SAS 112 Awareness-Hybrid
advertisement
STATEMENT OF AUDITING STANDARDS 112 (SAS112) Communicating Internal Control Matters Identified in an Audit UC Riverside June 2007 1 " Today's audit environment encourages transparency and accountability. Therefore, an integrated campuswide effort is needed to effectively steward the funds entrusted to UCR.” Chancellor Córdova 2 AGENDA 1- Why SAS112 2- What is SAS112 3- Impact of SAS112 4- Internal Control 5- Minimizing risk -Sponsored Project Admin -Dept. operations 6- What to do? 3 - United States Federal Law and SEC For Public Companies -Sarbanes–Oxley (SOX): Requires conducting an assessment of the effectiveness of internal controls by management, to be audited and approved by the company’s independent accountants WorldCom Enron Why SAS112? SAS112 is our SOX - American Institute of Certified Public Accountants For non-profit organizations (UCR) 4 - SAS 112 Non-Compliance Fine$ - Contract & Grants University of California (2002). Fine =$1.8 m Northwestern University (2003). Fine = $5.5m Harvard University (2004). Fine = $2.6m Mayo Foundation (Mayo Clinics). Fine = $6.5m Florida International University (2005). Fine= $11.5m University of Alabama Birmingham (2005). Fine =$3.4 m 5 What is SAS112? Establishes standards for communicating internal control issues relating to: -integrity of financial reporting -compliance with applicable laws and regulation Establishes standards that classifies communicated control issues as: - control deficiencies - significant deficiencies - material weaknesses SAS112 standards have been adopted by the federal agencies and the Government Audit Standards has been updated to incorporate SAS112 6 Impact of SAS 112 on UCR Due to significant changes in the evaluation of control exceptions and more stringent audit standards, UCR is more likely to encounter control issues being identified and reported - Increased scrutiny - Larger audit samples - More evidence and documentation required during audits -Lower audit materiality thresholds SAS 112 requires disclosure of deficiencies to Regents and others 7 Impacts of deficiencies and weaknesses disclosures: -negative impact on reputation -increased internal and external audits -audit disallowances, fines and penalties -potential impact on resource allocation -negative impact on sponsored project funding 8 Generally, internal controls at UCR are in order and adequate, but there are departments, functions and areas where we noted…. Control Issues with - Ledger reconciliation & review - Certified effort reports - Cost Transfers - Expenditure monitoring - Budget variance analysis - Cash handling/ Revenue monitoring - Payroll processing - Timekeeping & billing - Fiscal Year End Processes 9 Internal Control Internal control is broadly defined as a process, effected by the UC Regents, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: •Effectiveness and efficiency of operations. •Reliability of financial reporting. •Compliance with applicable laws and regulations. 10 1 Who is responsible for implementing internal controls? 11 PARTNERSHIP Principal Investigator & Project Personnel Control Units (Deans/VC & CFAO) Central Offices (Accounting, Audit & Departments (Chair/ Director, MSO, Staff) Advisory Services, AP&B, OR, etc.) 12 Growth in Direct Contract and Grant Expenditures Fiscal Year 2003/04 to Fiscal Year 2005/06 $80,000,000 $70,000,000 $60,000,000 $50,000,000 $40,000,000 $30,000,000 $20,000,000 $10,000,000 $0 State Agencies Private Local Government Federal Government FY03/04 Source Federal Government Local Government Private State Agencies Total FY03/04 FY04/05 FY05/06 FY04/05 FY05/06 1 Year % Increase/D ecrease 2 Year % Increase/Decrea se $36,970,256 $47,197,544 $53,447,911 13% 45% $1,553,189 $1,936,147 $2,217,444 15% 43% $14,358,686 $14,711,554 $13,544,906 -8% -6% $5,788,019 $5,985,849 $4,950,031 -17% (a) -14% $58,670,150 $69,831,094 $74,160,292 6% 26% Source: 2005-06 Annual Report on Contract & Grant Expenditures (a) 26% increase from FY03/04 13 UCR’s Challenge Increasing extramural support while managing risk Our Goal Facilitating Faculty Success! 14 award close-out sub-recipient monitoring cost sharing effort reporting cost transfers POTENTIAL RISKS IN C&G AREA review of monthly statements physical inventory overdraft 15 FALL 2006 16 C&G Risk: Effort Reports Symptoms of deficiencies Major area of concern for Federal Government Current Efforts Incomplete or missing reports Late reporting New on-line system coming Resolution of deficiency Remove unsubstantiated costs 17 C&G Risk: Cost Transfers Symptom of Deficiency Major area of concern for Feds Current Efforts High volume Late transfers (may require revised effort reports) Improper documentation and/or allocation methodology Enhancing Business Rules Resolution of deficiency Reversal of charges 18 C&G Risk: Award Closeout Symptom of Deficiency Area of concern for Feds Current Efforts Delinquent Financial Reports Delinquent Technical Reports Improving notification process Resolution Future funding withheld for specific awards Funding to institution withheld 19 Minimizing Risks in Sponsored Project Administration Training Tools C&G Workshops (to be expanded) Ethics Awareness Enterprise Reporting System Ledger Recon/Review System (coming soon) Policies C&G Manual UCR Research Administration Roles & Responsibilities (in development) 20 Minimizing Risks in Sponsored Project Administration Timely review of monthly statements Budget to Actual Anticipate unspent balances or overdrafts Review payroll transactions Regularly meetings/discussion between PIs administrative staff Immediately report discrepancies Communication Timely resolution 21 Minimizing Risks in Sponsored Project Administration Timely return of certifications: Monitor Sub-recipient’s progress on project compared to billing statements Effort Reports Cost sharing Reports Impacts Financial Reports and Award Close-Out Potential impact on award close-out Timely submission of Technical Reports 22 SAS112-Campus Departments General Internal Controls to Minimize Risk 23 Minimizing Risk-Departmental Department Head: Oversees and is integrated into the financial management process Ensures proper controls and monitoring procedures are in place Ensures financial reports are accurate and meaningful Ensure SAAs, transactors and reviewers are appropriately trained and supported in their key business process roles 24 Minimizing Risks-Departmental Timely reconciliation and review of monthly ledgers Budget to Actual review Analysis of causes for variances Review of payroll transactions by financial staff and responsible manager Regular review of financial reports by department manager and business officer Evidence of ledger reconciliation and review Timely resolution of errors Frequent and late cost transfers can be a symptom of a deficiency 25 Minimizing Risks-Departmental Ensure sufficient segregation of duties No one person should have complete control over the key processing functions for financial transactions Provides for prevention and detection Errors Inappropriate activities Post Audit Notification (PAN) Reviews Payroll/Personnel System and UCRFS transactions Timely Adequate 26 What to do: •Control Assessment •Training When issues are identified: 1- Self-report 2-Assistance 3-Escalate/Remediate 4-Proactive Approach Everyone is responsible When control issues or policy non-compliance are recurring and systemic: It will be transparent and there will be consequences 27 Contacts Gretchen Bolar, Vice Chancellor-Academic Planning & Budget gretchen.bolar@ucr.edu Bobbi McCracken, Asst. Vice Chancellor-Financial Services bobbi.mccracken@ucr.edu Mike Jenson, Director-Audit & Advisory Services michael.jenson@ucr.edu Bruce Morgan, Asst. Vice Chancellor-Office of Research bruce.morgan@ucr.edu Toffee Jeturian, Asst. Director-Audit & Advisory Services rodolfo.jeturian@ucr.edu Marc Guerra, Director-Financial Control & Accountability marc.guerra@ucr.edu 28
