FINANCIAL ACCOUNTING & INTERNAL AUDITS How financial
accounting and internal audits can benefit government agencies.
Lydia Lafleur, CIA LSU Center for Internal Auditing 1
Financial Accounting Business Activities Decision Makers
Identifies Records Communicates External Users Investors, Creditor,
Suppliers, etc. Internal Users Managers, Supervisors, Directors,
etc. FASB: Financial Accounting Standards Board 3
Slide 4
Stakeholders Citizens and taxpayers Legislative and oversight
bodies Creditors and investors Stakeholders Citizens and taxpayers
Legislative and oversight bodies Creditors and investors
Governmental Accounting GASB: Governmental Accounting Standards
Board GASB Concept Statement No. 1, Objectives of Financial
Reporting: financial reporting should provide information to assist
users in assessing the service efforts, costs, and accomplishments
of the governmental entity. Accountability Fiscal Operational
Accountability Fiscal Operational Characteristics of Financial
Reports Understandability Reliability Relevance Timeliness
Consistency Comparability Characteristics of Financial Reports
Understandability Reliability Relevance Timeliness Consistency
Comparability 4
Slide 5
Auditing Standards Institute of Internal Auditors Professional
Practices Framework Generally Accepted Government Auditing
Standards (GAGAS) (The Yellow Book) Other Guidance Standards for
Internal Control in the Federal Government (The Green Book)
Internal Control Management and Evaluation Tool Structured approach
to assessing the internal control structure 5
Slide 6
Accountability Management and officials are responsible for:
Carrying out public functions Providing service to the public
effectively, efficiently, economically, ethically, and equitably
Providing reliable, useful, and timely information Users need to
know whether: 1. Management and officials manage government
resources and use their authority properly and in compliance with
laws 2. Programs are achieving the objectives and desired outcomes
3. Services are provided efficiently, economically, ethically and
equitably Generally Accepted Government Auditing Standards
Introduction 6
Slide 7
Internal Auditing Definition Internal auditing is an
independent and objective assurance and consulting activity that is
guided by a philosophy of adding value to improve the operations of
the organization. It assists an organization in accomplishing its
objectives by bringing a systematic and disciplined approach to
evaluate and improve the effectiveness of the organizations risk
management, control, and governance processes. Institute of
Internal Auditors 7
Slide 8
Internal Auditing Organization Corporate Governance
RisksControls Plan Triple Bottom Line - Environmental - Social -
Economic Add-Value ConsultingAssurance Audit Planning Types of
Audits: 1.Financial Audits 2.Attestation Engagements 3.Performance
Audits 8
Slide 9
Internal Controls Plan Organize G & OR x C = rG & O
Adequate Controls Reasonable Assurance R LI x C L x C I = r LI G =
Goals O = Objectives R = Risk L = Likelihood I = Impact C =
Controls r = Residual Risk 9
Slide 10
Internal Controls Goals & Objectives Specific Measurable
Attainable Relevant Timely Goals & Objectives "Purpose"
Controls Control Environment "Commitment" Management Plan Tactical
Strategic Organize Staff Direct Monitor "Capability" Control
Activities Segregation Access Accountability Authority Reconcile
Completeness Authority Transactions Manage Accountability Safeguard
Selection Alternatives Design In Place Functioning Compliance
"Monitoring & Learning" Continuous Improvement Model COCO
Purpose Commitment Capability Monitor & Learn Preventive
Detective Directive Hard Soft 10
Slide 11
Financial Compliance Operations Systems Risk Analysis Control
Environment Monitoring Control Activities Methodology used for
assessing the quality of internal controls. Hard Controls:
Segregation of Duties (AAA) Safeguarding of assets Transactions
recorded Accountability Periodic Reconciliation Common factors used
in identifying and assessing materiality of risks. Soft Controls:
Corporate Culture Tone at the Top Information & Communication
Management Controls: Planning To achieve goals Tactical Strategic
Organizing Delegation Staffing Right People Directing Policies and
Procedures Monitoring Communication and information Analytics and
Analysis Change management COSO Committee of Sponsoring
Organizations of the Treadway Commission 11
Slide 12
Unit B Challenge: Evolving from Control Activities to the
Control Environment COSO Control (Addressing Governance) Aggregate
Entity Process Unit Systemic cultural problem Mark Emmert, NCAA
President Management should periodically check the batteries in
their moral compass. GES Activity 2 Monitoring Information &
Communication Control Activities Control Environment Unit A
Activity 1 Compliance Financial Reporting Operations Risk
Assessment Tone at the Top Tone at the Middle 12
Slide 13
Update Formalizes Fundamental Concepts Embedded in the Original
Framework as Principles Control Environment 1.Demonstrates
commitment to integrity and ethical values 2.Exercises oversight
responsibility 3.Establishes structure, authority and
responsibility 4.Demonstrates commitment to competence 5.Enforces
accountability Risk Assessment 6.Specifies suitable objectives
7.Identifies and analyzes risk 8.Assesses fraud risk 9.Identifies
and analyzes significant changes Control Activities 10.Selects and
develops control activities 11.Selects and develops general
controls over technology 12.Deploys through policies and procedures
Information & Communication 13.Uses relevant information
14.Communicates internally 15.Communicates externally Monitoring
Activities 16.Conducts ongoing and / or separate evaluations
17.Evaluates and communicates deficiencies Source: COSO, Internal
Control Integrated Framework, September 2012 13
Slide 14
Quality Drift (Cascading Process) Control Environment
Management Controls P-O-S-D-M Control Activities Objective
Subjective 14
Slide 15
Controls Subjectivity Complexity Control Environment Management
Controls Control Activities Parkinsons Law: Complexity leads to
decay Challenges: Hard to Soft Objective to Subjective Simple to
Complex Evolution to Revolution 15
Slide 16
Criteria of Control: CoCo Purpose Commitment Capability
Monitoring Action 16
Slide 17
Internal Auditing: Adding Value Integration GRC External Entity
Process Unit Control Environment Management Controls Control
Activities Evolution of the Profession Controls Risk Board Audit
Committee Charter Internal Audit Charter Governance
(Mature)(Embryo)(Radar) Opportunities Threats Evaluation Check the
box Reality Quality Question: Can you be in 100% compliance and go
out of business? (Evaluation Audit). Does compliance equal quality?
