Transcript Significant Audit & Risk Assessment

Presented by Sandra Healy, CGFM
Principal Auditor
Idaho Transportation Department
Audit of Idaho Transportation Dept’s
Division of Motor Vehicles - 2009
 Vehicle Services Section & Financial Unit
 Fraud discovered at a county DMV office
 Data analysis
2
County Headline
3
DMV & Counties
 DMV works closely with counties
 MOA’s with Assessors & Sheriffs Offices
 Risks & Internal Controls
 Data analysis of all counties
 Visits to 23 assessors offices/44 counties
4
Visits to Counties
 Goal:
 Gather best practices
 Offer suggestions to improve internal controls
 Wide range of cash handling procedures
 Counties welcomed internal control ideas
 Ada County Internal Auditor
5
Assessors’ Conference
 Presented on cash handling internal controls
 Shared concerns about safeguarding cash
 Best practices to be distributed to counties
6
Results of DMV Audit
 Financial unit became the Internal Control, Fraud
Prevention and Finance unit
 Increased emphasis on internal controls, fraud
detection & prevention
 Centralized DMV mail handling to secure receipts and
distribute work to units
 Provided ‘Items for Consideration’ in development of
new data base system
7
Individual Audit Risk Assessment
 Risk assessment for internal audits
 Improve Internal Control awareness and education
 Survey of employees on their unit’s internal controls
8
Pilot Training Program
 Developed Internal Control training for front line
employees
9
Objectives
 Interaction
 Increase awareness
 Increase understanding
 Confidence to speak up
 Confidence to suggest improvements
 Survey
10
Brainstorming
 What are Internal Controls?
 What is the purpose of Internal Controls?
 What is ethical behavior?
11
Understanding Internal Controls
 You may or may not realize that you are affected by
internal controls throughout your daily lives.
12
COSO MODEL
13
Control Environment
 Foundation of internal controls
 Baseball example
 Integrity and ethical values
 Commitment to competency (staff)
 Management’s philosophy & operating style
 Managing change
 Communication
14
Control Environment
Accountability
DMV
Your Section
Transparency
Customer Service
ITD
Efficiency
15
Risk Assessment
 Know your goals & objectives
 Identify potential risks to the achievement of goals &
objectives.
 Risks are the opposite of goals & objectives
 Risks are what are addressed by internal controls
16
Control Activities
 Policies, procedures and other safeguards to ensure
objectives are accomplished
17
Information & Communication
 Information must be identified, captured and
communicated
 Communication must go up, down and across an
organization and must be timely
 Communication enables people to carry out their
responsibilities
18
Monitoring
 Evaluation and feedback processes (self evaluations,
performance evaluations, peer reviews, audits, reports)
 Monitor organizations performance over time
 Monitoring should be a regular activity
 Part of culture
19
Internal Control Survey
 Send employees link to survey in SharePoint
 Positive statements on internal controls
 Statements grouped by 5 components
 Strongly agree to strongly disagree
 Comment section for ‘disagree’ and ‘strongly disagree’
responses
 Calculated weighted average for each component
 Compiled comments
 Surveys were anonymous
20
Results
21
Survey Results
 Significant # of comments
 Used in audit planning for Motor Carrier Services Unit
 Shared with DMV management and HR
 Held meetings with employees to discuss results
 Requested feedback on the training & survey
22
In Summary
 DMV is inherently a high risk area
 Internal Control training at staff level beneficial
 Employees felt a part of the process
 Survey provided insight into the unit’s environment
 Audit planning feedback
 Survey designed for use
in any section
23
Thank You
24
Contact Information
Sandra Healy, CGFM
Principal Auditor
Idaho Transportation Department
Office of Internal Review
PO Box 7129
Boise, ID 83707-1129
[email protected]
25