Financial Audit Readiness
Symposium Discussion
Mr. Joe Marshall, SES2, USN
Navy Medicine Comptroller
Deputy Chief for Resource Management (M8)
June 2012
Ground Rules
•
•
•
•
•
Listen to understand
Speak from the heart
Suspend certainty
Hold space for difference
Slow down the conversation
Goals for today:
1.
2.
3.
3.
Leadership alignment and understanding
Dialogue
Background for this week’s sessions
Actions for when you go home.
2
Financial Audit in DoD
Context: Demand for a clean opinion--instituted by Congressional,
DoD and Navy leaders—is driving change across DoD and NM.
• Forces are large and moving quickly.
• Changes will touch SG / HQ / Regions / C-Os, but also every clinic,
every supply PO, every Department Head.
• Far more than Comptroller & DFA responsibility.
Purpose: to improve the common understanding across Navy
Medicine of what is required to support DoD’s audit.
Outcome: Understanding of the actions required—including use of
SOPs—to get ready for audit.
3
Financial Audit: FY14
NM’s work has been / remains aligned with DoD & Navy
SECDEF push last fall sets new timelines / requirements
Audit Readiness WG reps from M1, M4, M8, & Regions
Regular meetings are aligning priorities and tackling issues
1 December 2011, VADM Nathan, Navy SG, empowered the group to move
forward on the path towards audit readiness.
19 January 2012, Mr. Dennis Taitano, DASN(Financial Operations), aligned efforts
with broader Navy-wide initiatives.
13 March 2012, Honorable Gladys Commons, ASN (Financial Management &
Comptroller), addressed the urgency of the work.
But NM audit preparations began 4 years ago and continue…
4
What Happens in an Audit?
Independently provide “reasonable assurance” whether financial
reports “fairly present” the “truth.”
We Assert
• Internal controls over
reporting are in place
• Financial reports are
prepared accurately
• Transactions have
supporting
documentation
• Compliance with laws
& regulations
Auditor will Test
Expected Outcomes
• Design & operating
effectiveness of
internal controls
• Opinion on fair rep of
reports & material
weaknesses
• Presentation &
disclosure of reports
• Opinion on control
effectiveness
• Supporting
documentation of
individual transactions
• Opinion on compliance
with laws & regulations
• Compliance with laws
& regulations
• Letter w / deficiencies
& corrective actions
Auditors are personally liable under the law
5
How Does Management “Assert”?
Management tells auditors that financial reports are correct based
on the following 5 criteria or ‘assertions’:
All audits
What the Assertions Mean to Auditors:
Existence &
Occurrence
Whether assets / liabilities exist & whether transactions
actually occurred
Completeness
Whether all transactions & accounts are included
Rights & Obligations
Only owned assets & liabilities are recorded
Valuation
Whether asset, liability, revenues, & expenses are correct
Presentation and
Disclosure
Whether financial reports are properly written
6
How Do SOPs Help Us Assert?
Following SOPs in detail at every activity provides important
documentation and controlled processes for all 5 criteria:
What the Assertions Mean to You:
Existence &
Occurrence
By following the SOPs, I have support for every
transaction in STARS-FL that I have generated.
Completeness
All Supporting Documents I maintain tie to transactions
in STARS-FL.
Rights & Obligations
I have properly performed reconciliations in SOPs to
ensure all transactions included in STARS-FL are NM.
Valuation
I have recorded transactions for the correct amount.
Presentation and
Disclosure
I have recorded transactions using the right accounting
and execution codes.
7
How Will Auditors Test Assertions?
Effectiveness of Internal Controls & Materiality Are the Focus
Internal Control
Identifies control activities performed in business processes
Assesses control design are risks of misstatement mitigated?
Tests operating effectiveness of key controls
Substantive Testing
Performs analytical procedures to determine the reasonableness of amounts &
balances
Tests dollar amounts on reports by reviewing detailed transactions
If controls are effective, the auditor can reduce the amount
of substantive testing performed. But …will have to increase
samples if not going well!!
8
What is Internal Control?
Internal Control = reasonable assurance that organizational risks are minimized &
is the responsibility of the Commanding Officer.
Controls
Control
Mitigated by
Achieved by
Risks
Objectives
Activities
Control Objectives = goals.
Control Activities: describe:
 WHO performs the control
 WHAT the control is
 WHERE the control occurs
 WHEN the control occurs
 WHY the control is occurring
Control Objective Examples
“Payments only made to authorized
vendors for goods actually received.”
