1. The New Audit Risk Assessment Standards:� Whats the Impact
2. Why New Auditing Standards? Auditing profession continually reviews practices and makes necessary improvements
Post Enron and Sarbanes-Oxley
Higher expectations of auditors
Need to maintain audit quality in changing business environment
3. Objectives of the Risk Assessment Auditing Standards Obtain more detailed information about the entitys operations, business objectives and strategies and the risks to achieving these objectives
4. Continued Gain a more thorough understanding of the entitys internal control
Ensure entity management clearly accepts responsibility for all financial information and the financial statements
5. What Must Your Auditor Understand About the Governmental Entity? Industry, regulatory, other external factors
Nature of the government
Objectives, strategies and related business risks
Measurement of financial performance
Internal control
6. Purpose Provide effectiveness and efficiency in operations
Ensure reliable financial reporting
Comply with laws and regulations
7. What Must Your Auditor Understand About Your Internal Controls? COSO elements
Information Technology
Information system
Initiation through reporting, including the financial reporting process
For the significant classes of transactions
8. Continued Control Activities
Authorization
Segregation of duties
Safeguarding of assets
Reconciliations
10. COSO Committee of Sponsoring Organizations
(of the Treadway Commission)
Private sector initiative created to:
provide a common definition of internal control
provide a framework against which internal control systems can be assessed and improved
COSO is a private sector initiative created to provide a common definition of internal control and provide a framework against which internal control systems can be assessed and improved. This report is the standard that U.S. companies use to evaluate internal controls.
Heres a little history,
In 1977 the U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs.
In response, a private-sector initiative, called the Treadway Commission was formed in October 1985. The Treadway Commission issued its initial report in 1987, and recommended that the organizations sponsoring the Commission (COSO) work together on a report to develop integrated guidance on internal control.
The report was issued in 1992 and re-published with minor amendments in 1994, was titled "Internal Control - Integrated Framework." This report presented a common definition of internal control and
a framework against which internal control systems can be assessed and improved.
COSO is a private sector initiative created to provide a common definition of internal control and provide a framework against which internal control systems can be assessed and improved. This report is the standard that U.S. companies use to evaluate internal controls.
Heres a little history,
In 1977 the U.S. Congress enacted the Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs.
In response, a private-sector initiative, called the Treadway Commission was formed in October 1985. The Treadway Commission issued its initial report in 1987, and recommended that the organizations sponsoring the Commission (COSO) work together on a report to develop integrated guidance on internal control.
The report was issued in 1992 and re-published with minor amendments in 1994, was titled "Internal Control - Integrated Framework." This report presented a common definition of internal control and
a framework against which internal control systems can be assessed and improved.
11. Internal Control:
Is a process
Affected by people
Provides only Reasonable Assurance
Geared towards the achievement of objectives
Key Concepts of the COSO Framework The COSO framework involves several key concepts:
Internal control is a process. It is a means to an end, not an end in itself.
Internal controls are affected by people. Its not merely policy manuals and forms, but people at every level of an organization.
Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board.
Internal control is geared to the achievement of objectives in one or more separate but overlapping categories
The COSO framework involves several key concepts:
Internal control is a process. It is a means to an end, not an end in itself.
Internal controls are affected by people. Its not merely policy manuals and forms, but people at every level of an organization.
Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entitys management and board.
Internal control is geared to the achievement of objectives in one or more separate but overlapping categories
12. Internal Control Defined Per COSO Provide reasonable assurance to achieve objectives in:
Effectiveness/efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations The COSO framework defines internal control as a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: The COSO framework defines internal control as a process, effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
13. Five Key Elements of Internal Control Control environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
14. Control Environment Foundation for other components
Tone at the Top
Influences the control consciousness of its people
Provides discipline and structure
Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control . Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization.
Since you are the ones who establish the control environment for your agency, we will spend more time on this component than the other 4Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control . Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization.
Since you are the ones who establish the control environment for your agency, we will spend more time on this component than the other 4
15. Risk Assessment�Managing Change�
Changes in governmental operations
New personnel
New or revised information systems
Rapid growth
Incorporating new technologies
Restructurings
Accounting changes (new accounting pronouncements)
Risk assessment is the process used to identify analyze and manage the potential risks that could hinder or prevent you from achieving your objectives
What affect will the risk if its realized have on the agency?
Then, management has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the Internal control objectives of
efficient and effective operations,
reliable financial reporting, and
compliance with laws and regulations. Risk assessment is the process used to identify analyze and manage the potential risks that could hinder or prevent you from achieving your objectives
What affect will the risk if its realized have on the agency?
Then, management has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the Internal control objectives of
efficient and effective operations,
reliable financial reporting, and
compliance with laws and regulations.
16. Control Activities
What could go wrong?
What do we need to protect?
17. Control Activities�Establishing Control Objectives Structural plan
Provides the framework
Accounting system
Designed to measure results
Personnel policies
Designed to employ, train, evaluate Internal control systems are going to vary from one agency to another. The control objectives and features are dependent on the complexity and management objectives for the agency.
Regardless of the differences in the size of the agency and its technical specialization, certain characteristics must be present in all systems:
A structural plan of the agency that provides the framework for the division of authority, responsibility and duties
An accounting system designed to measure results of operations and financial position
Personnel policies designed to employ, train, evaluate and compensate employees
These objectives are broad and provide reasonable assurance that policies and procedures will be carried out.
The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.Internal control systems are going to vary from one agency to another. The control objectives and features are dependent on the complexity and management objectives for the agency.
Regardless of the differences in the size of the agency and its technical specialization, certain characteristics must be present in all systems:
A structural plan of the agency that provides the framework for the division of authority, responsibility and duties
An accounting system designed to measure results of operations and financial position
Personnel policies designed to employ, train, evaluate and compensate employees
These objectives are broad and provide reasonable assurance that policies and procedures will be carried out.
The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.
18. Control Activities�Lets Dig Deeper Authorization ensuring that all transactions are approved by mgmt
Validation- ensuring that recorded transactions represent real transactions
Capture- ensuring that all transactions are recorded
Valuation- Ensuring that all amounts recorded for transactions are accurate While the controls that weve talked to about are broad enough to provide management with reasonable assurance that its policies and procedures are being carried out, these objectives are too general to help financial managers design or evaluate a system of internal controls.
The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.
Authorization ensuring that all transactions are approved by mgmt
Validation- ensuring that recorded transactions represent real transactions
Capture- ensuring that all transactions are recorded
Valuation- Ensuring that all amounts recorded for transactions are accurate
While the controls that weve talked to about are broad enough to provide management with reasonable assurance that its policies and procedures are being carried out, these objectives are too general to help financial managers design or evaluate a system of internal controls.
The following specific control objectives are widely accepted as elements of good control and should be used by management and financial managers.
Authorization ensuring that all transactions are approved by mgmt
Validation- ensuring that recorded transactions represent real transactions
Capture- ensuring that all transactions are recorded
Valuation- Ensuring that all amounts recorded for transactions are accurate
19. Control Activities�And Just a Little More
Classification ensuring that all transactions recorded are assigned to the proper categories
Cut-off ensuring that transactions are recorded in the proper accounting period
Access ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets Classification ensuring that all transactions recorded are assigned to the proper categories
Cut-off ensuring that transactions are recorded in the proper accounting period
Access ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets.
Classification ensuring that all transactions recorded are assigned to the proper categories
Cut-off ensuring that transactions are recorded in the proper accounting period
Access ensuring that only authorized individuals consistent with their job responsibilities have appropriate access to assets.
20. Information and Communication What information do people need to do their jobs?
What is the best source for this information?
Is information communicated accurately? Timely?
Biggest problem Ineffective communication between departments
Information relating to programs, operations, and finances is needed to determine if the agency is meeting its goals and objectives, operating efficiently and effectively, (meaning timely and with content that means something to the user) and in compliance with laws and regulations. Communication should occur broadly, with information flowing down, across and up within levels of agency personnel. Should be made on a timely basis to allow effective monitoring of events, activities and transactions allowing for prompt reaction and decisionsInformation relating to programs, operations, and finances is needed to determine if the agency is meeting its goals and objectives, operating efficiently and effectively, (meaning timely and with content that means something to the user) and in compliance with laws and regulations. Communication should occur broadly, with information flowing down, across and up within levels of agency personnel. Should be made on a timely basis to allow effective monitoring of events, activities and transactions allowing for prompt reaction and decisions
21. Monitoring� On-going process
Occurs as part of normal operations
Approvals
Reconciliations
Progress reports
Budget tracking Nrs 353A.025 requires each agency to periodically review its system of internal accounting and administrative controls to determine if it is in compliance with NRS 353.
On or before July 1 of each even numbered year each agency must report whether their system complies with NRS 353A.
These reports are then made available to members of the Legislature.
On pages 34 43 and in our agency I/c checklist found on our website, you can assess your system of internal controls.
Ill also be holding meetings in March regarding what the Department expects, and how specifically to accomplish this.
Nrs 353A.025 requires each agency to periodically review its system of internal accounting and administrative controls to determine if it is in compliance with NRS 353.
On or before July 1 of each even numbered year each agency must report whether their system complies with NRS 353A.
These reports are then made available to members of the Legislature.
On pages 34 43 and in our agency I/c checklist found on our website, you can assess your system of internal controls.
Ill also be holding meetings in March regarding what the Department expects, and how specifically to accomplish this.
22. Monitoring Annual Review NRS 353A.025 (1)
Annually Each Agency is Required to:
Evaluate Actual Procedures Using SAQ
Evaluate Written Procedures Using SAQ
Transaction Testing Using T of T
SAQ Self Assessment Questionnaire
T of T - Testing of Transactions Checklist
Both Available on Our Website SteveSteve
23. Monitoring Biennial Report NRS 353A.025 (2)
Report on Internal Controls
Due by July 1 (even years)
States if Written Procedures and Actual Procedures are Adequate
Use SAQ and T of T completed during Annual Review
More Info on Our Website
24. Tone at the TOP Ethics Seminar on
The Anatomy of Ethical Slips in Government
May 14th
11:00 1:00
Carson City & Las Vegas
25. Questionnaire Answer honest and objectively
Return to Internal Audit by May 9th
Internal Audit and Controllers Office will be helping you to fix any areas of concern
26. Why This Is Important
Keeps audit fees down
Any error or adjustment must be reported
Keeps your agency out of the CAFR and the press
