KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller



Similar documents
Fraud Awareness and Prevention Program Report

Internal Control - Integrated Framework

COSO Internal Control Integrated Framework (2013)

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

Audit of the Policy on Internal Control Implementation

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Standards for the Professional Practice of Internal Auditing

Guide to Internal Control Over Financial Reporting

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

[300] Accounting and internal control systems and audit risk assessments

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

KAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls

A Risk-Based Audit Strategy November 2006 Internal Audit Department

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

Property Room. Records Management System

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

KAREN E. RUSHING. Audit of Purchasing Card Program

Internal Control Questionnaire and Assessment

Mecklenburg County Department of Internal Audit. Park and Recreation Department Contract Management Investigation Report 1401

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

[RELEASE NOS ; ; FR-77; File No. S ]

Table of Contents: Chapter 2 Internal Control

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

Fraud Control Theory

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 315

Mecklenburg County Department of Internal Audit. Business Support Services Agency Fuelman Gas Card Investigation Follow-Up Audit Report 1467

Guidelines for Internal Control Standards for the Public Sector

Internal Control Guide for Managers

Comprehensive Risk Assessment and Developing the Audit Plan

Training and Human Resources Manager

How To Audit A Company

Audit of the Test of Design of Entity-Level Controls

ENTERPRISE RISK MANAGEMENT POLICY

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

Enterprise Risk Management

JOB POSTING FY 14/15 MARCH 26, 2015 REVENUE ACCOUNTANT #3315 FINANCE DEPARTMENT

Fundamental Principles of Public-Sector Auditing

J u n e N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

AHIA HCCA Auditing & Monitoring Focus Group Defining the Key Roles and Responsibilities Corporate Compliance and Internal Audit.

Fraud Risk Management

Enterprise Risk Management

The California State University Office of Audit and Advisory Services CSU COLLEGE REVIEWS. Systemwide

WFP ENTERPRISE RISK MANAGEMENT POLICY

CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT

SECURITY RISK MANAGEMENT

INTERNAL CONTROL AND ENTERPRISE RISK MANAGEMENT NO. П4-01 П-01 REVISION1.00

FEI Canada. Fraud Prevention. Presented by: Matthew McGuire and Leigh Beijer. Date:

Integrated Risk Management:

Fraud Prevention and Deterrence

How To Audit A Financial Statement

JOB DESCRIPTION HUMAN RESOURCES GENERALIST

Operational Risk Management Program Version 1.0 October 2013

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

RULES OF THE AUDITOR GENERAL

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Identifying and Assessing. Understanding the Entity

Office of the Director of Audit. Harmonized Audit Manual

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

Standards for Internal Control

ERM Program. Enterprise Risk Management Guideline

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

Communicating Internal Control Related Matters Identified in an Audit

Internal Audit Manual

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

STATE EDUCATION DEPARTMENT WRITTEN SUPPORT OF INTERNAL CONTROLS OVER THE STATE AID MANAGEMENT SYSTEM. Report 2006-S-32

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200

PRACTICE ADVISORIES FOR INTERNAL AUDIT

COUNTY COMMISSIONERS OF MANATEE COUNTY, FLORIDA, AUTHORIZING CERTIFICATES

GLOBAL FINANCIAL PRIVATE CAPITAL, LLC. Job Description. JOB TITLE: Compliance Director

Internal Control Systems

Transcription:

KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller 2000 Main Street P.O. Box 3079.Sarasota, FL 34230-3079 Phone: 941-861-7400 www.sarasotaclerk.com TO: Sue Marcinko, Executive Director, Talent and Performance Management FROM: Heidi Pinner, CIA MBA, Internal Auditor THROUGH: Mark R. Simmons, CIA CFE, Director, Internal Audit DATE: September 14, 2010 SUBJECT: PROJECT 2010-220: Audit Assessment of HR Source and Manage Talent We recently engaged the management team of the HR Source and Manage Talent business process in a control assessment. This assessment was based on ninety critical control principles of the COSO Management Control Framework (see attached) and included an evaluation and discussion of the how the control principles have been implemented within the business process. Overall the managers of the HR Source and Manage Talent business process assessed and identified the departments control structure as substantially developed and working as expected or better than expected. Potential areas of discussion which arose as a result of the assessment include: Control Environment: Control Principle: The organization and structure of the business process unit facilitates reporting and other communications important to key compliance and operational control objectives. Managers believe that the organizational structure would be most efficient if all HR personnel were physically centralized and are currently working towards this goal. Risk Assessment: Control Principles: The responsible business process owner has established an appropriate range of risk tolerance for this business process unit's important data and reports. This business process unit's important compliance data and reports make use of an established range of risk tolerance to identify variances for further investigation. This business process unit's operational data and reports reflect an established range of risk tolerance. While the managers feel that sufficient information and data is available to monitor and manage the operational and compliance objectives of the department, they did indicate that these management reports do not specifically include an established range of risk tolerance.

