Transcript Red River TASBO Internal Control as it Relates to the

Red River TASBO
Internal Control as it Relates to
the School District Audit
Presented by:
Michael D. Edgin, CPA
Edgin, Parkman, Fleming & Fleming, PC
1
Overview
We are going to review:
• History of the Auditor’s role regarding
internal control
• Changes to that role relative to the
Statement on Auditing Standards
2
Historically Speaking
Obviously, Auditors have dealt with
internal control for years. However, there
may be a misconception of the Auditor’s
actual role. Historically, we will look at:
– Government Auditing Standards (GAS)
– Single Audit Act
3
Government Auditing Standards (GAS)
• Management is responsible for establishing and
maintaining effective internal controls over financial
reporting.
• The Auditor must consider internal control over financial
reporting.
• The consideration is for planning and performing the
audit only.
• The consideration is not for expressing an opinion on the
effectiveness of the internal control.
4
Government Auditing Standards (GAS)
• The Auditor will not necessarily identify all deficiencies in
internal control.
• The Auditor is required to report reportable conditions
(now significant deficiencies) and material weaknesses
that come to their attention only.
5
Single Audit
• A Single Audit is required if an entity expends $500,000
or more in a fiscal year in federal programs – not every
school district is required to have a Single Audit.
• Management is responsible for establishing and
maintaining effective internal controls over compliance
with the requirements of laws, regulations, contracts, and
grants applicable to federal programs.
• The Auditor’s focus is only on those grants being tested
(the major programs).
6
Single Audit (Cont’d)
• The Auditor is only required to test those areas that
could have a direct and material effect on the major
federal programs being tested.
• The tests of internal control are made only to determine
the Auditor’s audit procedures for expressing an opinion
of compliance only (not on internal controls).
• No opinion is expressed on the effectiveness of internal
control on compliance.
7
Summary
• The Auditor is not required to test internal controls over
financial reporting in a GAS audit.
• In the past, most Auditors considered the audit risk at
maximum and just performed substantive tests.
• Only in a Single Audit was it required to test internal
controls, but it was limited to compliance with major
federal programs. However, it is up to the Auditor’s
professional judgment on what to test or not.
• However, in all cases the Auditor does not express an
opinion on the internal controls of the District. However,
if the Auditor discovers a weakness in internal control,
the firm must report it.
8
Changes to the Auditing Standards
Effective in fiscal year ended August 31, 2007
and 2008, there are new Statements on Auditing
Standards (SAS) that dramatically impact the
audit as follows:
– SAS No. 112
– SAS Nos. 104-111
– SAS No. 114
9
SAS No. 112
• This new SAS titled ‘Communicating Internal Control
Related Matters Identified in an Audit’ was effective for
the 2006-07 audits.
• It changed the wording and definitions previously used.
• Reportable Conditions changed to Significant
Deficiencies.
• The terminology for Material Weakness did not change,
only the definition.
10
SAS No. 112 (Cont’d)
• However, the definitions of each changed lowering the
thresholds making lesser items significant deficiencies
and material weaknesses.
• For example, if a material audit adjustment is made, by
definition, this has to be reported as a material weakness
in internal control over financial reporting.
• This was mostly a communication requirement. It did not
change the audit approach or process.
11
Risk Assessment Standards
• The new SAS Nos. 104 to 111 are collectively called the
Risk Assessment Standards.
• They are effective for the 2007-08 audits.
• In summary, they require the Auditor to evaluate and
perform audit procedures where there is more audit risk.
• Consequently, there is more emphasis on the planning
process and the District’s internal control.
• The better the entity’s internal control, the less risk, and
visa-versa.
• The Auditor is still not expressing an opinion on internal
control over financial reporting under GAS or internal
control over compliance in a Single Audit.
12
Risk Assessment Standards (Cont’d)
• However, the Auditor will focus more on internal control
and perform additional procedures compared to the prior
year.
• The most notable procedure required is called a ‘walkthrough’.
• Walk-throughs are required for each major transaction
cycle.
• The Auditor will select an actual transaction and walk it
through the accounting process to ensure the entity is
doing what it says it is doing. For example, if a District’s
policy is to vouch the quantities received to the quantities
invoiced by the vendor, then the Auditor should be able
to see the documentation of the procedure in the
accounting records.
13
Risk Assessment Standards (Cont’d)
• Consequently, the Auditor will spend more time in the
audit planning phase getting more specifics on the
procedures in place and testing them through the walk
throughs.
• What could happen this year is more findings relative to
internal control since more procedures are being
performed.
14
SAS No. 114
• This Auditing Standard is labeled ‘The Auditor’s
Communication with Those Charged with Governance’.
It is effective for the 2007-08 audits.
• For school districts, those charged with governance
would be the District’s Board of Trustees.
• Its goal is to create a better working relationship between
the Auditor and the Board of Trustees.
• It requires the communication of the following:
– Auditor’s responsibilities under generally accepted
auditing standards,
– Overview of the planned scope and timing of the
audit, and
15
– Significant findings from the audit.
SAS No. 114 (Cont’d)
• Significant findings from the audit include:
– Significant difficulties encountered during the audit.
– Uncorrected misstatements.
– Disagreements with management.
– Other findings on issues arising from the audit that
are, in the professional judgment of the Auditor,
significant and relevant to the Board of Trustees
regarding their oversight of the financial reporting
process.
16
SAS No. 114 (Cont’d)
• What all of this means is that some things that have
historically only been discussed with District
management will be required to be communicated to the
Board of Trustees in writing.
• EPFF actually implemented this SAS last year to
coincide with SAS 112.
17
Summary
• There are no new requirements to express an opinion on
internal control.
• However, the Auditor will be spending more time
understanding and possibly testing internal control.
• More findings and/or comments may result from the
increased procedures.
• In my opinion, internal control is a process, and changes
from time-to-time. That is why we performed interim
audit procedures on all of our audits last year. If
something surfaced at interim, we encouraged action to
be taken by year-end to avoid any findings, significant
deficiencies, and/or material weaknesses.
18
What Can Your District Do?
• Review the District’s procedures manual and determine
if you are really doing what your documentation states.
• If your procedures are not in writing, consider doing so.
Therefore, regardless of personnel changes, training,
etc., there is a single resource that clearly documents
what should be done.
• Make sure the procedures performed are clearly
documented for a third party to see.
• If your auditor does not perform interim audit procedures
at your district, you may consider it. It will help identify
any potential concerns so actions can be taken to correct
them prior to the year-end audit procedures.
19
Questions?
Thank you!!
20