Transcript Slide 1
Office of the Under Secretary of Defense (Comptroller) FIAR* in the Field Preparing for Financial Statement Audits Mark E. Easton Deputy Chief Financial Officer Office of the Under Secretary of Defense (Comptroller) June 2010 7/21/2015 2:03 AM * Financial Improvement and Audit Readiness 1 Agenda • The “FIAR” Drill • What it Means to You (FIAR in the Field) • How We Will Achieve Auditability • Change Management • Why FIAR is Important 7/21/2015 2:03 AM FIAR in the Field 2 The “FIAR” Drill 7/21/2015 2:03 AM 3 What Is It • Financial Improvement and Audit Readiness (FIAR) – Improve business and financial processes, controls, systems, and data to achieve accurate, reliable, and timely financial information for decision makers – Validate improvements through financial statement unqualified audit opinions • FIAR goals – Achieve and sustain audit readiness – Achieve and sustain unqualified assurance on the effectiveness of internal controls – Attain Federal Financial Management Improvement Act compliance Congress requires DoD audit readiness by 2017. 4 Why Is it So Hard? • DoD is enormous – 3 MILDEPs, 18 Defense Agencies, 10 Field Activities, 8 other Defense organizations, and 10 Combatant Commands – Larger annual budget than the largest corporations and most countries – Millions of military, civilian and retired people; over a trillion dollars in assets; diverse mission support and business activities; thousands of business systems; worldwide footprint • Requires much change – Policies and regulations must conform with GAAP; processes and systems must be modernized; risks must be assessed; controls must be tested and strengthened; and people need to change the way they do business. DoD does not have much audit experience, and must learn and prepare for future audits. 5 What Is Our Approach? • Focus first on information used to manage the DoD – Budgetary Information (Waves 1 & 2) – Mission Critical Asset Information (Wave 3) FY 2017 Incremental and Prioritized Approach to Achieve Auditability 6 How We Will Get It Done Utilizing a standard phased methodology, detailed guidance, and assistance from OUSD(C)/FIAR – – – Defined Key Tasks and Outputs Key Control Objectives and Key Supporting Documentation Standard Component Financial Improvement Plans (FIPs) FIPs Maintained in Web-based Tool Phases Seven Distinct Phases Key Tasks – – Evaluation & Discovery Corrective Action Evaluation Assertion Sustainment Validation Audit Statement to Process Analysis Design AuditReady Environment Testing Compile Process, Control & System Documentation Ongoing Testing Assertion Documentation Review Engage Auditor Prioritization Develop Corrective Action Plan Decision Compile Supporting Documentation Ongoing Corrective Actions Assertion Examination Support Audit Assess & Test Controls Resourcing Evaluate Supporting Documentation Execute Auditor Issues Report Define AuditReady Environment Legend • Audit readiness tasks Audit readiness tasks that are utilized for ICOFR requirements Collaboratively developed methodology, endorsed by the Audit Community. 7 What it Means to You (FIAR in the Field) 7/21/2015 2:03 AM 8 Your Worst Inspection Nightmare • You are informed that your field unit is to be inspected next Monday – You and your unit work like dogs to prepare • • • • Unit properly manned, trained, and prepared for its mission Required supplies, equipment, and facilities on hand and in good working order Records up-to-date, organized, and available Monday – Inspection Day Arrives – Auditors swarm in and – – – mission/training temporarily stops Auditors appear suspicious and are taking a lot of notes Inspection day seems to never end Auditors leave only saying when to expect their report 9 Similarities to Financial Statement Audits • Financial Statement Audits are “inspections” involving entire organizations and potentially last all year. – Similarities: • • • • • – Issues cannot be addressed after the inspection/audit starts Control environment impacts amount of testing and verification Supporting documentation must be readily available Accountability of supplies, equipment and facilities (existence and completeness) Condition (e.g., impairment) of (capitalized) assets Differences: • Entire organization (unit) is not involved in the audit • Capability to accomplish mission (i.e., readiness) does not impact a financial statement audit 10 Inspection Every Day • Field-level business and financial personnel must maintain an “inspection every day” work ethic. – Business personnel: • Business events must comply with regulations (e.g., issuance and receipt