Audit Absolutes DHS/USCG Perspectives. Jeff Bobich DHS Director of Financial Management Mark Rose USCG Comptroller 10 March 2016

Similar documents
DHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs

FIRST NATIONS FINANCIAL MANAGEMENT BOARD. FMB Certification: What Auditors Need to Know March 16, 2017

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

CHARTER OUR MISSION OUR OBJECTIVES OUR GUIDING PRINCIPLES

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

MetricStream GRC Summit 2013: Case Study

Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

MNsure Privacy Program Strategic Plan FY

Exam Questions IIA-CGAP

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

SCO Audit Tales. Chapter II Sonoma State University

Turning Risk into Advantage

Cybersecurity Overview

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Article II - Standards Section V - Continuing Education Requirements

SAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

DHS Systems Engineering Acquisition Challenges and Issues

Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.

Article I - Administrative Bylaws Section IV - Coordinator Assignments

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Putting It All Together:

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

System Chief Business Officer - B. J. Crain The Texas A&M University System Position Description--January 13, 2010

NYDFS Cybersecurity Regulations

Policies and Procedures Date: February 28, 2012

Progress of the UAE Nuclear Power Program -Regulator s Perspective

IIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.

Security and Privacy Governance Program Guidelines

Information for entity management. April 2018

Cybersecurity Assessment Tool

April 5, Subject: DHS Multi-Agency Operation Centers Would Benefit from Taking Further Steps to Enhance Collaboration and Coordination

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Information Systems Security Requirements for Federal GIS Initiatives

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Memorandum of Agreement

STRATEGIC PLAN. USF Emergency Management

VII. GUIDE TO AGENCY PROGRAMS

Auditing and Monitoring in an Effective Institutional Compliance Program

Maryland Health Care Commission

Outline. Other Considerations Q & A. Physical Electronic

Risk-based security in practice Turning information into smart screening. October 2014

Data Governance Central to Data Management Success

ART CENTER AND SATELLITE PLANT

Credit Card Data Compromise: Incident Response Plan

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

UNCONTROLLED IF PRINTED

TEL2813/IS2820 Security Management

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

UNIVERSITY OF VIRGINIA BOARD OF VISITORS MEETING OF THE AUDIT, COMPLIANCE, AND RISK COMMITTEE DECEMBER 9, 2016

Postal Inspection Service Mail Covers Program

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

OTA Strategic Update Building & Amplifying April 5, 2017

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

Guelph Police Service

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Office of MN.IT Services Data Centers

The Office of Infrastructure Protection

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

A checklist for the new 990 requirements:

MEETING: DATE: TYPE OF ACTION: STAFF CONTACT: PHONE:

Workshop 71: Is Your Financial System Ready? An Overview of Effective Federal Information System Controls Audit Manual (FISCAM) Assessments

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Information Security Continuous Monitoring (ISCM) Program Evaluation

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Inspector General. Report on the Peace Corps Information Security Program. Peace Corps Office of. Background FISCAL YEAR 2017

Information Security Incident Response Plan

Information Technology Branch Organization of Cyber Security Technical Standard

Annual Report for the Utility Savings Initiative

Internal Audit Report. Electronic Bidding and Contract Letting TxDOT Office of Internal Audit

Competency Definition

UNIVERSITY OF NORTH CAROLINA CHARLOTTE

Unit Compliance to the HIPAA Security Rule

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

DATA CENTER OPERATIONS CALIFORNIA STATE UNIVERSITY, DOMINGUEZ HILLS. Audit Report June 15, 2012

TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark

DEPARTMENT OF HEALTH and HUMAN SERVICES. HANDBOOK for

Failing Systems: Desperate Measures for Desperate Times. Department of Environmental Quality

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY DEPARTMENT OF PROCUREMENT

Information Security Incident Response Plan

Working Together to Create Sustainable Success. APICS Board of Directors Meeting Update April 2012

Activities of the Second Quarter 2018

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

B. To ensure compliance with federal and state laws, rules, and regulations, including, but not limited to:

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE INTELLIGENCE COMMUNITY POLICY MEMORANDUM NUMBER

Decentralized IT General Controls Review: Student Affairs Systems Group

Independent Assurance Statement

Post ECC EIA Process. Orientation/Training on the Philippine Environmental Impact Statement System (PEISS) for LGUs Davao City 28 October 2015

Audit and Compliance Committee - Agenda

STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY

Frequently Asked Question Regarding 201 CMR 17.00

Notification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.

Information Technology General Control Review

Illustrative cybersecurity risk management report. April 2018

Transcription:

Audit Absolutes DHS/USCG Perspectives Jeff Bobich DHS Director of Financial Management Mark Rose USCG Comptroller 10 March 2016 1

DHS Audit Requirements & Overview 2

DHS Audit Requirements Chief Financial Officers Act of 1990 - requires all Federal agencies to undergo an annual audit of their financial statements DHS Audit Requirement Target Act of 2012 (DART Act) - requires the Department to obtain an unqualified (clean) opinion on the full set of financial statements in fiscal year 2013, and each fiscal year thereafter. DHS Financial Accountability Act of 2004 - requires DHS to undergo an annual audit of internal controls over financial reporting. o DHS is the only cabinet level agency subject to this requirement 3

