Deltek Insight 2010: DCAA and Internal Controls Bringing it All Together

1,730 views
1,203 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,730
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Deltek Insight 2010: DCAA and Internal Controls Bringing it All Together

  1. 1. XT-302: DCAA andInternal ControlsBringing it All TogetherPresented By: Susan Zimmermann 1
  2. 2. Agenda• 10 Key DCAA Audits Performed• Why Bring them Together?• Control Matrix Elements• Sample Internal Control Matrix• Sample DCAA Control Matrix• Mapping Controls and Assessing GapsCopyright © 2010 Deltek, Inc. 2
  3. 3. 10 Key DCAA Audits Performed• Control Environment and Overall Accounting Systems Controls• Labor and Accounting Controls• Compensation System Controls• Indirect and Other Direct Cost System Controls• Billing System Controls• Estimating System Controls• IT General Systems Controls• Budget and Planning Systems Controls• Purchasing Controls• Material Management and Accounting Systems Controls• Internal Control Matrices for DCAA audits can be found at http://www.dcaa.mil/ under Audit Guidance > Standard Audit ProgramsCopyright © 2010 Deltek, Inc. 3
  4. 4. Why Bring them Together?• Why make the correlation between DCAA control objectives and financial control objectives? – Decreases costs of compliance and maintenance – Allows for quick assessment of control gaps/deficiencies, their impact and remediation – Clarifies what controls are unrelated to DCAA control objectives – Decreases number of inconsistent or redundant controls. – Prevents “knee jerk” controls from being put in place – Intent of both is to provide assurance regarding the achievement of objectives in effectiveness, reliability, and compliance with laws and regulations. – Both assess types of controls. I.e. Preventive versus Detective, Manual versus automated. – Consistent elements: Intent, frequency, performersCopyright © 2010 Deltek, Inc. 4
  5. 5. Control Matrix Elements• Cycle – Relates to the corresponding processing cycle a control is related• Control Objective – The overarching risk being mitigated by a control activity• Control # – Allows identification of the control number for reference purposes• Control Activities – Detailed description of risk mitigation procedures applied to control objective• Primary Control Owner – The individual responsible for performing the control and ensuring the stated control is in place and operating as intended• Frequency – Identifies how often the control is performed to assist in determining sample sizes for testing. (Daily, Weekly, Bi-Weekly, Monthly, Quarterly, Yearly)Copyright © 2010 Deltek, Inc. 5
  6. 6. Control Matrix Elements• Control Assertions – C = Completeness – A = Accuracy – V = Validity – R = Restricted Access• Financial Statement Assertions – EO Existence or Occurrence – C = Completeness – VA = Valuation or Allocation – RO = Rights and Obligations – PD = Presentation & Disclosure• Control Types – Preventative meaning it prevents a misstatement from occurring in the first place – Detective identifies a misstatement after it has occurred.Copyright © 2010 Deltek, Inc. 6
  7. 7. Control Matrix Elements• Manual/Automated – Manual means a control activity is dependent upon people to perform – Automated are control activities that serve to enforce controls such as file level controls, field level edits/validations, and access authorization checks.• Related Policies – Identify corporate policy that provides guidelines for control area.• Related DCAA Audit Program Objectives – Abbreviation for identification of which of the 10 major DCAA audits a control applies and the number of the specific DCAA audit objective mitigated.Copyright © 2010 Deltek, Inc. 7
  8. 8. Sample Internal Control Matrix Primary Control Manual/ Control Control Assertion FS Assertion Control AutomateCycle Obj # Control Objectives # Control Activities Owner Frequency C A V RA EO C VA RO PD Types dPAYROLL & PERSONNEL ACCURATE LABOR JOB COSTING The Costpoint Work Force functionality Time is recorded accurately is used to limit the charge numbers PP5-A and completely. 115 employees have access to charge. Automated Daily RA Preventative Automated Employees must enter time on a daily basis and certify timesheets weekly in Deltek Time & Expense. Employees 116 must record all time worked. Employee Weekly C A C VA Preventative Manual Timesheets are approved and signed by 117 designated supervisors. Supervisor Weekly V EO VA Preventative Manual Access to Deltek Time and Expense is 118 password protected Automated Daily RA Preventative Automated Notifications to employees and supervisors are sent out periodically during the timesheet period to individuals with a non-compliant status 119 in Deltek Time and Expense Automated Weekly C Preventative Automated Timesheets collected in Deltek Time and Expense are uploaded via an automated Costpoint process to the Timesheet Entry Screen. The Time Application Administrator confirms the batch totals to ensure no issues 120 occurred. Automated Weekly C A C VA Preventative Automated If a timesheet correction is deemed necessary, a revised timesheet must be completed and submitted via Deltek 121 Time and Expense. Employee Weekly C A V Detective Copyright © 2010 Deltek, Inc. 8
  9. 9. Sample Internal Control Matrix Related DCAA Audit Program Objectives Control MA CO Cycle Obj # Control Objectives # Control Activities CE IT BP PUR T M LAB IND BIL EST Related PoliciesPAYROLL & PERSONNEL ACCURATE LABOR JOB COSTING The Costpoint Work Force functionality is used to QNA-PLCY-FA-03 Time is recorded accurately and limit the charge numbers employees have access Timekeeping Policy PP5-A completely. 115 to charge. 3 and Process Employees must enter time on a daily basis and certify timesheets weekly in Deltek Time & QNA-PLCY-FA-03 Expense. Employees must record all time Timekeeping Policy 116 worked. 4, 5 and Process QNA-PLCY-FA-03 Timesheets are approved and signed by Timekeeping Policy 117 designated supervisors. 4 and Process QNA-PLCY-FA-03 Access to Deltek Time and Expense is password Timekeeping Policy 118 protected 4 and Process Notifications to employees and supervisors are sent out periodically during the timesheet period QNA-PLCY-FA-03 to individuals with a non-compliant status in Timekeeping Policy 119 Deltek Time and Expense 1 and Process Timesheets collected in Deltek Time and Expense are uploaded via an automated Costpoint process to the Timesheet Entry Screen. The Time Application Administrator QNA-PLCY-FA-03 confirms the batch totals to ensure no issues Timekeeping Policy 120 occurred. 4, 5 and Process If a timesheet correction is deemed necessary, a QNA-PLCY-FA-03 revised timesheet must be completed and Timekeeping Policy 121 submitted via Deltek Time and Expense. 8 and Process Copyright © 2010 Deltek, Inc. 9
  10. 10. Sample DCAA Control Matrix Audit of Labor and Accounting ControlsControl Objectives Example Control Activities Audit Procedures4. TIMEKEEPINGAssure that labor hours are Manual systems provide for the a. Determine if the contractor’saccurately recorded and that accurate and complete recording of policies and procedures areany corrections to labor hours, as well as appropriate adequate to maintain the integritytimekeeping records are controls to ensure corrections to of the timekeeping system. b. Indocumented, including labor records are accurate and conjunction with step 5.e., selectappropriate authorizations authorized. Generally, they may be a random sample of employeesand approvals. categorized as procedures which for floor checks, verifying that the pertain to: • Supervisory observation established timekeeping of employee arrival and departure to procedures are being followed. prevent improper clock-in/clock-out. (Note: To the extent possible, the Employee possession of auditor should rely on work timecard/time sheet. performed under MAAR 6.) • Employee preparation of their timecard in ink, and as work is performed.Copyright © 2010 Deltek, Inc. 10
  11. 11. Sample DCAA Control Matrix Control Objectives Example Control Activities Audit Procedures 4. TIMEKEEPING Assure that labor hours are • Allowing only one card/sheet to be a. Determine if the contractor’s accurately recorded and that prepared per employee per period; policies and procedures are any corrections to cards/sheets are preprinted with adequate to maintain the integrity timekeeping records are employee name and identification of the timekeeping system. b. In documented, including number; and are turned in to the conjunction with step 5.e., select appropriate authorizations designated timekeeping office or a random sample of employees and approvals. collected by an authorized person. for floor checks, verifying that the • Precoded data being printed on the established timekeeping job cards for identification purposes procedures are being followed. so employees will know the job being (Note: To the extent possible, the charged and can relate it to the task auditor should rely on work being performed. performed under MAAR 6.) • Direct labor employees recording their time no less often than daily. Sufficient formal subsidiary records are maintained, if necessary, to assure accurate time recording and allocating to intermediate and final cost objectives when multiple jobs are worked in a day.Copyright © 2010 Deltek, Inc. 11
  12. 12. Sample DCAA Control MatrixControl Objectives Example Control Activities Audit Procedures4. TIMEKEEPINGAssure that labor hours are • Corrections being made in ink, a. Determine if the contractor’saccurately recorded and that initialed by the employee, properly policies and procedures areany corrections to authorized, and sufficiently explained adequate to maintain the integritytimekeeping records are and documented. of the timekeeping system. b. Indocumented, including • Employees and supervisors signing conjunction with step 5.e., selectappropriate authorizations the timecards/timesheets in a random sample of employeesand approvals. accordance with procedures, for floor checks, verifying that the verifying the accuracy of the recorded established timekeeping effort. procedures are being followed. (Note: To the extent possible, the auditor should rely on work performed under MAAR 6.)Copyright © 2010 Deltek, Inc. 12
  13. 13. Mapping Controls and Assessing Gaps• Identify similar control objectives – Internal Matrix - Time is recorded accurately and completely. – DCAA Matrix - Assure that labor hours are accurately recorded and that any corrections to timekeeping records are documented, including appropriate authorizations and approvals Identify control activities that enforce control objective.• Identify control activities that are applicable to DCAA objective.• Denote what objective # for which DCAA audit in DCAA section of matrix.• Complete initial mapping assessment• Filter internal controls by DCAA audit and compare to DCAA Control Matrix applicable for audit area• Identify gaps and review internal matrix to ensure nothing missed• Formulate remediation plan to assess gaps.Copyright © 2010 Deltek, Inc. 13
  14. 14. Internal Control Matrix Questions?Copyright © 2010 Deltek, Inc. 14

×