STATEMENT OF AUDITING STANDARDS 112 SAS112

1
STATEMENT OF AUDITING STANDARDS 112
(SAS112) Communicating Internal Control Matters
Identified in an Audit UC Riverside June 2007
1
2
" Today's  audit environment   encourages 
transparency and accountability. Therefore, an
integrated campuswide effort is  needed 
to  effectively steward the funds entrusted to
UCR.
Chancellor Córdova
2
3
AGENDA
1- Why SAS112 2- What is SAS112 3- Impact of
SAS112 4- Internal Control 5- Minimizing risk
-Sponsored Project Admin -Dept.
operations 6- What to do?
3
4
- United States Federal Law and SEC For
Public Companies -SarbanesOxley
(SOX) Requires conducting an assessment of the
effectiveness of internal controls by
management, to be audited and approved by the
companys independent accountants
WorldCom Enron
Why SAS112?
SAS112 is our SOX
- American Institute of Certified
Public Accountants For
non-profit organizations (UCR) - SAS
112
4
5
Non-Compliance Fine - Contract Grants
University of California (2002). Fine 1.8 m
Northwestern University (2003). Fine 5.5m
Harvard University (2004). Fine 2.6m
Mayo Foundation (Mayo Clinics). Fine 6.5m
Florida International University (2005). Fine
11.5m
University of Alabama Birmingham (2005). Fine
3.4 m
5
6
What is SAS112?

• Establishes standards for communicating internal
  control issues relating to
• integrity of financial reporting
• compliance with applicable laws and regulation
• Establishes standards that classifies
  communicated control issues as
• - control deficiencies
• - significant deficiencies
• - material weaknesses

SAS112 standards have been adopted by the federal
agencies and the Government Audit Standards has
been updated to incorporate SAS112
6
7

• Impact of SAS 112 on UCR
• Due to significant changes in the
• evaluation of control exceptions
• and more stringent audit standards,
• UCR is more likely to encounter
• control issues being identified and
• reported
• - Increased scrutiny
• - Larger audit samples
• - More evidence and documentation required during
  audits
• Lower audit materiality thresholds
• SAS 112 requires disclosure of deficiencies to
  Regents and others

7
8
Impacts of deficiencies and weaknesses
disclosures -negative impact on reputation
-increased internal and external audits -audit
disallowances, fines and penalties -potential
impact on resource allocation -negative impact on
sponsored project funding
8
9
Generally, internal controls at UCR are in order
and adequate, but there are departments, function
s and areas where we noted.
Control Issues with - Ledger reconciliation
review - Certified effort reports -
Cost Transfers - Expenditure monitoring
- Budget variance analysis - Cash handling/
Revenue monitoring - Payroll processing
- Timekeeping billing - Fiscal Year End
Processes
9
10
INTERNAL CONTROL

• Internal Control
• Internal control is broadly defined as a process,
  effected by the UC Regents, management and other
  personnel, designed to provide reasonable
  assurance regarding the achievement of objectives
  in the following categories
• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.

10
1
11
Who is responsible for implementing internal
controls?
11
12
PARTNERSHIP
Central Offices (Accounting, Audit Advisory
Services, APB, OR, etc.)
Principal Investigator Project Personnel
Departments (Chair/ Director, MSO, Staff)
Control Units (Deans/VC CFAO)
12
13
(a)
13
(a) 26 increase from FY03/04
14
UCRs Challenge

• Increasing extramural support while managing risk

Our Goal
Facilitating Faculty Success!
14
15
sub-recipient monitoring
award close-out
cost sharing
effort reporting
cost transfers
POTENTIAL RISKS IN CG AREA
physical inventory
review of monthly statements
overdraft
15
16
FALL 2006
16
17
CG Risk Effort Reports

• Symptoms of deficiencies
• Incomplete or missing reports
• Late reporting
• Major area of concern for Federal Government
• Current Efforts
• New on-line system coming
• Resolution of deficiency
• Remove unsubstantiated costs

17
18
CG Risk Cost Transfers

• Symptom of Deficiency
• High volume
• Late transfers (may require revised effort
  reports)
• Improper documentation and/or allocation
  methodology
• Major area of concern for Feds
• Current Efforts
• Enhancing Business Rules
• Resolution of deficiency
• Reversal of charges

18
19
CG Risk Award Closeout

• Symptom of Deficiency
• Delinquent Financial Reports
• Delinquent Technical Reports
• Area of concern for Feds
• Current Efforts
• Improving notification process
• Resolution
• Future funding withheld for specific awards
• Funding to institution withheld

19
20
Minimizing Risks in Sponsored Project
Administration

• Training
• CG Workshops (to be expanded)
• Ethics Awareness
• Tools
• Enterprise Reporting System
• Ledger Recon/Review System (coming soon)
• Policies
• CG Manual
• UCR Research Administration Roles
  Responsibilities (in development)

20
21
Minimizing Risks in Sponsored Project
Administration

• Timely review of monthly statements
• Budget to Actual
• Anticipate unspent balances or overdrafts
• Review payroll transactions
• Regularly meetings/discussion between PIs
  administrative staff
• Immediately report discrepancies
• Communication
• Timely resolution

21
22
Minimizing Risks in Sponsored Project
Administration

• Timely return of certifications
• Effort Reports
• Cost sharing Reports
• Impacts Financial Reports and Award Close-Out
• Monitor Sub-recipients progress on project
  compared to billing statements
• Potential impact on award close-out
• Timely submission of Technical Reports

22
23
SAS112-Campus Departments

• General Internal Controls to Minimize Risk

23
24
Minimizing Risk-Departmental

• Department Head
• Oversees and is integrated into the financial
  management process
• Ensures proper controls and monitoring procedures
  are in place
• Ensures financial reports are accurate and
  meaningful
• Ensure SAAs, transactors and reviewers are
  appropriately trained and supported in their key
  business process roles

24
25
Minimizing Risks-Departmental

• Timely reconciliation and review of monthly
  ledgers
• Budget to Actual review
• Analysis of causes for variances
• Review of payroll transactions by financial staff
  and responsible manager
• Regular review of financial reports by
  department manager and business officer
• Evidence of ledger reconciliation and review
• Timely resolution of errors
• Frequent and late cost transfers can be a symptom
  of a deficiency

25
26
Minimizing Risks-Departmental

• Ensure sufficient segregation of duties
• No one person should have complete control over
  the key processing functions for financial
  transactions
• Provides for prevention and detection
• Errors
• Inappropriate activities
• Post Audit Notification (PAN) Reviews
• Payroll/Personnel System and UCRFS transactions
• Timely
• Adequate

26
27
What to do

• Control Assessment

• Training

When issues are identified
1- Self-report
2-Assistance
3-Escalate/Remediate
4-Proactive Approach
When control issues or policy non-compliance are
recurring and systemic
Everyone is responsible
It will be transparent and there will be
consequences
27
28
Contacts

• Gretchen Bolar, Vice Chancellor-Academic Planning
  Budget gretchen.bolar_at_ucr.edu
• Bobbi McCracken, Asst. Vice Chancellor-Financial
  Services bobbi.mccracken_at_ucr.edu
• Mike Jenson, Director-Audit Advisory Services
• michael.jenson_at_ucr.edu
• Bruce Morgan, Asst. Vice Chancellor-Office of
  Research bruce.morgan_at_ucr.edu
• Toffee Jeturian, Asst. Director-Audit Advisory
  Services rodolfo.jeturian_at_ucr.edu
• Marc Guerra, Director-Financial Control
  Accountability marc.guerra_at_ucr.edu

28