5 minute read
Preview: State & Local Government Conference
mental health
THE GREEN STANDARD
Finding the Framework for Internal Control Systems in Government Accounting
By DeBBie Davis, CPa
On May 14, 2021, the UACPA is hosting the annual State and Local Government Conference. Like last year, this will be a virtual conference you can enjoy from the comfort of your home or office. The conference will include sessions on auditing and accounting standards, ethics, the economy, and internal control systems. The following information is provided as a preview to the presentation on internal control systems.
Many standards used by auditors are known more commonly by the color of the book they are included in. Do you know the color of book the following standards are known by? 1. Government Auditing Standards (GAS or
GAGAS)
2. International Standards for the Professional
Practice of Internal Auditing or International
Professional Practices Framework (IPPF)
3. Standards for Internal Control in the Federal
Government
4. Governmental Accounting, Auditing, and
Financial Reporting (GAAFR)
The answers are: 1. the Yellow Book, 2. the Red Book, 3. the Green Book, and 4. the Blue Book. The Yellow Book is probably the most well known of the four with the Green Book being the least known of the four. Despite not being well known, the Green Book is a great resource about internal control systems in a government environment.
The Green Book
As noted above, the official title of the Green Book is Standards for Internal Control in the Federal Government. The Green Book is a recognized adaptation of COSO for a government environment and Federal Uniform Guidance (2 CFR 200.303) indicates that the Green Book is equivalent to COSO in being an industry best practice guideline for internal control systems. The book itself (p. 7) states, “The Green Book may also be adopted by state, local, quasi-governmental entities, as well as not-for-profit organizations.”
Internal Control Components
An internal control system, as outlined in COSO and the Green Book, is comprised of five components, which are listed below.
• Control environment (5 principles)
• Risk assessment (4 principles)
• Control activities (3 principles)
• Information and communication (3 principles)
• Monitoring (2 principles)
Are all components of an internal control system necessary? To consider this, let’s compare an internal control system with the game of bowling. When bowling, the objective is to achieve the highest score; this is done by knocking down the bowling pins. There are several things a bowler can do to achieve the objective of a high score, including learn the rules, practice bowling at a bowling alley, wear appropriate attire, and use a ball of an appropriate weight and size. A person is more likely to achieve the highest score if they consistently incorporate all the above listed things. Similarly, an entity is more likely to achieve its objectives if it consistently incorporates all components of an internal control system.
The Five Components
In brief, the five components of an internal control system are the following:
Control Environment – “the foundation for an internal control system.”
The principles of this component are inclusive of commitment to ethical values, organizational structure with assigned roles and responsibilities, competent staff, documentation, and performance evaluation.
Risk Assessment – “risks facing the entity as it seeks to achieve its objectives.”
The principles of this component indicate management should define objectives and through that lens identify, analyze, and respond to risks. Fraud should also be considered.
Control Activities – “actions management establishes through policies and procedures…”
The principles of this component indicate that management should design control activities — including the information system with its related control activities — to achieve objectives and respond to risks. Management should also implement control activities through policies.
Information and Communication – “quality information … and relevant and reliable communication.”
The principles of this component include that quality information should be used to achieve objectives; quality information should be communicated both internally and externally.
Monitoring (of the internal control system) – “assess performance … and promptly resolve findings.”
The principles of this component indicate management should establish and operate activities to monitor the system, evaluate the results, and remediate deficiencies on a timely basis.
Consider your organization or an organization you audit.
Many organizations have multiple processes, multiple personnel, and multiple locations. This means that establishing, implementing, and maintaining an internal control system will require shared vision and effort. The Green Book recognizes this and states, “The five components apply to staff at all organizational levels and to all categories of objectives.”
Internal Control Systems for Auditors and Auditees STATE & LOCAL GOVERNMENT CONFERENCE
May 14, 2021 | 8 - 4:30 Virtual Conference Fees: $250; $199 for Members
For auditors and auditees, an internal control system is generally required; for auditors the requirement is included in auditing standards and for auditees the requirement is included in federal and state regulations.
An internal control system is important for auditors and auditees to help ensure achievement of objectives. The objectives of an audit firm will be different from those of an entity being audited; however, for both, the internal control system helps ensure consistency, compliance, accuracy, efficiency, effectiveness and safeguarding of resources. In a government environment these characteristics are critical elements of accountability.
Knowledge of internal control systems for auditors and auditees is also important because financial statement and single audit opinions include information about an auditor’s consideration and review of internal controls. Auditors do not give an opinion on the maturity or optimization of an entity’s internal control system; an auditor’s consideration of internal controls is limited. This means the governing board and management of an entity need to provide oversight of the internal control system. Additional training on internal control systems will be provided at the State and Local Government Conference. If you would like to read more about designing and implementing internal control systems in a government environment, the Green Book is available online at gao. gov/assets/670/665712.pdf n
Debbie Davis, CPA, is the chief audit executive for the Utah State Board of Education and has worked in government auditing at the state level for 19 years. She graduated from Brigham Young University in 2001 with a bachelor’s and master’s in accounting. Debbie has participated with the UACPA State and Local Government Conference Committee since 2014.