Objective Subjective Objective Subjective 17
Slide 18
Issues: Accountability Governance, Risks, and Controls King III
Transparency Sustainability Board Selection Process Audit Committee
CAE Risk Committee CRO Global Strategic (CRMA) Compensation
Committee Stock options Bonus plans Counter- productive Salaries
Up, up, up, and away The Bear Charley Mac Shareholder Input
Governance Personal Opinion: The CEO and CFO should not be involved
in selecting members of the Board, Audit Committee, Risk Committee,
or Compensation Committee AAA COB CEO Obj. Sub. SOD The Big Risk
18
Slide 19
Organizational Governance (Roles and Responsibilities)
Employees Specific Job Descriptions Control Environment Control
Activities Delineation of Goals & Objectives (Integration &
Linkage) Governance BOARD & SUB-COMMITTEES Plan Organize Staff
Direct Monitor (P-O-S-D-M) Executive Management P-O-S-D-M Process
Owner P-O-S-D-M Organizations Should Be Organized Process Owner
P-O-S-D-M Process Owner P-O-S-D-M 19
Slide 20
ERM Conceptual Framework Division Business Unit Subsidiary
Entity Objective Setting Event Identification Risk Assessment Risk
Response Control Activities Info. & Communication Internal
Environment Monitoring Strategic Operations Reporting Compliance
Control Components Objectives Focus: Internal Environment
Strategies Integration COSO Risk 20
Law Specific Controls (The way it should be.) Performance Drift
Criteria Agent of Change Negotiation RecommendationCriteria Plan
Tactical Strategic CSA Reengineering Evolution Revolution Best
Practices Benchmarking Plan Implementation Monitor Analysis
Inappropriately Included Inappropriately Excluded Internal External
Revenue Cost Effectiveness Efficiency Goals Effect (What difference
does it make?) Condition (The way it is.) Cause (How we got to
where we are?) Management Plan Organize Staff Direct Monitor
Recommendation Persuasion Follow-up Issue Addressed Recommendation
Implemented Management Solution Risk Accepted Meeting The Reporting
Model (Risks and Controls) Risk Opportunities Proactive Preview
Partially Controllable Consulting Risk Threats Reactive Review
Assurance Controllable Objective Subjective Policy General 22
Slide 23
The Fraud Risk Triangle Opportunity Incentive/Pressure The
Fraud Risk Triangle (FRT) consists of three key elements which are
generally correlated with fraud. The FRT was developed by a
criminologist, Donald R. Cressey, in 1973. Attitude/Rationalization
How do you address the Fraud Triangle? 23
Slide 24
Opportunity O O O Attitude Rationalization R R R The Fraud Risk
Triangle Incentive Pressure P P P Over-ride OR The Fraud Diamond
Opportunity PressureRationalization Ability Kennesaw State 24
Slide 25
Management Responsibility Pre-Control Post-Control R L F I F *
C L F * C l F = r L F I F PreventDetectResidual risk Risk tolerance
Risk appetite Affordable risk (Analytics) Control Override Control
Failure Override Control R L F I F r L F I F Management Functions
Plan Tactical, Strategic Organize Delegation, Accountability Staff
Competencies, Training Direct Policies, Procedure Monitor
Supervision, Oversight, Change management 25
Slide 26
Management Responsibility Setting policies and strategic
direction Directing employees in performance of routine activities
Custody of entitys assets Reporting to those in charge of
governance Implementation of audit recommendations Design,
implement, and maintain internal controls Develop performance
measurement system 26
