using ic to manage risk

8/11/2019 Using IC to Manage Risk

1/35


2/35

Agenda

Background

Requirements

Implementation


3/35

Internal Control Legislation

1950 Accounting and Auditing Act

1982 Federal Managers FinancialIntegrity

Act

1990 Chief Financial Officers Act

1994 Government Management Reform

Act

1996 Federal Financial ManagementImprovement Act


4/35

What are Internal Controls?

Anything you do to successfully

achieve your mission/goal legally and

efficiently

Objectives of controls:

Effective and efficient operations

Reliable financial reporting

Compliance with laws and regulations

Applies to all aspects of life


5/35

Internal Control Standards

Treadway Commission:Internal Control Guidance

Control Environment

Risk

Assessment

Activities

M

GAO Standards COSO Framework


6/35

Internal Control Standards

Control Environment

Risk

Assessment

Control

Activities

M

GAO Standards

Control Environment: Tone at the

Top

Risk Assessment: Threats to

Mission

Control Activities: Design &

Operation

Monitoring: Test Schedule

Information & Communication:

Up and down the Organization


7/35

Government Implementation:

Assess Controls


8/35

Elements of an IC Program

Mission

Objectives

Risks

Control Activities


9/35

Internal GoalsManagement:

Acknowledge it responsibility forestablishing and maintaining ICs

Apply IC objectives: Effective and efficient operations

Reliable financial reporting

Compliance with laws and regulations

Understand that ICs exist (or should) at every

level and in every process of theorganization

Realize that good internal control leads tofinancial reporting integrity


10/35


11/35

Planning Phase

Identify assessable units

Establish governance body

Determine material contributors

Identify/document key businessprocesses

Perform risk assessment

Identify key controls

Develop 3-yr control assessmentschedule

Develop test methodology


12/35

Divide and Conquer !!

Establish Assessable Units


13/35


14/35


15/35

Identify Material

ContributorsLook at the Budget/Financials2010 2009 Change 2010 2009 Change 2010 2009 Change

Assets:

Cash and investments............. $ 10.7$ 10.4 $ 0.3 $ 4.6 $ 4.6 $ - $15.3 $ 15.0 $ 0.3Capital assets (net).................. 28.6 26.7 1.9 0.1 0.1 - 28.7 26.8 1.9

All other assets......................... 7.9 7.1 0.8 1.6 1.4 0.2 9.5 8.5 1.0Total assets.............................. 47.2 4 4.2 3.0 6.3 6.1 0.2 53.5 50.3 3.2

Liabilities:

Accounts payable..................... 5.9 6.0 (0.1) 0.9 0.9 - 6.8 6.9 (0.1)All other current liabilities.... 4.2 3.7 0.5 4.1 2.1 2.0 8.3 5.8 2.5

Total current liabilities............ 10.1 9.7 0.4 5.0 3.0 2.0 15.1 12.7 2.4Bonds payable.......................... 9.8 8.5 1.3 - - - 9.8 8.5 1.3

All other long-term liabilities 3.8 2.8 1.0 2.5 2.5 - 6.3 5.3 1.0Total long-term liabilities........ 13.6 11.3 2.3 2.5 2.5 - 16.1 13.8 2.3

Total Liabilities........................ 23.7 21.0 2.7 7.5 5.5 2.0 31.2 26.5 4.7

Government Business-type Total


16/35


17/35


18/35

Perform Risk Assessment Assess Risk: Document from flowcharts

Property, Plant and EquipmentBuildings & Structures

Disposals Subprocess

Staff AccountantReal Property

Accountability OfficerDistrict Engineer

Hand Receipt Holderor Realty Specialist

Receives notice ofapproved disposal

Start

B

B

A

Receives notice of

approved disposaland notifies thestaff accountant

Approves

Disposal

Generates Record ofDisposal in RD 72

screen within in REMIS

to add disposal info toassets record

Instructs HandReceipt Holder of

what to do withasset

Notifies staffaccountant that

the asset has beendisposed of in

REMIS

Completes disposalrequest document and

forwards to districtengineer and RPAO

Verifies that all

requireddocuments are

included, properlyand accuratelycompleted, and

approved.

Determines Assets needfor disposal throughperiodic inspections

Changes assetstatus within

CEFMS from inservice to retiredRejects

Disposal

A

CEFMS transfers

asset value intobuildings or

structures awaitingdisposal account

Forwards DisposalRequest

Document to

RPAO as notice tostart the disposal

process

Receives and reviews

Disposal requestdocument and

approves or rejectsdisposal request

BS.4

Changes asset status inCEFMS from Retired

to Disposed

Disposes of assetwithin REMIS inRD 82 screen

BS.3

CEFMS transfers assetvalue to appropriate

SGL accounts removingthe value from the

financial statements.


19/35


20/35

Financial Assertions

Completeness

Obligations/Rights

Valuation Existence/Occurrence

Reporting/Presentation

Look for Risk of Misstatement


21/35

Identify Key ControlsDocument from flow charts

Property, Plant and EquipmentBuildings & Structures

Disposals Subprocess

Staff AccountantReal Property

Accountability OfficerDistrict Engineer

Hand Receipt Holder

or Realty Specialist

Receives notice of

approved disposal

Start

B

B

A

Receives notice of

approved disposal

and notifies the

staff accountant

Approves

Disposal

Generates Record of

Disposal in RD 72

screen within in REMIS

to add disposal info to

assets record

Instructs Hand

Receipt Holder of

what to do with

asset

Notifies staff

accountant that

the asset has been

disposed of in

REMIS

Completes disposal

request document and

forwards to district

engineer and RPAO

Verifies that all

requireddocuments are

included, properly

and accurately

completed, and

approved.

Determines Assets needfor disposal through

periodic inspections

Changes asset

status within

CEFMS from in

service to retiredRejects

Disposal

A

CEFMS transfers

asset value into

buildings or

structures awaiting

disposal account

Forwards Disposal

Request

Document to

RPAO as notice to

start the disposal

process

Receives and reviews

Disposal request

document and

approves or rejects

disposal request

BS.4

Changes asset status in

CEFMS from Retired

to Disposed

Disposes of asset

within REMIS in

RD 82 screen

BS.3

CEFMS transfers asset

value to appropriate

SGL accounts removing

the value from the

financial statements.


22/35

Document Key Controls

IntraGovAccts Rec

Notreported

Entity

Preparer

Control

Number

Account/ Line

Item/Event

Business Cycle,

Accounting

Application Assertion Risk

Inherent

Risk

InternalControl

Currently In

Place

Control

Risk

Internal Control

Test Method Used

Risk Analysis

Account Line: Accounts Receivable

Document, document, document

high1 Reimb R/OTrack &check

low Inspect

Preliminary

Control Assessment


23/35

Develop Key Control

Assessment Schedule All key controls are assessed at least

once every three years

Some more: High risk

Change in:

Law System

Key personnel


24/35

Control Testing Options:

3-Year Plan

ControlRisk

Risk TestLow

High

DevelopCorrective Action Plan

If:

Changes in:

-Personnel?-Process?-System?

Yes

Annually for 3 years

No

Rotate to 3-year plan


25/35

Testing Phase

Entity-Level Assessment

Control Testing:

Process level

Transaction level

Include automated systems

Remember service providers


26/35


27/35

Control Testing

Test key controls

Develop test planand document

Decide on the appropriate test method

Establish tolerance level for error,

document Identify sample size:

OMB recommendations

Test and document

Consider dependencies

Service provider process controls

SAS 70 reports???


28/35

Reporting Phase

Identifying Material Weaknesses

Developing Corrective Action Plans

Preparing Statement of Assurance


29/35

Identify Material Weaknesses

At assessable unit level At subagency/department level

At Agency/ Bureau/ Department level

Management has the discretion to makethe determination!

OMB generous with

Material Weakness

definitions


30/35

Basis for Assurance

Deficiencies can be:Single deficiency

Significant deficiency

Material weakness

Determines level of assurance

Cannot be unqualified if materialweakness exists


31/35

Develop Corrective Actions

Managers: Process Owners developcorrective actions plans and timelines

Governance body concurs or non-concurs

Published in Annual Financial Report(PAR) for feds

Should be monitoredby leadership

Fed report periodically on progress toOffice of Management and Budget


32/35

Corrective Action Plans

Plan well

Divide corrective steps into small

manageable piecesgovernance bodyshould approve

Develop realistic target dates

Monitor progress continuously


33/35


34/35

Internal Control Reporting


35/35

using ic to manage risk

Documents