here? May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 2 ARMICS Update: Best Practices Written Plan – Approved by Agency Head / Board Chair Written Internal Report – To Agency Head / Board Chair (Audit Committee) Internal Quality Assurance Review – Good use of an Internal Audit function Management – Designation of an Internal Control Officer / Manager May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 3 ARMICS Update: Best Practices Survey Automation – Zoomerang, Survey Monkey, etc. Survey Experts – Questionnaire modification, Statistical Analysis – Source: Colleges and Universities Documentation – Parallel Flowcharts and narratives w/ IC Identification May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 4 ARMICS Update: Room for Improvement General: – Stage 1 Testing: Key controls that can be tested. – Input, All levels when applicable – NOT just management – NOT just Finance / Fiscal – Attitude: Process has a benefit other than getting DOA off my back – Over-reliance on Exhibits as the only tool to identify risk – No customization May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 5 ARMICS Update: Room for Improvement Stage 1: Customize Questionnaires – Corrections: Access and Security – Federal Grants: Sub-grantee monitoring (Pass-thru) – Colleges: Students – System Access - Security – Shared Services Agreements – Split controls - MOU – External Entities (Providing input services – Contracts) – Avoid a Minimalist Approach (Underestimating Risks) May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 6 ARMICS Update: Room for Improvement Stage 1: Control Environment – Ethics Programs not JUST a Code of Ethics – Testing the effectiveness of Ethics Programs -- Random mini-exams (verbal or written) – Ethics awareness program – Awareness programs in general (Safety, Harassment, Sensitivity, Terrorism, etc.) – Ethics and control responsibility in EWPs May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 7 ARMICS Update: Room for Improvement Stage 1: Risk Assessment – External Risks (Data Flows and sources) – Evaluate Risks – Impact & Likelihood – Don’t forget SWOT (High Level) May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 8 ARMICS Update: Room for Improvement Stage 1: Control Activities – Stage 1 VS Stage 2 – Example: General VS Application controls – Good area for Stage 1 “Testing” May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 9 ARMICS Update: Room for Improvement Stage 1: Information and Communication – Agency FOIA process – Sensitive data, redaction, privacy restrictions – Info. Security: Not just electronic – check your garbage – Error 1: Release what should be restricted – Error 2: Restrict what should be released – Perception VS Reality = Communication gaps – Add Question on Hotline effectiveness May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 10 ARMICS Update: Room for Improvement Stage 1: Monitoring – Special Monitoring – Grant Pass Thrus (OMB Circular A-133) – Audit CAPs – Internal projects – System Development – NCAA May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 11 ARMICS Update: Room for Improvement Stage 2: Identification of Significant Fiscal Processes – So far, so good – Definition of Significant – Consistency May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 12 ARMICS Update: Room for Improvement Stage 2: Documentation of Fiscal Processes – The key is your flexibility May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 13 ARMICS Update: Room for Improvement Stage 2: Identification of Internal Controls – Steady as she goes May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 14 ARMICS Update: Room for Improvement Stage 2: Testing of Key Internal Controls – Document, Document, Document May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 15 ARMICS Update: Room for Improvement Stage 3: Corrective Action Plans – Include all elements listed in the ARMICS Manual May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 16 ARMICS Update: Flexibility • Deferring SWOT until Strategic Planning • Review after major operations change May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 17 ARMICS Update: The Future One Certification per Year Replaces DOA-FR Year End Certification Update only for processes done well Stage 1: Refresh and Refine Stage 2: Update and Retest Stage 3: Follow-up and Test from Prior Year + new Addresses Service Provider Agreements Constant Improvement May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 18 Conclusion Good First Try Room for Improvement Variance in Implementation – A Good Thing “Forward, always forward, everywhere forward.” – Boniface Wimmer, OSB “Don’t look back, you can never look back.” – Don Henley, The Boys of Summer “Don't look back — something might be gaining on you.“ – Leroy “Satchel” Paige May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 19 Contact Information Joseph A. Kapelewski, CGFM, CPA, CIA Joe.kapelewski@doa.virginia.gov 804-225-4366 Commonwealth of Virginia Department of Accounts www.doa.virginia.gov Click on ARMICS May 14, 2008 Accounting and Internal Control Compliance Oversight Unit 20