will it blend? coordinating internal controls & process remediation to achieve sustainable...
Post on 12-Jan-2016
218 Views
Preview:
TRANSCRIPT
1
Will it Blend?Coordinating Internal Controls & Process
Remediation to Achieve Sustainable Financial Audit Success
John Bower, CPACDR Colin Campbell, USCG
2
LUCASFILM
3
Why We’re Here
• Federal Financial Management Improvement Act (1982)
improving info for decisions & accountability
• CFO Act of 1990CFO in all executive agencies
• DHS Financial Accountability Act (2004)CFO agency; Internal Controls Over Financial Reporting
• DHS Audit Requirement Target Act (2012)clean financial statement audit by 2013
4
Agenda
• Audit Remediation & Internal Controls
• The Internal Controls Cycle
• Tools
• Best Practices
• Roadmap to Success
• Summary & Questions
5
Audit Remediation Division
Rem
ed
iati
on
Inte
rnal
Con
trols
• Fix long-standing audit
discrepancies
• Drive efficient & effective
business practices.
6
Internal Controls Division
Rem
ed
iati
on
Inte
rnal
Con
trols
• Monitor efficiency &
effectiveness.
• Subject matter expertise,
training, & guidance
• Manage annual statement of
assurance
7
Internal Controls - Refresher
Compensating Manual Automated
8
Internal Controls - Refresher
Detective Preventative
9
Issues
• Duplicate requests/pushbackfrustrated field
• Can’t identify remediated areahindered internal controls work
• Remediation not aware of new gaps
hindered remediation
• No Internal Controls input on remediation
internal control testing failure risk
Rem
ed
iati
on
Inte
rnal
Con
trols
10
Inte
rnal
Con
trol
s
Blendtec
11
Pivot – New Strategy
• Integrate Remediation & Internal Controls controls ensure sustainment
• “One-stop shop” for audit issueskeep the customer satisfied, engaged, committed
• Eliminate repetitive calls for dataless work for everyone!
• Keeping the OIG Auditors awayreduce “audit fatigue”
12
The Internal Controls Cycle1) Determine
Scope
2) Perform Materiality
Assessment
3) Perform Risk
Assessment
4) Document Process and Procedures
5) Develop Testing Plan
6) Perform Test of Design
7) Perform Test of
Effectiveness
8) Evaluate Test Results
9) Report Results to
Management
10) Create Corrective Action Plan
11) Roll Forward and Monitoring
12) Statement of
Assurance
Planning Risk Assessment
- Determine Scope- Perform Materiality
Assessment- Perform Risk Assessment
Evaluate the Controls at the Process Level
Documentation of Interviews and Walkthroughs
- Document Processes and Procedures
- Develop Testing Plan- Perform Tests of
Design
Test Controls at the Transaction Level
Test of Operating Effectiveness
Documentation
- Perform Test of Effectiveness
Conclude, Report and Correct
-Testing Remediation of New Controls
Implemented During the Fiscal Cycle
-Gaining Comfort of Period Not Tested
- Evaluate Test Results- Report Results to Management
- Develop Substantive Testing Plan- Develop and Implement
Corrective Action Plan- Perform Roll Forward & Monitoring
Statement of Assurance
A-123 DHS USCG
14
The Internal Controls Cycle1) Determine
Scope
2) Perform Materiality
Assessment
3) Perform Risk
Assessment
4) Document Process and Procedures
5) Develop Testing Plan
6) Perform Test of Design
7) Perform Test of
Effectiveness
8) Evaluate Test Results
9) Report Results to
Management
10) Create Corrective Action Plan
11) Roll Forward and Monitoring
12) Statement of
Assurance
Fails TOE
Fails TOD
High Risk
15
The Internal Controls Cycle1) Determine
Scope
2) Perform Materiality
Assessment
3) Perform Risk
Assessment
4) Document Process and Procedures
5) Develop Testing Plan
6) Perform Test of Design
7) Perform Test of
Effectiveness
8) Evaluate Test Results
9) Report Results to
Management
10) Create Corrective Action Plan
11) Roll Forward and Monitoring
12) Statement of
Assurance
Remediated
16
US Coast Guard
Process Flow
17
Remediation Begins: Workflow Report
18
FY2013 Operating Materials and Supplies Workflow Report
FY2013 Ref. No.