DHS Financial Management Scope 15 Component Bureaus 8 Different G/L Systems, Hundreds of Feeders Variety of Business Lines with Complex Accounting Insurance, Direct Loans, Borrowing Authority & Debt, Grants, Trust Funds, Pensions and Health Care, Custodial Revenue (Customs), Large Fee Programs (Aviation & Immigration), Seizures (Property, Drugs, and Currency), OM&S, PP&E, Environmental Liabilities FY 2015: $96b assets, $97b liabilities, $63b gross cost, $53b net cost, $64b enacted BA Consolidated department-wide audit, plus standalone audit opinion for Customs & Border Protection. 4

DHS Audit History FY 2003 DHS stood up starts with 30 inherited deficiencies, 18 of those material weaknesses. FY 2005 - One DHS financial statement audited: the Balance Sheet resulting in disclaimer of opinion with 10 DHS-wide material weaknesses and two significant deficiencies. FY 2011 Year of the Opinion - Qualified due to the USCG s general property, plant and equipment (PP&E). FY 2013 Clean (unmodified) opinion sustained through FY 2015 and beyond. 5

DHS Audit History FY 2015 three remaining material weaknesses 6

How we got to clean Commit Collaborate & Communicate Continuous Monitoring Plan Believe! 7

Keys to Success Audit Management Well defined, mutually agreed upon audit calendar Effective liaison get them what they need! Regular status checks at all levels Leadership Support Accountability Moving Roadblocks Risk Assessments (Business Impacts) Structured Internal Control Testing Continuous / Routine Monitoring Validation and Verification of Remediation 8

Why USCG is Significant USCG makes up a large part of the DHS Financial Statements (FY15): 27% of assets 53% of liabilities 28% of net cost Due to its size and complexity, USCG is a contributing factor in all three of the DHS Material Weaknesses reported by the auditors in FY15. Financial Reporting PP&E Information Technology Controls 9

USCG Audit Experience 10

Financial Statement Audit History Year Dept Auditor Scope Opinion Through 2002 DOT DOT IG Full Scope Unqualified 2003 DHS KPMG Balance Sheet Qualified 2004-2010 DHS KPMG Balance Sheet Disclaimer 2011 DHS KPMG Balance Sheet Qualified 2012 DHS KPMG Full Scope Qualified 2013 DHS KPMG Full Scope Unmodified 2014 DHS KPMG Full Scope Unmodified 2015 DHS KPMG Full Scope Unmodified FY03: Coast Guard joined DHS. DHS receives Qualified audit opinion on its balance sheet FY11: Received first Qualified audit opinion on its balance sheet and statement of custodial activity FY13: Received first unmodified (unqualified) audit opinion on its financial statements since DHS was formed in 2003 FY14 & FY15: Received unmodified audit opinion on its financial At DOT - Thru 2002 At DHS 2003 - Onward 11 statements

FY 2015 Audit Results Coast Guard drives DHS audit results due to size Financial Statement: Unmodified (clean) Internal Controls over Financial Reporting: Adverse DHS Significant Deficiencies considered to be were over: Financial Reporting (FR) IT General Controls (ITGC) Property, Plant & Equipment (PP&E) The CG was a major contributor to DHS' Material Weakness over FR & PP&E and to a considerable, but lesser extent, to the Material Weakness over ITGC. Other DHS were over: Budgetary Accounting, Grants Management & Custodial Activity. 12

USCG Audit PBC/NFR Process NOTE: KPMG, Audit Coordination Team (ACT) and USCG POCs use SharePoint and Shared folders for PBC/NFR requests 13

Internal Controls Cycle 12) Statement of Assurance 1) Determine Scope 2) Perform Materiality Assessment 11) Roll Forward and Monitoring 3) Perform Risk Assessment 10) Create Corrective Action Plan 4) Document Process and Procedures 9) Report Results to Management 5) Develop Testing Plan 8) Evaluate Test Results 7) Perform Test of Effectiveness 6) Perform Test of Design 14

USCG Statement Of Assurance Coast Guard Commandant s Assurance Statement Assessable Organizational Elements (AOE) Assurance Statements (HQ PMs/Area CDRs) CIO CFO Government Performance and Results Act Reporting (Operations) Information Technology General Controls (CIO) Internal Controls Over Operations (AOE) Internal Controls Over Financial Reporting (CFO) Effective and Efficient Operations Compliance with Laws and Regulations Reliable Reports Programs Resources Risks External Oversight 15

USCG Executive Focus The unmodified Financial Statement Audit Opinion was earned through hard work and significant manpower.but it requires continued executive focus to sustain the opinion. EMC-ICARB: Executive Management Council Internal Controls/Audit Readiness Board Oversees the coordination of annual financial statement audit activities. Validates, verifies, and reports to the Commandant as to when sufficient action has been taken to declare that a material weakness and/or reportable condition has been corrected. SAT: Senior Assessment Team Assists the EMC-ICARB in overseeing and coordinating the annual financial statement audit. Reports remediation effort progress to the EMC-ICARB. MAP: Mission Action Plan Develops the corrective actions to address significant deficiencies and material weaknesses. Coordinates and executes the planned remediation efforts. ICWG: Internal Control Working Group Promotes the importance and value of internal control and accountability throughout the Coast Guard. Facilitates effective communication, coordination, monitoring, and execution of internal control initiatives, including risk assessments. 16

Questions? 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback