Agency Risk Management and Internal Control Standards

Similar documents
ARMICS Q&A with DOA Amanda Morris, CFE Assistant Director Finance and Administration

Guide to Internal Controls

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

The University of Texas at Tyler. Contract Administration Audit

Chapter 7 Internal Controls

An Overview of the 2013 COSO Framework. August 2013

Policy and Procedures Date: November 5, 2017

On the Revision of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal Control

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Evaluating Internal Controls

THE CITADEL The Military College of South Carolina 171 Moultrie Street Charleston, SC MEMORANDUM 27 July 2009 NUMBER 2-5

Transparency in the Workforce System Establishing Firewalls & Internal Controls

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

Internal Control Systems

INTERNAL AUDIT POLICIES AND PROCEDURES OPERATING MANUAL

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

GUIDELINES FOR THE BOARD OF DIRECTORS

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Audit of Entity Level Controls

Internal Audit Work Plan

SOX FOR NPO S Focus on Control. Stephen L. Kuptz, CPA

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

UNITED STATES MARINE CORPS MARINE CORPS BASE 3250 CATLIN AVENUE QUANTICO VIRGINIA IN REPLY REFER TO: MCBO 5200.

Risk assessment checklist - Plan and organize

BEST PRACTICES, Inspector General

Essential IT Considerations for Sarbanes-Oxley Act

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

Internal Audit Policy and Procedures Internal Audit Charter

FINANCIAL SERVICES TECHNICIAN STANDARD POSITION DESCRIPTION

Maryland School for the Deaf

Fraud Risk Management

INTERNATIONAL ORGANIZATION FOR MIGRATION. Keywords: internal audit, evaluation, investigation, inspection, monitoring, internal oversight

[RELEASE NOS ; ; FR-77; File No. S ]

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

Internal Controls Integrating COSO

Introductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.

4. Organic documents. Please provide an English translation of the company s charter, by-laws and other organic documents.

CAQ Pulse Poll: CFO Perspectives on the Sarbanes-Oxley Act

2012 IIA Standards Update

1. Definition & Mission

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

DIRECTOR, INFORMATION TECHNOLOGY PROJECT IMPLEMENTATION/ FISCAL INTEGRATION

City of West Richland Job Description

The Audit Committee of the Supervisory Board of CB&I

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Internal Audit of Compensation and Benefits

Internal Controls: Need Them, Have Them, Love Them

Statement on Risk Management and Internal Control

RESPONSIBLE CARE MANAGEMENT SYSTEM TECHNICAL SPECIFICATION

Washington Headquarters Services ADMINISTRATIVE INSTRUCTION

MPAC BOARD OF DIRECTORS MANDATE

OFFICE OF INTERNAL AUDITS APPALACHIAN STATE UNIVERSITY AUDIT MANUAL

Internal Auditing 101 with Panel Discussion. VGFOA Virginia Beach May 2013

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

University Internal Audit

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Office of Compliance Program Report

Internal Control Questionnaire and Assessment

INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA ( IIROC ) BOARD CHARTER

An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements

Wire Transfer Audit. Craig Hametner, CPA, CIA, CMA, CFE City Auditor. Prepared By: Jed Johnson Senior Audit Analyst. Michelle Taylor Audit Analyst

ROSWELL PARK CANCER INSTITUTE CORPORATION INTERNAL CONTROLS OVER PROCUREMENT AND REVENUES. Report 2005-S-15 OFFICE OF THE NEW YORK STATE COMPTROLLER

Audit Report. Audit of Contracting and Procurement Activities

Policies, Procedures and Guidelines

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

PART 6 - INTERNAL CONTROL

SOX Optimization: Improving Compliance Efficiency and Effectiveness

NTGA Compliance & Operational Manager Due Diligence Process

Understanding Internal Controls Office of Internal Audit

Internal Audit Mandate

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

AUDITING. Auditing PAGE 1

FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY

Board Responsibilities Adopted January 1994 US EF ROLES AND RESPONSIBILITIES OF THE LWVUS BOARD OF DIRECTORS AND THE LWVEF BOARD OF TRUSTEES

The Internal Control Framework

ABCANN GLOBAL CORPORATION CORPORATE GOVERNANCE POLICIES AND PROCEDURES

Enhancing Governance Through Internal Audit Activities

15 Benefits of a Revenue Assurance Solution

A nonprofit board member should consider the following five elements of OVERSIGHT:

Using the COSO Map. Unpublished Article By Larry Hubbard

See your auditor clearly. Transparency report: How we perform quality audit engagements

CHIEF EXECUTIVE OFFICER TERMS OF REFERENCE

Internal Control System Components. Workers Compensation Board

1. INTERNAL AUDIT CHARTER (PDF)

CAPRA National Accreditation Standards

Department of Navy Audit Update

B S R & Co. LLP. Reporting on Internal. Reporting An Overview. Sarbanes Oxley Act (SOX) 28 December 2013

Department of Biology

Internal Controls and Risk Management Report

Internal Control and Fraud Detection

YSLETA DEL SUR PUEBLO MANAGEMENT POLICIES. Personnel, Self-Monitoring, Management Information Systems, Finance, and Procurement & Contracts

numerous STUDIES HAVE EXAMINED THE IMPACT the g o o d n e w s about compliance

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

COLLEGE OF PHYSICIANS AND SURGEONS OF ONTARIO GOVERNANCE PROCESS MANUAL

GENOME CANADA BOARD OF DIRECTORS ANNUAL QUESTIONNAIRE

Entity level controls Design/implementation 530 Page 1 of 9

Transcription:

Agency Risk Management and Internal Control Standards COMPTROLLER S DIRECTIVE NO. 1-07 EACH EMPLOYEE HERE AT THE UNIVERSITY OF MARY WASHINGTON HAS AN INTERNAL CONTROL RESPONSIBILITY

ARMICS ARMICS is the Commonwealth s version of the Federal Sarbanes-Oxley Act of 2002, and is mandated by the Virginia Department of Accounts (DOA). Provides guidance for establishing and assessing agency internal controls in order to: More effectively manage risk Maintain accountability The objective of ARMICS is to provide reasonable assurance of the integrity of all fiscal processes related to the following: Transactions submitted to the Commonwealth s general ledger Deliverables required by financial statement directives Compliance with applicable laws and regulations Stewardship over and safeguarding the Commonwealth s assets

ARMICS The review process is performed January June. The assessment of the University of Mary Washington s internal controls must be completed before June 30, 2011. The review process consist of: Policies and procedures are reviewed Internal controls are evaluated Audit work is performed Any applicable recommendations are made UMW executives and managers must support UMW s internal control philosophy, promote compliance, and maintain control in their area of responsibility. The Vice President for Administration and Finance & CFO and Associate Vice President for Finance and Controller are responsible for the key oversight and policy enforcement roles over fiscal matters

ARMICS What are policies and procedures? A policy answers the overarching questions as to why we do things. It should be short - one to two pages max - and speak to the purpose of why the individual departments exist. An external procedure is one that we develop and set for others to follow. An internal procedure (also called desk procedures) is one that we develop and set to get our jobs done on a day to day basis (internally).

ARMICS What is an internal control? An internal control provides accountability for meeting program objectives, promotes operational efficiency, improves the reliability of financial statements, strengthens compliance with laws and regulations, and reduces the risk of financial or other asset loss due to fraud, waste, and abuse. An internal control is also an ongoing process which designs and provides reasonable assurance that the following objectives are met: Effective and efficient operations Reliable financial reporting Compliance with applicable laws and regulations Safeguarding of assets

ARMICS Effective System of Internal Control Provides accountability for meeting program objectives Promotes operational efficiency Improves the reliability of financial statements Strengthens compliance with applicable laws and regulations Reduces the risk of financial or other asset losses due to fraud, waste, or abuse

ARMICS The Commonwealth has developed standards and mandates that ARMICS reviews be completed to achieve the following five objectives: 1. Strategic to support being recognized as the best managed state in the nation through internal control practice 2. Operational effective and efficient use of fiscal resources and other assets 3. Reporting integrity and reliability of financial reporting 4. Compliance compliance with applicable laws and regulations 5. Stewardship protection and conservation of assets The University of Mary Washington examines internal controls and documentation at two levels: The University level broad over arching internal controls, policies, and procedures The Departmental level more specific internal controls focusing more on individual transactions and departmental operations

ARMICS University Level For the University of Mary Washington to meet the Commonwealth s standards, we must demonstrate that the University has the following five internal control components established and fully functioning: 1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring

ARMICS University Level University Level Survey An electronic survey is sent to random sample of the entire University employee population. Survey participants will be asked a variety of questions pertinent to the five internal control components mentioned on the previous slide. Survey participants will have the following options when responding: Strongly Agree Agree Disagree Strongly Disagree N/A

ARMICS University Level Control Environment Internal control requires an adequate Control Environment foundation. The environment reflects top management s expectations for how seriously agency employees should view and execute their fiduciary responsibilities. For example: Management philosophy Reasonable risk Oversight by the Board of Visitors Integrity and ethical values Promoting ethics and appropriate conduct Organizational structure Assignment of authority and responsibility Work force competence Employee development

ARMICS University Level Risk Assessment Risk assessment analyzes potential events and considers their likelihood and impact in order to determine those events possible affect on the achievement of UMW s objectives. For example: The mix of potential events, both expected and unexpected, are relevant to UMW and its activities in the context of the UMW s risk profile. Expected events are routine, and already in UMW s programs and budgets. The risk of unexpected potential events is assessed and considered. A risk assessment is a continuous process, and a repetitive interplay of actions occurring throughout UMW.

ARMICS University Level Control Activities Control Activities are policies and procedures which are implemented to help ensure that risk responses are effectively completed. Control Activities: Occur across UMW, at all levels and in all functions. Range in activities such as: approvals, authorizations, verifications, reconciliations, security over assets and segregation of duties. Provide reasonable assurance that their objectives are met. Categorized by the nature of the objectives to which they relate. Control Activities can be: As simple as listing tasks assigned to staff members, and then occasionally checking to verify completion on time. As complex as duties spread across multiple departments to complete a portion of one task.

ARMICS University Level Information and Communication The Information and Communication component of ARMICS focuses on how relevant information is identified, captured, and communicated in a form and timeframe that enables employees to carry out their responsibilities. An effective information and communication process will assure that all personnel receive a clear message from top management that internal control responsibilities must be taken seriously. UMW needs information to handle risks, provide services, and achieve its objectives. Quantitative and qualitative information comes from internal and external sources. Information enables change management strategy, identifying events, analyzing risks, selecting risk responses, and performing other management activities. Information without communication has no value.

ARMICS University Level Monitoring The Monitoring component of ARMICS assesses the functioning and continuous improvement of internal control components throughout the University. This can only be successfully accomplished through ongoing management activities and/or separate evaluations. Examined from the three perspectives: Ongoing activities Separate comprehensive evaluations Special ad hoc evaluations

ARMICS Departmental Level Departmental Level Survey Departments which process fiscal transactions will be required to complete an ARMICS survey annually. Each survey will be tailored based on the nature of the department s fiscal processes. Survey participants will have the following options when responding: 1 Policy and procedure documentation is very limited 2 Policy and procedure documentation is sporadic or in draft form 3 There is approved comprehensive policy and procedure documentation available. It has been formally communicated, employees have been trained, but it is not being monitored or tested 4 There is approved comprehensive policy and procedure documentation available. It has been formally communicated, employees have been trained, and it is being monitored or tested sporadically 5 There is approved comprehensive policy and procedure documentation available. It has been formally communicated, employees have been trained, and it is being monitored or tested regularly in real time Not Applicable. This control either does no exist, cannot exist, or is not applicable to your department NOTE: in order for survey respondents to score a 3 or above, policy or procedure documentation must exist. The name and location of the documentation must be noted on the survey when scoring a 3 or above.

ARMICS Departmental Level Departmental Survey Information Department heads will be responsible for the survey; however, the survey questions can be delegated to different employees within the department as needed. Each survey will be accompanied by the following resources: ARMICS Glossary: lists and defines the more commonly used phrases in the ARMICS survey Types of Control Activities: identifies and defines the different types of Control Activities used to help ensure the risk responses are effectively carried out Sections Described: identifies and briefly summarizes the different sections of the ARMICS survey ARMICS Scoring Tool: assists survey respondents in determining a score as needed

ARMICS Thank you for your cooperation on this important project for the University of Mary Washington and the Commonwealth of Virginia. Please remember to have your completed ARMICS survey emailed to Laura Tabler-Allison (ltabler@umw.edu) no later March 18, 2011. Feel free to contact Laura with any questions or concerns.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback