PART 6 - INTERNAL CONTROL

Similar documents
FEDERAL AWARD PROGRAMS INTERNAL CONTROL EVALUATION. Cross-cutting characteristics (generally applicable to all fourteen requirements)

Internal Control Questionnaire and Assessment

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

Internal Control Questionnaire and Assessment

Community Bankers Conference

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a

Internal Controls: Need Them, Have Them, Love Them

LeiningerCPA, Ltd. INTERNAL CONTROL PROCEDURE STATEMENT

Auditing Governments and Not-For-Profit Organizations

Guide to Internal Controls

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

Evaluating Internal Controls

Corporate Governance Update. SOX 404 and Internal Controls

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

[RELEASE NOS ; ; FR-77; File No. S ]

Dena Jansen, CPA Partner Maxwell Locke & Ritter LLP

Internal Control in Higher Education

CLIENT ALERT: INTERNAL CONTROL OVER FINANCIAL REPORTING

Implementation Tool for Auditors

Internal Audit Appendix: IIA Standards

An Overview of the 2013 COSO Framework. August 2013

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

AUDITING. Auditing PAGE 1

Auditing Standards and Practices Council

CAAS 104 Cost Audit and Assurance Standard on Knowledge of Business, its Processes and the Business Environment

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

The most commonly applied model for designing and auditing internal

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Master Document Audit Program. Version 4.14, dated March 2018 B-1 Planning Considerations

What s New in Government Internal Control Standards? Going Green

AICPA Peer Review Program Compliance: Responding to Latest Developments

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Cost Auditing Standard Cost Auditing Standard on Knowledge of Business, its Processes and the Business Environment

Transparency in the Workforce System Establishing Firewalls & Internal Controls

IAASB Main Agenda (December 2008) Page Agenda Item

RREGULATION ON INTERNAL CONTROLS AND INTERNAL AUDIT FUNCTION IN MICROFINANCE INSTITUTIONS. Article 1 Scope and Purpose

REGISTERED CANDIDATE AUDITOR (RCA) TECHNICAL COMPETENCE REQUIREMENTS

Seminar Internal Control Identification and Filtering

Chapter 6 Field Work Standards for Performance Audits

Internal Control Systems

Audit Practice Introduced by HKSA (HKSA 300, 315 and 330) 10 July 2008

The Auditor s Consideration of the Internal Audit Function in an Audit of Financial Statements

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

2014 SINGLE AUDIT OVERVIEW FOR KNOWLEDGE COACH USERS

SA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL

Business development companies

Auditing Standards and Practices Council

Audit Practice Introduced by HKSA (HKSA 315 and 330) 1 February 2008

POLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

29 th Regional Conference of WIRC

EFFICIENT USE OF AUDIT COMMITTEES

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors

FDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130

Single Audit and Yellow Book / Govt. Audit Standards Update Presented by: William Blend, CPA, CFE

International Standards for the Professional Practice of Internal Auditing (Standards)

Evaluation of a Firm s Compliance with 2011 Yellow Book Independence Requirements Related to Nonaudit Services

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

Kentucky State University Office of Internal Audit

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

OPERATIONAL RISK EXAMINATION TECHNIQUES

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

International Standards for the Professional Practice of Internal Auditing (Standards)

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

The definition of a deficiency is also set forth in the attached Appendix I.

Overview of Sampling and Single Audit Reporting Requirements

STAFF QUESTIONS AND ANSWERS

Company LOGO C B T. An Educational Computer Based Training Program

Committee for Senior Business Administrators. Segregation of Duties

Audit-Risk Committee. Board Approval: August 2018

Internal Controls. June-20-17

Background. Required Communications of Other Internal Control Deficiencies

How to Pass an ALGA Yellow Book Peer Review Training by the Association of Local Government Auditors (ALGA) Tampa, Florida September 20, 2013

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Overview of Internal Control. Course #6015B/QAS6015B Course Material

Internal Control Program

e. inadequacy or ineffectiveness of the internal audit program and other monitoring activities;

13-A. Fraud Phase II Issues Paper

SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Auditing and Attestation (AUD) - Content Outline Effective January 2014

IAASB Meeting (December 2018)

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Nonprofit Organizations

of Financial Statements

Center for Plain English Accounting: Risk Assessment FAQs

WATCH WORDS FROM THE PEER REVIEW PROCESS

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

Minneapolis Public Schools Special School District No. 1 Minneapolis, Minnesota. Communications Letter of the Student Activity Accounts.

Mapping Document AU Section 322 to Clarified Statement on Auditing Standards Using the Work of Internal Auditors

Internal Controls Integrating COSO

The Basics of Internal Controls & Segregation of Duties

Transcription:

PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements. OMB Circular A-133 requires auditors to obtain an understanding of the non-federal entity s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk for major programs, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program, and, unless internal control is likely to be ineffective, perform testing of internal control as planned. This Part 6 is intended to assist non-federal entities and their auditors in complying with these requirements by describing, for each type of compliance requirement, the objectives of internal control, and certain characteristics of internal control that, when present and operating effectively, may ensure compliance with program requirements. However, the categorizations reflected in this Part 6 may not necessarily reflect how an entity considers and implements internal control. Also, this part is not a checklist of required internal control characteristics. Non-Federal entities could have adequate internal control even though some or all of the characteristics included in Part 6 are not present. Further, non-federal entities could have other appropriate internal controls operating effectively that have not been included in this Part 6. Non-Federal entities and their auditors will need to exercise judgment in determining the most appropriate and cost effective internal control in a given environment or circumstance to provide reasonable assurance for compliance with Federal program requirements. The objectives of internal control pertaining to the compliance requirements for Federal programs ( Over Federal Programs), as found in.105 of OMB Circular A-133, are as follows: (1) Transactions are properly recorded and accounted for to: (i) Permit the preparation of reliable financial statements and Federal reports; (ii) Maintain accountability over assets; and (iii) Demonstrate compliance with laws, regulations, and other compliance requirements; (2) Transactions are executed in compliance with: (i) Laws, regulations, and the provisions of contracts or grant agreements that could have a direct and material effect on a Federal program; and (ii) Any other laws and regulations that are identified in the compliance supplements; and (3) Funds, property, and other assets are safeguarded against loss from unauthorized use or disposition. A-133 Compliance Supplement 6-1

The characteristics of internal control are presented in the context of the components of internal control discussed in -Integrated Framework (COSO Report), published by the Committee of Sponsoring Organizations of the Treadway Commission. The COSO Report provides a framework for organizations to design, implement, and evaluate control that will facilitate compliance with the requirements of Federal laws, regulations, and program compliance requirements. COSO also has published Guidance on Monitoring Systems (January 2009), which is available at www.coso.org/guidanceonmonitoring.htm. Statement on Auditing Standards No. 109 (SAS 109), Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) and a related AICPA audit guide, Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit, incorporate the components of internal control presented in the COSO Report. Part 6 describes characteristics of internal control relating to each of the five components of internal control that should reasonably assure compliance with the requirements of Federal laws, regulations, and program compliance requirements. A description of the components of internal control and examples of characteristics common to the 14 types of compliance requirements are listed below. Objectives of internal control and examples of characteristics specific to each of 13 of the 14 types of compliance requirements follow this introduction. (Because Special Tests and Provisions (with the exception of cross-cutting ARRA requirements) are unique for each program, we could not provide specific control objectives and characteristics for this type of compliance requirement.) Control Environment sets the tone of an organization influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Sense of conducting operations ethically, as evidenced by a code of conduct or other verbal or written directive. If there is a governing Board, the Board has established an Audit Committee or equivalent that is responsible for engaging the auditor, receiving all reports and communications from the auditor, and ensuring that audit findings and recommendations are adequately addressed. Management s positive responsiveness to prior questioned costs and control recommendation. Management s respect for and adherence to program compliance requirements. Key managers responsibilities clearly defined. Key managers have adequate knowledge and experience to discharge their responsibilities. Staff knowledgeable about compliance requirements and being given responsibility to communicate all instances of noncompliance to management. Management s commitment to competence ensures that staff receive adequate training to perform their duties. Management s support of adequate information and reporting system. A-133 Compliance Supplement 6-2

Risk Assessment is the entity s identification and analysis of risks relevant to achievement of its objectives, forming a basis for determining how the risks should be managed. Program managers and staff understand and have identified key compliance objectives. Organizational structure provides identification of risks of noncompliance: - Key managers have been given responsibility to identify and communicate changes. - Employees who require close supervision (e.g. inexperienced) are identified. - Management has identified and assessed complex operations, programs, or projects. - Management is aware of results of monitoring, audits, and reviews and considers related risk of noncompliance. Process established to implement changes in program objectives and procedures. Control Activities are the policies and procedures that help ensure that management s directives are carried out. Operating policies and procedures clearly written and communicated. Procedures in place to implement changes in laws, regulations, guidance, and funding agreements affecting Federal awards. Management prohibition against intervention or overriding established controls. Adequate segregation of duties provided between performance, review, and recordkeeping of a task. Computer and program controls should include: - Data entry controls, e.g., edit checks. - Exception reporting. - Access controls. - Reviews of input and output data. - Computer general controls and security controls. Supervision of employees commensurate with their level of competence. Personnel with adequate knowledge and experience to discharge responsibilities. Equipment, inventories, cash, and other assets secured physically and periodically counted and compared to recorded amounts. If there is a governing Board, the Board conducts regular meetings where financial information is reviewed and the results of program activities and accomplishments are discussed. Written documentation is maintained of the matters addressed at such meetings. Information and Communication are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. Accounting system provides for separate identification of Federal and non-federal transactions and allocation of transactions applicable to both. Adequate source documentation exists to support amounts and items reported. A-133 Compliance Supplement 6-3

Recordkeeping system is established to ensure that accounting records and documentation retained for the time period required by applicable requirements, such as the A-102 Common Rule (.42), OMB Circular A-110 (2 CFR 215.53), and the provisions of laws, regulations, contracts or grant agreements applicable to the program. Reports provided timely to managers for review and appropriate action. Accurate information is accessible to those who need it. Reconciliations and reviews ensure accuracy of reports. Established internal and external communication channels. - Staff meetings. - Bulletin boards. - Memos, circulation files, e-mail. - Surveys, suggestion box. Employees duties and control responsibilities effectively communicated. Channels of communication for people to report suspected improprieties established. Actions taken as a result of communications received. Established channels of communication between the pass-through entity and subrecipients. Monitoring is a process that assesses the quality of internal control performance over time. Ongoing monitoring built-in through independent reconciliations, staff meeting feedback, rotating staff, supervisory review, and management review of reports. Periodic site visits performed at decentralized locations (including subrecipients) and checks performed to determine whether procedures are being followed as intended. Follow up on irregularities and deficiencies to determine the cause. Internal quality control reviews performed. Management meets with program monitors, auditors, and reviewers to evaluate the condition of the program and controls. Internal audit routinely tests for compliance with Federal requirements. If there is a governing Board, the Board reviews the results of all monitoring or audit reports and periodically assesses the adequacy of corrective action. General Guidance - Over Compliance For Major Programs With Expenditures of ARRA Awards 1. It is essential that auditee management establish and maintain internal control designed to reasonably ensure compliance with Federal laws, regulations, and program compliance requirements, including internal control designed to ensure compliance with ARRA requirements. The auditor then performs and documents testwork relating to internal control as required by OMB Circular A-133. A-133 Compliance Supplement 6-4

2. It is imperative that deficiencies in internal control (i.e., material weaknesses and significant deficiencies) be corrected by management as soon as possible to ensure proper accountability and transparency for expenditures of ARRA awards. Early communication by auditors to management, and those charged with governance, of identified control deficiencies related to ARRA funding that are, or likely to be, significant deficiencies or material weaknesses in internal control will allow management to expedite corrective action and mitigate the risk of improper expenditure of ARRA awards. Therefore, auditors are encouraged to promptly inform auditee management and those charged with governance during the audit engagement about control deficiencies related to ARRA funding that are, or likely to be, significant deficiencies or material weaknesses in internal control. The auditor should use professional judgment regarding the form of such interim communications. Factors to consider in determining whether to make communications orally and/or in writing include the relative significance of the identified control deficiencies and the urgency for corrective action. However, regardless of how interim communications are made, the auditor should also communicate ARRA-related significant deficiencies or material weakness via the normal reporting process at the end of the audit (i.e., in the reporting on internal control over compliance and the schedule of findings and questioned costs). 3. At many entities, awards funded by ARRA funds will result in material increases in funding, which may result in a material increase in the level of resources needed by management to properly manage, monitor, and account for Federal awards and effectively operate internal control. As part of the consideration of internal control over compliance, auditors should consider capacity issues as follows: - One of the components of internal control as described in this part of the Supplement, Risk Assessment, relates to an entity s risk assessment process including its identification, analysis, and management of risks relevant to its compliance. When gaining an understanding of the internal control over the Activities Allowed or Unallowed, Allowable Costs/Cost Principles, and Eligibility types of compliance requirements for major programs with ARRA funding, the auditor should consider the entity s internal control environment and internal control established to address the risks arising from ARRA funding (e.g., risks due to rapid growth of a program, new and/or increased activities under a program, changes in the regulatory environment, or new personnel). - When evaluating whether identified control deficiencies, individually or in combination, are significant deficiencies or material weaknesses, the auditor should consider the likelihood and magnitude of noncompliance. One of the factors that affects the magnitude is the volume of activity exposed to the deficiency in the current period or expected in the future. A-133 Compliance Supplement 6-5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback