not for profit organizations attest engagements and information technology l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Not-for-Profit Organizations’ Attest Engagements and Information Technology PowerPoint Presentation
Download Presentation
Not-for-Profit Organizations’ Attest Engagements and Information Technology

Loading in 2 Seconds...

play fullscreen
1 / 25

Not-for-Profit Organizations’ Attest Engagements and Information Technology - PowerPoint PPT Presentation


  • 245 Views
  • Uploaded on

Not-for-Profit Organizations’ Attest Engagements and Information Technology. Yigal Rechtman, CPA, CITP, CISM February 3, 2004 Technology Assurance Committee. Objectives. Highlight Information Technologies at NFPs and Attest issues IT presents Discuss Internal attest procedures

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Not-for-Profit Organizations’ Attest Engagements and Information Technology' - sandra_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
not for profit organizations attest engagements and information technology

Not-for-Profit Organizations’ Attest Engagements and Information Technology

Yigal Rechtman, CPA, CITP, CISM

February 3, 2004

Technology Assurance Committee

objectives
Objectives
  • Highlight Information Technologies at NFPs and Attest issues IT presents
  • Discuss Internal attest procedures
  • Discuss External attest issues
  • Review New York State required attestation
  • Donated IT services and supplies: Do’s and Don’ts
1 0 overview of it and nfps
1.0 Overview of IT and NFPs
  • Software and Applications
  • IT Budget
  • Maintenance levels
  • HIPPA and other constraints
1 1 software
1.1 Software
  • NFPs have special needs, often niche software or in-house application
  • Custom software is suspect
  • Often, programmer dial/access database for “updates” which include revision to raw data
  • No built in integrity checks
  • Overall: SUSPECT
software example
Software Example
  • An NFP uses SAP module which is subject to QC and support agreement
  • An NFP uses Cobol based application for its clients supported by several electronic spreadsheets for reconciliation and adjustments.
1 2 it budget
1.2 IT Budget
  • NFPs often required to have a budget, esp. governmental NFP
  • Sometimes a budget does not include IT budget.
  • Budget is at times unrealistic, especially in charitable NFPs.
  • When a budget is present, its an excellent internal/external attest tool.
1 3 maintenance levels
1.3 Maintenance Levels
  • IT maintenance is directly affected by long term planning and goals
  • Observation: Governmental (high) versus non-governmental (low).
examples maintenance levels
Examples: Maintenance Levels
  • Audit steps to review maintenance levels at NFP:
    • Get SLA agreements
    • Review sample bids and process
    • Review completeness of coverage for support staff and support agreement (also in contingency planning).
1 4 legal and other constraints
1.4 Legal and other constraints
  • HIPPA
  • Fair Credit Reporting Act
  • Governmental Auditing requirements (Yellow book).
  • Contractual requirements (e.g. other governmental agency)
1 5 evaluation of internal controls
1.5 Evaluation of Internal Controls
  • In general go from the specific technical knowledge to the impact on the financial statement.
  • Three column method – most effective:
    • Technical Background
    • Technical Issue/Problem
    • Effect on Financial Statement
1 6 how to drive value from it findings
1.6 How to drive value from IT Findings
  • Technical Background
  • Technical Issue/Problem
  • Effect on Financial Statement

Consulting Work

Management Letter

Audit Risk/Procedures

2 1 internal attestation who
2.1 Internal Attestation - Who
  • Internal attest done by CFO, CIO, Manager level
  • Often not formal
  • Results can be informal and may require inquiry and observation
2 2 internal attestation why
2.2 Internal Attestation - Why
  • “Internal attestation” are the results of internal control processes.
  • They indicate the existence of internal controls
  • They facilitate audit steps in reviewing
    • Depending on size and complexity
    • Internal procedure enforcement is regulated
    • e.g. HIPPA, Credit Reporting Act, Yellow Book
example internal attestation
Example: “Internal Attestation”
  • Results of review of approval of ACH transaction for fund transfers / disbursements.
  • Results of moving a user within the organization (large organizations, typically)
  • Results of reviewing error logs
2 3 internal attestation what
2.3 Internal Attestation - What
  • Effectiveness of IT controls has to comply with:
    • Yellow book
    • HIPPA or other Acts
    • NFP’s own policy
    • Law
  • Auditor/Attest must make inspect compliance and report deviation
3 0 external attest issues it
3.0 External Attest Issues - IT
  • HIPPA
  • Credit Reporting Act
  • Yellow Book
3 1 hippa examples
3.1 HIPPA (examples)
  • Auto logout and segregation of duties
  • Business continuity planning
  • Formal software changes’ procedure
3 1 other acts
3.1 Other Acts
  • Credit Reporting Act
    • Reasonable measures to protect privacy
    • Process to protect accuracy
  • Yellow Book
    • Internal Controls Risk assessed below maximum
    • Attestation on Internal Controls
4 0 new york state required attestation
4.0 New York State required attestation
  • $3M in Asset or $1M in revenue up from $250K in assets or revenues
  • Will Require attestation of Internal Controls for YE after 6/30/03
  • Internal Control is often overlapped with IT environment
  • Conclusion: get an IT proficient auditor to review!
5 0 donated it services and supplies do s and don ts
5.0 Donated IT services and supplies: Do’s and Don’ts
  • DO: Get and accept donated goods and services
  • DO: document source of materials and services
  • DON’T: accept old equipment. Use budget as guideline for donated equipment: “The poor pay twice…”
do s and don ts cont
Do’s and Don’ts (cont.)
  • DO: acknowledge all donated services with FMV letter.
  • DO: enact policy of use of software and equipment in the NFP, including e-mail archiving and fair-use of equipment.
  • DON’T: accept service donation over one year… if you need it for more than a year either the donor will not come through or the donee won’t get all that they need. One year should be limit.
review
Review
  • Highlight Information Technologies at NFPs
  • Discuss Internal attest procedures
  • Discuss External attest issues
  • Review New York State required attestation
  • Donated IT services and supplies: Do’s and Don’ts
not for profit organizations attest engagements and information technology24

Not-for-Profit Organizations’ Attest Engagements and Information Technology

Yigal Rechtman, CPA, CITP, CISM

Person & Company, LLP

February 3, 2004 ©

Q & A

about the presenter
About the Presenter

Yigal Rechtman, CPA, CITP, CISM, is a programmer since 1984 and specializes in computer aided auditing techniques and information systems' integration and reviews. He is a member of the American Institute of Certified Public Accountants (AICPA), the New York State Society of Certified Public Accountants (Technology Assurance committee) and the Association for Certified Fraud Examiners. Rechtman is an AICPA registered peer-reviewer and a Certified Information Technology Professional (CITP).

Rechtman specialize in Internal Controls reviews and has presented and written about issues related to Internal Controls, Attestation engagements and Information Technologies. He can be reached at yrechtman@personcpa.com or (212) 684-0011