fall 2006 focus november 14-15, 2006 apa update

FALL 2006FALL 2006FOCUSFOCUS

November 14-15, 2006November 14-15, 2006

APA UPDATEAPA UPDATE

Bill Cole, Deputy AuditorBill Cole, Deputy Auditor

Auditor of Public AccountsAuditor of Public Accounts

Discussion TopicsDiscussion Topics

NCAA Reporting – The Second YearNCAA Reporting – The Second Year Risk Assessment StandardsRisk Assessment Standards Auxiliary Enterprise ProjectAuxiliary Enterprise Project SJR 51- Data SecuritySJR 51- Data Security Capital Appropriations AvailableCapital Appropriations Available Audit Timing and Scheduling Audit Timing and Scheduling Timely Financial ReportingTimely Financial Reporting

NCAA Reporting – The 2NCAA Reporting – The 2ndnd Year Year

Most control work has been completedMost control work has been completed Waiting on completion of the SchedulesWaiting on completion of the Schedules Reporting issuesReporting issues

Complimentary ticketsComplimentary tickets Indirect costsIndirect costs Advisory servicesAdvisory services

Risk Assessment StandardsRisk Assessment Standards

AICPA StandardsAICPA Standards Assessment Suite Of Standards Assessment Suite Of Standards

Statements on Auditing Standards (SAS) Statements on Auditing Standards (SAS) Nos. 104-111Nos. 104-111

Most far-reaching changes in standards in Most far-reaching changes in standards in 20 years 20 years

Amends or revises 8 existing standardsAmends or revises 8 existing standards

AICPA StandardsAICPA Standards Assessment Suite Of Standards Assessment Suite Of Standards

Amends SAS 1, Due Professional Care (104)Amends SAS 1, Due Professional Care (104) Amends SAS 95, GAAS (105)Amends SAS 95, GAAS (105) Audit Evidence (106)Audit Evidence (106) Audit Risk and Materiality (107)Audit Risk and Materiality (107) Planning and Supervision (108)Planning and Supervision (108) Understanding the Entity and Assessing Risks (109)Understanding the Entity and Assessing Risks (109) Performing Audit Procedures and Evaluating Performing Audit Procedures and Evaluating

Evidence (110) Evidence (110) Amends SAS 39, Audit Sampling (111)Amends SAS 39, Audit Sampling (111)

Assessment Suite Of StandardsAssessment Suite Of StandardsObjectivesObjectives

More in-depth understanding of entity and More in-depth understanding of entity and internal controlinternal control

More rigorous assessment of risks of More rigorous assessment of risks of misstatementmisstatement

Improved linkage between assessed risks Improved linkage between assessed risks and audit procedures performedand audit procedures performed

Understanding Entity/Understanding Entity/Assessing RisksAssessing Risks

Gaining understanding about entity, its Gaining understanding about entity, its environment, internal controlsenvironment, internal controls

Brainstorming sessionBrainstorming session Evaluate internal control design and Evaluate internal control design and

implementationimplementation Identify and assess risks to design additional Identify and assess risks to design additional

proceduresprocedures Consider risks at financial and assertion levelsConsider risks at financial and assertion levels Identify significant risks (Required testing of Identify significant risks (Required testing of

those identified)those identified)

Performing ProceduresPerforming Procedures

Do procedures that respond to risksDo procedures that respond to risks Overall responseOverall response Procedures at assertion levelProcedures at assertion level

Always perform:Always perform: Tests for assertions for transactions, account Tests for assertions for transactions, account

balances, and disclosuresbalances, and disclosures F/S tie to the accounting recordsF/S tie to the accounting records Material JEs and F/S adjustmentsMaterial JEs and F/S adjustments

New AssertionsNew Assertions

Class Class Trans.Trans.

Acct. Bal.Acct. Bal. Pres./Pres./Discl.Discl.

Occurrence/ExistenceOccurrence/Existence XX XX XX

Rights and ObligationsRights and Obligations XX

CompletenessCompleteness XX XX XX

Accuracy/ValuationAccuracy/Valuation XX XX XX

Cut-offCut-off XX

Classification/UnderstandabilityClassification/Understandability

XX XX

Assertions Used by AuditorsAssertions Used by Auditors Occurrence and ExistenceOccurrence and Existence

Transactions, events that have been recorded Transactions, events that have been recorded have occurred and pertain to the entityhave occurred and pertain to the entity

Assets, liabilities, and equity interests existAssets, liabilities, and equity interests exist

Disclosed events and transactions have Disclosed events and transactions have occurred and pertain to the entityoccurred and pertain to the entity

Assertions Used by AuditorsAssertions Used by Auditors Rights and ObligationsRights and Obligations

The entity holds or controls the rights to The entity holds or controls the rights to assets, and liabilities are obligations of the assets, and liabilities are obligations of the entityentity

Assertions Used by AuditorsAssertions Used by Auditors CompletenessCompleteness

All transactions and events that should have All transactions and events that should have been recorded have been recordedbeen recorded have been recorded

All assets, liabilities, and equity interests that All assets, liabilities, and equity interests that should have been recorded have been should have been recorded have been recordedrecorded

All disclosures that should have been All disclosures that should have been included in the financial statements have included in the financial statements have been includedbeen included

Assertions Used by AuditorsAssertions Used by Auditors Accuracy and ValuationAccuracy and Valuation

Amounts and other data relating to the Amounts and other data relating to the recorded transactions and events have been recorded transactions and events have been recorded appropriatelyrecorded appropriately

Assets, liabilities, and equity interests are Assets, liabilities, and equity interests are included in the financial statements at included in the financial statements at appropriate amounts and any resulting appropriate amounts and any resulting valuation or allocation adjustments are valuation or allocation adjustments are appropriately recordedappropriately recorded

Financial and other information are disclosed Financial and other information are disclosed fairly at the appropriate amountsfairly at the appropriate amounts

Assertions Used by AuditorsAssertions Used by Auditors

Cut-OffCut-Off Transactions and events have been recorded Transactions and events have been recorded

in the correct accounting periodin the correct accounting period

Assertions Used by AuditorsAssertions Used by Auditors Classification / UnderstandabilityClassification / Understandability

Transactions and events have been recorded Transactions and events have been recorded in the proper accountsin the proper accounts

Financial information is appropriately Financial information is appropriately presented and described and disclosures are presented and described and disclosures are clearly expressedclearly expressed

How Does This Impact You?How Does This Impact You?

Auditors have responsibility for risk Auditors have responsibility for risk assessmentassessment

First place to start, what is management’s First place to start, what is management’s assessment of risk?assessment of risk?

ARMICS – State Comptroller’s DirectiveARMICS – State Comptroller’s Directive

Auxiliary Enterprises ProjectAuxiliary Enterprises Project


Still a work-in-progress, but completion is Still a work-in-progress, but completion is getting closergetting closer

Tuition vs. Mandatory FeesTuition vs. Mandatory Fees What services are covered?What services are covered?

Guidance is outdatedGuidance is outdated Similar activities accounted for differentlySimilar activities accounted for differently Accounting principles have changedAccounting principles have changed

Inconsistencies in accounting and Inconsistencies in accounting and monitoring A/Emonitoring A/E


Draft findingsDraft findings Develop principle-based definition of activities Develop principle-based definition of activities

funded by mandatory feesfunded by mandatory fees Update and refine auxiliary enterprise Update and refine auxiliary enterprise

guidanceguidance• Identifying activities as auxiliariesIdentifying activities as auxiliaries• Accounting proceduresAccounting procedures• Allocation of debt service and indirect costsAllocation of debt service and indirect costs• Consistent guidance for outsourced auxiliariesConsistent guidance for outsourced auxiliaries• Application of self-supporting activitiesApplication of self-supporting activities


Draft findingsDraft findings Best practices for A/E managementBest practices for A/E management

• Monitoring for self-supporting basisMonitoring for self-supporting basis• Documenting and approving transfersDocumenting and approving transfers

Develop specific, consistent procedures for Develop specific, consistent procedures for preparing the Schedule of A/E Revenues and preparing the Schedule of A/E Revenues and ExpensesExpenses

Develop specific, consistent procedures for Develop specific, consistent procedures for preparing a separate Schedule of A/E preparing a separate Schedule of A/E ReservesReserves

SJR51 – Information SecuritySJR51 – Information Security


2006 General Assembly passed SJR No. 51, 2006 General Assembly passed SJR No. 51, directing the APA to report on the adequacy of directing the APA to report on the adequacy of the security of state government databases and the security of state government databases and data communications from unauthorized uses. data communications from unauthorized uses.

Focusing data security efforts on only databases Focusing data security efforts on only databases and data communications does not consider the and data communications does not consider the amount and nature of information held by the amount and nature of information held by the Commonwealth; nor does it consider the various Commonwealth; nor does it consider the various methods of storing and using potentially methods of storing and using potentially sensitive information.sensitive information.


As part of this review, we compiled from As part of this review, we compiled from available sources, the industry concerned best available sources, the industry concerned best practices for an information security program. practices for an information security program.

We evaluated the Commonwealth’s information We evaluated the Commonwealth’s information security programs against the best practices of security programs against the best practices of the industry and as a means of completing the the industry and as a means of completing the review survey checklist. review survey checklist.


Information Security Program Objectives and Information Security Program Objectives and IssuesIssues A well-defined, clear and documented information A well-defined, clear and documented information

security program will minimize unauthorized uses of security program will minimize unauthorized uses of information contained within databases and information contained within databases and transmitted through data communication lines. A lack transmitted through data communication lines. A lack of sufficient policies, procedures and standards of sufficient policies, procedures and standards creates a highly diversified information security creates a highly diversified information security environment, which limits an organization’s ability to environment, which limits an organization’s ability to govern information security at an enterprise level. govern information security at an enterprise level.


Roles and Responsibilities for IT Security Roles and Responsibilities for IT Security in the Commonwealthin the Commonwealth Role of VITARole of VITA Role of Agencies (including roles of Role of Agencies (including roles of

information security officers)information security officers)


Review survey checklist (120 questions) Review survey checklist (120 questions) administered by APA with each agency administered by APA with each agency and institutionand institution

Results evaluated judging key Results evaluated judging key components (30-40 questions)components (30-40 questions)

Rating of policies and proceduresRating of policies and procedures Non-existentNon-existent Inadequate Inadequate AdequateAdequate ModelModel

Capital Appropriations AvailableCapital Appropriations Available

Capital Appropriations AvailableCapital Appropriations Available

Fund 0811 – General Obligation BondsFund 0811 – General Obligation Bonds Fund 0817 – 21Fund 0817 – 21stst Century Bond Program Century Bond Program

DOA has issued Accounting Procedures DOA has issued Accounting Procedures for these programs available on their web for these programs available on their web site. site.

Some Colleges had to make significant Some Colleges had to make significant prior period adjustments due to overstating prior period adjustments due to overstating appropriations.appropriations.

DOA InstructionsDOA Instructions

1.1. Calculate project to date allotments since Calculate project to date allotments since 1993 by adding prior year expenditures 1993 by adding prior year expenditures to current allotments.to current allotments.

2.2. Compare to prior year appropriation Compare to prior year appropriation revenue from previously reported in the revenue from previously reported in the financial statements.financial statements.

3.3. Difference is current year appropriation Difference is current year appropriation revenue or reversion.revenue or reversion.

Revenue and ReceivablesRevenue and Receivables

Appropriations available are generally Appropriations available are generally equal to current year allotments less equal to current year allotments less current year expenditures including current year expenditures including payables.payables.

Current year appropriation revenue is Current year appropriation revenue is generally equal to current year allotments generally equal to current year allotments less beginning appropriations available.less beginning appropriations available.

IssuesIssues

Note that allotments and not Note that allotments and not appropriations are used to compute appropriations are used to compute revenue and receivables.revenue and receivables.

When appropriations are used or prior When appropriations are used or prior year revenue is not excluded, year revenue is not excluded, appropriation revenue can be significantly appropriation revenue can be significantly overstated.overstated.

ConclusionConclusion

APA and DOA will work together to APA and DOA will work together to address accounting issues and clarify address accounting issues and clarify instructions.instructions.

Audit TimingAudit Timing

AUDIT TIMINGAUDIT TIMING Scheduling and SpecialtiesScheduling and Specialties

NCAANCAA – interim work on controls, final work when – interim work on controls, final work when Schedule is completedSchedule is completed

Research & DevelopmentResearch & Development – interim work on – interim work on controls, final work when SEFA is completedcontrols, final work when SEFA is completed

Student Financial AidStudent Financial Aid – interim work on controls, – interim work on controls, final work when FISAP is completedfinal work when FISAP is completed

Payroll and RevenuePayroll and Revenue – interim work on controls, final – interim work on controls, final work when financial statements and notes are work when financial statements and notes are completedcompleted

Acquisitions and Capital AssetsAcquisitions and Capital Assets – interim work on – interim work on controls, final work when financial statements and controls, final work when financial statements and notes depending on specialists’ schedulesnotes depending on specialists’ schedules

Timely Financial ReportingTimely Financial Reporting

Timely Financial ReportingTimely Financial Reporting

Financial Management StandardFinancial Management Standard TimelinessTimeliness Accuracy Accuracy Deadlines are only going to get tighterDeadlines are only going to get tighter Closing books timelyClosing books timely Start earlyStart early Documentation of financial reporting Documentation of financial reporting

processprocess

QUESTIONS?QUESTIONS?

fall 2006 focus november 14-15, 2006 apa update

Documents