“Employees are paid only for time
worked.”
Control Activity Examples
“Accounts payable system compares
purchase order, receiving record, &
vendor invoice prior to payment.”
“Supervisor reviews each employee
timesheet for accuracy & authorizes
payment via signature.”
9
What Are “Must Haves”?
These are audit “dealbreakers” that must be addressed BEFORE an audit starts
Verify Beginning
Balances
Can substantiate
amounts
Supporting Docs
Can trace selected
transactions back to
source documents
Population
Reconciliation
Can reconcile reports
to transactions
Understanding the
Population
Can address all report
assertions and
relevant risks
Control Testing
Demonstrate effective
controls for highvolume transactions
IT Controls
Must be deemed
effective and tested
Doc Retention
Can provide
reconciliations,
transaction &
supporting docs
Service Providers
Integrated processes,
risks & controls
within scope of
testing
10
What Are “Must Haves”?
These are audit “dealbreakers” that must be addressed BEFORE an audit starts
Verify Beginning
Balances
Can substantiate
amounts
Supporting Docs
Can trace selected
transactions back to
source documents
Population
Reconciliation
Can reconcile reports
to transactions
Understanding the
Population
Can address all report
assertions and
relevant risks
Control Testing
Demonstrate effective
controls for highvolume transactions
IT Controls
Must be deemed
effective and tested
Doc Retention
Can provide
reconciliations,
transaction &
supporting docs
Service Providers
Integrated processes,
risks & controls
within scope of
testing
11
6 of 8 Supported by SOPs
DoD’s Audit Timing
DoD’s Audit Strategy: Four Prioritized Waves
Wave 1
Wave 2
Wave 3
Appropriations
Received
Statement
of
Budgetary
Resources
Mission Critical
Asset Existence
& Completeness
Wave 4
Full Audit
Deadlines:
Readiness for SBR Audit by 31 March 2014
Readiness for full audit by end of FY 2017
12
What are Assertion Deadlines?
FY12
Assessable Units – Wave 2
Max Assertion
Date
Travel
4 SEP 2012
Consumables
3 DEC 2012
Reimbursable Work Orders – Grantor
3 DEC 2012
Reimbursable Work Orders – Performer
(Non-UBO)
1 APR 2013
Military Payroll (including RPN)
1 APR 2013
Contract Administration
1 JUL 2013
Non-Federal Receivables
(UBO/Medical Treatment)
1 JUL 2013
Federal Receivables
(UBO/Medical Treatment)
3 SEP 2013
Civilian Payroll
2 DEC 2013
Financial Reporting
2 DEC 2013
Funds Management (FBWT)
2 DEC 2013
Q1
Q2
Interim Progress Milestones (90
Days, 50 %, 75 %)
Q3
FY13
Q4
Q1
Q2
Q3
FY14
Q4
Q1
Q2
Assessable Unit Assertion
13
What is the Work to be Done?
Note: The gray boxes are key tasks that must be repeated on a continuous
basis as they are key in achieving and maintaining auditability and reliable
14
financial information
What is Our Status?
Recent Activities
• Identified Assessable Units &
Assigned Leads
• Conducted Workgroups
• Launched Discovery Phase:
 Assessing Internal Controls for
Each Unit
 Updating Process Narratives,
Flowcharts, Control
Assessments
Upcoming Activities
• Identify Key Documents
• Test Effectiveness of Internal
Controls
• Test Supporting Documents of
Individual Transactions
• Evaluate Testing Results & ID Probs
• Develop / Implement Corrective
Actions for Deficiencies
15
Symposium 4-6 June is audit training for Comptrollers, DFAs, MMDs, & Logisticians
.
What Must We Do?
1. Implement and use the SOPs exactly as written
• Civilian and Military performance requirement
• Clinicians must be engaged with Comptrollers and DFAs
2. Work the issues in the Financial Spotlight Metrics:
Obligation validation (otherwise $$ are used inefficiently)
Closeout for liquidated obligations over $25K (ditto)
Biweekly payroll certification (budget) & employee electronic timesheet
verification & supervisor certification
Purchase card use: can anything move to contract?
Location & control of property: wade in.
Slow travel claims (>5days) & uncollected travel debt
3. Work other process issues: DEERS Verification (goes directly to fraud control),
2569s for 3rd party collections…and more
Most importantly—must ask hard questions and lead change among
clinicians, comptrollers and DFAs.
