Speaker 1: Music Going through an examination is extremely important because it gives you an opportunity to understand the process, to actually make sure that you've got all of your processes and controls documented and that those processes and controls that are documented are actually being used by people and that it's embedded into the day-to-day operations. Music

Speaker 2: We're so geographically distributed. A lot of the people that we work with on a day-to-day basis we never actually interact with, so they may be in a different location, they're in a different time zone. Getting people together for meetings, getting people together so you can share documentation and share knowledge is really difficult. And when an auditor comes in, they expect a quick response.

Speaker 3: Lack of communication, either with maybe the auditor's request is unclear or the response that the auditor receives from the client is unclear. A lack of understanding of an audit in general or what the auditor is trying to do by the auditee.

Speaker 4: Evidential matter, the principle of being able to locate it, produce it, and make sure it is really what's needed when they call upon the documented sample. Music

Speaker 5: I've learned that it's really important to understand what the auditor is asking for. And it's important to understand not only what they're asking for, but why they're asking for it. Music

Speaker 1: We had a certain understanding of what they were going to be looking at. That didn't end up being the same thing that the auditor actually looked at.

Speaker 4: Everybody needs to just understand they're just looking. Just prove what you're trying to prove. Stick within the scope that they're looking for. Don't venture out because once you venture out, you're forevermore going to be talking about it.

Speaker 6: The purpose of this video is to explain the annual audit cycle so that DLA can better prepare to respond to the responsibilities and deliverables that are required to successfully complete the audit. The annual audit cycle includes four phases. 1. Planning 2. Internal Control Evaluation 3. Substantive Testing 4. Reporting During each phase of the audit process, auditors conduct activities to help them evaluate the organization under audit. These activities are represented by the blue wedges of the audit cycle wheel. At each phase, there are also duties and responsibilities that are required to be performed by DLA employees in order to ensure that the auditors have the information needed to successfully complete the audit. These are represented by the orange wedges in the audit cycle wheel. The audit liaisons serve as the central point of contact for audits being performed at DLA and actively manage the audit response process. Upon receiving requests from the auditors, the audit liaison will coordinate with the entire organization to manage requests to completion. In addition to management, the audit liaisons will assist in maintaining the appropriate documentation for an efficient execution of the audit. In addition to these four phases, there is an ongoing process of remediation of known deficiencies and corrective action. This is a DLA management function and is represented by the orange ring surrounding the wheel. DLA has been preparing to be audited for several years. Our preparation included documenting our processes, identifying and testing key internal controls, conducting substantive testing, and organizing evidential matter in central repositories. By doing this, we now understand our processes and controls and have been able to correct deficiencies. These audit readiness activities help DLA mitigate risk by enhancing accuracy and reliability of our financial data and protecting resources against waste, fraud, and abuse. Where weaknesses have been identified, DLA is in the process of developing and implementing corrective actions to ensure that internal controls are operating as planned. Now let's take a look at each phase of the audit cycle and describe in more detail what the auditor will be doing and what may be required of DLA employees. In Phase 1, the planning phase, auditors gain an understanding of each organization within DLA, determine significant financial statement line items, and review business processes for testing and timing of procedures. During the planning phase, auditors may review business documentation, including the organization's policies, process cycle memorandums, or PCMs, and standard operating procedures, SOPs, identified as significant to the business processes. Auditors will also conduct discovery meetings and interviews to ask questions and gain a better understanding of the organization's processes. Finally, they will create process-level documentation and identify key controls for testing. Auditors will be heavily reliant on DLA to assist in the Evidential Matter, or EM, identification process. Evidential Matter is the proof that supports the DLA's purchases, sales, inventory balances, and so on, both paper and electronic. Each organization should ensure that their Evidential Matter is stored in the appropriate repository, such as time and attendance in EGLE, travel documents in DTS, or into another system such as DAXRM. DAXRM stands for Document Automation and Content Services – Records Management and is an enterprise-wide information and records management program for storing DLA's documents and data not already electronically stored in another system. An auditor will know what is typically requested to support transactions, but will not know all the specific and unique circumstances of DLA. It is each organization's responsibility to provide all information requested in a timely manner.

Speaker 2: When an auditor comes in, the first thing they're going to do is they're going to go through their planning phase.

Speaker 7: We would do preliminary interviews, we would ask for initial documentation.

Speaker 3: An auditor will put together the prepared-by-client listing, which is your PBC list, so it should have all of your detailed populations, and then it may have some samples on there.

Speaker 6: In Phase 2, the Internal Control Evaluation phase, auditors evaluate key controls that are in place within the business processes. Internal controls involve everything that mitigate risk within an organization. A control is the means by which an organization's resources are directed, monitored, and measured. For example, in distribution, when product arrives in a warehouse, it must be counted and added into inventory. The act of counting and recording this information is a key control to ensure that product is accurately input into the system from a product type and count, and is not lost while in DLA's possession. When an auditor tests controls, they are looking at the frequency that this process occurs, not the actual quantity of product that was recorded. Controls are evaluated using two types of tests, tests of design, or TODs, and tests of effectiveness, or TOEs. When conducting tests of design, auditors investigate whether the internal control that the organization has in place to mitigate risk is operating as intended, and whether it has been implemented. DLA employees will be responsible for walking auditors through their business processes.

Speaker 2: They're going to perform walkthroughs with key POCs in that area. They're going to request key documentation that supports those processes that they've been brought in to look at.

Speaker 6: The test of design and implementation, or TOD, consists of a detailed walkthrough of the control from the transaction origination to the recording of the transaction into the general ledger. The auditor will observe the control in action and also re-perform the control instance observed. The test of effectiveness, TOE, consists of an auditor selecting a sample of control instances, requesting the associated evidential matter through the audit liaison, and re-performing all samples selected in order to determine if the control is being consistently applied across the organization. In phase three, the substantive testing phase, auditors will obtain the general ledger account code, or GLAC, population and select samples from that population.

Speaker 3: For substantive testing, we'll select samples from usually large data populations, and then we'll perform detailed procedures over those samples.

Speaker 7: Make sure that your records are in order and that they're easy to obtain because chances are the auditors are going to ask for something in writing, some type of documentation, your policies, your procedures, your SOPs. They're going to be requesting those types of documentation, so you want to have those things in order.

Speaker 6: They will then use test procedures to verify the assertion of the financial transactions and balances in the general ledger account codes. This means selecting a sample of transactions, requesting the associated evidential matter, and comparing the evidential matter to the transaction. Using our example from before in distribution, an auditor might now ask to see the evidential matter that shows the actual quantity and dollar value of product that entered and left a warehouse. They will verify that the inventory quantities that entered the warehouse, are kept in inventory, or left the warehouse, agree to receiving and shipping documentation. They will also verify that the dollar value for those items agrees to the original purchase price of the inventory by reviewing contractual and other pricing documentation. While this specific example applies to distribution, similar testing may be done on any process within DLA. DLA employees will be asked by an audit liaison to provide evidential matter to the auditor, and will also be asked to explain any differences and or identified discrepancies through the audit liaison.

Speaker 2: If you don't have good policies and procedures at the organizational level that really dictate how you perform your controls, and how you perform your processes in a consistent manner, it's very difficult when an auditor is sampling to provide them predictable evidence that you've actually completed your processes as you've documented them.

Speaker 3: Try to be familiar with your business processes so that you can speak confidently and knowledgeably about your business every day that you do.

Speaker 6: In phase four, the reporting phase, the combined audit report containing an opinion or disclaimer is created. A combined audit report includes three parts, an opinion on the financial statements, a report on the internal controls, and a report on compliance with laws and regulations.

Speaker 7: And this is where findings and conclusions are detailed in an actual written format.

Speaker 6: This report is based on all the audit work conducted throughout the year. Any findings and recommendations in the audit report should come directly from the findings and recommendations drafted throughout the cycle and shared with DLA. There should be no surprises. Before the final audit report is issued, the auditors will conduct an outbrief with DLA management to discuss the audit and the report.

Speaker 7: After reporting, the reporting phase, there's an exit conference that's held with management to discuss the findings of the report and the report as well as their management and get their management comments.

Speaker 6: The management team will have an opportunity to respond to the draft audit report. The audit team then produces the combined audit report containing an opinion or disclaimer, which is discussed with the audited organization. The audit report will become part of the agency's financial section of the published annual financial report.

Speaker 2: Once that process is finalized, then the auditor will issue the report, and then basically it's there for everyone to see.

Speaker 6: Ongoing corrective action is an internal management function. OMB Circular A123 defines management's responsibility for internal control for federal agencies. This provides guidance on establishing, assessing, correcting, and reporting on internal control. Ongoing corrective action helps DLA make continuous improvements to its processes by reviewing recommendations and implementing changes to ensure that corrections are made to processes and controls. DLA organizations should regularly review their PCMs and SOPs and improve processes and key controls when necessary to remedy issues. At a minimum, each organization should review these documents once a year.

Speaker 1: We're finding that the audit has helped us. Most of our processes and controls are now ingrained in our daily operations. It's drawn more leadership awareness

Speaker 2: to the overall value of the work that we in the Audit Readiness Program are providing.

Speaker 4: It just proved that what we had in place was what we needed in place, and now we all need to learn how to sustain it.

Speaker 3: Try to educate yourself on an audit process in general, particularly financial statement audits.

Speaker 4: Be prepared. Test. Do some mock testing. Get your stuff together. Do some drills with the staff to make sure you can produce what they're looking for. Our biggest lesson learned was in payroll we had a checklist. It explained every document that was required to support the journal entry into the accounting system, because it's better for you to catch it and have corrective action than it is for the auditors to catch it, and you have no time for correction.

Speaker 2: There's going to be a lot of requests. There's going to be a lot of requests for documentation, a lot of requests for meetings, and the auditor's going to want that in a short time frame.

Speaker 7: Breathe. Relax. They're human beings. Auditors really are there to make improvements, to give recommendations that ultimately lead to improvements.

Speaker 1: Be prepared to answer the questions, but make sure that you keep the focus on what you're trying to do, and that's past the financial audit at the end of the day.

Speaker 6: The audit cycle is a continual process that will occur year after year. As we mentioned earlier, corrective actions based on audit findings and recommendations should be taken in a timely manner to better prepare for the next audit cycle to begin. This dedication to constant improvement will help DLA achieve its goal of process excellence and ultimately allow DLA to better serve America's warfighters. For answers to questions regarding the audit process and your organization's responsibilities, please visit the Audit Readiness website. You can also send recommendations, concerns, or questions to auditreadinesshelp at DLA.mil.