Internal Audit How the Internal Audit Function Facilitates Internal Controls Office of the City Auditor City of Tallahassee 1
Internal Audits and Internal Controls Session Purpose: How does an internal audit function assist management in ensuring an entity has established an adequate internal control framework as provided for by COSO and the GAO Green Book (Standards for Internal Control in the Federal Government ) 2
COSO Committee of Sponsoring Organizations of the Treadway Commission (COSO): Comprised of five agencies: American Accounting association AICPA Institute of Internal Auditors Institute of Management Accountants Financial Executives International 3
GAO GREEN BOOK Standards for Internal Control in the Federal Government Issued by the Government Accountability Office (GAO) Last updated in September 2014 Green Book adapts COSO principles for a government environment 4
COSO Definition of Internal Controls A process effected by an entity that provides reasonable assurance that the entity s objectives will be achieved. Objectives include: Effective and Efficient Operations Reliability of reporting Compliance with applicable laws, regulations, and policies 5
Green Book Definition of Internal Controls A process effected by an entity s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. These objectives and related risks can be broadly classified into one or more of the following three categories: Operations (effectiveness and efficiency) Reporting (reliability) Compliance (with applicable laws and regulations) 6
COSO and Green Book Internal Control Components Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 7
COSO and Green Book Internal Control Components 8
COSO: Internal Audit Internal auditors play an important role in evaluating the effectiveness of control systems. As an independent function reporting to top management, internal audit is able to assess the internal controls systems implemented by the organization and contribute to ongoing effectiveness. As such, internal audit often plays a significant monitoring role. 9
Green Book: Internal Audit Section 16.07 of the Green Book provides that internal audits play an important role in Monitoring Activities by performing independent, objective evaluations of control design and testing of internal controls. Internal audits provide greater objectivity as they are performed by reviewers that do not have responsibility for the activities being evaluated. 10
11
City Auditor s Office Follow both GAGAS and IIA Standards All Audits are Performance Audits Complete average 20 audits annually Undergo an external peer review every three years 12
OFFICE OF THE CITY AUDITOR Organization Chart July 14, 2015 CITY AUDITOR T. Bert Fletcher ADMINISTRATIVE SPECIALIST II Michelle Davis SENIOR AUDIT MANAGER Don Hancock SENIOR IT AUDITOR Patrick Cowen AUDIT MANAGER Dennis Sutton SENIOR AUDITOR Cameisha Smith SENIOR AUDITOR Vanessa Spaulding 13
14
What we Audit Any City department, activity, or function (except the Mayor and City Commission Offices) Any entity that receives City funds as a grant, loan, or contract recipient Joint City/County entities Blueprint (Capital Infrastructure) CRA (Redevelopment) Consolidated Dispatch Agency (City/County/Sheriff) 15
Annual Audit Plan Required by City charter Over 250 auditable topics and areas List updated each year Conduct an annual risk analysis All topics/areas are ranked 16
Risk Factors 1. Size of Operation/Fiscal Impact 2. Experience of Management 3. Complexity of Operations/Activity 4. Public Sensitivity 5. Threats to Public Health, Safety and Welfare 6. Susceptibility to Fraud, Waste, & Abuse 17
Other Sources for Planned Audit 1. Audit Shop awareness 2. Solicited Input from: Mayor and Commissioners City Leadership City Advisory Boards Independent Ethics Board Neighborhood Associations 18
Citywide Cash Controls One main revenue office but 26 other City locations where revenues and receipts are collected Based Audit Program on City Internal Control Policy, which in turn was based on COSO Access to and Accountability for Resources Direct Activity management Segregation of Duties Physical Controls Execution of Transactions and Events Recording of Transactions and Events Information Processing Documentation 19
Citywide Cash Controls (Continued) 1. Collections stored in unlocked cabinets and drawers (or purses and books!) 2. Permits and receipts not controlled or accounted for 3. Management not reviewing collection reports 4. Duties not adequately segregated 5. Checks not endorsed for days 6. Collections not timely deposited 7. Lack of electronic transfers 8. No documented transfers of custody 20
Audit of the Animal Services Center Inadequate segregation of duties in regard to adoption fees First identified in Citywide Cash Controls Audit (no changes made other than allegedly increased managerial reviews) New comprehensive audit conducted based on citizen concerns Audit identified scheme - estimated $80,000 adoption fees diverted Former employee convicted Enhanced controls subsequently implemented 21
Audit of Electric and Gas Revenues GAS ELECTRIC Complex Meters with Billing System multipliers Over $1 million in unbilled consumption identified Some significant over billed consumption also Very technical lot of reliance on electric staff Focused on accuracy of meters through meter testing Audit procedures identified 2 commercial customers getting free electricity Audit found $1.6 million billing error 22
Annual Citywide Disbursements Audit 350,000 transactions totaling over $1 billion Stratification and Categorization Applied Payroll Retirement Energy Acquisitions All Other Multiple criteria applied to each sample item Comprehensive testing 23
Annual Citywide Disbursements Audit (Continued) Relied Upon by external auditors Findings: Lack of control over time and attendance records Overpaid an insurance provider $53,000 Competitive procurement practices not followed Duplicate payments identified Extra pay period included in retirement benefit determinations Ineligible former employees and dependents inappropriately allowed to participate in the City s health insurance program Unique improvements: Revision to retirement ordinances Efficiencies for frequently paid vendors Implementation of an automated payroll time and attendance system 24
Investments Size: Pension ($1 billion) and Non-Pension ($600 million) Audits addressed: Investment Performance Investment policy in accordance with best practices Investments properly diversified Investments allowable types (e.g., not too risky or overly conservative) Whether internal controls were adequate 25
Investments (continued) Findings Earnings allocation errors resulted in over $2 million of City earnings being incorrectly allocated Inadequate and untimely reconciliations of investment and custodian statements Capability for incompatible duties regarding transfer of funds 26
Audit of Commercial Insurance Acquisition Excess coverages purchased for property, liability and workers compensation Fees and premiums averaged $3.6 million annually Same broker and companies selected every year even though competitive processes used 27
Audit of Commercial Insurance Acquisition Audit recommended alternative competitive procurement process Selected broker not allowed to receive commission from selected providers and carriers to ensure no conflict of interest Actual savings of $434,000 realized in first full year new process used. 28
29