16
What Do I Do at My MTF?
Insist on Transactional Excellence = SOP Use
Internal Controls, Key Supporting Documentation at the Activity Level—not HQ
SOPs = strong internal controls & proper documentation; required
Local modification or adjustment  not allowed but seeking feedback
Use Financial Spotlight Metrics
Provides benchmark of Audit Readiness
Review Command-Level Testing Results
Provides insight into the controls and quality of your transactions
Insist on Corrective Actions…and Follow Up!
Be proactive in recognizing & reporting issues; lead change!
17
Failure to Engage
•
•
Inconsistent results from looking at our transactions across Navy
Medicine will 1) undercut the SG’s goal for audit readiness & 2)
highlight under-performers.
Outliers = poor internal control & drive ever larger sampling of
transactions  creating a spiral of ‘ever more’ samples to give
auditors assurance of how we do business.
This has been exactly the USMC experience that has resulted in protracted
audit work and a ‘disclaimer’ for the last 2 years.
•
Consistent results will drive less sampling and cleaner, tighter
support of our business processes.
Goal: business processes that support care and demonstrate good
stewardship over resources—consistently!
18
Clinicians Impact on Audit
•
Examples of Different Action or Documentation Required Today:
•
•
•
•
•
Supervisors must certify employee-generated time cards.
Cradle-to-grave documentation for equipment: requirement-to- purchase,
receipt, inventory, and disposal.
Documented requirements for contract staff and services.
Prompt filing of travel claims.
Rigorous ID / insurance screening at front desk.
In many cases, this is compliance with existing requirements that have
been ignored or regarded as ‘too hard.’
•
High levels of purchase card use providers seeking specific items
•
•
…which require additional effort to document. But: equivalents available in
ECAT now…so —why not more ECommerce?
Need active Product Standardization Boards.
19
SOP Spotcheck--Feedback
•
Team examined ~150 specific actions for evidence of SOP use at 3
sites.
•
•
•
•
Team learned how to ‘ask’ the questions.
Field personnel learned how to ‘answer’ the questions.
Findings: in the 150 items checked, effectiveness varied from 50 to 80%.
Outcomes: valuable insight on gauging SOP use and how to more
effectively assess audit readiness through best practices
•
•
In West: SOP Standdowns for each activity & weekly spotchecks on specific
areas
East has similar actions underway
Driving SOP use to the next level.
20
SOP Outreach: Support & Training
Outreach responds to SOP gaps found in
training, inspections, etc.
Collaborative team structure: Outreach
Coordinator coordinates
communication, visibility, &
responses for quick resolution
SOP Team documents issues & develops
an Action Plan under guidance from
the SOP Outreach Coordinator
Outreach Coordinator engages SOP
Team, SMEs, and Champions as
appropriate in collaboration with
Regional and Activity leadership
21
Outreach in Practice: Example
Scenario: During IG visit, it is discovered that the staff at an Activity is
using a locally-developed form rather than following the SOP.
What Happens Next?:
1. IG  SOP Team  Outreach Coordinator who provides guidance
and works with Champions (Region) to establish extent of issue.
2. SOP Team works with SMEs to develop an action plan that
includes recommended actions, associated timelines, personnel
involved, and follow-up actions.
3. Action plan is finalized after discussion with SMEs and Region.
4. Outreach Coordinator maintains visibility of corrective action to
ensure follow through.
22
SOP Outreach Coordinators
SOP Outreach Coordinators
Role
Name
Deputy Comptroller
Capt (s) David Breier
Assistant Deputy Chief
Installations & Logistics
Mr. David Oliveria
23
Outreach Program POCs:
Regional SOP Champions
Regional SOP Champions
Role
Name
Navy Medicine East (NME)
Commander
RDML Elaine Wagner
Chief of Staff (Acting)
Mrs. Susan Herrron
Regional Comptroller
Mr. Gavin Wente
Regional Logistician
CDR Eskinder Dagnachew
Navy Medicine West (NMW)
Commander
RDML Forrest Faison
Chief of Staff
CAPT Mark Brouker
Regional Comptroller
Mr. Tim Paule
Regional Logistician
Mr. Scott Waniewski
Benefits of the Outreach Program
 Supports all users
 Improves quality and training as information and
feedback from the field is received and incorporated
 Supports audit readiness
Any questions, comments, or input related to the SOP
Outreach program can be directed to BUMEDSOP@med.navy.mil