The URL can be used to link to this page

Home My WebLink AboutCity Council Packet 03-11-2008 SpecialAgenda City of Plymouth Special City Council Meeting Tuesday, March 11, 2008 6:00 p.m. Medicine Lake Room 1. Call to Order 2. Meeting with auditors 3. Adjourn DATE: March 3, 2008 TO: . Laurie Ahrens, City Manager FROM: Jodi Bursheim, Finance Manager through Cal Portner, Administrative Services Director SUBJECT: Audit Meeting On March 11; 2008, the auditors will be meeting with the Council at the request of Council. During this meeting, staff has requested the auditors to discuss the "New Statements on Auditing Standards". which are effective for city audits for the fiscal year ending December 31, 2007. These new auditing standards were mentioned in the management report prepared by Malloy, Montague, Karnowski Radosevich, & Co (MMKR) for the year ending December 31, 2006. In -that report, it was indicated that these statements are to establish standards and provide guidance concerning the auditor's assessment of the risks of material misstatement (whether caused by error or fraud) in a financial statement audit and the design and performance of audit procedures whose nature, timing, and extent are responsive to the assessed risks. In addition, these statements establish standards and provide guidance on planning and supervision, the nature of audit evidence, and evaluating whether the audit evidence obtained affords a reasonable basis for an opinion regarding the financial statements under the audit.. The primary objective of these statements is to enhance the auditors' application of the audit risk model in practice, as well as continue efforts to reestablish public confidence in the audit process in light of recent major corporate failures. The auditors also indicated within their report that these new standards will add a substantial amount of time to the typical audit. In preparation of the March 11th meeting, I have attached a copy of one of the standards (SAS 112) from the Office of the State Auditor which explains in more detail the reporting requirement surrounding the new standards. As mentioned earlier, the auditors will be available at this meeting to discuss any questions or concerns surrounding these statements. STATE OF MINNESOTADNOB• . OFFICE OF THE STATE AUDITOR SUITE 500 525 PARK STREET ( 651) 296-2551(Voice) SAINT PAUL, MN 551.03-2139 ( 651) 296-4755 (rax) REBECCA OTTO stateauditor(iuosastate.mn.us (E-mail) STATE AUDITOR 1-800-627-3529 (Relay Service) New Auditing Standards Will Impact the Conduct of Your Annual Audit In May 2006, the American Institute of Certified Public Accountants (AICPA), the national professional organization for certified public accountants, issued its Statement on Auditing Standards (SAS) No.. 112, Communicating Internal Control Related Matters Identified in an Audit. The AICPA establishes auditing standards generally accepted in the United States that certified public accountants and government auditors must follow in conducting of audits of state and local governments'. SAS No. 112 establishes standards, responsibilities and guidance for auditors during a financial statement audit engagement for identifying and evaluating a client's internal control over financial reporting. This new standard requires the auditor to report in writing to management and the governing body any control deficiencies found during the audit that are considered significant deficiencies and/or material weaknesses. State and many local governments are also subject to audits that are performed in accordance with the requirements for financial audits of Government Auditing Standards, issued by the Comptroller General of the United States. The 2007 version of Government Auditing Standards (also know as the "Yellow Book") has incorporated the requirements of SAS 112. In the last couple of years new auditing standards have been issued that could affect the nature, timing and extent of auditprocedures performed by the auditor of your annual financial statements. One of the new standards changes what and how results of the audit are reported. This new standard is effective now. This document describes some of the requirements of this new standard and how it will impact your government. In May 2006, the American Institute of Certified Public Accountants (AICPA), the national professional organization for certified public accountants, issued its Statement on Auditing Standards (SAS) No.. 112, Communicating Internal Control Related Matters Identified in an Audit. The AICPA establishes auditing standards generally accepted in the United States that certified public accountants and government auditors must follow in conducting of audits of state and local governments'. SAS No. 112 establishes standards, responsibilities and guidance for auditors during a financial statement audit engagement for identifying and evaluating a client's internal control over financial reporting. This new standard requires the auditor to report in writing to management and the governing body any control deficiencies found during the audit that are considered significant deficiencies and/or material weaknesses. State and many local governments are also subject to audits that are performed in accordance with the requirements for financial audits of Government Auditing Standards, issued by the Comptroller General of the United States. The 2007 version of Government Auditing Standards (also know as the "Yellow Book") has incorporated the requirements of SAS 112. Specifically this SAS does the following: Defines the terms significant deficiency and material weakness. Provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements. Requires the auditor to communicate, in writing, to management and those charged with governance, significant deficiencies and material weaknesses identified in an audit. We will try to address each of these areas from the perspective of how it will impact your local government. You may be familiar with the old terms reportable conditions and material weakness. While the new SAS NO. 112 keeps the term material weakness, it modifies the definition and introduces new definitions for the following terms: A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A deficiency in design exists when a control necessary to meet the control objective is missing, or the control is not properly designed so that even if it operates as designed, the control objective is not always met. A deficiency in operation exists when a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or qualifications to perform the control effectively. A significant deficiency is a control deficiency or a combination of control deficiencies that adversely affects the entity's ability to initiate, authorize, record, process or report financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the entity's financial statements that is more than inconsequential will not be prevented or detected. A material weakness is a significant deficiency or combination of significant deficiencies that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected. 2 The following chart presents a comparison of the differences between the old definitions and the new SAS NO. 112 definitions: Ultimately, what this table shows is one of the effects of the new requirements, that because of the standard's more stringent reporting definitions, the number and type of findings relating to internal control over financial reporting or "significant deficiencies" and/or "material weaknesses" may increase in the schedule of findings and recommendations or similar letter issued by the auditors as a result of the audit of your financial statements. SAS NO. r 112 establishes standards for auditors concerning communicating matters related to an entity's internal control. Throughout the audit community, both CPA and government auditor, SAS NO. 112 will have a significant impact on the number of findings and how those findings are reported. In addition, the Auditor will likely be required to gather more documentation and evidence to support those findings. SAS NO. 112 will affect every audit of a local government entity, whether conducted by the Office of the State Auditor or a CPA firm. Many government audits are also performed in accordance with Government Auditing Standards issued by the Government Accountability Office (GAO). The GAO has incorporated the same defini- tions for significant deficiency and material weakness as SAS NO. 112 in its revised Government Auditing Standard (2007). The Office of Management and Budget is also working on incorporating these definitions into OMB Circular A-133, which contains the standards for conducting federal program compliance audits. 3 How does SAS 112 affect your entity? Our objective with this document is to provide some awareness of how SAS NO. 112 will impact your local government. As already noted, you may see more internal control findings reported for your local government. Your auditor must consider the "potential" magnitude of a control deficiency rather than the "known" magnitude and will evaluate them bearing in mind the following questions: Does the control deficiency or combination of deficiencies constitute a significant deficiency or a material weakness? Would prudent officials with knowledge of the facts and circumstances agree with the auditor's assessment of the deficiency? Are there effective compensating or complementary controls in place? What is considered "material" to the financial statements from both a quantitative and qualitative perspective? This standard, as .well as other new auditing standards, will increase the emphasis placed on the need for adequate internal controls over financial reporting. This includes controls over the actual preparation of the annual financial statements, including disclosures. Internal control awareness - Although internal control has always been a critical management function, the changes in audit reporting requirements underscore the importance management should place -on designing and implementing an effective internal control system. The system should include among other things, a properly designed accounting system, maintenance of source documents initiating transactions, anti -fraud controls, controls to ensure accurate and timely financial reporting and controls to ensure safeguarding of the agency's assets. Also, those internal controls should document in a well-maintained policies and procedures manual. Likelihood of more reportable audit findings - SAS NO. 112 has lowered the bar so that findings that,may not have been previously reportable may now be considered reportable simply because there is the potential for misstatement. The SAS clarifies that the significance of a control deficiency is dependent on the potential for misstatement, not whether a misstatement actually occurred. Some items that would fall into these control deficiencies are: Lack of controls over non -routine and non-systematic transactions. Lack of controls over period -end financial reporting process. Ineffective oversight of the entity's financial reporting and internal control by the governing body. Restatement of previously issued financial statements. Identification by the auditor of a material misstatement in the financial statements for the period under audit that was not initially identified by the entity's internal control, i.e. audit adjustments. M Failure by management, or the governing body, to assess the effect of a significant deficiency previously communicated to them and either correct it, or decide that it will not be corrected. Correcting and following up on findings - An increase in the number of reportable findings will have a direct correlation to the amount of work required by a government's management to correct and follow-up on reportable findings. In turn, this will affect the amount of audit effort required by your auditors to follow-up on corrective action to the findings. The audit process may take longer because: The auditor will be required to gather more evidence and documentation to evaluate whether or not findings are significant deficiencies or material weaknesses, and The auditor must perform follow-up procedures on all previous audit findings. Understanding financial statements and their disclosures the financial statement closing process is also highly dependent on the skills, experience, training, and competency of the preparer(s) and approver(s). As such, if the entity does not have the necessary resources to effectively apply generally accepted accounting principles to recording the entity's financial transactions or prepare its financial statements, then a likely material weakness exists. The key controls are the review and approval by the preparer's supervisor and the review and approval by..the governing body. As such, it is necessary for the governing body to have sufficient skills to read and understand the entity's financial statements and their degree of precision. This last section has raised concerns about who can prepare an entity's financial statements. Many local governments have their independent auditors prepare the actual financial statements, including notes to the financial statements. The reasons a local government has their auditor prepare the financials could give rise to a finding of a deficiency in internal control over financial reporting. The more complex the financial transactions underlying the financial statements, the more likely that this condition could result in a significant deficiency. Does this mean that your auditor can no longer prepare your financial statements? No, but if the reason is your staff does not have the expertise or knowledge to prepare the financials then there is likely a significant deficiency. This lack of expertise can be mitigated if the governing body is able to understand the financials and what is in them. Some governments state that there is sufficient internal control because they rely on their auditor's expertise and knowledge to prepare the proper. financial statements. By doing this, they have made their auditors part of the internal control system of the entity. This creates an independence issue for the CPA, which generally would mean the auditor must disclaim an opinion on the entity's financial statements. What can your entity do to prepare for SAS 112? How your government considers the impact may depend on the size and complexity of your entity. However, preparing your organization for the new SAS NO. 112 environment should involve the following steps: Educate yourself — o Learn the key components of strong internal controls. o Understand your financial statements and the required disclosures. o Build a resource network to assist'you as questions arise. Eliminate all audit adjustments — o Talk to your auditor about the nature of any prior year audit adjustments. o Identify and record all potential adjustments prior to the audit. o Maintain a file of issues, and/or transactions occurring during the year that might have GAAP accounting implications. o Seek advice from your auditor, or others, regarding these items prior to the audit. o Consider the need to hire external assistance prior to the audit. Educate your governing body— o Don't let your governing body be blind -sided. o Educate them so that they might assist in evaluating and improving controls. Inventory your system — o Identify significant accounts, disclosures, processes and cycles that are used by, or take place in, your organization. 0 Prioritize — o Do not try to fix or improve everything at once. o Consider making improvements over multiple years. o Identify the areas of greatest weakness and improve those first. One of the best things you can do is to educate your staff; and in particular, your oversight boards or commissions on SAS NO. 112. Notify your board now of the potential of more audit findings than they may have seen in the past. You don't want a surprise at a future board meeting when the audit is presented. 3 We would also recommend reviewing internal controls over significant financial accounts or programs and answering the following questions: Are controls in place over the preparation of financial reports? Does documentation exist to support the activity of the financial account/program? Are duties adequately segregated? Are information technology controls over significant computer systems in place? Are controls in place to ensure routine reconciliations are performed? Are controls in place to adequately track and safeguard capital assets? Are controls in place to monitor subrecipients of federal grant funds? Is there adequate communication between the government's management, internal and external auditors, and the oversight board, council, commission, or audit committee? As you're reviewing these controls, you should consider whether you know if the controls are effective. For example, are reviews and approvals evident? Does an internal audit unit test processes? Or is there another form of internal control monitoring? Have internal control findings been communicated previously? Be prepared to respond positively to a significant deficiency or material weakness. Having an improvement plan and acting on it will put any deficiencies in a much more positive light. Above all, be realistic; internal control is an ongoing process. All improvements to your system will have a cost and if the cost of completely eliminating significant deficiencies is high, be prepared to accept it. If you can't afford to be perfect today, set a goal to improve over time. There are a variety of resources available for providing guidance on internal control. The following are just a sample of internal control resources: www.gfoa.org www.cpa2biz.com/CS2000/Products/Product+Cache+Listing.htm?cs cataloq=CPA2Biz cs category= Internal+Controls www.coso.org/ www.sox-online.com/coso cobit.html These web sites either contain information on internal controls or have publications available for purchase that may assist in understanding and setting up internal controls. For which financial statement audits is SAS 112 effective? SAS NO. 112 is effective for audits of financial statements for periods ending on or after December 15, 2006. For most Minnesota local government entities, this will mean audits of their year -ended December 31, 2006 financial statements. For Minnesota school districts and some others it is effective for their June 30, 2007, year-end audits. 7