Lafleur - Financial Accounting Internal Auditing - Aga
advertisement
1 FINANCIAL ACCOUNTING & INTERNAL AUDITS How financial accounting and internal audits can benefit government agencies. Lydia Lafleur, CIA LSU Center for Internal Auditing 2 Agenda • Accounting and Auditing Standards • Internal Auditing • Internal Controls • Governance • Fraud • Management Responsibilities 3 Financial Accounting Information & Measurement System Identifies Records Communicates Business Activities Decision Makers External Users Internal Users Investors, Creditor, Suppliers, etc. Managers, Supervisors, Directors, etc. FASB: Financial Accounting Standards Board 4 Governmental Accounting GASB: Governmental Accounting Standards Board GASB Concept Statement No. 1, Objectives of Financial Reporting: “…financial reporting should provide information to assist users in assessing the service efforts, costs, and accomplishments of the governmental entity.” Stakeholders • Citizens and taxpayers • Legislative and oversight bodies • Creditors and investors Accountability • Fiscal • Operational Characteristics of Financial Reports • • • • • • Understandability Reliability Relevance Timeliness Consistency Comparability 5 Auditing Standards • Institute of Internal Auditors Professional Practices Framework • Generally Accepted Government Auditing Standards (GAGAS) (The Yellow Book) • Other Guidance • Standards for Internal Control in the Federal Government (The Green Book) • Internal Control Management and Evaluation Tool • Structured approach to assessing the internal control structure 6 Accountability • Management and officials are responsible for: • Carrying out public functions • Providing service to the public effectively, efficiently, economically, ethically, and equitably • Providing reliable, useful, and timely information • Users need to know whether: 1. Management and officials manage government resources and use their authority properly and in compliance with laws 2. Programs are achieving the objectives and desired outcomes 3. Services are provided efficiently, economically, ethically and equitably Generally Accepted Government Auditing Standards Introduction 7 Internal Auditing Definition • Internal auditing is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of the organization. It assists an organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s risk management, control, and governance processes. Institute of Internal Auditors 8 Internal Auditing Audit Planning Add-Value Corporate Governance Risks Controls Assurance Consulting Plan • Triple Bottom Line - Environmental - Social - Economic Types of Audits: 1. Financial Audits 2. Attestation Engagements 3. Performance Audits Organization 9 Internal Controls Adequate Controls G&O RxC=r G&O Plan Organize G = Goals O = Objectives R = Risk L = Likelihood I = Impact C = Controls r = Residual Risk Reasonable Assurance RLI x CL x CI = rLI 10 Internal Controls Continuous Improvement Model Goals & Objectives Goals & Objectives "Monitoring & Learning" Specific Measurable Attainable Relevant Timely "Purpose" Preventive Detective Directive Controls Hard Soft Control Environment "Commitment" COCO • • • • Purpose Commitment Capability Monitor & Learn Management Plan • Tactical • Strategic Organize Staff Direct Monitor "Capability" Selection • Alternatives Control Activities Segregation • Access • Accountability • Authority Reconcile • Completeness Authority Transactions • Manage Accountability Safeguard Design In Place Functioning • Compliance 11 COSO Financial Compliance Operations Management Controls: Planning • To achieve goals • Tactical Systems Monitoring Methodology used for assessing the quality of internal controls. Control Activities Hard Controls: • Segregation of Duties (AAA) • Safeguarding of assets • Transactions recorded • Accountability • Periodic Reconciliation Risk Analysis • Strategic Organizing • Delegation Staffing • Right People Directing • Policies and Procedures Monitoring • Communication and information • Analytics and Analysis • Change management Common factors used in identifying and assessing materiality of risks. Control Environment Soft Controls: • Corporate Culture • Tone at the Top Committee of Sponsoring Organizations of the Treadway Commission 12 COSO Control (Addressing Governance) Challenge: Monitoring Control Activities Activity 2 Entity Information & Communication Unit A Aggregate Activity 1 • Evolving from Control Activities to the Control Environment Process Risk Assessment Unit Control Environment Tone at the Top Tone at the Middle “Systemic cultural problem” Mark Emmert, NCAA President “Management should periodically check the batteries in their moral compass.” GES 13 Update Formalizes Fundamental Concepts Embedded in the Original Framework as Principles 1. 2. 3. 4. 5. Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability Risk Assessment 6. 7. 8. 9. Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant changes Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures Control Environment Information & Communication Monitoring Activities 13. Uses relevant information 14. Communicates internally 15. Communicates externally 16. Conducts ongoing and / or separate evaluations 17. Evaluates and communicates deficiencies Source: COSO, “Internal Control – Integrated Framework”, September 2012 14 Quality Drift (Cascading Process) Subjective Control Environment Management Controls P-O-S-D-M Control Activities Objective 15 Controls Subjectivity Challenges: • Hard to Soft • Objective to Subjective • Simple to Complex • Evolution to Revolution Complexity Parkinson’s Law: Complexity leads to decay 16 Criteria of Control: CoCo Purpose Monitoring Action Commitment Capability 17 Internal Auditing: Adding Value Subjective (Mature) (Embryo) •Opportunities •Threats (Radar) Governance Risk Controls Control Environment Objective Management Controls Objective Control Activities Integration • GRC Evaluation Board • Check the box • Reality External Entity Process Audit Committee • Charter Internal Audit • Charter Unit Evolution of the Profession Quality Subjective Question: Can you be in 100% compliance and go out of business? (Evaluation Audit). Does compliance equal quality? 18 Governance The Big Risk SOD Board Selection Process Audit Committee Risk Committee Compensation Committee • Stock options • Bonus plans CAE CRO • Global • Strategic (CRMA) CEO COB • Counterproductive • Salaries • Up, up, up, and away • The Bear • Charley Mac • Shareholder Input Sub. Obj. AAA Issues: • • • • Accountability – Governance, Risks, and Controls King III Transparency Sustainability Personal Opinion: The CEO and CFO should not be involved in selecting members of the Board, Audit Committee, Risk Committee, or Compensation Committee 19 Organizational Governance (Roles and Responsibilities) Control Environment BOARD & SUB-COMMITTEES Plan – Organize – Staff – Direct – Monitor (P-O-S-D-M) Executive Management P-O-S-D-M Process Owner Process Owner Process Owner P-O-S-D-M P-O-S-D-M P-O-S-D-M Control Activities Employees Specific Job Descriptions Organizations Should Be Organized Delineation of Goals & Objectives (Integration & Linkage) Governance 20 COSO Risk Focus: • Internal Environment • Strategies • Integration Objectives Internal Environment Event Identification Risk Assessment Division Objective Setting Risk Response Control Activities Info. & Communication Monitoring ERM – Conceptual Framework 21 Governance Infrastructure (Integration & Linkage) Governance Audit Committee of Board of Directors Reporting ERM Oversight Oversight (Responsibility) Chief Risk Officer (CRO) (Execution) Audit Audit Plan (Risk Driven) Macro (Resource Allocation) Auditor in Charge (AIC) Micro (Engagement Planning-Risk Driven) Governance Input Chief Audit Executive (CAE) Feedback Input Enterprise Risk Management (ERM) Priority Reporting Comprehensive Report CEO Governance Governance (Oversight) 22 The Reporting Model (Risks and Controls) Recommendation Plan Criteria Plan Tactical Strategic Implementation Monitor Analysis Subjective Benchmarking Inappropriately Included Criteria Controls Policy General External Inappropriately Excluded Specific Law Performance Drift (The way it should be.) Reactive Risk Threats Internal Partially Controllable Best Practices Controllable Objective Consulting Negotiation Assurance Agent of Change Preview Reengineering • Evolution • Revolution Review Proactive Risk Opportunities CSA Cause Condition Effect (How we got to where we are?) (The way it is.) (What difference does it make?) Management Plan Organize Staff Direct Monitor Recommendation Persuasion Follow-up Revenue Cost Effectiveness Efficiency Goals Issue Addressed Recommendation Implemented Management Solution Risk Accepted Meeting 23 The Fraud Risk Triangle Incentive/Pressure Opportunity Attitude/Rationalization The Fraud Risk Triangle (FRT) consists of three key elements which are generally correlated with fraud. The FRT was developed by a criminologist, Donald R. Cressey, in 1973. How do you address the Fraud Triangle? 24 The Fraud Risk Triangle Opportunity Attitude Incentive Pressure Rationalization Over-ride O P R OR O P R OR O P R OR The Fraud Diamond Opportunity Pressure Rationalization Ability Kennesaw State 25 Management Responsibility Pre-Control RLFIF * Post-Control CLF * ClF = Prevent Detect (Analytics) (Analytics) Control Override Control Failure rLFIF Residual risk Risk tolerance Risk appetite Affordable risk Override Control RLFIF rLFIF Management Functions Plan Tactical, Strategic Organize Delegation, Accountability Staff Competencies, Training Direct Policies, Procedure Monitor Supervision, Oversight, Change management 26 Management Responsibility • Setting policies and strategic direction • Directing employees in performance of routine activities • Custody of entity’s assets • Reporting to those in charge of governance • Implementation of audit recommendations • Design, implement, and maintain internal controls • Develop performance measurement system 27 Questions?
