Internal Control Audit Results  The AIM Project

Internal Control Audit Results The AIM Project PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on
  • Presentation posted in: General

OSC Internal Control Conference. September 18, 2006. Eight Financial Areas. Board Oversight

Download Presentation

Internal Control Audit Results The AIM Project

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. September 18, 2006 OSC Internal Control Conference Internal Control Audit Results & The AIM Project Lynn Canton Deputy Comptroller Division of State Services, OSC

2. OSC Internal Control Conference September 18, 2006 Eight Financial Areas Board Oversight & Governance Revenue & Collections Cash & Investments Payroll Procurement & Contracting Equipment & Asset Management Budget & Expenditure Controls Accounting & Information Systems

3. OSC Internal Control Conference September 18, 2006 Board Oversight & Governance What we expected to find: Board’s duties are clearly defined. Periodic meetings are held according to Authority’s by-law requirements. Board members have received training regarding their fiduciary responsibilities as directors. Board has put in place necessary oversight committees as required by the governor’s Model Governance principles for Authorities (e.g., Finance, Governance, Audit). What we found: Audited 31 entities Found 18 met expectations Identified necessary improvements at 13

4. OSC Internal Control Conference September 18, 2006 Board Oversight & Governance …continued Trends…. Board members are not meeting as often as they should. Meetings generally vary in length and in some cases, meetings are too short (e.g., 15 minutes). Absence of sufficient Board members or pattern of non-attendance. Board oversight is weak e.g., not giving sufficient attention to fiscal issues; no active discussions during Board meetings on key fiscal matters. Budgets not approved until 2 to 3 months into fiscal year; Board does not approve contracts.

5. OSC Internal Control Conference September 18, 2006 Board Oversight & Governance …continued Trends….continued Other: Boards have not set up oversight committees e.g., Finance, Audit and/or Governance committee. Members are not receiving training regarding their fiduciary responsibilities. Also, some Board members have possible conflict of interest. No ethics policy authorized by the Board. Board member duties are not defined.

6. OSC Internal Control Conference September 18, 2006 Revenue & Collections What we expected to find: Revenues billed timely and accurately. Management has provided segregation of duties. Accounting systems provide for an aging of accounts receivables. Agencies verify that revenues received are accurate and recorded properly in the accounting records. Agencies have policy and procedures for each of the major revenue sources. What we found: Audited 41 entities Found 25 met expectations Identified necessary improvements at 16

7. OSC Internal Control Conference September 18, 2006 Revenue & Collections …continued Trends…. Entity is not following its established revenue policies/procedures. Entity’s billing/collection responsibilities not adequately separated. No verification that the amount received is accurate; no written procedures. Cash receipts not deposited timely. Entity not sending late letters to customers with overdue receivables.

8. OSC Internal Control Conference September 18, 2006 Revenue & Collections …continued Trends…continued Allowing receivables to become overdue by significant periods of time. Services are not billed accurately. Overdue receivables are not sent to a collection agency timely.

9. OSC Internal Control Conference September 18, 2006 Cash & Investments What we expected to find: Entity’s investment policy exists and complies with OSC Investment guidelines. Investment rates are competitive. Cash and investments are properly safeguarded. Bank reconciliations are timely. Cash receipts are deposited in correct accounts and done timely. Internal control over petty cash disbursements are properly authorized and recorded.

10. OSC Internal Control Conference September 18, 2006 Cash & Investments …continued What we found: Audited 39 entities Found 15 met expectations Identified necessary improvements at 24

11. OSC Internal Control Conference September 18, 2006 Cash & Investments …continued Trends.... Investment guidelines are weak and not reviewed annually as required under Public Authorities Law. Or, Investment Guidelines were non-existent or not periodically updated to reflect current trends and risks. Investments are not sufficiently collateralized. Cash handling procedures are lacking, cash receipts not deposited timely, Bank reconciliations are not done timely.

12. OSC Internal Control Conference September 18, 2006 Cash & Investments …continued Trends....continued No segregation of duties over cash receipt/ recording or bank reconciliation functions. Lacking daily log of cash receipts. Poor controls over petty cash. Checks are not restrictively endorsed and checks stored in unsecured locations.

13. OSC Internal Control Conference September 18, 2006 Payroll What we expected to find: Adequacy of Time and Attendance policies and procedures. Accurate employee’s time and attendance records. Payroll changes – i.e. addition of new employees or employee terminations, are processed accurately/timely. Employee timecards are independently verified against timekeeping system (e.g., sign-in logs or other time-recording means). Agencies approve and monitor overtime usage. Agencies have adequate segregation of duties between personnel and payroll functions.

14. OSC Internal Control Conference September 18, 2006 Payroll …continued What we found: Audited 57 entities Found 15 met expectations Identified necessary improvements at 42

15. OSC Internal Control Conference September 18, 2006 Payroll …continued Trends…continued Entity management does not adequately monitor use of overtime and in some cases, overtime is not approved ahead of time. Employees receiving overtime when not entitled after a certain State grade level. Terminated employees getting paid for time after their termination date. Sign-in sheets or timekeeping system not adhered to. Controls over military leave weak (no proof that individual was on leave) OR sick leave abuses. Procedures lacking to reconcile payroll registers with timesheets or comparing timesheets to sign-in logs.

16. OSC Internal Control Conference September 18, 2006 Payroll …continued Trends….continued One entity did not require employees submit timesheets or maintain records of accrued leaves. Executive staff not submitting timecards. Other: Employees were not added or deleted timely with health insurers’ rosters or full health insurance coverage provided to part-time workers. Necessary data (e.g., W-4, SSNs) for new employees is NOT obtained prior to employee starting work and such vital information is NOT entered timely in payroll system; Timecard not approved by supervisor; accruals are not accurate, OR, supervisors did not have a record of approved leave requests.

17. OSC Internal Control Conference September 18, 2006 Payroll …continued Trends…continued Timecard not approved by supervisor; accruals are not accurate, OR, supervisors did not have a record of approved leave requests. Undelivered paychecks are not returned to OSC.

18. OSC Internal Control Conference September 18, 2006 Procurement & Contracting What we expected to find: The agency follows a formal bidding process to obtain the most economic and efficient capital projects, products and services. The agency has a sound credit card policy and procedures in place. The agency make use of credit card purchases for smaller purchases. Credit card billing statements submitted to the Finance Office are timely, avoiding finance charges. Duties are appropriately segregated. e.g. origin of purchase orders and management approval of P.O.’s; proof of receipt of goods and services; maintaining accounting records and processing disbursements.

19. OSC Internal Control Conference September 18, 2006 Procurement and Contracting …continued What we found: Audited 57 entities Found 18 met expectations Identified necessary improvements at 39

20. OSC Internal Control Conference September 18, 2006 Procurement and Contracting …continued Trends…. Pre-numbered purchase orders ARE NOT used consistently. Finance office does not review/maintain documentation attesting that goods were received. Lack of segregation of duties in key Finance office functions. Entity is not maximizing and adequately monitoring the use of credit cards. Disregard for competitive bidding requirements. INADEQUATE number of bids solicited. Sole source contracts unsubstantiated. No written contracts for major purchases (e.g., promotional and public relations services). Contracts not approved timely before the receipt of goods and services (e.g., agency is slow in sending contracts to OSC for approval G Bulletin 95). Contract/Procurement procedures are lacking.

21. OSC Internal Control Conference September 18, 2006 Equipment & Asset Management What we expected to find: Has the agency established adequate policies and procedures providing assurance that equipment acquisitions are properly recorded? Is an equipment/asset inventory properly maintained? Are assets secure and used as intended? (e.g., logs on motor vehicles usage, ESP Personal use). Are asset dispositions authorized and recorded properly in the inventory records? Does the agency periodically inventory its assets? What we found: Audited 47 entities Found 13 met expectations Identified necessary improvements at 34

22. OSC Internal Control Conference September 18, 2006 Equipment and Asset Management …continued Trends… Policies and procedures are inadequate. Computer equipment, e.g., laptops, printers, and digital cameras are considered high-risk theft items. Equipment or other asset acquisitions are not consistently recorded in the asset accounts. Equipment inventory systems are lacking. Entity not doing periodic inventory of its assets. Entity has not properly secured its assets; e.g., affixed decals on equipment items and motor vehicles not having the entity’s “Official Logo.” Usage logs are not maintained (i.e., employee personal use of vehicles is not tracked). Agencies are not notifying OSC when items valued at $250 or more are stolen or lost (re: the State Comptroller’s Accounting Manual).

23. OSC Internal Control Conference September 18, 2006 Budget & Expenditure Controls What we expected to find: The agency has policy and procedures to ensure the annual budget is prepared accurately and timely. Operating results are monitored against budget estimates. Appropriate revisions are made to future budgets in the event of prior year variances. Key managers or other authority approve the budget prior to the start of the fiscal year. What we found: Audited 27 entities Found 11 met expectations Identified necessary improvements at 16

24. OSC Internal Control Conference September 18, 2006 Budget and Expenditure Controls …continued Trends… Budgets are not approved by the Board prior to the start of the fiscal year, resulting in the entity operating for two to three months without a budget. Budgets are not transmitted to oversight state agencies as required by law. Management is NOT providing oversight and monitoring actual expenses against budgeted amounts. Variances are not adequately factored into future annual budgets. No documentation to support expenditure; executive abuse of power (i.e., membership to posh country clubs); procedures inadequate. No written procedures.

25. OSC Internal Control Conference September 18, 2006 Accounting & Information Systems What we expected to find: The agency has accounting and information systems to provide management with accurate and timely information. The systems are secure and recoverable (system backup) in case or system failure. There is a formal disaster recovery plan and it has been tested. Passwords and security protections are periodically changed. What we found: Audited 30 entities Found 12 met expectations Identified necessary improvements at 18

26. OSC Internal Control Conference September 18, 2006 Accounting and Information Systems …continued Trends… Key data, such as expenditures, is not entered in accounting system timely. Data was not accurately entered according to source document. Employee passwords gaining access to accounting systems, are not periodically changed or passwords used are easy to crack (e.g., pet names or employee’s initials). Access to certain systems and information is not restricted. Entity does not have a formal backup plan documented in policies or procedures. Back-up of systems are not backed-up on a prescribed timetable. No testing of backup systems – are they working?

27. OSC Internal Control Conference September 18, 2006 Good News! Seven entities had appropriate controls in place over all of the eight financial areas: CUNY Central Office Greenway Conservancy for the Hudson River Valley Hudson River Valley Greenway Communities Council Environmental Facilities Corporation Office for the Aging Office of Children and Family Services Roswell Park Cancer Institute Corporation.

28. OSC Internal Control Conference September 18, 2006 Not So Good News! Only seven entities had appropriate controls in place over all of the eight financial areas.

29. September 18, 2006 OSC Internal Control Conference AIM Program How do we measure performance?

30. OSC Internal Control Conference September 18, 2006 Agency Information Management (AIM) The project was created to enable OSC to obtain knowledge about various aspects of State agency’s financial management practices. An objective of the AIM project is to act as a mirror for State agencies so they understand how they are performing. As a result, AIM will help us all to focus on the processes that need the most attention.

31. OSC Internal Control Conference September 18, 2006 Highlights of AIM 2004 AIM Session: Project formally introduced to agency Fiscal Officers at The Desmond in Albany. 2005 Fall Conference: OSC provided over fifty Fiscal Officers with a forum to discuss their challenges and successes in paying New York State vendors. AIM continues to bring Fiscal Officers together as a community. Over the past few months, we were invited to meet with all NYS Correctional Facilities to review performance results and share best practices.

32. OSC Internal Control Conference September 18, 2006 Success = Getting to Green Sole Custody Reconciliations – The on-time filing of Sole Custody Accounts increased from 60% during FY03/04 to 79% in FY05/06. Late Payments – The statewide late payment percentage of paying vendors on time went from 17.6% during FY03/04 to 12.5% in FY05/06.

33. OSC Internal Control Conference September 18, 2006 Sole Custody Reporting (All Agencies) FY 2003/2004 FY 2005/2006 Rating % Rating % Green 60 Green 79 Yellow 39 Yellow 20 Red 1 Red 1

34. OSC Internal Control Conference September 18, 2006 Paying Vendors on Time (All Agencies) FY 2003/2004 FY 2005/2006 Rating % Rating % Green 49 Green 63 Yellow 25 Yellow 23 Red 26 Red 14

35. OSC Internal Control Conference September 18, 2006 What’s Next? Participate in the OSC SFS fall Conference. AIM agency reports Implement the Internal Control Task Force Recommendations. Stay tuned for new indicators

  • Login