INTERNAL CONTROLS AUDITOR JOHN BYRD, SENIOR AUDITOR TONYA CARRIGAN, SENIOR AUDITOR

Similar documents
Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

GAIT FOR BUSINESS AND IT RISK

The most commonly applied model for designing and auditing internal

38 Years of Excellent Client Service New COSO Model and How Internal Controls Help to Reduce Opportunity for Fraud

PREPARING A RISK BASED AUDIT WORK PROGRAM

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

PART 6 - INTERNAL CONTROL

Evaluenz Special Edition on Internal Controls Over Financial Reporting (ICFR) 2016

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Internal Controls. June-20-17

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

Private Company Services. Private companies: are your internal controls supporting your business strategy?*

Internal Controls: Need Them, Have Them, Love Them

Diving into the 2013 COSO Framework. Presented by: Ronald A. Conrad

Implementation Tool for Auditors

Internal Control Questionnaire and Assessment

Internal Control Questionnaire and Assessment

SOX perspective of internal control & COSO, COBIT Control frameworks.

Internal Controls: Providing an Effective Control Environment. Why This Session Is Needed. Lesson Overview & Module Objectives

Committee for Senior Business Administrators. Segregation of Duties

9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History

Internal Controls Integrating COSO

Internal Controls and the Internal Auditor. Presented By: Richard Kudlik, CPA

Using the COSO Map. Unpublished Article By Larry Hubbard

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

The Basics of Internal Controls & Segregation of Duties

Community Bankers Conference

Seminar Internal Control Identification and Filtering

BUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017

29 th Regional Conference of WIRC

Internal Control Systems

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

Protecting Fixed Assets: Internal Controls for Non Profits

Risk Management. Body of Knowledge Review Based on the 2014 ACMPE Exam Blueprint

POLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT

INTERNAL CONTROLS 101

audit typology 115 audit universe 101 data and information pool 103 definition 101 structure and content 101

Private Client Services Are your internal controls supporting your business strategy?*

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

A Discussion About Internal Controls February 2016

1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.

Internal Controls for Deans, Directors and Chairs

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

Diocese of Covington Policies & Procedures Manual Section: Compliance Accounting Policy: Internal Control & Segregation of Duties

Common Questions on Segregation of Duties

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Internal Audit How the Internal Audit Function Facilitates Internal Controls. Office of the City Auditor City of Tallahassee

Navigating the PCAOB s and SEC s internal control expectations A discussion. June 2015

Guide to Internal Controls

A-9: Audit Committee Effectiveness

Internal Control in Higher Education

Common Questions on Segregation of Duties

The Internal Control Framework

Quality Assessments what you need to know

Understanding Internal Controls Office of Internal Audit

Practices in Enterprise Risk Management

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Road to Self Governance

AUDITING. Auditing PAGE 1

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Internal Auditing 101 with Panel Discussion. VGFOA Virginia Beach May 2013

COSO Updates and Expectations. IIA San Diego Chapter January 8, 2014

Strengthening Business Practices:

Success in Joint Ventures: Sustained Compliance and Audit Oversight

WHITE PAPER INTERNAL CONTROL WITH ADRA

INTERNAL CONTROLS ON OUR CAMPUS. Kara Kearney-Saylor Director of Internal Audit, UB

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

[RELEASE NOS ; ; FR-77; File No. S ]

OPERATIONAL RISK EXAMINATION TECHNIQUES

POSITION DESCRIPTIONS

Business Benefits by Aligning IT best practices

APPENDIX 2 COMMUNITY DEVELOPMENT COMMISSION FINANCIAL CHECKLIST REQUIRED FOR ALL APPLICANTS (A SITE VISIT MAY BE CONDUCTED LATER)

Analyzing and improving operational processes

SEGREGATION OF DUTIES for SAP

Internal Controls and Fraud Risks

After completing this Session, you should be able to answer the following questions:

PART 1: REVENUE INTEGRITY PROGRAM DESIGN, PROCESS AND IMPLEMENTATION CAROLINE RADER ZNANIEC OWNER/FOUNDER LUNA HEALTHCARE ADVISORS

Office of the City Manager

FRAUD AWARENESS UPDATE

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 3 STATE OF IOWA OCTOBER 24-25, 2012 INTERNAL AUDIT REPORTS ISSUED

3/17/2016. Unleashing the Power of Data Analytics Presented to: 2016 Compliance Institute. Today s Agenda. What Makes CHAN Healthcare Unique

We will be pleased to discuss the attached comments with you and, if desired, to assist you in implementing any of the suggestions.

GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA

GFMIS. MIS MIS - BW SEM Operating System SAP R/3 (GFMIS) FI CO. e-payroll, e-pension AFMIS. ก ก (e-catalog,e-shopping list

Alyssa G. Martin, CPA Brandon Tanous, CIA, Using the COSO CFE, CGAP, CRMA Framework to Develop a Strong and Preventive Control Environment

ADMINISTRATIVE RESPONSIBILITIES FOR UNIVERSITY AND COLLEGE ADMINISTRATORS, DEPARTMENT HEADS, AND DIRECTORS

CHAPTER 2 THEORETICAL FOUNDATIONS. organization which responsible to record and employs physical resources and other

SAMPLE BEC SuperfastCPA Review Notes

INTERNAL CONTROL HANDBOOK

Assistance Options to New Applicants and Sponsors in connection with Internal Controls over Financial Reporting

Risk management. Risk management system

EY Center for Board Matters. Leading practices for audit committees

Company LOGO C B T. An Educational Computer Based Training Program

Financial Controls Checklist

Defining Payroll Process

Financial Statement Close Process

Auditing Standards and Practices Council

Transcription:

1 INTERNAL CONTROLS FOR THE BEGINNING AUDITOR JOHN BYRD, SENIOR AUDITOR TONYA CARRIGAN, SENIOR AUDITOR UF HEALTH SHANDS HOSPITAL AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org

Two Academic Medical Centers with Level 1 Trauma Centers UF Health Shands Hospital UF Health Jacksonville Hospitals UF Health Shands Cancer Hospital UF Health Shands Children s Hospital UF Health Rehab Hospital UF Health Shands Psychiatric Hospital UF faculty physicians provide outpatient care in more than 80 UF Clinics

3 Audit Services Provides Audit Services to all Shands Hospitals Provide approximately 2,200 Hours Annually to the External Audit Department 1 Director IT Audit Manager 6 Senior Auditors 1 Staff Auditor

4 Better Known for:

5 Presentation ti Objectives: Explain the relationship between risk and control Provide an understanding di of internal controls Explain the importance of implementing an internal control framework Learn to identify internal controls within processes Examine and understand d common controls

Adding Value 6 Internal Auditors Can Add Value by: Reviewing Critical Control Environments and Risk Management Providing Advice on Control System Improvement and Design Implementing Risk-Based Audit Approach Directing Audit Resources to Most Important Areas of the Organization

7 Objectives and Risk Objective: All businesses have an objective In healthcare it is usually to Deliver Quality Patient Care Risks: Enterprise Risk Management ERM Framework for management to identify risk

8 Internal Controls to the Rescue

9 Internal Controls COSO Definition It Internal control is broadly defined d as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1. Effectiveness and efficiency of operations. 2. Reliability of financial reporting. 3. Compliance with applicable laws and regulations.

10 Internal controls include: Definition Continued Promoting efficient and effective operations Safeguarding organizational resources Increasing reliability of information Rd Reducing surprises and unexpected outcomes Assuring compliance with policies, procedures and applicable laws and regulations

11 Control Framework Established process for the application and testing of an organization s control environment

12 COSO and COBIT COSO Committee of Sponsoring Organizations of the Treadway Commission Jointly Sponsored by: Five Organizations Including the IIA The Institute t of Internal Auditors COBIT COBIT 5 is the latest edition of ISACAs ISACA s globally accepted framework Provides framework for IT Control Testing

COSO Framework 13 New Frame work introduced in 2013 Control Environment Risk Assessment Control Activities Information and Communication The COSO Cube Monitoring Activities COSO Executive Summary

Control Environment 14 Sets the Tone for an organization Provides Structure Management s philosophy, assigned responsibilities COSO Executive Summary

15 Control Environment Examples Examples: Tone at the Top Internal Control Policy Compliance Program Code of Conduct

16 Risk Assessment Established objectives linked at different levels Identification of relevant risk to the achievement of the objectives Special risk are those specific to an industry COSO Executive Summary

17 Risk Assessment Mechanism to Identify Risk Control Self Assessments Meetings with Management Risk Matrix ERM Enterprise Risk Management COSO Executive Summary

18 Control Activities Policies and Procedures that help mitigate risk and assist management in meeting their hi objectives Heart and Soul of control testing

19 Control Activities Examples Examples: Approvals/Authorizations Reconciliations Segregations of Duties Verifications Security of Assets

Information and 20 Communication Necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives Communication is the continual process of providing, sharing, and obtaining necessary information COSO Executive Summary

21 Examples: Information and Communication Present properly the transactions and related disclosures in the financial statements Provide and communicate relevant and accurate information to enable decision making

COBIT 22 Based on 5 Principles Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to-End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance From Management http://www.isaca.org ISACA.org

TYPES of CONTROLS 23 Preventative Designed to prevent errors or irregularities Approvals Segregation of Duties (SOD) Detective Designed to detect errors or irregularities Reconciliations Cash Counts

TYPES of CONTROLS 24 Corrective Designed to correct errors or irregularities Insurance Policy Compensating For inadequate control environment Management Review

25 Limitations of Controls Existence of the inherent limitations it ti No Absolute Assurance Cost/Benefit Human element Collusion Judgment Management M t Override Breakdowns

26 Identifying i Controls and Controls by Area

27 Key and Non-Key Key Controls Significant controls within the business process, which if operating correctly will both ensure and give assurance that the organization is achieving its key business objectives [1] Provide reasonable assurance over the reliability of financial i reporting and the preparation of the financial i statements (ICFR) Non-Key Still Important Key Controls, The Solution for Sarbanes-Oxley Internal Control Compliance by James Brady Vorhies, CIA,CISA,CPA Institute of Internal Auditors Research Foundation

28 Considerations When Identifying Controls Where are the points in the flow of transactions where errors can occur? Who performs the control? Does the control depend on IT? What could go wrong?

29 Tools Risk Assessments Narratives Walk-Throughs Flow Charts

30 Risk Assessments Internal Control Self Assessments Meetings with Management Risk Identified from Other Audits Known Rik Risk within ihi the Id Industry

31 Narratives Narratives Describes a Process From Beginning to End Details Significant ifi Steps within the Process Identifies Key and Non-Key Controls Helps to Identify Gaps Ongoing and Updated on an Annual Basis

32 Walk-Throughs Walk-Throughs Begins at Initiation of Major Class of Transactions Walk-Through One Transaction Question Personnel on Important Processing Controls Identify Exceptions to the Identified Process

33 Flow Charts Flow Charts Use Basic Type of Flow Chart Functional Atiiti Activities It Interactt Process Sequence and Relationships Keep it Simple Map the Important Processes Identify Key Controls Use Software for Assistance eg: Visio

34 Significant Areas ITGC General IT Controls Revenue Ancillary Pharmacy Operating Rooms Labs

35 Expenditures Payroll Accounts Payable Fixed Assets Inventory T reasury Financial Reporting Quality and Governance Significant Areas

36 ITGC General IT Controls ITGC General IT Controls Segregation of Duties Application Controls Access Controls Privileged Accounts Disaster Recovery Management

37 Patient Revenue Patient Revenue A/R Reconciliations Valuation of Bad Debt/Contractuals Medical Records/Coding di Billing Charge Capture

38 Expenditures Expenditures Accounts payable Purchasing Purchasing cards

HR and Payroll 39 HR and Payroll Hiring Payroll Processing Training i Pension Other

40 Fixed Assets Fixed Assets Acquisition Depreciation Fixed Asset Reconciliation Monthly reconciliation to detail Other

41 Inventory Acquisition Consignment Perpetual Records Other Inventory

Financial Reporting 42 Financial Reporting Balance Sheet Account Reconciliations New G/L Accounts and Cost Centers Monthly Financial Statement Review Journal Entries

43 Treasury Treasury Wire Transfers Investments Cash collections Other

Pharmacy 44 Pharmacy Policies and procedures SOD Monitoring of Controlled Substances ADC Inventory Formulary

45 OR/Surgery OR/Surgery Policies and procedure over: Start and Stop Times Vendor Access Room Scheduling Preference Cards Patient Identification and Safety Completion of the Charge List

46 Other Ancillary Labs/Radiology/Cardiology Charge Capture Reconciliation Policies and procedures PFS/Admissions Plii Policies and Procedures Proper Financial Class Assignment on Admission Pre-Certs and Authorizations Billing Edits Denial Tracking

47 Quality and Governance Policies and Procedures SOD Quality and Governance Prevention of Readmissions Incident Reporting Disaster Drills Regulation Compliance

52 TIPS Beware of Reliance on System Controls Always Maintain Healthy Skepticism Trust but Verify Know Your Business Balance Your Control Count Think Critically Remember the IIA Code of Ethics

53 Thank You UF Health Shands Hospital John Byrd, Senior Auditor byrdjh@shands.ufl.edu Tonya Carrigan, Senior Auditor carrit@shands.ufl.edu

Save the Date September 21-24, 2014 33 rd Annual Conference Austin, Texas 54

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback