Department of Navy Audit Update

Similar documents
Department of the Navy Audit and Internal Controls

Department of Defense Financial Improvement and Audit Readiness

ASMC National Capital Region PDI 9 March 2017

Office of the Under Secretary of Defense (Comptroller) ASMC National PDI May 2014 Audit Readiness- Are You Ready for The Big One?

WORKSHOP 84 STREAMLINING COMPLIANCE THROUGH GRC INTEGRATING A-123 UPDATES AND MORE!

How the FM Target Environment Will Help Us Sustain Financial Auditability. Presentation to the ASMC National PDI June 3, 2016

AUDIT ADVANTAGE: IMPROVING MISSION READINESS

Road to Self Governance

OPERATIONAL RISK EXAMINATION TECHNIQUES

Ref: (a) Federal Managers' Financial Integrity Act of 1982, P.L (b) OMB Circular A-123 (c) DoD Instruction 5010.

Briefing to Redstone ASMC Chapter Mini-PDI

AUDIT ACCELERATION WITH ROBOTIC PROCESS AUTOMATION

Large Federal Agency Leverages IV&V to Achieve Quality Delivery for Critical Modernization Initiative

Audit of Policy on Internal Control Implementation (Phase 1)

AFMO. Army Financial. Management Optimization. Driving Change in Financial Management across the Army Enterprise

USDA Shared Services Journey

Budgetary Resource Risk Management Unliquidated Obligations (ULOs) - Recovery and Prevention September 2014

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

Review of the management of data quality in the My Government of Canada Human Resources system. Office of Audit and Evaluation

Internal Controls: Need Them, Have Them, Love Them

Department of Defense Cash Accountability Strategy National PDI Workshop #51 June 2, 2016 Improved Cash Accountability

Enterprise Business System Was Not Configured to Implement the U.S. Government Standard General Ledger at the Transaction Level

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

RSA ARCHER IT & SECURITY RISK MANAGEMENT

OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

SYSTEM MODERNIZATION BEST PRACTICES

Internal controls over financial reporting

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

Improving your finance function effectiveness

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Department of Defense DoD Progress in Environmental Liabilities Reporting

This training matters, because the auditors are coming.

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Proactively Managing ERP Risks. January 7, 2010

Internal controls over financial reporting

Work Plan and IV&V Methodology

What Exactly is an Acceptable Accounting System?

REPORT 2015/077 INTERNAL AUDIT DIVISION

EY Center for Board Matters. Leading practices for audit committees

UNITED STATES MARINE CORPS MARINE CORPS BASE 3250 CATLIN AVENUE QUANTICO VIRGINIA IN REPLY REFER TO: MCBO 5200.

Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit

1.0 PART THREE: Work Plan and IV&V Methodology

INFORMATION SERVICES FY 2018 FY 2020

2012 Medicaid Enterprise System Conference

A Model for CAS Self Assessment

Conduct gap analyses to determine weapons and ammunitions requirements. Fully resource weapons and ammunition requirements

County of Sutter. Management Letter. June 30, 2012

USC Compliance and Ethics Program Governance and Standards

Digital Testing and Controls Automation A transformative approach to automating your control environment

Audit Report. Audit of Contracting and Procurement Activities

PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)

Corporate Governance. Information Request List Family- or Founder-Owned Unlisted Companies. Commitment to Corporate Governance

How to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA

Financial Improvement and Audit Readiness (FIAR)

Community Bankers Conference

Risk Management at Statistics Canada

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Executive Steering Committee Meeting. Department of Revenue Building 2, Room 1250 July 27, 2016

2014 Integrated Internal Control Plan. FRCC Compliance Workshop May 13-15, 2014

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

2017 Internal Controls Survey

See your auditor clearly. Transparency report: How we perform quality audit engagements

Report No. DODIG U.S. Department of Defense OCTOBER 28, 2014

An Overview of the 2013 COSO Framework. August 2013

Chapter 7 Summary and Conclusions

Seven Key Success Factors for Identity Governance

CGMA Competency Framework

CGMA Competency Framework

Improve GRC Maturity through Combined Assurance

REPORT 2014/162 INTERNAL AUDIT DIVISION

DESIGNING AND IMPLEMENTING A WORLD CLASS RISK AND CONTROLS MONITORING FUNCTION

Your committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Logistics Solutions for the Warfighter

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

Internal Control. Meeting Federal Requirements for Accountability. Robert Black, Senior Instructor 3 June 2016 PDI Orlando, FL

Audit of Governance and Controls for Reliable Reporting of Civilian Personnel Data. September (CRS)

How well you are prepared to deal with IFC

PART 6 - INTERNAL CONTROL

Minimizing fraud exposure with effective ERP segregation of duties controls

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

A Financial Executive s Guide to Internal Controls & Fraud Prevention in the Cloud

Corporate Governance Update. SOX 404 and Internal Controls

IAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1

Risk Management and Internal Control Report

Indigenous and Northern Affairs Canada. Internal Audit Report. Audit of Performance Measurement. Prepared by: Audit and Assurance Services Branch

e. inadequacy or ineffectiveness of the internal audit program and other monitoring activities;

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

DCMA Instruction Stewardship

RREGULATION ON INTERNAL CONTROLS AND INTERNAL AUDIT FUNCTION IN MICROFINANCE INSTITUTIONS. Article 1 Scope and Purpose

CORROSION MANAGEMENT MATURITY MODEL

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

Transcription:

Department of Navy Audit Update Northern Virginia Chapter Association of Government Accountants April 28, 2017 Victoria Crouse, Chief Strategy Officer

Agenda What We ve Done Journey to Date: Key Milestones Financial Operating Environment SBA Audit Results and Remediation SBA FY2015 and 2016 Results Remediation Efforts Full Financial Statement Approach Audit Roadmap Annual Audit Objectives and Beginning Balance Strategy Key Challenges Sustainment True North Maturation of Control Environment Key Takeaways -2-

What We ve Done

Journey To Date: Key Milestones 2008: USMC Asserted Audit Readiness on SBR 2009: DoD FIAR Guidance Issued 2010-2012: Positive Examinations of Selected Navy Business Segments 2012: Focus on SBA; Established Audit Response Center 2013: Prioritized IT Systems and Data Management 2014: USMC Received Disclaimer of Opinion 2015: Conducted First Navy SBA Audit 2015: Established Enterprise Remediation Capability to Address NFR Root Causes 2016: Established Internal Controls Governance Structure 2017: Initiated first USMC Full Financial Statement Audit -4-

FY2016 Financial Statistics 14.30% 37.00% 25 25.96% 34.87% 50.83% 35.68% 27.32% 55.27% 18.77% Discretionary Budget General Property, Plant, and Equipment, Net 18.77% Inventory and Related Property Navy Non-DoD Rest of DoD -5-

Financial Operating Environment Decentralized environment creates complexity within its financial and functional business processes Financial transactions generated around the globe and at the deck-plate level Multitude of legacy IT systems that do not meet audit standards Complexity of Navy Financial Reporting Environment 19 Budget Submitting Offices Over 500,000 Civilian and Military Personnel 72 Treasury Accounts 10 Shared with USMC 8 General Ledgers (GL) Systems ~100 Direct GL Feeder Systems A financial statement audit has never been conducted on an organization as large and complex as Navy -6-

SBA Audit Results and Remediation

SBA FY 2015 and 2016 Results External Audit Results Disclaimer of Opinion The IPA identified 3 material weaknesses related to controls over IT, Business Processes and Financial Reporting. The IPA also noted noncompliance with the Federal Financial Management Improvement Act (FFMIA) Audit Findings (NFRs) IT NFR Type # of NFRs Financial NFR Type # of NFRs Audit Logging / Monitoring 36 Financial Compilation and Reporting 13 Access Control / Access Management 40 Funds Balance with Treasury 5 Risk Management 28 Procurement (CVP, RWO, MILSTRIP) 10 Segregation of Duty 30 Document Retention 9 Change Management 16 Management Oversight 10 Other Control Failures (e.g., Interfaces, Configuration Management, Sensitive Transactions, Contingency Planning) 52 Other Control Failures (e.g., Budget Control, Tri-Annual Review, Authorization) Total 202 Total 55 8 Statement of Assurance Results Qualified In FY 2016, DON reported a qualified Statement of Assurance and reported the following material weaknesses: 7 ICONO 23 ICOFR 9 ICOFS -8-

Navy Efforts to Remediate Finding and Reduce Audit Risk Evaluation, Prioritization, and Remediation (EPR) Program Assess and prioritize deficiencies (NFRs) noted by the Auditor Coordinate designation of SES/Flag Level Offices of Primary Responsibility (OPRs) to resolve NFRs Support OPRs with CAP development and validate CAP implementation and operating effectiveness Business Process Improvement (BPI) Transforming the Navy s underlying business processes provides data integrity and supports fact-based decision making surrounding resource management Established modernized, standard business processes across the Navy System Rationalization and IT Controls Created Audit-Ready Systems Compliance Profile to bring the Navy into compliance with financial audit and cyber standards Financial Management Overlay Leverages DoD s Risk Management Framework (RMF) for information security, enabling system owners to achieve audit readiness and cyber security objectives at the same time Enterprise wide effort to rationalize key financial systems and transition towards a target IT environment Outcomes BPI Streamlined Over ~2,000Unique Business Processes to Establish 39 Standard Processes EPR OPRs remediated 77 NFRs across IT systems and business processes from FY2015 SBA Audit IT Controls Reduced The Number Of IT Systems By 39% -9-

Full Financial Statement Approach

Audit Roadmap FY 2020 DON GF and WCF Full Scope FY 2018-2019 Navy GF Full Scope USMC GF Full Scope DON WCF Full Scope FY 2017 Limited Scope FY 2015 Navy GF SBA FY 2008 USMC GF SBA FY 2016 Navy GF SBA -11-

Annual Audit Objectives and Beginning Balance Strategy To achieve the Audit Roadmap milestones, the Navy has adopted a two part strategy 1. Implementing a Balance Sheet and SBA/SBR build approach: Conducted in-depth line item substantive Impartial Verification and Validation (IV&V) (i.e. Mock Audits) to identify and correct gaps in beginning balances Accumulating evidential matter necessary to support beginning balances Collaborating closely with BSOs and other stakeholders to validate Navy s significant financial accounting policies and modify as necessary in order to comply with Generally Accepted Accounting Principals (GAAP), for both historic and prospective reporting 2. Continuing with the Navy s strategy to support future audits beyond the Balance Sheet and SBA/SBR by focusing on: FIAR activities (focused on improving processes, controls, and systems) Reliable / repeatable processes to accumulate and report balances IT systems reconciliations (link with Transaction Universe) Effective internal controls to support efficient audits -12-

Financial Statements - Balance Sheet and SBR Beginning Balances Impartial Verification and Validation (IV&V) activities to assess Navy s ability to: Produce (build) an auditable Balance Sheet as of September 30, 2017; Respond to expected auditor requests to perform substantive audit procedures; and Provide accurate and complete evidential matter timely Receive feedback from experienced auditors to help identify and prioritize critical gaps in Navy s readiness Leverage audit expertise to design most effective corrective actions to complete readiness with time-frame (6 12 months) Ensure that all major readiness activities are: Comprehensive, coordinated, and cross-supportive (e.g., TU, IT system reconciliations, JV analysis, look-back analysis, BSO support) Focused on priorities necessary to support balance sheet audit -13-

