Statement on Auditing Standards (“SAS”) No. 112 “Communicating Internal Control Related Matters in an Audit” (SAS 112) was effective last year and resulted in a substantial change in how management and auditors must assess internal controls. SAS 112 focuses more on the organization and its internal control and lowers the effectiveness of controls. Additionally, the new Risk Assessment SASs (SAS 104-111) are effective for 2008 audits, and as a result, auditors will be requesting their clients to provide documentation of their risk assessments and components of internal control.

Some entities simply do not have the time or resources to dedicate to the preparation of the required risk assessment and internal control related documentation due to high workloads or lack of expertise. In an effort to assist you in meeting these new requirements, Thurman, Shinn and Company is pleased to offer various ‘corporate governance’ services to assist your entity. Some of the available services are discusses in greater detail below. We take a risk-based, top-down approach to our projects, keeping in mind the fiduciary responsibilities and reputational risk unique to governmental entities.

  • Policy, Procedure, and Standard Review and Development
  • Internal Audit Outsourcing and Co-sourcing
  • Internal Control Risk Assessment
  • Internal Control Documentation
  • Fraud Risk Assessment
  • Board of Directors and Audit Committee Training and Advisory Services

Each Project follows a multi-phase methodology to assist management in achieving compliance. Our methodology includes the following major phases, depending upon the project:

  • Scoping and Planning – Project Plan ad Scoping Assessment
  • Documentation and Gap Analysis – Control Documentation, Identify control gaps, recommend remediation
  • Evaluation of Key controls – Develop risk and control matrix

Internal Control Risk Assessment and Documentation

Management is ultimately responsible for ensuring that internal controls are established, well documented, and operating effectively. Without clear internal control documentation, management cannot demonstrate an understanding or the activities that are being undertaken to meet its control objectives. In addition, without the documentation, management is not able to assess whether controls are operating as intended and where control gaps may exist. A better understanding of an entity’s internal controls will ultimately reduce reporting errors and increase operational effectiveness by improving the design of existing controls and eliminating redundant controls.
To prepare your entity’s internal control documentation, Thurman, Shinn and Company will:

 

  • Identify your entity’s significant processes based on discussions with management, an analysis of your financial statements and our existing knowledge of governmental entities and/or your entity.
  • Use a top-down approach beginning with the evaluation of entity-level controls, such as the COSO control environment “Tone-at-the-Top,” fraud prevention and detection, and IT general controls, to determine the extent and nature of existing documentation and make recommendations for additional documentation, as appropriate. 
  • For each significant process, as agreed to by management (for example, Information Technology/End User Computing, Revenue, Salaries, Wages and Benefits, Cash Management, Property and Equipment, etc.) we will gather information through a variety of methods (e.g., interviews, observation, document review) and produce control documentation for each process within scope.
  • Identify control gaps related to the design of controls and make recommendations to correct any deficiencies.

Internal Control Risk Assessment (on existing Documentation)

 
A risk assessment is the process of identifying and analyzing relevant risks to the achievement of an entity’s objectives. A risk assessment also involves forming a basis for determining how the risks should be managed. An internal control risk assessment performed by Thurman, Shinn and Company requires sufficient internal control documentation. As part of completing an internal control risk assessment, Thurman, Shinn and Company will:

  • Analyze your entity’s internal control documentation to identify any controls gaps or risks in existing processes.
  • Prioritize the risks identified by the likelihood, significance, and potential impact of each risk.
  • Provide management with potential solutions or mitigating controls to the risks identified, considering the nature of the risk and the expense of implementing a particular solution.

Fraud Risk Assessment

Antifraud programs and controls are the policies and procedures put in place by an entity to help ensure that management directives are carried out. It is important to realize that fraud can occur in entities of any size, and almost any employee may be capable of perpetrating a fraudulent act given the right set of circumstances. A fraud risk assessment will help identify, analyze and manage the risk of fraud occurring. A fraud risk assessment performed by Thurman, Shinn and Company will include the following:

  • Provide checklists, lead group discussions, and conduct interviews with personnel who have an extensive knowledge of the organization.
  • Gather risks and sources identified into a matrix
  • Evaluate the significance of each risk by discussing the potential consequences with management.
  • Evaluate management’s tolerance to the risks identified and rank the risks as either “High” or “Low”, with “High” indicating risks that should be resolved in the short term and “Low” indicating risks that should be resolved as resources become available.

Policy and Procedure Review and Development

Documentation of an entity’s significant operational and accounting processes is essential in times of employee transition and for training purposes. Documenting a process involves identifying and gaining an understanding of the events or transactions that trigger performance of the process, the automated or manual procedures used in performing the process, the person(s) or position(s) responsible for performing the procedures, the source documents used or generated, the procedures for approval and review and correction of any errors detected, and the financial or operations entries or reports summarizing the result of the process. Procedures that may be used to gain an observation of them performing their duties; inspection of documents, forms, and performing a “walk through” of the procedures performed in the process. Thurman, Shinn and Company an assist in reviewing, updating or streamlining the existing procedures and existing documentation, and providing value-added recommendations based on our experience. Additionally, we can assist in the process to gather existing documentation, organize it, and identify any gaps in an effort to meet SAS 112 requirements.

Fraud Policy

To assist your organization in developing a comprehensive fraud policy, Thurman, Shinn and Company will primarily make inquiries of management to determine the unique aspects of your organization’s stance on fraud. We will use this information to create a fraud policy that has been customized specifically to your entity.

Other Services

Thurman, Shinn and Company will be glad to meet with members of management, your board and others charged with governance to discuss the specific needs of your entity and build an engagement to address the circumstance unique to you.

EXPERIENCE – We are committed to providing services to Governmental Entities

We believe our long service record to governmental entities in the area, our working relationships and associations with governmental auditors, accountants and other professionals across the nation and our recent appointment to the State & Local Government Expert Panel of the American Institute of Certified Public Accountants (“AICPA”) demonstrates our expertise and experience in governmental accounting. This means we understand the intricacies of governmental operations and will complete our work efficiently and effectively (i.e., less overall hours).

VALUE – We provide value to our clients beyond simply a reasonable cost structure

Our methodology has at its core a philosophy of simplifying the process by focusing on the significant transactions and account balances first. Our approach includes offering suggestions to clients on process improvement to create a return on investment for the process. We are able to provide numerous related services to support management in various areas as we explained above. What this means to your entity is that Thurman, Shinn and Company will identify opportunities to use the SAS 112 initiative to create more efficient internal processes either through the rationalization of controls (i.e., eliminating those that are not necessary) or through process improvement suggestions that will make processes more efficient.
If you have questions about any of these services or would like more information, please feel free to call. As always, we are available to help management, those charged with governance and your entity comply with the new requirements, and we look forward to working with you.

 
Login   Search   Site Map   Privacy Policy   Disclaimer    Powered by CPA Site Solutions