Transcript Document

AGA Montgomery Chapter CGFM Exam Review
Presented By
Steven H. Emerson, CPA, CGFM, CGAP, CFE, CITP, CGMA
 CFO Responsibilities
 Chief Financial Officer may be chief fiscal officer, finance
director, comptroller or treasurer.
 In Federal Agencies
 Often appointed
 In State Agencies
 Often elected
 The Chief Financial Officer Act of 1990
 Codifies the federal CFO’s role
 Primary duties of the federal CFO
 Ensure effective accounting and financial systems are in place
 Ensure adequate financial management activities and operations are
designed and implemented by a well-qualified staff
 Prepare annual financial reports
 Identify budget requirements and monitor budget execution
 CFO Responsibilities - continued
 The CFO at the state level is usually grounded in laws and
regulations, as with the federal level.
 The State of Florida devotes an entire chapter of their state
code
 Chapter 17 of Title IV, with 66 articles
 Florida’s CFO is elected
 Florida law echoes the CFO Act of 1990 for federal CFOs
 States and local entities “tailor” the CFO role to suit their
needs
 Florida CFO responsible for statewide toll-free hotline as well as
check cashing for state employees
 Florida CFO and staff provides accounting and payroll services on a
fee basis to any college, local government or other entity that
receives state funds
 CFO Responsibilities - continued
 Chief Financial Officer Act of 1990
 Agency CFO’s responsibilities include:
 Developing and maintaining integrated accounting and financial
management systems
 Directing, managing and providing policy guidance and oversight of all
agency financial management personnel, activities and operations
 Approving and managing financial management systems design and
enhancement projects
 Developing budgets for financial management operations and improvements
 Overseeing the recruitment, selection and training of personnel to carry out
agency financial management functions
 Implementing agency asset management systems, including systems for cash
management, credit management, debt collection, property and inventory
management and control and cost estimating
 Monitoring the financial execution of the agency budget in relation to actual
expenditures
 CFO Responsibilities – continued
 Local Government CFOs
 Duties are often defined by state statutes and elaborated in
local charters and ordinances
 Responsibilities are similar to their state and federal
counterparts
 The local CFO may personally perform a wider range of tasks
 The local CFO may personally prepare the entity’s budget and
financial statements and reconcile the statements to the budget
 CFO Responsibilities – continued
 The City of St. Louis, MO
 Their fiscal officer (comptroller) is elected
 The City Charter
 Stipulates the annual salary of the fiscal officer
 Requires the incumbent be bonded for $300,000
 The fiscal officer
 Serves as general accountant and auditor
 Records all special tax bills and liens
 Has the power to administer oaths
 Has overall charge to “preserve the credit of the city”
 Leadership Role
 The CFO
 Ensures the entity conforms with all laws and regulations
pertaining to management of public resources
 The role is complicated by intergovernmental grants and
shared revenues
 Results in multiple sets of rules and requirements
 Operates as a trusted advisor
 Develops and “markets” a vision that demands quality and
attracts and retains qualified and motivated personnel to the
financial function and the organization as a whole
 Leadership Role – continued
 The CFO – continued
 Creates an atmosphere that eliminates impediments and
promotes innovation, collaboration and cross-servicing
 Establishes and maintains integrated accounting and
financial management systems
 Provides timely and cost-effective reports, analyses and
advice to managers, clients, legislators and other decisionmakers
 Helps agency personnel and clients restructure their work
processes to improve financial management and the quality
of financial data
 Promotes strategic planning and performance measurement
and reporting
 Support Role
 CFOs
 Support programs and program managers
 Assist other managers as they:
 Work to identify and control risks
 Obtain and classify program data
 Weigh trade-offs in resource investments
 Implement new technology
 Support the CEO in all areas of budget and finance
 Advises the CEO on critical questions such as:
 Are revenues keeping pace with budgetary estimates?
 Are expenditures aligned with appropriations?
 How will broad economic factors impact future revenues and
demands for services?
 May testify before legislators or provide other expert advice
 Role of Financial Management Systems
 A Financial Management System
 Organized means for the collection, processing, transmission and
dissemination of financial information
 May be automated or manual, though most entities use automated
systems
