Centralized Billing and Receivables (CBR) Audit Report Report # 4/15 March 6, 2015

Similar documents
Loan Services - audit and Control Style

Financial Statement Closing Process Audit Report Report Nr. 3/14 August 26, 2014

Credit Granting and Underwriting Commercial Markets & Corporate and Asset Backed Lending Final Audit Report Report Nr.

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

Trade Finance Obligations (TFO) Credit Granting, Underwriting and Monitoring Final Audit Report Report Nr. 19/13 May 1, 2014

Quarterly Administrative Follow-Up Audit Quarter Ended December 31, 2011 January 18, 2012 Report Nr 1/12

Data Warehouse Management Final Audit Report Report Nr. 8/13 November 12, 2013

Company Information Management (CIM) Audit Report Report # 2/15 March 11, 2015

How to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

FINANCIAL MANAGEMENT POLICIES AND PROCEDURES

Audit, Risk Management and Compliance Committee Charter

Board Risk & Compliance Committee Charter

THE OFFICE OF THE INTERNAL AUDITOR STATUS UPDATE MARCH 11, 2014

Department of Developmental Disabilities Accounts ReceivableAudit

Medical Mutual Liability Insurance Society of Maryland

Revised May Corporate Governance Guideline

September 8, Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee:

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

Risk and Audit Committee Terms of Reference. 16 June 2016

MUNICIPALITY of COLCHESTER PURCHASING CARD POLICY. January 2006

Table of Contents: Chapter 2 Internal Control

CREDIT CARDS CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report June 28, 2013

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015

Physician Receivables Credit Balance Management Processes Audit & Management Advisory Services Project B

DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Appendix 1b REVIEW OF CHEQUE HANDLING PROCESS

Department of Commerce Industrial ComplianceAudit

Antifraud program and controls assessment grid*

AMTRUST FINANCIAL SERVICES, INC. AUDIT COMMITTEE CHARTER

OFFICE OF THE STATE COMPTROLLER

Internal Audit Final Report Strategic Finance Accounts Receivable March 2014

Statement of Guidance: Outsourcing All Regulated Entities

Chapter 14 Auditing the Revenue Cycle. Ics in sales are designed to achieve these seven objectives:

BDO Consulting. Segregation of Duties Checklist

How To Set Up A Committee To Check On Cit

A GUIDE TO YOUR ACCOUNTS RECEIVABLE INSURANCE POLICY

Audit Committee Charter

Rules of the Life Insurance Fund On the Receipt, Payment, and Keeping of the Capital B.E

THE NEW YORK TIMES COMPANY AUDIT COMMITTEE CHARTER (Last amended February 21, 2013)

Audit of the Administrative and Loan Accounting Center, Austin, Texas

November 6, Joint Committee on Finance. Bob Lang, Director

Internal Controls over Cash for Small Nonprofits

THE UNIVERSITY OF MICHIGAN IDENTITY THEFT PREVENTION PROGRAM

One source. One amazing service. Procurement Process and the Sarbanes-Oxley Act

Third Party Relationships

LIST OF AVAILABLE COURSES

Internal Audit Quarterly Report University of Missouri June 2014

Final. Internal Audit Report. Creditors System

Community Ambulance Service District

Audit Program for Prepaid Expenses and Other Assets

Recommendations for Improving Purchasing Card Procedures

Financial Services Authority. Guide to Client Money for General Insurance Intermediaries

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Chapter 18 Auditing Investments and Cash Balances

INTERNAL CONTROL QUESTIONNAIRE OFFICE OF INTERNAL AUDIT UNIVERSITY OF THE VIRGIN ISLANDS

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

BYLAWS. OPC FOUNDATION (an Arizona Nonprofit Corporation) ARTICLE I OFFICES, CORPORATE SEAL, OFFICIAL LANGUAGE

GOVERNANCE COMMITTEE 16 JULY 2014

INSURANCE AGENCY AGREEMENT

Risk assessment checklist - Revenue cycle


Information Commissioner's Office

Ali Chalak, Manager. Top 10 Audit Findings

INTERNAL CONTROL POLICIES

Auditing Treasury Activities. Devina Rankin Assistant Treasurer

Accountants Application Form

The Beneficiaries, Total Premium and Premium Payment Frequency shown are as of the Policy Summary date at the top of this page.

Accounts receivable/credit & collections audit program

Maria A. Gutierrez, Board Member, Guam Education Board. Franklin Cooper-Nurse, Chief Internal Auditor, Internal Audit Office

A/R Journal Entries GAAP. Add Invoice Line. Cancel Line from Invoice Maintenance. Cancel Balance via Write-Off Invoice Balances Routine

Mecklenburg County Department of Internal Audit. Park and Recreation Department Contract Management Investigation Report 1401

Southeastern Louisiana University University of Louisiana System

Governance Principles

UCLA Policy 360: Internal Control Guidelines for Campus Departments

Bank Account Reconciliation, Bank Account Access and Automated Clearing House (ACH) Transactions Review

CLIENT ACCOUNT REGULATION

Payment Procedures. Corruption Prevention Department

How To Improve Accounts Receivable

Module 6 Documenting Processes and Controls

12 05 City Cash Receipts Audit Report

Workers Compensation Commission

FUND MANAGER CODE OF CONDUCT

TENNESSEE CAPTIVE INSURANCE COMPANIES CHAPTER

PREPARED MANAGERS, LLC LIMITED AGENCY AGREEMENT. THIS INDEPENDENT AGENCY AGREEMENT, (this Agreement ) is made and entered into between

AGENCY MANAGEMENT FRAMEWORK FOR INSURANCE AGENT

University System of Maryland University of Baltimore

Oklahoma Workers Compensation Commission

AP 571 PURCHASING CARD COMMERCIAL CREDIT CARD PROGRAM

Department of Health and Mental Hygiene Infectious Disease and Environmental Health Administration

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

ATTESTATION REPORT OF DODGE COUNTY COURT JULY 1, 2013 THROUGH JUNE 30, 2015

FINANCE COMMITTEE PROCEDURES. Audit Process. Cash Handling

PROCUREMENT CARD AUDIT ANALYTICAL REVIEWS OCTOBER 14, 2013

ISACA PROFESSIONAL RESOURCES

Bond Funds Compliance Monitoring Internal Audit

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

HUMAN RESOURCES PAYROLL

TOWNSHIP OF WHITEWATER REGION ACCOUNTS RECEIVABLE POLICY

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

Transcription:

Distribution: Centralized Billing and Receivables (CBR) Audit Report Report # 4/15 March 6, 2015 To: President & CEO Senior Vice President & Chief Financial Officer Vice President & Corporate Controller Director, Loan Services CC: Senior Vice President, Business Development Senior Vice President, Business Solutions & Innovation Senior Vice President, Corporate Affairs & Secretary Senior Vice President ERM & Chief Risk Officer Senior Vice President, Financing and Investments Senior Vice President, Human Resources & Communications Senior Vice President, Insurance Acting Senior Vice President, Insurance Vice President, Enterprise Portfolio Management Office Manager, Centralized Accounts Receivable Team Manager, Underwriting Operations Director, Strategic Planning & Government Relations Principal, Office of the Auditor General Director, Office of the Auditor General Audit Team: Adnan Zia Vice President, Internal Audit Monica Ryan

Table of Contents Introduction... 3 Audit Objectives & Scope... 3 Internal Audit Opinion... 3 Audit Findings & Action Plans... 4 Conclusion... 6 Centralized Billing and Receivables March 6, 2015 2

Introduction The Centralized Billing & Receiving (CBR) project was launched in February 2012 with the objective of centralizing four Insurance invoicing and collections processes into a single Centralized Accounts Receivable Team (CART) and implementing a supporting technology platform. The CBR project had the following distinct phases: - Future State Foundation - Business Enablement - Billing Foundation and Tinubu Integration The first phase of the CBR project was foundational and was closed out in September 2014. This first phase streamlined existing Accounts Receivable (A/R) processes and centralized them into a single unit within EDC s Finance Group, introduced common rules and processes across products and implemented new technology platforms to support managing all cash received by EDC. Audit Objectives & Scope The objective of our audit was to evaluate the design and operating effectiveness of the invoicing and collections controls for the ARI, TFO and TP products. The scope of the audit included a review of the new Accounts Receivable policy and supporting guidelines, declaration processing, invoicing, collections, cash processing, adjustments, and user access controls. Internal Audit Opinion Based on the results of our testing, we have concluded that Opportunities Exist to Improve Controls 1. In 2010, we completed an audit of invoicing and collections processes for ARI and TFO which also resulted in an Opportunities Exist to Improve Controls opinion. Improvements have since been made. Effective transactional controls have now been established surrounding the processing of policyholder declarations which determines premium revenues and invoicing. In addition, effective controls are now in place with respect to cash applications, clearing of cash suspense accounts, and GL reconciliations. However, we found that segregation of duty conflicts exist with respect to the processing of cash receipts. In addition, we noted there is no Delegation of Authority (DOA) in place to govern the processing of customer credit transactions and refunds. Action plans have been developed and are included in Appendix A. 1 Our standard audit opinions are as follows: - Strong Controls: Key controls are effectively designed and operating as intended. Best in class internal controls exist. Objectives of the audited process are most likely to be achieved. - Well Controlled: Key controls are effectively designed and operating as intended. Objectives of the audited process are likely to be achieved. - Opportunities Exist to Improve Controls: One or more key controls do not exist, are not designed properly or are not operating as intended. Objectives of the process may not be achieved. The financial and/or reputation impact to the audited process is more than inconsequential. Timely action is required. - Not Controlled: Multiple key controls do not exist, are not designed properly or are not operating as intended. Objectives of the process are unlikely to be achieved. The financial and/or reputation impact to the audited process is material. Action must follow immediately. Centralized Billing and Receivables March 6, 2015 3

Audit Findings & Action Plans 1. Delegation of Authority CBR policies, guidelines and procedures related to billing, collections and processing of payments for all revenue at EDC are contained in the Corporate Accounts Receivable Policy and Accounts Receivable Policy Guidelines and Procedures. In addition, CBR process documentation includes job-aids developed as additional guidance by and for CBR team members. However, Internal Audit (IA) noted that the DOA for credit transactions and refunds does not exist. A DOA is needed to provide control over the processing of only appropriate credit transactions and refunds and thereby prevent financial loss. Management has agreed to develop a DOA for credit transactions and refunds. Rating of Audit Finding - Major 2 2. Cheque Deposits and Segregation of Duties CART receives the cheques from the mailroom and other regional offices. IA noted that there is lack of segregation of duties around the cheque handling process and there is no validation performed to ensure completeness of cheque deposits received. Without the control to ensure completeness, there is an exposure to the misappropriation of cheques. Management has agreed to implement a control to ensure the completeness of cheque deposits. Rating of Audit Finding - Major 3. Operational Monitoring and Oversight Opportunities exist to enhance monitoring and oversight activities that govern the CBR operations. IA noted that there is no evidence of a monitoring process to verify exception transactions such as the acceptance of late declarations; declaration adjustments; refunds and credits; management of overdue 2 The ratings of our audit findings are as follows: Major: a key control does not exist, is poorly designed or is not operating as intended and the financial and/or reputation risk is more than inconsequential. The process objective to which the control relates is unlikely to be achieved. Corrective action is needed to ensure controls are cost effective and/or process objectives are achieved. Moderate: a key control does not exist, is poorly designed or is not operating as intended and the financial and/or reputation risk to the process is more than inconsequential. However, a compensating control exists. Corrective action is needed to avoid sole reliance on compensating controls and/or ensure controls are cost-effective. Minor: a weakness in the design and/or operation of a non-key process control. Ability to achieve process objectives is unlikely to be impacted. Corrective action is suggested to ensure controls are cost-effective. Centralized Billing and Receivables March 6, 2015 4

balances; and write-offs. Without evidence of monitoring by the CART manager, there is a risk that errors or unauthorized transactions may be processed, or are not identified and corrected. Management has agreed to implement monitoring controls to facilitate oversight of exception transactions. Rating of Audit Finding - Moderate 4. Key Performance Indicators Establishment of key performance metrics is an important tool for measuring the contribution to and alignment with business objectives and corporate priorities. Except for Key Performance Indicators (KPIs) established for the deposits function, there are no KPIs in place for the majority of CART functions such as cash allocation, declaration, declaration amendment, and receivable collections. Management has agreed to develop KPIs for all key CART functions and a performance dashboard report will be implemented to effectively track, monitor and report against KPIs by product. Rating of Audit Finding - Moderate 5. User Access Opportunities exist to enhance user access privileges so that user access is only provided as required by the job function in CART. IA noted: - Over 40 employees across EDC are actively engaged in taking credit card information over the phone and inputting the details in the Personal Authorization Module (PAM) to process payment requests. This appears excessive and inconsistent with the centralization of the billings and collections. With no business owner of PAM, there is no active monitoring being performed to control user access. The decentralization of collecting credit card information beyond CART increases the risk of fraud. - Access to EDC Direct can be granted to users other than the policyholder provided the customer consent is obtained. At present, there is no process in place to periodically renew the customer s consent and remove excessive user access. - There is excessive user access over the modification of declarations, refunds or credit adjustments and write-off activities in Globex and FIRM. At present, the user profiles in Globex and FIRM to perform these modifications are not restricted to only CART personnel. Management has agreed to restrict user access to an as required basis. The action plan will include removing excessive EDC employee access to PAM, Globex and FIRM; establishing a process to revoke Centralized Billing and Receivables March 6, 2015 5

access to EDC Direct based on a periodic follow up with policyholders and their consent; restricting user access for policy cancelations to only the Underwriting Operations (UWOPs) team; implementing a process to review and confirm the validity of users and access privileges across CART systems and applications on a periodic basis; and assigning CART as the owner of PAM. Rating of Audit Finding - Moderate in collaboration with the Director, CIT Project Lead Due Date - Q3 2015 Conclusion The audit findings have been communicated to and agreed by management, who has developed appropriate action plans. We would like to thank management for their support throughout the audit. Centralized Billing and Receivables March 6, 2015 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information