Christopher Dawkins, CPA, CIA Director of County Audit Phil Diamond, CPA Orange County Comptroller s Office

Transcription

1 Christopher Dawkins, CPA, CIA Director of County Audit Phil Diamond, CPA Orange County Comptroller s Office

2 What Will I Talk About? Why we have auditors and the difference between external auditors and internal auditors What are the duties and responsibilities of an internal audit function How to create or ensure you have an effective audit department An overview of the audit process

3 What Will I Talk About? What should be audited Why controls breakdown What can happen when controls are not reviewed Some specific types of fraud

4 Why Government Auditors Exist? An auditor is a man who watches the battle from the safety of the hills and then comes down to bayonet the wounded. Sir Charles Lyell, , American accountant Might be true but.

5 Why Government Auditors Exist? People have a right to know how their money is spent People have a right to know whether governmental programs are accomplishing what they set out to accomplish in an efficient and effective manner

6 Difference Between Internal and External Auditors External Auditors Attest that the numbers on the financial statement are fairly presented Review operations and controls for the purpose of determining the reliability of the financial data Independent contractor Incidentally concerned with how we can do things better Incidentally concerned with the detection and prevention of fraud in general, but is most concerned when financial statements may be materially affected

7 Difference Between Internal and Internal Auditors External Auditors Provide an independent appraisal activity that evaluates whether management has efficiently carried out its responsibilities Perform an in-depth review of various county functions/programs Are the organization's employees Primarily concerned with how we can do things better Directly concerned with the prevention/detection of fraud

8 What Do We Do? Review controls to ensure assets (revenues and property) are adequately protected and expenditures are appropriate Review the efficiency and effectiveness of county operations and management practices for areas needing improvement Verify the county s and outside contractors compliance with laws and regulations, and contracts. Investigate instances of fraud, waste, and abuse, (coordination with law enforcement) Participate with county management as a consultant on controls, compliance, and other matters of significant importance

9 Characteristics of An Effective Audit Department Independent and qualified staff Obtain adequate training Adopt and follow auditing standards Conduct a risk analysis of operations within audit universe Aware of current issues within county and nationally Perform full scope audits - including financial, compliance and performance Assist management when possible (consult) Prepare professional audit reports

10 Overview of Audit Process Preliminary survey Entrance conference Finalize audit plan Fieldwork Pre-exit conference Quality review Exit conference Report issuance

11 How to Identify Where to Audit For each department/division objective, ask: What could go wrong? How could we fail? What must go right to succeed? What decisions require the most judgment? What activities are most complex? What activities are regulated? On what do we spend the most money? How do you bill/collect related revenue? On what information do we most rely? What assets do we need to protect? How could someone or something disrupt our operations? 11

12 What Controls Are Most Important for Auditors to Review? High Risk Low Frequency High Risk High Frequency Low Risk Low Frequency Low Risk High Frequency 12

13 Why Controls Don t Always Work Inadequate knowledge of policies or governing regulations. I didn t know that! Inadequate segregation of duties. We trust Barry, he does all of those things. Inappropriate access to assets. Passwords shared, cash not secured Form over substance. You mean I m supposed to know why I initial it or sign it? Control override. I know that s the policy, but we do it this way. Just get it done; I don t care how! Inherent limitations. People are people and mistakes happen. You cannot foresee or eliminate all risk. 13

14 Why Controls Don t Always Work Too much trust Approval of documents without review Lack of verification of transactions after they have been entered in the system Lack of reconciliations No follow-up when things appear questionable or not reasonable Lack of understanding of subordinate s job 14

15 Controls Auditors Expect to See Redact protected information from court records Buildings/restricted areas are kept locked Recorded documents are kept secured Computer records are backed up Cash registers or locked boxes Cashiers balance collections Journal entries require authorized Bank account reconciled Inventory tagged Payroll transmittals authorized Other examples..?? 15

16 Types of Employee Theft/Fraud Schemes Theft of cash/checks Skimming Cash removed from the entity before it reaches the accounting system. A related scheme is ringing up a sale for less than the true amount. Controls: Signs Sale by inventory items received Examples: Not ringing up sales 16

17 Types of Employee Theft/Fraud Schemes Theft of cash/checks Voids Record the sale at its full amount, issue a receipt to the customer, then void the transaction Controls: Supervisory approval for all voids Separation of the duty of receipting money and providing product or reservation Requiring all parts of voided receipts retained 17

18 Types of Employee Theft/Fraud Schemes Theft of cash/checks Swapping checks for cash (substitution) Accepting cash and receipting the transaction from a customer, then not receipting a transaction for a check (mail) and replacing the cash with the check Control: Surprise cash count and matching checks and cash to receipt totals by check/cash Not allowing employee checks to be cashed 18

19 Types of Employee Theft/Fraud Schemes Theft of Cash/Checks Alteration of cash receipt documents An employee issues a receipt for a transaction for the full amount. The receipt is later changed by that employee or different employee and the difference in cash is removed Controls: Open eyes 19

20 Types of Employee Theft/Fraud Schemes Theft of cash/checks Fictitious refunds and discounts Employee enters a transaction as though a refund was given, but the cash is either pocketed by the employee or check prepared for the employee Controls: Supervisory approval for all refunds Vendor control 20

21 Types of Employee Theft/Fraud Schemes Billing/purchasing schemes Fictitious invoices An invoice is sent for services neither rendered nor received. The company may not even exist Duplicate payments Controls: Signed and dated receiving reports Adequate segregation within the payables function Analytical reviews 21

22 Types of Employee Theft/Fraud Schemes Billing/purchasing schemes Purchasing excess materials/services Excess goods are purchased by an employee and converted to personal use (can also be payouts for welfare) Excess goods are purchased by an employee in exchange for kickback Controls: Adequate approval for all purchases Periodic analytical review of year-to-date purchases Budget 22

23 Types of Employee Theft/Fraud Schemes Billing/purchasing schemes Checks payable to employee Controls: Adequate segregation of duties Restrict access to facsimile stamp 23

24 Types of Employee Theft/Fraud Payroll schemes Ghost employees Controls: Schemes Independent payroll check distribution Analytical analysis of addresses/social security numbers Examples: Paychecks are created for nonexistent employees 24

25 Types of Employee Theft/Fraud Schemes Payroll schemes Overpayment of hours not worked Controls: Review and approval of hours reported for payment Forward payroll transmittal directly to payroll after approval 25

26 Types of Employee Theft/Fraud Schemes Fraudulent expense reimbursement Examples: Travel and training reimbursements Meals Postage Petty cash Controls Adequate supervisory review of expenses Periodic reconciliation of Petty Cash Budgets Analytical reviews 26

27 Types of Employee Theft/Fraud Schemes Check tampering Employee changes check amount or payee Controls: Bank reconciliations Adequate segregation of duties Positive Pay accounts Examples: Paychecks are changed Reimbursement check amounts changed Payees changed 27

28 Types of Employee Theft/Fraud Schemes Misuse/theft of equipment Controls: Inventories Clear responsibility for custody Adequate monitoring of condition/use Examples: Equipment stolen Company equipment used for personal gain 28