 Encompasses much more than the “computer”
 Components include:
 Processes and procedures (manual and automated)
 Documentation
 Internal controls
 Personnel
 System tests and audits
 Hardware and software
 Added components include:
 Data administration policies
 Data dictionaries
 Procedures for interfacing with other systems
 Role of Financial Management Systems - continued
 A Financial Management System - continued
 Contains applications that support:
 Collection, processing, maintenance, transmission and reporting of
data about financial events
 Financial planning and budgeting activities
 Accumulation, reporting and analysis of cost information
 Preparation and dissemination of financial statements and other
reports
 Provides other benefits
 Promotes accountability by providing accurate information on how
tax dollars are spent and how assets are protected
 Promotes efficiency by increasing the reliability and reducing the
cost of information
 Supports decision-making by providing timely data that managers
can use to link costs to outcomes and guide resource allocation
 Guidelines and Requirements
 U.S. Office of Management and Budget (OMB)
publishes “OMB Circular A-127: Financial Management
Systems”
 Covers definitions and system requirements that can be
applied to any level of government
 Addresses the need for common data elements, common
transaction processing for similar transactions and efficient data
entry (non-duplicate entry of data)
 Covers the need to document instructions for both manual
and automated systems (for automated systems, this includes
complete documentation of computer code)
 Guidelines and Requirements - continued
 U.S. Office of Management and Budget (OMB)
publishes “OMB Circular A-127: Financial Management
Systems” – continued
 Covers the need to apply internal controls to all system
inputs, processing and outputs to ensure the validity and
confidentiality of information
 Includes access controls and automated edits
 Covers the need to provide adequate training and support to
both users and operators of the system, based on their roles
and responsibilities
 Covers the need to provide ongoing maintenance to ensure
systems are operating in an effective and efficient manner
 Guidelines and Requirements - continued
 The Financial Systems Integration Office (FSIO) of the
General Services Administration
 Another source of guidance for financial management systems
 The FSIO publications, such as “Core Financial System
Requirements” are useful at all levels of government
 More specific, as opposed to OMB Circular guidelines which
provides general guidance on system requirements
 i.e. it delineates the invoice attributes that should be captured in the
system
 Vendor ID Number
 Vendor Invoice Number
 Account Number
 Invoice Date
 Invoice Receipt Date
 Guidelines and Requirements - continued
 FSIO – continued
 Excellent starting point for exploring how human resources
relate to the overall success of a financial management
system
 Identified recommended core competencies for key
individuals
 Recommended core competencies for budget analysts,
accountants, program managers, financial managers and
others who play a role in sustaining the financial
management system can be found on the FSIO website
 Guidelines and Requirements - continued
 The Federal Financial Management Improvement Act of
1996 (FFMIA)
 Provides guidance to agencies, including indicators for use in
evaluating financial management systems
 Requires all agencies to maintain systems that comply with
federal accounting standards and the U.S. Standard General
Ledger
 Requires auditors to report on the level of compliance of
financial management systems
 Requires agencies to adopt formal remediation plans if their
systems fall short of requirements
 Guidelines and Requirements - continued
 State and Local Entities
 Establish their own financial system policies and procedures
 i.e. The State of Ohio has a full library of policies and technical
guidance for its integrated financial management system.
 The Ohio resources address common concerns such as the chart
of accounts, data dictionary, reports, security and access controls,
and job aids for users of the system
 Government Financial Systems
 Usually designed to support Internet-enabled electronic
commerce
 Guidelines and Requirements - continued
 E-Government
 Government to Citizen (G2C)
 Government entities use the Internet and other e-government
capabilities to improve access and service delivery
 At the simplest level, governments distribute information via the
Internet, such as the schedule of public hearings or open hours at
the library
 At a second level, citizens engage their government in two-way
dialogue, such as posting comments or requests and receiving
feedback
 At a still higher level, citizens conduct transactions with
government over the Internet
 i.e. Filing tax forms or claims for unemployment benefits