of goods, equipment disposal) • Business activities must comply with regulations (e.g., purchase requests, contract preparation, property transfers, periodic physical inventories) – Financial personnel: • • • Transactions must be timely and accurately recorded Transactions must be supported by appropriate documentation Reconciliations and adjusting entries must be supported by detail records Cannot “Cram” for a Financial Statement Audit 11 Sustaining Auditability • Sustaining auditability is predominantly a field-level responsibility. – It is a shared responsibility of both business and financial personnel. – Most business events that trigger financial transactions occur in the field. – Risks must be regularly evaluated, especially if there are changes to processes and systems. – Implementing and testing controls to mitigate risks must be performed on field-level business and financial processes. Sustaining auditability is a daily requirement. 12 How We Will Achieve Auditability 7/21/2015 2:03 AM 13 Keys to Successful Audits • Process and System Modernization – Field-level processes and systems need to change and are in the process of change. • Strong Control Environment – Controls for processes and systems that are not changing must be tested and strengthened. – Controls for new processes and systems must be implemented. • Change Management – Business & financial organizations and people are being impacted by the changes. Must Change How We Conduct Our Business 14 Process and System Modernization • Successful audits require sound end-to-end business processes. – • Where ERPs are being implemented, they are impacting end-to-end processes, and achieving what we call an Audit Ready Environment. – • Business events and supporting documents must be linked to the general ledger and financial statements. Achieving an Audit Ready Environment is very challenging. ERPs are only part of the business process; the key is integrating all parts of the process to support operational needs (the mission), while also supporting financial audit needs. Examples: – – Receipt of goods or services almost always occurs before an invoice is paid, but the event is not always recorded in the general ledger, and the documentation is often not readily available. Contracts are adjusted or completed, but obligations are not always adjusted if the contract is not closed out. 15 Strong Control Environment • Business AND financial controls are required for successful audits. – Shared responsibility to routinely evaluate risks and test controls • Effective field-level controls reduce risks that impact auditability (e.g., segregation of duties – segregate property custody from record-keeping responsibilities). – Auditors apply a “top-down approach” to understanding internal control by starting with financial statements at the “top” and working “down” to the individual controls (field-level). – Field-level controls minimize the risk of “what can go wrong” and result in transactional validity / integrity. A strong control environment is essential to auditability. 16 Change Management 7/21/2015 2:03 AM 17 Change Management • Business community must acknowledge and take a shared responsibility for achieving and sustaining auditability. • Field-level business and financial personnel must be aware and care about the impact of their role on auditability. Change is hard, but essential to achieve FIAR goals. 18 DoD Business “Control Continuum” No Assurance “Playground Rules” Qualified Assurance Current State Reasonable Assurance Absolute Assurance Financial Auditability Nuclear Reactor Safety FFMIA Compliant GAP No Control (Anything Goes!) “Closing the Gap” Will Mean: • More standard processes • Implementing more capable systems • Controls that are in place and tested Complete Control “Closing the Gap” Represents Opportunities for: • Improved operational efficiency • Reduced vulnerability to fraud/waste • Sustained public trust/confidence Goal is to Improve the Quality of Information Used for Decision Making 19 Why Is FIAR Important? • Warfighter excellence is supported by effective and efficient business processes and systems, strong internal controls, and our efforts to achieve clean audits, which are already producing results. – Timely and accurate business and financial information enhance Commanders’ decision making. – Sound processes reduce ineffective program/project execution. – Cost savings permit fund redistribution to support Warfighter requirements. We owe it to our Warfighters to achieve auditability. 7/21/2015 2:03 AM 20 Questions? 7/21/2015 2:03 AM FIAR in the Field 21