Photo by Karl Steinbrenner ARMICS Update: May 14, 2008 FOCUS.
-
Upload
emory-jennings -
Category
Documents
-
view
215 -
download
1
Transcript of Photo by Karl Steinbrenner ARMICS Update: May 14, 2008 FOCUS.
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 2
ARMICS Update: FOCUS Presentation
Best Practices
Room for Improvement
Flexibility
Where do we go from here?
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 3
ARMICS Update: Best Practices
Written Plan– Approved by Agency Head / Board Chair
Written Internal Report– To Agency Head / Board Chair (Audit Committee)
Internal Quality Assurance Review– Good use of an Internal Audit function
Management– Designation of an Internal Control Officer / Manager
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 4
ARMICS Update: Best Practices
Survey Automation– Zoomerang, Survey Monkey, etc.
Survey Experts– Questionnaire modification, Statistical Analysis
– Source: Colleges and Universities
Documentation– Parallel Flowcharts and narratives w/ IC Identification
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 5
ARMICS Update: Room for Improvement
General: – Stage 1 Testing: Key controls that can be tested.
– Input, All levels when applicable – NOT just management– NOT just Finance / Fiscal
– Attitude: Process has a benefit other than getting DOA off my back
– Over-reliance on Exhibits as the only tool to identify risk – No customization
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 6
ARMICS Update: Room for Improvement
Stage 1: Customize Questionnaires– Corrections: Access and Security
– Federal Grants: Sub-grantee monitoring (Pass-thru)
– Colleges: Students – System Access - Security
– Shared Services Agreements – Split controls - MOU
– External Entities (Providing input services – Contracts)
– Avoid a Minimalist Approach (Underestimating Risks)
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 7
ARMICS Update: Room for Improvement
Stage 1: Control Environment– Ethics Programs not JUST a Code of Ethics
– Testing the effectiveness of Ethics Programs-- Random mini-exams (verbal or written)
– Ethics awareness program
– Awareness programs in general (Safety, Harassment, Sensitivity, Terrorism, etc.)
– Ethics and control responsibility in EWPs
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 8
ARMICS Update: Room for Improvement
Stage 1: Risk Assessment– External Risks (Data Flows and sources)
– Evaluate Risks – Impact & Likelihood
– Don’t forget SWOT (High Level)
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 9
ARMICS Update: Room for Improvement
Stage 1: Control Activities– Stage 1 VS Stage 2
– Example: General VS Application controls
– Good area for Stage 1 “Testing”
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 10
ARMICS Update: Room for Improvement
Stage 1: Information and Communication– Agency FOIA process
– Sensitive data, redaction, privacy restrictions
– Info. Security: Not just electronic – check your garbage
– Error 1: Release what should be restricted
– Error 2: Restrict what should be released – Perception VS Reality = Communication gaps
– Add Question on Hotline effectiveness
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 11
ARMICS Update: Room for Improvement
Stage 1: Monitoring– Special Monitoring
– Grant Pass Thrus (OMB Circular A-133)
– Audit CAPs
– Internal projects
– System Development
– NCAA
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 12
ARMICS Update: Room for Improvement
Stage 2: Identification of Significant Fiscal Processes– So far, so good
– Definition of Significant – Consistency
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 13
ARMICS Update: Room for Improvement
Stage 2: Documentation of Fiscal Processes
– The key is your flexibility
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 14
ARMICS Update: Room for Improvement
Stage 2: Identification of Internal Controls
– Steady as she goes
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 15
ARMICS Update: Room for Improvement
Stage 2: Testing of Key Internal Controls– Document, Document, Document
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 16
ARMICS Update: Room for Improvement
Stage 3: Corrective Action Plans– Include all elements listed in the ARMICS Manual
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 17
ARMICS Update: Flexibility
• Deferring SWOT until Strategic Planning
• Review after major operations change
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 18
ARMICS Update: The Future
One Certification per YearReplaces DOA-FR Year End CertificationUpdate only for processes done wellStage 1: Refresh and RefineStage 2: Update and RetestStage 3: Follow-up and Test from Prior Year
+ newAddresses Service Provider AgreementsConstant Improvement
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 19
Conclusion
Good First TryRoom for ImprovementVariance in Implementation – A Good Thing
“Forward, always forward, everywhere forward.” – Boniface Wimmer, OSB
“Don’t look back, you can never look back.” – Don Henley, The Boys of Summer
“Don't look back — something might be gaining on you.“
– Leroy “Satchel” Paige
May 14, 2008Accounting and Internal Control
Compliance Oversight Unit 20
Contact Information
Joseph A. Kapelewski, CGFM, CPA, [email protected]
Commonwealth of VirginiaDepartment of Accountswww.doa.virginia.govClick on ARMICS