Risk Control Objective Control ActivitiesFY2013 Control
StatusWhy Corrective Action is Necessary
16.2 Donations/transfers are received without proper valuation support.
Ensure proper support for donations/transfers is received before recording it in the system.
No control activity identified. Compensating control exists through the execution of the Monthly Valuation Sustainment process.
High Residual Risk
The process for accounting for donated and transferred stock items was presented to the FMAOB in Q1 of FY2013. As an outcome of this meeting, interim policy was issued prescribing the proper accounting treatment for donated and transferred stock items. A procedure defining the proper accounting treatment for donated and transferred in stock items has not yet been promulgated.
35.1 Account balances do not reconcile with the stock ledger and errors are outstanding.
Ensure stock ledger and general ledger reconcile so balances are stated accurately on financial reports.
Quarterly, the Financial Program conducts the Stock Ledger to General Ledger Reconciliation procedure to ensure that account balances are accurately reflected on the financial reports. Reconciling errors are investigated and supporting documentation is retained.
Failed TOD During FY2013 Test of Design, the Internal Control Assessment Team obtained the stock to general ledger reconciliation package for the 1st Quarter of FY2013. The team noted several discrepancies between the two ledgers were identified however, documentation was not available to support the cause and required adjustment for all reconciling errors, including a $425,901 variance between two sub-accounts. This resulted in unsupported adjustments to the general ledger.
19
Incorporate control gaps into plan
Develop Training/
Corrective Actions
Draft CBRNE Issue Paper
Review Inventory Held-for-Sale Policy &
Procedures for Fuel Farm
18 Apr
Review Inventory Held-for-Sale Policy and
Procedures - Uniforms
Perform Test of Design
14-14 Inventory and Related Property Mgmt. MAP Milestones for 7 APR – 18 APR 2014
Finalize document repository
Document procedures to periodically monitor WAP
calculations in ALMIS
Perform Risk Assessment
AtoN / ICP Business Process
Alignment
Inve
ntor
y H
eld
for
Sale
Ana
lyti
csPo
licie
s &
Pr
oced
ures
Current Milestone Risks and Related Mitigation
Risks (Yellow) Mitigating Strategy
3.1: Review of fuel inventory and subsequent issue paper detailing findings delayed due to resource constraints and emergent issues.
Leverage work by Supply Fund Team and engage Kodiak fuel inventory KPOs as time permits.
Issues (Red) Action
5.2.1: Discussions regarding the appropriate system of record for CBRNE enrollment are ongoing. Endorsements to CG-8 memo from CG-4 detailing enrollment costs and issues are in draft.
Moving forward with drafting issue paper, will incorporate cost, resource, and system constraint information once CG-4 endorsements are received.
Key Statistics
Planned ActualTotal OM&S Tasks 67 67
Tasks Completed to Date 10 10
Overall Percentage Complete 15% 15%
Tasks Due Next Period 0 0
Tasks Overdue (Red) 1Tasks in Danger of Missing Due Date (Yellow) 3
Key Accomplishments this Reporting Period
1 Continued work on valuation and enrollment of AtoN, Elex, CBRNE.
2 CBRNE issue paper draft: completion pending CG-4 endorsements to CG-8 CBRNE memo.
3Pulled samples from Q2 ICP data sets for substantive valuation testing: providing samples to the ICPs for support; will coordinate site visits to review folders.
Key Tasks Planned for Next Period
1 Deliver substantive valuation samples; collect support; conduct site visits to review valuation folders.
2 Continue work to enroll AtoN & Elex in NESSS.
3 Based on CG-4 endorsements, complete draft CBRNE issue paper and recommendation for CBRNE items.
Item
Ent
ry
Prop
osal
Q4 ValuationRoll forward
Perform ARC
Annual Update
Observe UDC physical
inventory
Conduct Q4 C/E Testing
at ICPs
Conduct site visits to observe physical
inventory - Kodiak
Report Q4 Roll-forward Results
Report Q3 TOE Results
Report Q1 & Q2 TOE Results
3.2
3.4
4.7
4.6
4.8
3.5
2.72.5 2.8
3.1
3.3
Conduct Q2 C/E Testing at ICPs
4.3
Q2 Valuation Testing at ICPs
4.2
Conduct Q3 C/E Testing at ICPs
4.4 4.5
Conduct Q3 Roll forward &
Valuation at ICPs
5.4.1
Develop controls over the receipt of
donations/transfers
Identify system business requirements 8
Man
agem
ent
Con
trol
s
2.2
Develop Item Enrollment Information
5.1
Conduct Q1 C/E Testing at ICPs
4.1
Enroll Electronics items into NESSS
5.2.1
7.2
5.3.1
2.3
9
7.1
20
US Coast Guard
21
Discuss Control Gaps w/ KPOs
• Capture all policy/procedures?
• Control gaps factually accurate/correctly
captured?
• Policies/procedures been updated?
• Process changed?
22
Discuss Control Gaps w/ KPOs
• Process in remediation?
• Cost-benefit of proposed solution?
• Targeted resolution date?
23
Code Description
L Long-term Remediation Effort: Do Not Test
S Short-Term Remediation Effort: Do Not Test
U Under Investigation: Need more information to Determine Appropriate Corrective Action
T Remediation completed: Control is recommended for testing
Remediation tracks and monitors efforts until they are
determined to be ready for testing.
Prioritize & Identify
24
Build Relationships
• Hit the Road TogetherKey Command Visits
Leadership Forums & Conferences
• Monthly Audit Status Updates
• Limited ‘Marketing’
• Internal CommunicationsMagazine Articles
Command Master Chief Network
25
Messaging
• Standard 101 BriefingsField, KPOs, SES/Flags
• MarketingComptroller Newsletter
• “Tone at the top”Commandant Video
Executive Management Council
US Coast Guard
27
Roadmap to Success: Controls
28
Remediation Internal Controls
Transition: Effort
2014+2010-20132004-2009
29
Headquarters Key Process Owners
Transition: Responsibility
2014+2010-20132004-2009
30
US Coast Guard
31
Audit Readiness Progress
2007 2008 2009 2010 2011 2012 20130%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
% Balance Sheet Supported by Fiscal Year
32
Internal Control Progress
2008 2009 2010 2011 2012 20130
2
4
6
8
10
12
Material Weaknesses by Fiscal Year
33
Coast Guard Successes
• Enhanced programs
• Unmodified opinion: financial statementsReduction to 2 material weaknesses
• Improved field understanding of benefits
• Improved field responsibility of controls
• Continued dedication & commitment from
the top down to the field
34
US Coast Guard
35
Focus Areas
• 2003-2012: Balance Sheet
• 2013: Clean opinion: Financial StatementsCongress: clean financial audit by FY 2013
Continue improving internal controls
• 2014+: Sustainment, ICOFRMaintain clean opinion on the financial statements
Unmodified opinion: ICOFR audit
36
Summary
• Coordination & Integration
• Tone at the Top
• It’s Not Hard, Just Hard to Do Sometimes.
• CommunicateCollaboration Leads to Compliance
No such thing as remediation for a healthy program
• Pigs and Chickens
38
Questions?
CDR Colin CampbellCG-845
(202) 372-3673
John BowerCG-85
(202) 372-3452
top related