Audit Absolutes DHS/USCG Perspectives Jeff Bobich DHS Director of Financial Management Mark Rose USCG Comptroller 10 March 2016 1
DHS Audit Requirements & Overview 2
DHS Audit Requirements Chief Financial Officers Act of 1990 - requires all Federal agencies to undergo an annual audit of their financial statements DHS Audit Requirement Target Act of 2012 (DART Act) - requires the Department to obtain an unqualified (clean) opinion on the full set of financial statements in fiscal year 2013, and each fiscal year thereafter. DHS Financial Accountability Act of 2004 - requires DHS to undergo an annual audit of internal controls over financial reporting. o DHS is the only cabinet level agency subject to this requirement 3
DHS Financial Management Scope 15 Component Bureaus 8 Different G/L Systems, Hundreds of Feeders Variety of Business Lines with Complex Accounting Insurance, Direct Loans, Borrowing Authority & Debt, Grants, Trust Funds, Pensions and Health Care, Custodial Revenue (Customs), Large Fee Programs (Aviation & Immigration), Seizures (Property, Drugs, and Currency), OM&S, PP&E, Environmental Liabilities FY 2015: $96b assets, $97b liabilities, $63b gross cost, $53b net cost, $64b enacted BA Consolidated department-wide audit, plus standalone audit opinion for Customs & Border Protection. 4
DHS Audit History FY 2003 DHS stood up starts with 30 inherited deficiencies, 18 of those material weaknesses. FY 2005 - One DHS financial statement audited: the Balance Sheet resulting in disclaimer of opinion with 10 DHS-wide material weaknesses and two significant deficiencies. FY 2011 Year of the Opinion - Qualified due to the USCG s general property, plant and equipment (PP&E). FY 2013 Clean (unmodified) opinion sustained through FY 2015 and beyond. 5
DHS Audit History FY 2015 three remaining material weaknesses 6
How we got to clean Commit Collaborate & Communicate Continuous Monitoring Plan Believe! 7
Keys to Success Audit Management Well defined, mutually agreed upon audit calendar Effective liaison get them what they need! Regular status checks at all levels Leadership Support Accountability Moving Roadblocks Risk Assessments (Business Impacts) Structured Internal Control Testing Continuous / Routine Monitoring Validation and Verification of Remediation 8
Why USCG is Significant USCG makes up a large part of the DHS Financial Statements (FY15): 27% of assets 53% of liabilities 28% of net cost Due to its size and complexity, USCG is a contributing factor in all three of the DHS Material Weaknesses reported by the auditors in FY15. Financial Reporting PP&E Information Technology Controls 9
USCG Audit Experience 10
Financial Statement Audit History Year Dept Auditor Scope Opinion Through 2002 DOT DOT IG Full Scope Unqualified 2003 DHS KPMG Balance Sheet Qualified 2004-2010 DHS KPMG Balance Sheet Disclaimer 2011 DHS KPMG Balance Sheet Qualified 2012 DHS KPMG Full Scope Qualified 2013 DHS KPMG Full Scope Unmodified 2014 DHS KPMG Full Scope Unmodified 2015 DHS KPMG Full Scope Unmodified FY03: Coast Guard joined DHS. DHS receives Qualified audit opinion on its balance sheet FY11: Received first Qualified audit opinion on its balance sheet and statement of custodial activity FY13: Received first unmodified (unqualified) audit opinion on its financial statements since DHS was formed in 2003 FY14 & FY15: Received unmodified audit opinion on its financial At DOT - Thru 2002 At DHS 2003 - Onward 11 statements
FY 2015 Audit Results Coast Guard drives DHS audit results due to size Financial Statement: Unmodified (clean) Internal Controls over Financial Reporting: Adverse DHS Significant Deficiencies considered to be were over: Financial Reporting (FR) IT General Controls (ITGC) Property, Plant & Equipment (PP&E) The CG was a major contributor to DHS' Material Weakness over FR & PP&E and to a considerable, but lesser extent, to the Material Weakness over ITGC. Other DHS were over: Budgetary Accounting, Grants Management & Custodial Activity. 12
USCG Audit PBC/NFR Process NOTE: KPMG, Audit Coordination Team (ACT) and USCG POCs use SharePoint and Shared folders for PBC/NFR requests 13
Internal Controls Cycle 12) Statement of Assurance 1) Determine Scope 2) Perform Materiality Assessment 11) Roll Forward and Monitoring 3) Perform Risk Assessment 10) Create Corrective Action Plan 4) Document Process and Procedures 9) Report Results to Management 5) Develop Testing Plan 8) Evaluate Test Results 7) Perform Test of Effectiveness 6) Perform Test of Design 14
USCG Statement Of Assurance Coast Guard Commandant s Assurance Statement Assessable Organizational Elements (AOE) Assurance Statements (HQ PMs/Area CDRs) CIO CFO Government Performance and Results Act Reporting (Operations) Information Technology General Controls (CIO) Internal Controls Over Operations (AOE) Internal Controls Over Financial Reporting (CFO) Effective and Efficient Operations Compliance with Laws and Regulations Reliable Reports Programs Resources Risks External Oversight 15
USCG Executive Focus The unmodified Financial Statement Audit Opinion was earned through hard work and significant manpower.but it requires continued executive focus to sustain the opinion. EMC-ICARB: Executive Management Council Internal Controls/Audit Readiness Board Oversees the coordination of annual financial statement audit activities. Validates, verifies, and reports to the Commandant as to when sufficient action has been taken to declare that a material weakness and/or reportable condition has been corrected. SAT: Senior Assessment Team Assists the EMC-ICARB in overseeing and coordinating the annual financial statement audit. Reports remediation effort progress to the EMC-ICARB. MAP: Mission Action Plan Develops the corrective actions to address significant deficiencies and material weaknesses. Coordinates and executes the planned remediation efforts. ICWG: Internal Control Working Group Promotes the importance and value of internal control and accountability throughout the Coast Guard. Facilitates effective communication, coordination, monitoring, and execution of internal control initiatives, including risk assessments. 16
Questions? 17