1 / 27

Financial Accounting & Internal Audits

Financial Accounting & Internal Audits. How financial accounting and internal audits can benefit government agencies. Lydia Lafleur, CIA LSU Center for Internal Auditing. Agenda. Accounting and Auditing Standards Internal Auditing Internal Controls Governance Fraud

khanh
Download Presentation

Financial Accounting & Internal Audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Financial Accounting & Internal Audits How financial accounting and internal audits can benefit government agencies. Lydia Lafleur, CIA LSU Center for Internal Auditing

  2. Agenda • Accounting and Auditing Standards • Internal Auditing • Internal Controls • Governance • Fraud • Management Responsibilities

  3. Financial Accounting Information & Measurement System Identifies Records Communicates Business Activities Decision Makers External Users Investors, Creditor, Suppliers, etc. Internal Users Managers, Supervisors, Directors, etc. FASB: Financial Accounting Standards Board

  4. Governmental Accounting GASB: Governmental Accounting Standards Board • GASB Concept Statement No. 1, Objectives of Financial Reporting: • “…financial reporting should provide information to assist users in assessing the service efforts, costs, and accomplishments of the governmental entity.” • Stakeholders • Citizens and taxpayers • Legislative and oversight bodies • Creditors and investors • Characteristics of Financial Reports • Understandability • Reliability • Relevance • Timeliness • Consistency • Comparability • Accountability • Fiscal • Operational

  5. Auditing Standards • Institute of Internal Auditors Professional Practices Framework • Generally Accepted Government Auditing Standards (GAGAS) (The Yellow Book) • Other Guidance • Standards for Internal Control in the Federal Government (The Green Book) • Internal Control Management and Evaluation Tool • Structured approach to assessing the internal control structure

  6. Accountability • Management and officials are responsible for: • Carrying out public functions • Providing service to the public effectively, efficiently, economically, ethically, and equitably • Providing reliable, useful, and timely information • Users need to know whether: • Management and officials manage government resources and use their authority properly and in compliance with laws • Programs are achieving the objectives and desired outcomes • Services are provided efficiently, economically, ethically and equitably Generally Accepted Government Auditing Standards Introduction

  7. Internal Auditing Definition • Internal auditing is an independent andobjective assuranceand consulting activitythat is guided by a philosophy of adding valueto improve the operationsof the organization. It assists an organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s risk management, control, and governance processes. Institute of Internal Auditors

  8. Add-Value Assurance Consulting Internal Auditing Audit Planning Corporate Governance Risks Controls • Plan • Triple Bottom Line • - Environmental • - Social • - Economic Types of Audits: Financial Audits Attestation Engagements Performance Audits Organization

  9. Internal Controls Adequate Controls • G & O • R x C = r • G & O Plan Organize Reasonable Assurance G = Goals O = Objectives R = Risk L = Likelihood I = Impact C = Controls r = Residual Risk RLI x CL x CI = rLI

  10. "Monitoring & Learning" Internal Controls Continuous Improvement Model Goals & Objectives "Purpose" • Goals & Objectives • Specific • Measurable • Attainable • Relevant • Timely Preventive Detective Directive Controls Hard • Selection • Alternatives • Design • In Place • Functioning • Compliance Soft Control Environment "Commitment" • Management • Plan • Tactical • Strategic • Organize • Staff • Direct • Monitor • "Capability" • Control Activities • Segregation • Access • Accountability • Authority • Reconcile • Completeness • Authority • Transactions • Manage • Accountability • Safeguard • COCO • Purpose • Commitment • Capability • Monitor & Learn

  11. COSO • Financial • Compliance • Operations • Systems • Management Controls: • Planning • To achieve goals • Tactical • Strategic • Organizing • Delegation • Staffing • Right People • Directing • Policies and Procedures • Monitoring • Communication and information • Analytics and Analysis • Change management Monitoring Methodology used for assessing the quality of internal controls. Control Activities • Hard Controls: • Segregation of Duties (AAA) • Safeguarding of assets • Transactions recorded • Accountability • Periodic Reconciliation Information & Communication Risk Analysis Common factors used in identifying and assessing materiality of risks. Control Environment • Soft Controls: • Corporate Culture • Tone at the Top Committee of Sponsoring Organizations of the Treadway Commission

  12. COSO Control (Addressing Governance) • Challenge: • Evolving from Control Activities to the Control Environment Financial Reporting Operations Compliance Aggregate Entity Process Unit Information & Communication Activity 2 Activity 1 Monitoring Unit B Unit A Control Activities Risk Assessment Control Environment Tone at the Top Tone at the Middle “Systemic cultural problem” Mark Emmert, NCAA President “Management should periodically check the batteries in their moral compass.” GES

  13. Update Formalizes Fundamental Concepts Embedded in the Original Framework as Principles Control Environment Demonstrates commitment to integrity and ethical values Exercises oversight responsibility Establishes structure, authority and responsibility Demonstrates commitment to competence Enforces accountability Risk Assessment Specifies suitable objectives Identifies and analyzes risk Assesses fraud risk Identifies and analyzes significant changes Control Activities Selects and develops control activities Selects and develops general controls over technology Deploys through policies and procedures Information & Communication Uses relevant information Communicates internally Communicates externally Monitoring Activities Conducts ongoing and / or separate evaluations Evaluates and communicates deficiencies Source: COSO, “Internal Control – Integrated Framework”, September 2012

  14. Quality Drift (Cascading Process) Subjective Objective

  15. Controls Subjectivity • Challenges: • Hard to Soft • Objective to Subjective • Simple to Complex • Evolution to Revolution Parkinson’s Law: Complexity leads to decay Control Environment Complexity Management Controls Control Activities

  16. Criteria of Control: CoCo Action

  17. Internal Auditing: Adding Value (Mature) (Embryo) (Radar) Subjective • Integration • GRC Governance • Board • Audit Committee • Charter • Internal Audit • Charter • Opportunities • Threats External Entity Process Unit Risk • Evaluation • Check the box • Reality Controls Control Environment Management Controls Control Activities Objective Evolution of the Profession Quality Subjective Objective Question: Can you be in 100% compliance and go out of business? (Evaluation Audit). Does compliance equal quality?

  18. Governance The Big Risk SOD Board Selection Process CEO COB Sub. Audit Committee CAE • Risk Committee • CRO • Global • Strategic • (CRMA) • Compensation Committee • Stock options • Bonus plans • Counter-productive • Salaries • Up, up, up, and away • The Bear • Charley Mac • Shareholder Input Obj. AAA • Issues: • Accountability – Governance, Risks, and Controls • King III • Transparency • Sustainability Personal Opinion: The CEO and CFO should not be involved in selecting members of the Board, Audit Committee, Risk Committee, or Compensation Committee

  19. Organizational Governance (Roles and Responsibilities) Governance BOARD & SUB-COMMITTEES Plan – Organize – Staff – Direct – Monitor (P-O-S-D-M) Executive Management P-O-S-D-M Control Environment Delineation of Goals & Objectives (Integration & Linkage) Process Owner P-O-S-D-M Process Owner P-O-S-D-M Process Owner P-O-S-D-M Control Activities Employees Specific Job Descriptions Organizations Should Be Organized

  20. COSO Risk • Focus: • Internal Environment • Strategies • Integration Objectives Strategic Operations Compliance Reporting Business Unit Subsidiary Entity Internal Environment Objective Setting Division Event Identification Control Components Risk Assessment Risk Response Control Activities Info. & Communication Monitoring ERM – Conceptual Framework

  21. Governance Infrastructure (Integration & Linkage) Governance Audit Committee of Board of Directors (Oversight) Reporting CEO (Responsibility) ERM Oversight Oversight Comprehensive Report Chief Risk Officer (CRO) (Execution) Governance Governance Audit Priority Enterprise Risk Management (ERM) Reporting Input Feedback Input Chief Audit Executive (CAE) Audit Plan (Risk Driven) Macro (Resource Allocation) Auditor in Charge (AIC) Micro (Engagement Planning-Risk Driven) Governance

  22. The Reporting Model (Risks and Controls) Recommendation Criteria • Plan • Tactical • Strategic • Plan • Implementation • Monitor • Analysis • CSA • Reengineering • Evolution • Revolution • Best Practices • Benchmarking Agent of Change Negotiation Objective Proactive Partially Controllable Risk Opportunities Preview Consulting Subjective Internal Criteria Policy Inappropriately Included General External Law Inappropriately Excluded Specific Controls (The way it should be.) Performance Drift Reactive Risk Threats Cause Condition Effect Review Assurance Controllable (How we got to where we are?) (What difference does it make?) (The way it is.) • Revenue • Cost • Effectiveness • Efficiency • Goals • Management • Plan • Organize • Staff • Direct • Monitor Persuasion Recommendation • Issue Addressed • Recommendation Implemented • Management Solution • Risk Accepted • Meeting Follow-up

  23. The Fraud Risk Triangle Opportunity Incentive/Pressure Attitude/Rationalization The Fraud Risk Triangle (FRT) consists of three key elements which are generally correlated with fraud. The FRT was developed by a criminologist, Donald R. Cressey, in 1973. How do you address the Fraud Triangle?

  24. The Fraud Risk Triangle Incentive Pressure Attitude Rationalization Over-ride Opportunity R P OR O R P OR O R P OR O The Fraud Diamond Opportunity Pressure Rationalization Kennesaw State Ability

  25. Management Responsibility Pre-Control Post-Control RLFIF * CLF* ClF = rLFIF Control Override Control Failure Override Control RLFIF rLFIF

  26. Management Responsibility • Setting policies and strategic direction • Directing employees in performance of routine activities • Custody of entity’s assets • Reporting to those in charge of governance • Implementation of audit recommendations • Design, implement, and maintain internal controls • Develop performance measurement system

  27. Questions?

More Related