financial controls self-assessment process caubo 2008 coordinator: michele pearce (director,...
TRANSCRIPT
Financial Controls Self-Assessment Process
CAUBO 2008CAUBO 2008
Coordinator:Michele Pearce (Director, Accounting and Reporting)
Presenters:Lisa Nykolyshyn (Internal Auditor)
Cindy Armstrong-Esther (Manager, Financial Controls and Processes)
2
Presentation Overview
Reasons for initiating self-assessment project
How we started Checklist overview Roles and responsibilities Results of first implementation Lessons learned Future considerations
3
Reasons for initiating self-assessmentproject
One of many projects initiated to address the Auditor General of Alberta’s recommendation (2001): “modernize and significantly improve internal control systems”
Recognized interdependence between centralized and decentralized controls.
4
Reasons for initiating self-assessmentproject
Anticipated benefits of self-assessment process: Increases the awareness of desired
controls Provides a non-threatening means to
assess own area Provides assurance and/or inspires
change
5
How we started
2003-4: Internal Audit Services (IAS) and Financial Services (FS) develop a in-depth questionnaire covering a variety of areas (e.g., student grading, financial admin, records mgt)
2004-5: Piloted within a variety of depts, but received varying levels of support. Feedback suggested:
(+) Informative (--) Onerous
2006: Back to the drawing board!
6
How we started
2006: Limited the questionnaire to financial controls in a “checklist” format
Performed risk-assessment sessions with central service units for each major transaction stream
Used key controls to form the basis for each “checklist”.
In December 2006, began pilot testing in two faculties.
7
How we started
Early 2007: Developed a secure, on-line form
Password protected for each respondent
Can track respondents’ progress
Respondents can copy responses from one checklist to another, if required
Can generate reports for various audiences
8
How we started
Mid 2007: Project is rolled out to all units
Letter from VPFA introduces project to Senior Financial Officers (SFOs)
FS and IAS meet with SFOs/unit financial officers
All units with unique finance ids are to complete checklist
Submission deadline of January 31/08
9
Checklist overview
Ten sections:
1. Financial Administration (the only mandatory section)
2. Cash Handling – Point of Sale Operations
3. Cash Handling – Other
4. External Billing
5. Payroll
(Continued)
10
Checklist overview
Ten sections (continued):
6. Purchasing & Payables
7. Credit Card Purchases
8. Travel & Expense
9. Administration of Restricted Funds
10. Moveable Equipment
11
Checklist overview
Four Main Parts:
1. Section overview details who should complete each section, provides the annual $ and number of transactions for each transaction stream, and outlines the associated financial risks
2. Opt-outs allow respondents to identify why a section is not applicable to their unit:
• Don’t have that type of transaction.• Another unit processes that type of transaction for
us.• Etc.
12
Checklist Overview
3. Hyperlinks to policies, procedures and other guidance allow users to obtain further information, context.
4. Response options provide the means for the respondent to indicate whether each control is fully implemented:
Yes No, but will implement No, can’t implement (requires respondent to
explain)
13
Roles and responsibilities
Senior Financial Officers (SFOs) Take ownership of tracking completion of checklist
for units within faculty/portfolio Vet accuracy of responses Help units create action plans to address
weaknesses Communicate faculty/portfolio summary to Dean/VP
Financial Services/Internal Audit Services Provide support to SFOs Provide reporting to various parties
14
Reporting the results
1. Senior Financial Officers:
Two-page summary report and supplementary reports:
Units indicating that they need to implement a control. SFO to assess themes, track implementation
Units indicating that they could not implement a control. IAS/FS provided feedback to the SFO regarding whether
this environment presented additional risk to the unit/University.
SFO to determine actual risk.
Miscellaneous other reports
15
Reporting the results
2. Central Services Units Receive results related to applicable
section(s) of Checklist with no detail by portfolio
Purpose: Provides feedback on the quality of guidance &
related communications Leads to enhancements of Checklist itself (e.g.,
clarity of control questions) Allows central units to compare results with
own reviews.
16
Reporting the results
3. Vice President (Finance and Administration):
Receives a summary report of all portfolios, highlighting which major units need to address control weaknesses
4. Provost & Vice President (Academic), Board Audit Committee, Office of the Auditor General:
Receive a high-level report with no detail by portfolio listing trends and general areas for improvement.
17
Auditing the Results
No specific “Checklist” audits planned
BUT, we will compare results to other reviews/audits SMS regularly audits purchase orders, credit card
purchases, travel & expense claims
IAS is currently conducting a Payroll audit
IAS is implementing “continuous” (automated) auditing programs, analyzing full populations of data.
Will provide “gap analysis” to appropriate parties
18
Results of first implementation
Results for 460 Checklists, from 25 faculties/portfolios:
86 % answered “Yes” to control questions 8 % answered “No, but will implement” 6 % answered “No, can’t implement”
IMPT: Analysis of responses is required: Some respondents indicated “Yes” but
qualified their answer “No, can’t implement” used when control
“N/A”
19
Results of first implementation
Top 3 for “No, but will implement” response: Moveable Equipment, Purchases & Payables,
Miscellaneous Cash
Top 3 for “No, can’t implement” response: Financial Admin., Credit Card Purchases,
Payroll “Insufficient staff to implement control” “Control doesn’t make sense given our
business”
20
Results of first implementation
Feedback from respondents quite positive Examples:
“I appreciate the opportunity to complete this checklist. It has prompted a review of relevant policies and procedures, some of which have changed without my notice. Also, it has prompted some questions (see responses).”
“I found this exercise very helpful, if not as a refresher re. controls, also as a guide to assist in training and advising other members of the unit re. policies and procedures (reasons for ...)”
21
Lessons learned from first implementationThings we’d do again… Keep the number of controls to reasonable level
Risk-based approach Central services unit ownership, with IAS
facilitation
Continue to use focus groups to improve wording Can be used to improve policies and
procedures, too
Invest time with departments upfront (e.g., walkthroughs)
22
Lessons learned from first implementationThings we’d do differently…
Would offer “N/A” response option, with explanation required
Would not allow respondents to qualify “Yes” responses with comments
Would clarify scope for Restricted Funds section
23
Future considerations
Plans
Update checklist based upon respondent feedback, review of prior year’s risk assessments, and any recent changes to policies and procedures.
Develop additional sections re restricted funds and donations (high-risk areas)
Create opportunities for SFOs to be more involved in the process.
24
Future Considerations
Challenges
Consider how to deal with persistent internal control weaknesses in particular units
Review whether units complete a checklist for every “dept-id” , every year.
Place on dept-id different cycles, based on materiality?
Report results by user instead of dept-id?
25
Future Considerations
Potential Applications
Develop on-line quizzes for on-line training
Integrate checklists into on-line “Guide to Financial Management”
Standardize presentation of material in policies and procedures, highlighting key controls.
Create additional guidance regarding implementing segregation of duties in small departments
26
Future Considerations
Administration of Checklist FS responsible for administration of
Checklist from 08/09 onward. IAS to continue involvement in annual
analysis of results and risk-assessment facilitation.
FS to focus support on Senior Financial Officers in each major unit (approximately 25 individuals).
SFOs to oversee self-assessment process within their portfolios.