Compliance and Audit
Internal auditing is an independent, objective assurance and consulting function designed to add value and improve the district’s operations. The internal audit function provides the governing board and Superintendent with independent analyses, appraisals, and recommendations. It also helps the district to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management and control and governance processes. As a partner with management, the internal auditor serves as an in-house consultant on many issues of concern.
Internal controls are an important part of any business as well as a district. An internal control system includes policies and procedures that management designs and implements to provide reasonable assurance that its objectives will be met. Such objectives include safeguarding district assets, promoting efficiency and providing reliable financial information and records.
Internal control systems are based on the principle of separation of duties. This separation makes it more difficult for theft or undetected errors. No one person should be in a position to control a transaction from initiation to completion and recording into the books. Internal controls can be preventive, detective or corrective in nature:
Preventive controls are designed to discourage or pre-empt errors or irregularities from occurring. They are more cost-effective than detective controls. Credit checks, job descriptions, required authorization signatures, data entry checks and physical control over assets to prevent their improper use are all examples of preventive controls.
Detective controls are designed to search for and identify errors after they have occurred. They are more expensive than preventive controls, but still essential since they measure the effectiveness of preventive controls and are the only way to effectively control certain types of errors. Account reviews and reconciliations, observations of payroll distribution, periodic physical inventory counts, passwords, transaction edits and internal auditors are all examples of detective controls.
Corrective controls are designed to prevent the recurrence of errors. They begin when improper outcomes occur and are detected and focus the "spotlight" on the problem until management can solve the problem or correct the defect. Quality circle teams and budget variance reports are examples of corrective controls. You can evaluate controls in your department's operations by following the same process.
Control activities are those specific policies and procedures that help ensure management directives are implemented. They include a wide range of activities that occur throughout the organization, by supervisory and front-line personnel. This is not an all-inclusive list, but represent some examples of common control activities:
- Segregation of Duties - Duties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For instance, responsibilities for authorizing transactions, recording them, and handling the related asset are divided.
- Physical Controls - Equipment, inventories, securities, cash and other assets are secured physically, and periodically counted and compared with amounts shown on control records. Access is restricted to those with authority to handle them.
- Reconciliations - Comparisons are made between similar records maintained by different persons to verify transaction details.
- Policies and Procedures - Established policies, procedures and even job descriptions provide guidance and training to ensure consistent performance at a required level of quality.
- Transaction and Activity Reviews - Managers running functions or activities review performance reports. They may relate different sets of data - operating or financial - to one another, together with analyses of the relationships.
- Information Processing Controls - A variety of controls are performed to check accuracy, completeness and authorization of transactions. Data entered are subject to edit checks or matching to approved control files. Numerical sequences of transactions are accounted for, and file totals are controlled and reconciled with prior balances and control accounts. Development of new systems and changes to existing ones are controlled, as is access to data, files and programs.
RECOMMENDATIONS FOR DEVELOPING AN INTERNAL CONTROL SYSTEM
- Designate the cash handling responsibilities to specific individual(s)
- Do not allow the person responsible for bookkeeping to handle cash. There must be segregation of duties.
- Use pre-numbered receipts for all cash collections.
- Carefully review all bank deposits before making the deposit.
- Promptly make deposits intact (no money held back for expenses)
- Secure cash in a safe, or cash register.
- If a cash register is used, establish policies for overages and shortages.
- Make all payments by checks except for small amounts to be paid by petty cash. Petty cash should be maintained on the impress method, requiring documentation to support all inflows and outflows of cash.
- Use proper documentation to support all disbursements.
- Keep all cash-related documents secured when not in use.
- Whenever possible, use outside documentation to compare against your records.
- Make a visible indication of reviews on documents reviewed. The control system should never exist on only paper, and employees should see evidence of its application.
- Set up the control system early to prevent problems, rather than as a reaction to loss.
- Provide the internal control system with ways to identify the source of errors to direct remedial errors.
Frequently Asked Questions
1. Who does the Internal Auditor report to?
The Internal Auditor reports directly to the Superintendent in order to assure separation of duties with Fiscal or Human Resources.
2. What is Internal Audit?
Internal Audit is a service to district and Board of Education. It evaluates the effectiveness of the systems and procedures within the District.
3. What is the difference between an internal audit and the annual external audit?
An External audit is a statutory requirement that determines whether the District’s accounts present a true and fair view of the financial position. The internal auditor reports to the Superintendent and Board of Education on the systems of governance, risk management, internal control and value for money. This means the scope of the work is much wider and covers a number of non-financial areas used within the District.
4. What are the Objectives of an Internal Audit?
The objectives of an internal audit are to:
- establish the areas of risk in the area being audited;
- establish the controls in place to address those risks and review their adequacy;
- verify whether the District’s financial regulations are being followed;
- carry out detailed testing of the controls being relied on;
- make recommendations where weaknesses or inefficiencies are observed.
5. What happens during an internal audit?
The Internal Auditor first meets with Department or School Site leadership to find out the budget objective, the associated risks, and what controls are in place. The auditor may also need further meetings with other members of staff to obtain more detailed information on the controls that are used.
Tests are carried out to verify that controls are adequate and are operating effectively. This may require sampling, observing work being performed, reviewing notes of meetings and holding discussions.
The team will then meet again with the Department or School Site leadership to discuss our findings and any recommendations we wish to make in the report.
After this meeting, a draft report is produced. The report includes an action plan that summarizes the recommendations, the agreed actions, and timescales.
The Department or School Site leadership will be asked to comment on the factual accuracy of the report before it is finalized. Because all of the findings will have been discussed prior to the production of the report, there should not be any surprises in what it says.
6. Can I refuse to have an internal audit?
No. The Internal Auditor has a right of access to all documents and records needed to carry out the audit. Accommodations can be made about the timing of the audit, although in exceptional circumstances this may not be possible.
7. Do I have to agree with what Internal Auditor has recommended?
Not necessarily. The degree of importance of recommendations varies. There are
- material recommendations where urgent action is required;
- need for significant improvement, where action should be taken but the risk is not so great;
- merit-attention recommendations, which are general suggestions for improvement.
Material recommendations should generally be dealt with promptly and the others in accordance with the agreed action plan. The internal auditor’s office goal is to minimize disputes by discussing our findings and the implications before the report is drafted. The implementation of the fundamental recommendations and a sample of others will be reviewed by Internal Audit within a timely.
8. Who looks at the Internal Audit reports?
All audit reports are reviewed by the Superintendent, Chief Business Officer, Deputy Counsel and Board of Education, upon request.