Information and Communication: Control Principles: Reporting triggers relevant to this business process unit prompt exception analysis and resolution, root-cause analysis, and control update, if needed. Again, while the managers believe that sufficient information is collected and monitored to manage the department s risks; predetermined reporting triggers are not built into the management reports used by the business process. cc Karen Rushing, Clerk of the Circuit Court and County Comptroller Jim Ley, County Administrator Dave Bullock, Deputy County Administrator Mary Sassi-Furtado, Director, Strategy and Management Services Pete Ramsden, Finance Director, Clerk of the Circuit Court and County Comptroller Clerk of Circuit and County Court Clerk of Board of County Commissioners County Comptroller; Auditor and Recorder

Criteria for Evaluation of Management s Control of Business Risk The Nature of Internal Auditing Internal auditing is an integral part of the constitutional duties assigned to the Clerk of the Circuit Court and County Comptroller as Auditor of the Board of County Commissioners. The Clerk s internal audit department provides independent, objective assurance, attestation, and other services designed to add value and help improve County operations. This is accomplished by bringing a systematic, disciplined approach to evaluate the effectiveness of County business risk management, control, and business-governance processes. Our audit work is performed under guidance provided by the professional auditing standards of the Institute of Internal Auditors and the U.S. General Accountability Office. The Nature of Business Risk Management, Control, and Governance Processes Business risk management, control, and governance processes are all those activities designed and engaged in by the Board of County Commissioners, County Administration, executives, directors, and staff to provide reasonable assurance of (1) reliable financial and operating data and reports, (2) compliance with laws and regulations, (3) effective and efficient business practices, and (4) sound stewardship of the public resources and assets entrusted to them. Reasonable assurance that these core business objectives can be achieved is dependent upon the presence of the five components of management control listed below: The Control Environment Risk Assessment Practices Control Activities Information and Communications, and Monitoring Activities. To control business risk, all five components must operate effectively and in unison, and all County employees share in that responsibility. Please read pages 2 and 3 of this attachment for additional information. The Nature of Reportable Issues The Institute of Internal Auditors defines these as situations that are of such significance that they require the attention of the senior leadership. Critical Conditions Any condition that has caused, or is likely to cause, errors, omissions, fraud or other adversities of such magnitude as to force immediate corrective actions to mitigate the associated business risk and possible consequent damage to the organization. Important Conditions Any condition that has caused, or is likely to cause, errors, omissions or other adversities that increase business risk and possible consequent damage to the organization, but does not require immediate corrective actions to mitigate the associated impact on operations or outcomes. Important conditions require attention within the short term (typically less than one year from disclosure). The Nature of Opportunities for Enhancement These represent improvements to the system of management control that the responsible manager may wish to consider as time and resources permit. Internal Audit Department - Clerk of the Circuit Court and County Comptroller Page 1 of 3

DEFINITION OF MANAGEMENT CONTROL Management control is broadly defined as a process, affected by managers and other people, that provides reasonable assurance of achieving the three primary objectives for which all businesses strive: Effective and efficient operations, including achievement of performance goals and safeguarding of assets against loss Compliance with laws and regulations Reliable operational and financial data and reports COMPONENTS NECESSARY FOR EFFECTIVE MANAGEMENT CONTROL The CONTROL ENVIRONMENT The foundation for effective control. It sets the tone for the organization, and influences the control consciousness of its people. It addresses: Integrity, ethical and cultural values Competence of the organizations' people The manager s philosophy and operating style Assignment of authority and responsibility Organization and development of human resources The attention and direction given by senior management RISK ASSESSMENT The process of recognizing and prioritizing operational risks and obstacles. Statement of clear objectives Recognition of critical risks and obstacles Identification of factors critical for success Identification of significant changing conditions CONTROL ACTIVITIES Flow from Risk Assessment. Control Activities are the policies and procedures that managers establish to minimize risks and obstacles to desired outcomes. Examples include: Guidance, processes and practices Safeguarding resources Information systems and processing controls Approvals, authorizations, verifications, and reconciliations Division of work and separation of responsibilities INFORMATION and COMMUNICATION Provide the knowledge people need to meet responsibilities. The systems of information gathering The systems of internal/external communications flowing down, across and up the organization Internal and external data for decision-making Employees understanding of their control responsibilities Employees understanding how their work fits into the big picture MONITORING ACTIVITIES Involve assessment of control effectiveness by appropriate people on a timely basis. Measurement of outcomes Comparison of expected and actual results Performance comparisons and variance analyses Review of work assignments Upward reporting to senior management of significant concerns and issues Internal Audit Department - Clerk of the Circuit Court and County Comptroller Page 2 of 3

CRITERIA FOR ASSESSMENT OF EFFECTIVE MANAGEMENT CONTROL Management control can be judged effective if the responsible managers and senior leadership have reasonable assurance that they understand the extent to which desired outcomes are being achieved; the extent to which operational and financial data is being prepared reliably; and the extent to which legal and regulatory requirements are being met. This reasonable assurance exists when the five components of control are present and operating effectively. When this happens, the system of control should bring to light and routinely correct any critical or important conditions. These would be events that are likely to cause errors, omissions or other adversities of such magnitude that prompt corrective actions are required to mitigate the associated business risk and possible consequent damage. The expectation is that, in the normal course of operations, critical or important conditions can be identified, addressed and corrected; and not allowed to become persistent or pervasive. When significant issues are not detected and corrected, or when they become persistent or pervasive, then it can be inferred that operations are out of control. Should any one of the five components of the control framework be absent or seriously flawed, then it would be highly unlikely that effective control could exist. In practice, the need for efficient operations implies that the benefits derived from controls should exceed the cost to implement and maintain control processes. This acknowledges that there is a certain amount of residual risk associated with an effective system of management control. INHERENT LIMITIATIONS The effectiveness of controls changes over time. Moreover, controls designed to prevent all problems would not be cost effective. Limitations which may hinder the effectiveness of a system of controls include resource constraints, faulty judgments, unintentional errors, circumvention by collusion, and management overrides. The presence of these limitations may not always be detected by the audit process. Internal Audit Department - Clerk of the Circuit Court and County Comptroller Page 3 of 3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information