auditors: why do they ask all those questions? lgc resource april 2015 penny austin, assistant...
TRANSCRIPT
Auditors: Why do they ask all those questions?
LGC Resource April 2015
Penny Austin, Assistant Director – ISLocal Government Audit
Why those questions?
Professional Standards Internal Controls Fraud Applicable Laws Data Analytics
Professional Standards
GAO Yellow Book AICPA Standards OMB Uniform Guidance
Internal Controls Processes effected by an entity’s
management and other personnel designed to provide assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
COSO (Committee of Sponsoring Organizations) of the Treadway Commission
Simple Definition Internal controls are common sense
procedures that address:
What could go wrong? What steps should be taken to prevent
those events from happening?
Personal Internal Control System
Locking your car when you leave it in the parking lot
Comparing your receipts to your credit card statement
Balancing your personal check book
Why are Internal Controls Important?
Protect the strong from temptation Protect the weak from opportunity Protect the innocent from false accusation
From Once upon Internal Control by James Ulvog, CPA
Opportunity
Pressure Rationalization
FRAUD TRIANGLE
FRAUD
Frauds discovered in the recent years. Committed by one person Trusted employee Internal controls were either nonexistent or
not monitored
Examples of Good Internal Controls
Effective Controls- Cash Receipts and DepositsSeparate cash drawers Prenumbered cash receipts- 9-2-103,
TCAStamp checks “for deposit only” as soon
as they are receivedDrawer checkout proceduresDeposit timely- 3 day deposit lawDeposit Receipts Intact
Effective Controls- Cash Receipts and Deposits (cont.)
Deposit slips should be itemizedSign- “You must receive an official
receipt or your transaction is not complete”
Segregate Duties- Employees responsible for receipting should NOT also be responsible for posting receipts to the accounting records.
Effective Controls- Disbursements
Disbursements by official prenumbered checks
Review documentationDo not sign blank checksSegregate duties between writing checks,
signing, distribution, and posting to the accounting records
Effective Controls- Bank Reconciliations One employee should be responsible for
opening the bank statement, reviewing it, and initialing.
A separate employee should reconcile the bank statement monthly
Bank reconciliations should be reviewed by an employee not responsible for reconciling the statement.
Effective Controls- Procurement
Establish clear lines of authority for approving purchases before they occur
Purchase orders Verify availability of appropriations before
purchases are approved Payments for purchases should only be made
after documentation that the goods or services were received
Segregate duties between approval, payment and updating the accounting records
Effective controls- Journal Entries (JE’s) Use a standard journal entry form Supervisory review and approval of all journal
entries Segregate duties between preparation of the
JE, Approval of the JE, and posting to the records
Supervisory review that all JE’s were properly posted to the records
Effective IS Controls Proper back-up procedures
Daily backups should be stored in a secure location within the office.
Weekly backups should be rotated to a secure, fireproof off-site location.
A backup log documenting the location of all backups should be maintained.
Backups should be tested.
Effective IS Controls (cont.) Password Maintenance
All users should have a unique login and password. Shared logins should not be used.
Passwords should remain confidential. Passwords should be changed every 90
days. Passwords of former employees should be
immediately disabled.
Effective IS Controls (cont.) Disaster Recovery Planning
Specific steps to follow to restore system Emergency phone numbers of personnel and
vendors Backup storage location Manual procedures to follow until the system
is restored
Effective IS Controls (cont.) Policies and procedures manual
Operating system and application security Start-up/shut down procedures Back-up procedures Hardware software maintenance procedures Daily, monthly, and year-end procedures Output distribution list Hardware disposal policy Virus prevention policy
Effective IS Controls (cont.)
Loading Operating System Updates
Restricting Physical Access to System
Proper Application Controls Adequate audit trail exists. Audit logs are maintained and reviewed.
Audit Logs and Other Reports TnCIS
Delete Log Report Out-of Court Payments Report
Trustee Audit Changes By Date Report Unprorated Receipts Report Maximum Posting Date Report
Fund Offices Payroll Check Change Report Maximum Posting Date Report
Applicable Laws
Applicable Laws
City Charters/ Private ActsBudgeting LawsPurchasing LawsFees and Taxes Filing RequirementsElectronic Commerce
Applicable Laws TCA 6-54-903 – Requires cities to submit their travel
policies to the Comptroller
TCA 7-52-602 – Requires municipal electric systems to submit a business plan to the Comptroller
TCA 5-8-505 – Requires county officials to file an annual financial report with the county mayor and county clerk
Applicable Laws TCA 47-10-119 – Requires all local governments who
implement an electronic business system to file a statement with the Comptroller
TCA 4-30-103 – Requires all local governments who implement a new technology platform to file a statement with the Comptroller
New Legislation Amendment to Financial Integrity Act requiring
counties, municipalities, and metro governments to establish internal controls
Amendment requiring local governments to close their accounting records no later than two months after fiscal year-end
Amendment to CMFO Act changing the penalty provisions
Data Analytics
www.comptroller.tn.gov/la
Questions?
Penny [email protected]
v