Audit Buzz Newsletter July 2023

This will be the last issue of Audit Buzz before school starts in the Fall. This issue announces the approval of the Fiscal year (FY) 2024 Audit Plan; highlights the July Audit Committee meeting; includes a knowledge hive about internal controls; and offers a training opportunity to Fairfax County Public Schools (FCPS) employees. Stay up to date with Office of Auditor General's (OAG) current and future work by subscribing to Audit Buzz. 

Prior editions of Audit Buzz are archived here on OAG's website.

As always, we appreciate the cooperation and courtesies extended to our staff by FCPS management and staff during all past, current, and future audit engagements.

Engagement and Office Updates

FY24 OAG Audit Plan

At the July 13 School Board meeting (video), the FY24 Audit Plan Presentation and document were approved. Below are the key outcomes of the Audit Plan: 

FY23 Carried Over Engagements

     (1) Employee Evaluation Process

     (2) Local School Activity Funds Audit, June 30, 2023

New Engagements

     (3) Food and Nutrition Services

     (4) Facilities Maintenance

     (5) Grants

     (6) IT Systems Access

     (7) Local School Activity Funds Audit, June 30, 2024

     (8) Continuous Monitoring

     (9) Business Process Audit

Current Engagement Update

• At the July 11 Audit Committee meeting, we presented the following agenda items:
  
  • OAG Audit Recommendation Follow-Up
  • FY23 Continuous Monitoring Q1 and Q2 Results
  • FY24 Risk Assessment and Proposed Audit Plan Presentation and document
  • FY23 IT Cybersecurity Audit Report
• In addition to the ongoing Continuous Monitoring, we are currently conducting the Employee Evaluation Process and FY23 Local School Activity Funds audits.

Knowledge Hive

Considering Internal Control

Internal control is an essential component of any well-functioning organization, providing a framework for achieving goals, reducing risks, and ensuring compliance with laws and regulations. Whether you work for a public school system or a private business, understanding internal control and the principles that guide it is critical to success. In this month’s Knowledge Hive article, we will explore what internal control is, why it matters, and how it can be evaluated and improved using frameworks such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Framework. Read on to learn more about this vital concept and how it can help FCPS and other businesses achieve their objectives.

What is internal control?

Internal control is a process implemented by an organization's management and personnel to provide reasonable assurance that the organization's objectives will be achieved. Internal control helps an organization achieve its goals by reducing the risk of errors, fraud, and noncompliance.

Why do we evaluate internal control in our audits?

Although it may seem clear why we would want to consider internal control, there is a specific reason why the OAG evaluates internal control in our audits. OAG adheres to the U.S. Government Accountability Office’s Government Auditing Standards, otherwise known as the Yellow Book. The Yellow Book provides standards and guidance for auditors, outlining the requirements for audit reports, professional qualifications for auditors, and audit organization quality control. Per paragraph 8.39 of the Yellow Book, auditors should determine and document whether internal control is significant to the audit objectives, and if so, should obtain an understanding of such internal control.

How do we evaluate internal control?

The COSO Framework is a widely used framework that helps organizations design, implement, and evaluate internal control. OAG uses this framework when evaluating internal control during performance audits of FCPS programs. The framework consists of five components:

1. Control Environment: This component sets the tone for the organization's internal control system. It includes the integrity, ethical values, and competence of the organization's personnel, as well as the organization's structure and assignment of authority and responsibility.
2. Risk Assessment: This component involves identifying and analyzing the risks that may prevent the organization from achieving its objectives. It includes assessing the likelihood and potential impact of those risks.
3. Control Activities: This component involves implementing specific policies and procedures to address the identified risks. Control activities may include approvals, verifications, reconciliations, and segregation of duties.
4. Information and Communication: This component involves providing relevant information to the right people at the right time. It includes communicating the organization's objectives and responsibilities, as well as reporting on the effectiveness of the internal control system.
5. Monitoring: This component involves assessing the effectiveness of the internal control system over time. Monitoring can include ongoing monitoring activities or separate evaluations.

The COSO framework is used by organizations to design, implement, and evaluate their internal control systems. It provides a comprehensive and integrated approach to internal control that can help organizations achieve their objectives more effectively and efficiently. By using the framework, OAG can identify risks and areas needing improvement, and can make recommendations to FCPS management on ways to mitigate those risks and improve operations.

Applying the framework outside of FCPS

Application of the COSO framework is not limited to organizations like FCPS. Even small businesses can benefit greatly from considering the COSO framework. By using this framework to develop and implement effective internal control systems, small businesses can improve their operations, reduce risks, and achieve their goals. If you or someone you know runs their own business, consider the benefits that assessing the current control environment against the COSO framework could provide!

Did you Know?

OAG Outreach and Education: Continuing Professional Education (CPE) Opportunity

OAG is registered with the National Association of State Boards of Accountancy (NASBA) and serves as the sponsor for the FCPS Continuing Professional Education (CPE) programs, dedicated to support FCPS employees with complimentary CPE credits required by various certification agencies.  OAG is pleased to offer a new NASBA training opportunity for FCPS employees to earn up to 3 CPE credits:

Course:  FCPS’ Lines of Defense – OAG Performance Audits and Financial Services’ Compliance Monitoring

Date: August 18, 2023

Time: 9:00 AM - 12:00 PM

Do you know the difference between performance audits conducted by Office of Auditor General (OAG) and the compliance reviews conducted by Financial Services' (FS) Outreach and Compliance team? OAG reports to the Fairfax County School Board through the Audit Committee and conducts audits according to the generally accepted government auditing standards (GAGAS). The Outreach and Compliance team, within FS, monitors internal controls throughout FCPS; strives to reduce non-compliance by identifying and assessing internal control deficiencies, and develops, upholds and ensures compliance with division-wide financial policies and procedures in accordance with generally accepted accounting principles (GAAP). This training is designed for all FCPS employees and will cover the differences in the audits conducted by OAG and compliance monitoring provided by the Outreach and Compliance team. The training will focus on how OAG adheres to GAGAS, ensures audit independence throughout the audit process. The training will also focus on the types of compliance monitoring conducted by the Outreach and Compliance team.

FCPS employees may sign-up for the training on MyPDE.

Fraud, Waste, and Abuse Hotline:
(571) 423-1333 (anonymous voicemail)
InternalAudit@fcps.edu (email is not anonymous)

Office of Auditor General Website | Audit Buzz Archive