 Guidelines and Requirements – continued
 E-Government – continued
 Government to Business (G2B)
 Common government to business transactions include electronic
funds transfer (EFT) and electronic data interchange (EDI)
 Under EDI, structured data is transmitted in lieu of documents
 EDI takes the place of documents for activities such as purchase
orders and receiving reports
 Government to Government (G2G)
 Distribution of grants and shared revenues, and distributed
posting of accounting data are among the intergovernmental
activities that are executed electronically
 G2G also includes filing of periodic compliance reports and
shared, online training programs
 Guidelines and Requirements – continued
 Telework
 Working from home or other remote locations
 Introduces new requirements for financial management systems
 Improves productivity due to fewer interruptions
 Allows organizations to reduce cost by reducing the need for
office space and utilities
 Plays a role in continuity of operations
 It may allow employees to remain productive despite natural disasters that
impede travel to the central work site
 Some organizations require extended telework (up to 30 days) as a
preparedness exercise in the continuity of operations program.
 Guidelines and Requirements – continued
 Telework - continued
 The most recent presidential directive on continuity of
operations, signed in May 2007, calls for geographic dispersal
of operations to increase survivability and maintain
uninterrupted government in the event of enemy attack
 Means for achieving decentralized operations
 Legal requirement for federal agencies, and many state and
local governments have telework policies
 Managers should consider the need for remote connectivity
and security when designing or upgrading financial
management systems
 Fraud Prevention
 Automated Financial Systems
 Can greatly increase governmental efficiency
 Unfortunately, they also introduce new opportunities for
fraud
 An entity’s internal control program should include specific
risk control procedures for financial systems, such as access
controls and built-in edits
 Organizational structure, such as separation of duties, can
help prevent fraud
 The IT department should be separate from the financial
management department, however, this may not be possible
in small entities
 Fraud Prevention – continued
 Some typical elements of prevention programs
 Fraud Risk Assessment
 Identify the activities that pose the greatest potential and risk for
fraud, i.e.
 How great is the risk of receiving false electronic data from vendors?
 How does this compare to the risk of employees creating dummy vendors
in accounts payable?
 What controls are already in place to mitigate these risks?
 Anti-fraud Policies
 A formal code of conduct, which frames the behavioral
expectations for individuals, is part of a fraud prevention
program
 Other policies may address background screenings for new personnel and
required rotation of personnel out of high-risk positions
 Fraud Prevention – continued
 Some typical elements of prevention programs -
continued
 Education and Training
 Employees at all levels are trained on the potential damage that
could result from fraud, the code of conduct and expectations for
ethical behavior and individual responsibilities for reporting
suspicious behavior
 Monitoring
 This includes periodic test of the effectiveness of internal
controls and taking swift action when faced with suspected,
fraudulent activity
 A hotline for anonymous tips is an essential part of the
monitoring program
 Fraud Prevention – continued
 Some typical elements of prevention programs -
continued
 Forensic Auditing
 The term “forensic” implies that the results will be admissible as
legal evidence
 Forensic auditing combines the skills of auditors and accountants
with investigative techniques
 The many functions performed by forensic auditors include
determining whether activities such as identity theft or employee
theft have occurred
 Forensic auditing techniques can also be used to minimize the
risk of future loss
 Fraud Prevention – continued
 Having a visible prevention program is important to
help reduce the risk of fraud but detection measures are
needed
 Data mining is increasingly used to detect fraudulent
transactions
 Data mining uses a supplementary computer module to
detect suspicious patterns in data
 Criteria used by the Government Accountability Office
in a data mining project and related findings is shown
in the following example
Data Mining Criteria
Government Purchase Card and Travel Card Audits
The Government Accountability Office (GAO) reported on results of its data mining audit of
use of government travel cards and charge cards. The GAO data mining software looked for
suspicious transactions in several categories. The categories and examples of suspicious
transactions are show below

