internal audits and internal controls - … · internal audits and internal controls session...
TRANSCRIPT
Internal Audit – How the Internal Audit Function Facilitates Internal Controls
Office of the City Auditor
City of Tallahassee
1
Internal Audits and Internal Controls
Session Purpose: How does an internal audit function assist management in ensuring an entity has established an adequate internal control framework as provided for by COSO and the GAO Green Book (Standards for Internal Control in the Federal Government )
2
COSO
• Committee of Sponsoring Organizations of the Treadway Commission (COSO): Comprised of five agencies: – American Accounting association
– AICPA
– Institute of Internal Auditors
– Institute of Management Accountants
– Financial Executives International
3
GAO GREEN BOOK
• Standards for Internal Control in the Federal Government
• Issued by the Government Accountability Office (GAO)
• Last updated in September 2014
• Green Book adapts COSO principles for a government environment
4
COSO Definition of “Internal Controls”
“A process effected by an entity that provides reasonable assurance that the entity’s objectives will be achieved.” Objectives include:
• Effective and Efficient Operations
• Reliability of reporting
• Compliance with applicable laws, regulations, and policies
5
Green Book Definition of “Internal Controls”
• “A process effected by an entity’s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. These objectives and related risks can be broadly classified into one or more of the following three categories:”
– Operations (effectiveness and efficiency)
– Reporting (reliability)
– Compliance (with applicable laws and regulations)
6
COSO and Green Book Internal Control Components
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring Activities
7
COSO: Internal Audit
“Internal auditors play an important role in evaluating the effectiveness of control systems. As an independent function reporting to top management, internal audit is able to assess the internal controls systems implemented by the organization and contribute to ongoing effectiveness. As such, internal audit often plays a significant monitoring role.”
9
Green Book: Internal Audit
• Section 16.07 of the Green Book provides that internal audits play an important role in Monitoring Activities by performing independent, objective evaluations of control design and testing of internal controls.
• Internal audits provide greater objectivity as they are performed by reviewers that do not have responsibility for the activities being evaluated.
10
City Auditor’s Office
• Follow both GAGAS and IIA Standards
• All Audits are Performance Audits
• Complete average 20 audits annually
• Undergo an external peer review every three years
12
13
Document 2B - Office of the City Auditor Organization Chart
BACK
CITY AUDITORT. Bert Fletcher
ADMINISTRATIVE SPECIALIST IIMichelle Davis
SENIOR IT AUDITOR
Patrick Cowen
AUDIT MANAGERDennis Sutton
SENIOR AUDIT MANAGER
Don Hancock
SENIOR AUDITORCameisha Smith
SENIOR AUDITORVanessa Spaulding
OFFICE OF THE CITY AUDITOROrganization Chart
July 14, 2015
What we Audit Any City department, activity, or function
(except the Mayor and City Commission Offices)
Any entity that receives City funds as a grant, loan, or contract recipient
Joint City/County entities – Blueprint (Capital Infrastructure)
– CRA (Redevelopment)
– Consolidated Dispatch Agency (City/County/Sheriff)
15
Annual Audit Plan
Required by City charter
Over 250 auditable topics and areas
– List updated each year
Conduct an annual risk analysis
– All topics/areas are ranked
16
Risk Factors
1. Size of Operation/Fiscal Impact
2. Experience of Management
3. Complexity of Operations/Activity
4. Public Sensitivity
5. Threats to Public Health, Safety and Welfare
6. Susceptibility to Fraud, Waste, & Abuse
17
Other Sources for Planned Audit
1. Audit Shop awareness
2. Solicited Input from:
Mayor and Commissioners
City Leadership
City Advisory Boards
Independent Ethics Board
Neighborhood Associations
18
Citywide Cash Controls • One main revenue office but 26 other City locations
where revenues and receipts are collected
• Based Audit Program on City Internal Control Policy, which in turn was based on COSO Access to and Accountability for Resources
Direct Activity management
Segregation of Duties
Physical Controls
Execution of Transactions and Events
Recording of Transactions and Events
Information Processing
Documentation
19
Citywide Cash Controls (Continued)
1. Collections stored in unlocked cabinets and drawers (or purses and books!)
2. Permits and receipts not controlled or accounted for
3. Management not reviewing collection reports 4. Duties not adequately segregated 5. Checks not endorsed for days 6. Collections not timely deposited 7. Lack of electronic transfers 8. No documented transfers of custody
20
Audit of the Animal Services Center
• Inadequate segregation of duties in regard to adoption fees
• First identified in Citywide Cash Controls Audit (no changes made other than allegedly increased managerial reviews)
• New comprehensive audit conducted based on citizen concerns
• Audit identified scheme - estimated $80,000 adoption fees diverted
• Former employee convicted • Enhanced controls subsequently
implemented
21
Audit of Electric and Gas Revenues GAS
• Complex Meters with Billing System multipliers
• Over $1 million in unbilled consumption identified
• Some significant over billed consumption also
ELECTRIC
• Very technical – lot of reliance on electric staff
• Focused on accuracy of meters through meter testing
• Audit procedures identified 2 commercial customers getting free electricity
• Audit found $1.6 million billing error
22
Annual Citywide Disbursements Audit
• 350,000 transactions totaling over $1 billion
• Stratification and Categorization Applied
Payroll
Retirement
Energy Acquisitions
All Other
• Multiple criteria applied to each sample item
• Comprehensive testing
23
Annual Citywide Disbursements Audit (Continued)
• Relied Upon by external auditors • Findings:
Lack of control over time and attendance records Overpaid an insurance provider $53,000 Competitive procurement practices not followed Duplicate payments identified Extra pay period included in retirement benefit determinations Ineligible former employees and dependents inappropriately
allowed to participate in the City’s health insurance program
• Unique improvements: Revision to retirement ordinances Efficiencies for frequently paid vendors Implementation of an automated payroll time and attendance
system
24
Investments
• Size: Pension ($1 billion) and Non-Pension ($600 million)
• Audits addressed:
– Investment Performance
– Investment policy in accordance with best practices
– Investments properly diversified
– Investments allowable types (e.g., not too risky or overly conservative)
– Whether internal controls were adequate
25
Investments (continued)
Findings • Earnings allocation errors resulted in over $2
million of City earnings being incorrectly allocated
• Inadequate and untimely reconciliations of investment and custodian statements
• Capability for incompatible duties regarding transfer of funds
26
Audit of Commercial Insurance Acquisition
• Excess coverages purchased for property, liability and workers compensation
• Fees and premiums averaged $3.6 million annually
• Same broker and companies selected every year even though competitive processes used
27
Audit of Commercial Insurance Acquisition
• Audit recommended alternative competitive procurement process
• Selected broker not allowed to receive commission from selected providers and carriers to ensure no conflict of interest
• Actual savings of $434,000 realized in first full year new process used.
28