Implementing Appropriate and Timely Corrective Actions
1 like1,180 views
This document discusses implementing corrective actions in response to audit findings. It defines corrective action and explains applicable laws and regulations requiring auditees to prepare a summary of prior audit findings and a corrective action plan to address current findings. The first step is to understand the finding by reviewing the type and determining the root cause. An effective corrective action plan should include specific steps to implement, dates to put procedures in place, and monitoring to ensure ongoing compliance. The plan should utilize auditor recommendations and ensure all relevant parties are involved.
Implementing Appropriate and Timely Corrective Actions
- 1. Implementing Appropriate and Timely Corrective Actions James Shankland, CPA
- 2. Definition Corrective and preventive action consists of improvements to an organization’s processes taken to eliminate causes of non-conformities or other undesirable situations. 2
- 3. Applicable Laws & Regulations § 200.511 Audit findings follow-up. • “Auditee is responsible for follow-up and corrective action on all audit findings.” • “Auditee must prepare a summary of prior audit findings.” • “Auditee must also prepare a corrective action plan for current year audit findings.” • Corrective action plan must provide: Name of the contact person responsible Corrective action planned Anticipated completion date 3
- 4. First Step – Understanding Review the finding in the Single Audit report Determine the type of finding Federal or financial? • Internal control deficiency? • Noncompliance? • Both? 4
- 5. First Step – Understanding 5 Federal noncompliance reported here Federal internal control reported here Financial internal control reported here
- 6. First Step – Understanding Determine the “root cause” • Design • Operation Did the deficiency occur for the entire year, or just during a small window of time? 6
- 7. First Step – Understanding Design - the District’s processes or system of internal controls designed effectively enough to prevent a misstatement or an instance of noncompliance. Operation – the District’s system of internal controls did not operate as intended, or procedures were not followed. 7
- 8. First Step – Understanding If it’s design • New policies and procedures may need to be put in place • Consider a formal revision to policy • New employee or additional FTE necessary? More likely, existing employee will have to take on an additional duty • Provide training to employees on new procedure 8
- 9. First Step – Understanding If it’s operation • Provide training to employees on existing procedure • Implement levels of management review to ensure procedure is followed 9
- 10. First Step – Understanding CRITERIA – the reason for why the requirement exists (laws/regulations, GAAP) CONDITION – broad overview of the deficiency CAUSE – why the deficiency occurred EFFECT – the effect; did it cause the District to be noncompliant with laws, GAAP, etc – did it leave the District susceptible to fraud or a misstatement? CONTEXT – more specific details on the finding and the deficiency 10
- 11. First Step – Understanding Examples of causes • “The District did not have adequate procedures in place…” • “District policies and internal controls were not always operating effectively or were not always followed.” • “Personnel turnover contributed to…” • “Management oversight was insufficient to…” • “A proper and thorough review was not performed.” 11
- 12. First Step – Understanding Causes in report are intentionally a little vague Dig into the detail yourself • At what point of the year did the deficiency occur? • If turnover was the reason, what position? • Did some staff lack adequate training? • Were internal controls circumvented? “Management override of controls” 12
- 13. Second Step – Corrective Action Plan Separate section of the Single Audit Reporting Package 13
- 14. Second Step – Corrective Action Plan Your corrective action plan should address: 1) Specific steps or procedures to be implemented Bad Example: “The District has taken action and corrected the noted deficiencies.” 14 Any thoughts on why this is a “bad” corrective action?
- 15. Second Step – Corrective Action Plan Your corrective action plan should address: 1) Specific steps or procedures to be implemented Okay Example: “The District will implement the recommendations by the auditor as noted in the report. Policies and procedures will be updated as necessary, and personnel will undergo training to ensure compliance.” 15
- 16. Second Step – Corrective Action Plan Your corrective action plan should address: 1) Specific steps or procedures to be implemented Good Example: “The District has implemented the following procedures to ensure that the deficiencies have been corrected: Bank reconciliations will be completed by the 15th day of the following month and reviewed and approved by the Finance Director. All reconciling items will be properly disposed of. A reconciliation between capital outlay expenditures and capital additions will be performed to ensure that all capital assets are included in the District’s listing. This reconciliation will be performed on a quarterly basis by the Finance Director, and approved by the Assistant Superintendent of Operations. Purchasing staff will be provided additional training to ensure that they are cognizant of all applicable procurement rules and regulations. 16
- 17. Second Step – Corrective Action Plan Another Good Example: “All capital projects are discussed in a monthly committee meeting where detailed information and current activities are shared. The capital assets listed is reconciled to capital expenditures and reviewed annually to ensure proper recording and that all capital projects that meet the District’s capitalization threshold are included as required by the Uniform System of Financial Records and governmental financial reporting standards.” 17
- 18. Second Step – Corrective Action Plan Your corrective action plan should address: 2) Dates by which the procedures will be put in place Be realistic with this date Remember, the audit report is being released partway through the subsequent year! It’s okay to have a long-term completion date Follow-through is more important A longer time period is to be expected when the District has to hire a new employee and also train that employee, or completely revamp something Common to put “June 30, (subsequent fiscal year)” as anticipated date More specific dates are preferred Shows to grantors that the District is being proactive 18
- 19. Second Step – Corrective Action Plan Your corrective action plan should address: 3) What sort of monitoring process will be set up to ensure continuing compliance Consider implementing an internal audit process An independent employee reviews the area where the deficiency occurred Results are brought up at an administrative meeting • Ensures accountability Governing body members should also read the finding and corrective action plan and follow-up with management at a later date 19
- 20. Considerations Make sure others are on-board with your action plan • Often, it is drafted by Business Manager but not shared with others • This also solves the “that’s not my job” issue that may arise later 20
- 21. Considerations Utilize the auditor recommendations from the finding itself • Your auditor will be happy to provide more detailed recommendations, so consider a call! 21
- 22. Considerations Narrative or bullet-point format are both allowable • Bullet-point format can be useful if a finding has several deficiencies listed No maximum or minimal length 22