Nature of the Transaction



Prohibited merchant category codes, such as jewelry stores, pawn shops and gambling
establishments
Personal use, including food, clothing, luggage and accessories
Merchants




Specialty stores, such as hobby shops, sporting goods stores, Victoria’s Secret
High-end stores, such as Dooney & Bourke, Coach and Louis Vuitton
Gentlemen’s club and legalized brothels
Cruise lines, sporting events, casinos, taxidermy services and theaters
Data Mining Criteria
Government Purchase Card and Travel Card Audits continued

Dollar Amount of Transaction





Transactions having unusually high dollar amounts
Convenience checks over $2,500
Numerous recurring transactions with same vendor, indicating the need for a contract
Transactions in round dollar amounts, such as $330, $440, etc., indicating possible fee for cash
schemes
Timing of Transactions




Holiday and weekend transactions
End of fiscal year transactions
Transactions that were made late at night
Multiple transactions on the same day, at same vendor, totaling more than $2,500
 Definition
 ERP systems attempt to integrate all data and processes
into a unified system to manage and access complex,
interrelated activities.
 Before conversion to an ERP, the organization must have
systems for human resources and payroll, procurement,
and accounting and accounts receivable
 The goal of an ERP is to integrate the separate systems
into one system that supports information process needs
across the entity
 Definition - continued
 Key Features
 A common, shared database
 One-time entry of shared data
 Automated integration and sharing of data across business
functions
 A system can be considered an ERP if it integrates at least two
functions, although the term is typically used for large, broadbased applications integrating multiple functions
 An ERP is usually not introduced all at once but rather two
functions are initially integrated and then other functions are
added as the project advances
 i.e. start by integrating payroll and accounting and then later add
other functions like procurement and supply management
 Definition - continued
 Typical ERP System
 Uses multiple components of computer software and hardware to





achieve the integration
Organizations usually rely on external consultants to help design,
develop, implement and sustain ERP systems due to the size,
complexity and cost of ERPs
Work processes are examined in detail to identify where they must be
standardized and streamlined to create optimum flows of information
An ERP cannot succeed if work processes have not been reviewed and
refined
A major challenge is getting various managers and workgroups to agree
on common procedures
The front-end analysis and standardization of processes results in a
systems requirements document
 i.e. the State of Ohio completed an ERP analysis that required 2,100 software
capabilities
 Advantages
 Reduced cost, achieved by sharing of common data across





functions
Reduced errors, achieved by reduction of manual data entry
and use of built-in edits
Improved coordination across functional departments as
managers from various functions use standardized data
Increased flexibility in report writing and query capabilities
Improved analysis and decisions making via real-time access
to enterprise-wide data
Built-in features that capture cost data for activity-based
costing and performance reporting
 Disadvantages
 Major investment of time and money required to





implement
Greater risk of loss (due to fraud or faulty controls)
associated with an entity-wide system
Difficulty of achieving agreement across functions on
common procedures and data elements
Sizeable cost of employee training and retraining
Entity is “captive” to vendor for costs of future upgrades
and license fees
Personnel turnover during development and
implementation phase can jeopardize success
State of Ohio’s ERP
Ohio Administrative Knowledge System (OAKS)
 Estimated Costs
 The cost to implement OAKS is approximately $158 million. Included costs are
project management consultant staff, the OAKS Program Management Office
(PMO), ERP hardware and software, and ERP integrator services
 Benefits
 Enhancing government operations requires business processes that are efficient
and effective. The benefits of implementing an ERP system range from
intangible benefits, such as improved data to support decision-making, process
efficiencies and improved service levels to more tangible hard dollar savings.
Within five years of full implementation, Ohio expects to realize savings from
such things as:
 Leveraging the state’s purchasing power
 Increasing the use of vendor payment discounts
 Using bar coding to conduct physical inventories
State of Ohio’s ERP
Ohio Administrative Knowledge System (OAKS) - continued
 Further Returns on Investment OHIO OAKS
 Through a survey administered to state agencies, it was estimated that the
state could save up to an additional $195 million in maintenance and
replacement costs for current, redundant systems by implementing OAKS.
When coupled with projected savings from the identified tangible benefits,
OAKS represents significant direct and indirect savings over a five-year
period. Full payback should occur within four years after all software
modules have been implemented
 General Concepts
 Continuity of operations (COOP) refers to the efforts of
an organization to ensure it can sustain essential
operations regardless of planned or unplanned
incidents. A comprehensive COOP program includes
regular tests of response capability as well as the COOP
plan
 Has been part of the federal government since the Cold War
 Continuity of government orders issued by President Eisenhower
in the event of a nuclear attack
 North American Aerospace Defense Command (NORAD)
 General Concepts - continued
 A formal COOP program increases the odds that agencies can
continue the essential functions amid natural, technological
or national security emergencies and COOP incidents may be
large or contained and occur at several levels
 Major disruptions or attacks
 9/11
 Oklahoma City bombing
 Hurricane Katrina
 Regional disruptions
 Closures due to blizzards
 Regional loss of electrical power
 Building level events
 Fire
 Contaminated ventilation system
 Computer failure
 General Concepts - continued
 The private sector also makes continuity of operations a
priority, however, public entities must be even more
prepared for contingencies because they are responsible
for maintaining civil order and basic infrastructure and
for coordinating recovery efforts. Government officials
are responsible for safeguarding sensitive information
 Social security numbers
 Payroll and tax information
 Driver’s license numbers
 General Concepts - continued
 Many COOP plans focus on damage to property and
equipment, however, significant loss of personnel due to
a biological attack or pandemics is an attendant threat
 i.e. influenza could immobilize numerous government
personnel and vendors
 Such “nontraditional threats” require specific plans
 California Office of Emergency Services created a document
“Continuity of Operations/Continuity of Government and
Pandemic Influenza Planning” to address an influenza
pandemic. This document urges state and local entities to
minimize person-to-person contact while maintaining
essential operations
 COOP Planning Objectives
 Ensure continued performance of essential functions
 Reduce loss of life and minimize damage to property and





infrastructure
Ensure succession to key leadership positions
Reduce/mitigate disruptions to governmental
operations
Protect public assets and confidential information
Achieve timely recovery of normal operations
(reconstitution)
Assess response and identify lessons learned for future
planning
 COOP Planning Objectives - continued
 Agency plans should aim for restoration of essential
operations within a minimum period, such as 12 hours
following activation of the plan. A further objective is
ability to sustain the plan for a minimum duration.
Many COOP plans call for a sustainability window for 30
days, but this may be insufficient in the case of a public
health emergency. Finally, entities should be capable of
implementing the COOP plan without warning.
 COOP Planning Elements
 The details of COOP plans will vary among agencies,
however, common elements should be reflected. The
following are COOP planning elements of the United
States Department of Homeland Security
 Essential functions
 Identify the agency’s essential functions that must continue with
no or minimal disruption
 Delegations of authority
 Prepare documents that give officials, including those below the
agency head, authority needed to make difficult decisions during
a COOP situation. Delegations of authority should specify the
activities that those who are authorized to act on behalf of the
agency head or other key officials may perform.
 COOP Planning Elements - continued
 Succession planning
 Create orders of succession that provide for the orderly and
predefined assumption of senior positions during an emergency,
in the event that current officials are unavailable to execute their
duties.
 Alternate facilities
 If the COOP plan is activated, the agency’s primary operating
facilities may be damaged, destroyed or otherwise unavailable.
Identify and prepare an alternate location and facility that can be
used to carry out essential functions. Additional business
continuity sites should be identified in case the alternate facility
is rendered inoperable.
 COOP Planning Elements - continued
 Alternate and interoperable communications
 Ensure COOP responders have an alternate communications
system for performing essential functions until normal
operations can be resumed. The communications system should
be interoperable with other agencies and levels of government;
permit access to data and systems; and be sustainable for a
minimum number of days.
 Vital records and databases
 Identify records and databases needed to continue essential
operations. This includes emergency records such as succession
plans and delegations of authority. Create backup copies at an
alternate location; ensure the alternate records are updated and
maintained.
 COOP Planning Elements - continued
 Human capital
 During COOP activation, agencies must perform essential functions with
reduced staff. Ensure key personnel are adequately trained and cross-trained
to allow flexibility in performance of essential functions during emergencies.
 Devolution and reconstruction
 Devolution planning supports the transfer of essential functions to other
agencies and staffs when the primary agency is incapable of performing its
role either the primary or alternate facilities. Reconstitution is the process by
which surviving and/or replacement personnel resume normal operations
after the emergency; it maps the return to normal operations.
 Test, training and exercise
 This portion of a COOP plan is often called TT&E. Agencies use ongoing
tests, training and exercises to ensure the COOP program is capable of
supporting the continuation of essential functions. Tests and exercises range
from simple, “table top” exercises to full simulations involving numerous
personnel
Steven H. Emerson, CPA, CGFM, CGAP, CFE, CITP, CGMA
P.O. Box 834
Helena, AL 35080
(205) 807-4466
(205) 449-8666 (Fax)
[email protected]
www.shecpa.com