Key Challenges Universe of Transactions Reconciling financial transactions that comprise the financial statements GL Detail to the Financial Statements Feeder Systems to the GL Journal Vouchers Reduction and improving supportability Automated On Top entries in Defense Departmental Reporting System Root cause analysis to reduce field-level JVs and require approval thresholds for BSO Commanders FBWT Reconciliation Timely aggregation of disparate financial data Significant number of IT systems Many different types of APPNs DoD business practices / Transactions for Others Asset Accountability and Valuation Developing GAAP compliant valuation strategies and ensuring accountability for all major operational assets on the Balance Sheet Undelivered Orders/Unfilled Customer Orders Historical clean up and proactive management going forward Short term manual efforts may mitigate the related audit risks, but IT system changes are required to transform business processes in order to enable sustainment -14-

Sustainment

True North Ongoing audits of Consolidated Full Financial Statement for Department of Navy Congressional auditability mandates are fast approaching and achieving full financial statement auditability by the end of FY2017 is a top priority for the Department. Financial system modernization to produce accurate and transparent data Making continuous process/system improvement an essential priority at every level Command audit capabilities that cover both the uniform and civilian "Tone from the top" messaging from Navy leaders is essential and must be forceful and consistent. Strategy, tasks, and timelines need to be communicated and understood at all levels, at all major commands. Emphasizing that an improved business culture includes participation from every functional level. Mature MICP for effective and sustained internal control environment Command testing programs are a valuable tool for Commanders to understand the state of their internal control environment As the Navy matures its MICP across the enterprise, it will not only reduce financial, operational, and system risk, but will become the sustainment engine to maintain a state of audibility into the future. -16-

Maturation of Control Environment Goal: achieve a mature control environment through various audit readiness initiatives The path is built upon the work of multiple stakeholders each fiscal year Initial BSO Certification Statements (limited scope) Incremental Increasing Internal Control Improvements Mature Control Environment Establish SAT Future State FY 2018+ Each BSO: Performs full risk assessment FY 2017 Establishes a fully developed control environment with sustainable test methodologies FY 2016 Manages formal corrective action and resolution processes -17-

Shifting Focus A robust internal control program is the key to sustainability and success in an audit environment Internal Controls Auditor Reliance Substantive Testing Maturity of Control Environment The Navy responded to over 8,000 PBC requests during the FY15 and FY16 SB audits and produced nearly 100% of the requested supporting documentation. This LOE cannot be sustained as audit scope increases. -18-

Manager Internal Controls Program Governance Manager Internal Controls Program (MICP) Centralized Internal Control Governance at the enterprise level, by the establishing the Senior Assessment Team (SAT) and Senior Management Council (SMC) Assign Senior Accountable Officials (SAO) at the Flag or SES level to drive remediation efforts Provide oversight to commands on conducting risk assessments, identifying key controls, and developing test plans to assess the effectiveness of correcting activities Command Internal Control Testing Program Commanders to understand the state of their Internal Control Environment Testing results to identify effectively operating controls or improved risk mitigation needed Decisive action to address gaps before they become widespread, redirect and/or rebalance resources Share lessons learned across the Commands Mature and Sustain Internal Control Environment Reduced financial, operational and system risk Become the sustainment engine to maintain a state of audibility into the future Commands assumption of greater responsibility for risk assessment, internal control testing, and self-reporting results in order to address any control gaps -19-

Key Takeaways Enterprise Level: Transforming and standardizing business processes, internal controls, & documentation. Organizational Level: Adopting/enforcing/testing standardized business processes and effective internal controls Driving accountability: Personnel at all levels must understand responsibilities & be held accountable routinely for transaction excellence, internal controls and documentation. Cultural Change: Tone at the top: Organizational commitment and understanding of the benefits of audit Driving accountability: Linking audit compliance to performance goals Military and Civilian across all functional areas SAO/OPR at the Flag or SES Level to own and drive remediation of key audit issues BSO Comptrollers: Feedback on key audit metrics provided to Commanders; aligned with performance cycle -20-

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback