1 Commercial Sector Applications of Internal Controls and SAS No. 112 NASC Annual Conference March...

1

Commercial Sector Applications of Internal Controls and SAS No. 112

NASC Annual Conference

March 22, 2007

Andrew F. GottschalkPartner

KPMG’s Government Practice KPMG LLP

Andrew F. GottschalkPartner

KPMG’s Government Practice KPMG LLP

2

Agenda Agenda

Internal Controls – A PrimerInternal Controls – A Primer

Is Sarbanes-Oxley (S-O) applicable to GovernmentIs Sarbanes-Oxley (S-O) applicable to Government

Lessons Learned from Corporate EnterprisesLessons Learned from Corporate Enterprises

Common Weaknesses IdentifiedCommon Weaknesses Identified

Emerging InsightsEmerging Insights

Next Steps for GovernmentsNext Steps for Governments

SAS No. 112SAS No. 112

3

““internal control(s)internal control(s)” = “internal controls over financial reporting” (ICFR) ” = “internal controls over financial reporting” (ICFR)

unless otherwise stated - ICFR is a subset of management controls unless otherwise stated - ICFR is a subset of management controls

All areas of management impactedAll areas of management impacted

Management controls must provide reasonable assurance that assets are Management controls must provide reasonable assurance that assets are

safeguarded against waste, loss, unauthorized use, and misappropriation safeguarded against waste, loss, unauthorized use, and misappropriation

Management controls should be logical, applicable, reasonably complete, Management controls should be logical, applicable, reasonably complete,

effective and efficient in accomplishing management objectiveseffective and efficient in accomplishing management objectives


© 2006 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved.

4

Sarbanes-Oxley (S-O) takes its definition of internal control from the Sarbanes-Oxley (S-O) takes its definition of internal control from the

SEC’s working definition on ICFR:SEC’s working definition on ICFR:

a process providing reasonable assurance regarding reliability of a process providing reasonable assurance regarding reliability of

financial reporting and preparation of financial statements for external financial reporting and preparation of financial statements for external

purposes in accordance w/ GAAP, including various purposes in accordance w/ GAAP, including various

policies/procedurespolicies/procedures


5

Applicability of S-O in SLGsApplicability of S-O in SLGs

S-O legislation applicable only to publicly traded companies - but impact of its

provisions now cascading to public institutions, including NFPs

Pressures from bond ratings agencies, the Federal government, and board members at state authorities have prompted some government officials to consider using S-O as a model for improving internal controls w/in public agencies (long-term benefits may outweigh short term costs)

Some agencies in a handful of states already have used the S-O legislation as a basis for bringing more rigor to their agencies’ control environment

SLG entities well served by planning for an internal controls process assessment b/c regulations similar to those of S-O could be adopted, as done by the Federal government with OMB’s revised Circular A-123

6

Is Sarbanes-Oxley Applicable to Government?

Is Sarbanes-Oxley Applicable to Government?

7

Entities not subject to S-O adopting the rulesEntities not subject to S-O adopting the rules

Increasing number of closely held companies Increasing number of closely held companies complying with parts of the corporate-reform law – complying with parts of the corporate-reform law – although not required toalthough not required to

Accounting experts offer these reasons why Accounting experts offer these reasons why companies choose to follow the law: companies choose to follow the law:

Owners hope to sell the company or take it public Owners hope to sell the company or take it public

Directors who sit on public-company boards see laws’ benefits Directors who sit on public-company boards see laws’ benefits

Executives believe strong internal controls improves efficiency Executives believe strong internal controls improves efficiency

Customers require strong internal controls Customers require strong internal controls

Lenders are more likely to approve loans Lenders are more likely to approve loans

Source: Wall St. Journal (August 14, 2006)

8

Sarbanes-Oxley Act of 2002 Sarbanes-Oxley Act of 2002

Instituted sweeping changes for accounting Instituted sweeping changes for accounting profession and corporate governance in the profession and corporate governance in the following areas:following areas:

auditor independence auditor independence

oversight of the auditing profession (PCAOB)oversight of the auditing profession (PCAOB)

enhanced financial disclosure requirements enhanced financial disclosure requirements (including internal control reporting)(including internal control reporting)

corporate responsibility corporate responsibility

9

Lessons Learned from Corporate EnterprisesLessons Learned from Corporate Enterprises

10

Survey: Control PortfolioSurvey: Control Portfolio

28%33%

39%

51%

21%

28%

0%

10%

20%

30%

40%

50%

60%

0 - 500 Controls

501 - 1000Controls

More than 1000Controls

2004 2005

How many unique (or the number of tested) key controls How many unique (or the number of tested) key controls did your company have?did your company have?

11


How many key IT applications were selected for testing in 2005?How many key IT applications were selected for testing in 2005?

8%3%

5%

15%

19%26%

24%

0 - 10

11 - 25

26 - 50

51 - 100

101 - 150

151 - 200

More than 200

50%

12


65%

17% 19%

72%

11%17%

0%

10%

20%

30%

40%

50%

60%

70%

80%

Highly Manual

50 / 50 HighlyAutomated

2004 2005

What is the estimated percentage of your company’s manual What is the estimated percentage of your company’s manual key controls versus automated key controls?key controls versus automated key controls?

13


52%

21%26%

0%

10%

20%

30%

40%

50%

60%

Highly Detective

50 / 50 Highly Preventive

What is the estimated percentage of detective key controls versus What is the estimated percentage of detective key controls versus preventive key controls (excluding IT controls)?preventive key controls (excluding IT controls)?

2005

14

Survey: DeficienciesSurvey: Deficiencies

10%

43%47%50% 49%

2%

91%

8%0%

0%

20%

40%

60%

80%

100%

0 1 - 25 26 or More

Deficiencies Significant Deficiencies Material Weaknesses

How many deficiencies, significant deficiencies + material weaknesses How many deficiencies, significant deficiencies + material weaknesses did your organization have at time of your 2005 certification?did your organization have at time of your 2005 certification?

15

Survey: The Cost of ComplianceSurvey: The Cost of Compliance

9%

28%

22%

14%

26%

16%

43%

22%

8%12%

0%

10%

20%

30%

40%

50%

0 - 10,000 10,001 -25,000

25,001 -50,000

50,001 -75,000

More than75,000

2004 2005

How many total hours (incl. internal hours the company spent and How many total hours (incl. internal hours the company spent and external hours spent by outside service providers) do you estimate external hours spent by outside service providers) do you estimate

were spent during your 2005 S-O 404 compliance efforts? How many were spent during your 2005 S-O 404 compliance efforts? How many hours were spent in 2004?hours were spent in 2004?

16

Survey: The Benefits of ComplianceSurvey: The Benefits of Compliance

Top benefits cited, when asked what benefits were being realized as they moved further into Top benefits cited, when asked what benefits were being realized as they moved further into S-O 404 compliance:S-O 404 compliance:

Most stated that a better assessment of business process needs gained from 404 compliance Most stated that a better assessment of business process needs gained from 404 compliance through: through:

prioritization of process controls to meet operational and compliance requirementsprioritization of process controls to meet operational and compliance requirements

cost savings provided through automation and standardization of process controlscost savings provided through automation and standardization of process controls

development and monitoring of formal policies and proceduresdevelopment and monitoring of formal policies and procedures

use of effective/sustainable controlsuse of effective/sustainable controls

Level-four is marked with a dash bullet (Arial 18pt)Level-four is marked with a dash bullet (Arial 18pt)

» Level-five is marked with a square bullet (Arial 18pt)Level-five is marked with a square bullet (Arial 18pt)

17


Another benefit realized from S-O 404 compliance has Another benefit realized from S-O 404 compliance has been a clear emphasis on the assignment of been a clear emphasis on the assignment of accountability to business owners and employees accountability to business owners and employees throughout the organization throughout the organization

Some examples cited:Some examples cited:

an increased level of controls compliance awareness throughout the an increased level of controls compliance awareness throughout the organizationorganization

delegation of business responsibilitiesdelegation of business responsibilities

increased visibility and escalation of issues to senior managementincreased visibility and escalation of issues to senior management

increased oversight roles by audit committees/sr. mgmnt.increased oversight roles by audit committees/sr. mgmnt.

18


Respondents also reported seeing a shift in focus from Respondents also reported seeing a shift in focus from compliance benefits to operational efficiency compliance benefits to operational efficiency opportunities identified through S-O. For example: opportunities identified through S-O. For example:

Implementation of S-O 404 controls has:Implementation of S-O 404 controls has:

reduced the financial reporting closing timereduced the financial reporting closing time

improved the accuracy of financial reporting dataimproved the accuracy of financial reporting data

helped identify process streamlining opportunities through helped identify process streamlining opportunities through centralization of process controlscentralization of process controls

enhanced management decision makingenhanced management decision making

begun the integration of overall entity risk assessmentbegun the integration of overall entity risk assessment

19

Common Weaknesses Identified

Common Weaknesses Identified

20

Year 1: Adverse Opinions*What Type of Issues Did They Have?Year 1: Adverse Opinions*What Type of Issues Did They Have?

Accounting Failure (GAAP) with respect to specific Accounting Failure (GAAP) with respect to specific accounts (98%) accounts (98%)

Income taxesIncome taxesRevenue recognitionRevenue recognitionInventoryInventory

Accounting documentation, policy andAccounting documentation, policy andprocedures (92%)procedures (92%)Material or numerous auditor/year-endMaterial or numerous auditor/year-endadjustments (55%)adjustments (55%)Accounting personnel resources, training/Accounting personnel resources, training/competency issues (50%)competency issues (50%)

* Source – Audit Analytics and SEC Presentation to Conference Board on March 28, 2006.

21

Common Weaknesses IdentifiedCommon Weaknesses Identified

Selected policies and procedures are not well Selected policies and procedures are not well

documented and/or are deficient or non-existentdocumented and/or are deficient or non-existent

Internal review or monitoring process (including, in Internal review or monitoring process (including, in

some cases, supervision) is deficient and/or not timely some cases, supervision) is deficient and/or not timely

Accounting reconciliations deficient and/or not timelyAccounting reconciliations deficient and/or not timely

Consider:Consider:

Reconciliation of subledgers to general ledgerReconciliation of subledgers to general ledger

Bank reconciliationsBank reconciliations

22

Common Weaknesses Identified (Cont’d.)Common Weaknesses Identified (Cont’d.)

Lack of requisite staff and/or expertise (typically in regard to Lack of requisite staff and/or expertise (typically in regard to

accounting/financial reporting areas) accounting/financial reporting areas)

Consider:Consider:

Significant audit adjustmentsSignificant audit adjustments

Reliance on audit firm for routine closing entriesReliance on audit firm for routine closing entries

Non-CPA’s in financial reporting positionsNon-CPA’s in financial reporting positions

23


Lack of documentation for transactionsLack of documentation for transactions

Consider:Consider:

Impact of turnoverImpact of turnover

Undocumented controls (e.g., a review that is performed but not Undocumented controls (e.g., a review that is performed but not

evidenced)evidenced)

Non-routine transactionsNon-routine transactions

Support for rationale concerning judgmental areasSupport for rationale concerning judgmental areas

24


Financial close process and/or related financial Financial close process and/or related financial

reporting mattersreporting matters

Consider:Consider:

Manual conversion process from accounting system to GAAP Manual conversion process from accounting system to GAAP

financial statements (GASB 34)financial statements (GASB 34)

““Topside” adjusting entries Topside” adjusting entries

Segregation of duties: who prepares financial statements and who Segregation of duties: who prepares financial statements and who

reviews them?reviews them?

25


Accounting matters (e.g., revenue recognition) including Accounting matters (e.g., revenue recognition) including

technical matterstechnical matters

Consider:Consider:

Tax ReceivablesTax Receivables

Estimates for RefundsEstimates for Refunds

Reliability of EstimatesReliability of Estimates

Conversion from fund accounting to full accrualConversion from fund accounting to full accrual

Unusual investment vehiclesUnusual investment vehicles

Implementation of new accounting pronouncementsImplementation of new accounting pronouncements

26


Information systems / technology Information systems / technology

Consider:Consider:Legacy systems for which documentation may be outdated/ Legacy systems for which documentation may be outdated/ non-existentnon-existent

Lack of sufficient, competent IT personnel to support systemsLack of sufficient, competent IT personnel to support systems

Controls that have been implemented “around” the system due Controls that have been implemented “around” the system due to known problemsto known problems

Weak general information technology controls that other Weak general information technology controls that other controls rely on (e.g., computerized exception reports that are controls rely on (e.g., computerized exception reports that are reviewed by management)reviewed by management)

““End user” computing— use of spreadsheets and databases End user” computing— use of spreadsheets and databases outside accounting systems not subject to internal controloutside accounting systems not subject to internal control

27


Lack of segregation of duties Lack of segregation of duties

Consider:Consider:

Manual controls (same individual can initiate, process and record Manual controls (same individual can initiate, process and record

a transaction)a transaction)

Handling of cashHandling of cash

Automated controls (existence of users who can perform Automated controls (existence of users who can perform

functions in the system outside of their function).functions in the system outside of their function).

Possibility of management override of internal controlPossibility of management override of internal control

28


Management estimates Management estimates

Consider:Consider:

Judgments and ClaimsJudgments and Claims

Medicaid AccrualsMedicaid Accruals

Payments to GranteePayments to Grantee

Assumptions made in the determination of actuarial liabilities (Pensions, Assumptions made in the determination of actuarial liabilities (Pensions,

Self-insurance, OPEB)Self-insurance, OPEB)

29


Subsidiaries/Remote locations Subsidiaries/Remote locations

Consider:Consider:

Decentralized authority for transactions Decentralized authority for transactions

Grants managementGrants management

Component units/subsidiariesComponent units/subsidiaries

Monitoring for compliance with policies and proceduresMonitoring for compliance with policies and procedures

30

Emerging InsightsEmerging Insights

31

Year 2 – Section 404 Benefits ObservedYear 2 – Section 404 Benefits Observed

More knowledgeableMore knowledgeableAudit Committees Audit Committees

Overall positive change inOverall positive change inculture - Tone at the top control culture - Tone at the top control consciousness throughout consciousness throughout management improvedmanagement improved

More reliability and transparency More reliability and transparency for public investorsfor public investors

Companies have refined their Companies have refined their documentation and processes documentation and processes

Companies have improved their Companies have improved their accounting group competencyaccounting group competency

““Catch up” on deferredCatch up” on deferred maintenance continued – maintenance continued – additional deficiencies additional deficiencies re-mediated re-mediated

Focus in certain complex areas Focus in certain complex areas increased - income taxes, increased - income taxes, revenue recognition, othersrevenue recognition, others

Better inventory of controls, Better inventory of controls, making the impact of system making the impact of system changes clearer and assistingchanges clearer and assistingin times of staff turnoverin times of staff turnover

Emerging focus on risk Emerging focus on risk management practicesmanagement practices

32


33


Consider following examples of such states as:Consider following examples of such states as:

NY State NY State Model Governance Principles for NYS Public AuthoritiesModel Governance Principles for NYS Public Authorities

Public Accountability Act of 2005 (Act)Public Accountability Act of 2005 (Act)

New JerseyNew JerseyExecutive Order No. 122Executive Order No. 122

Executive Order No. 132Executive Order No. 132

CaliforniaCaliforniaGovernment Code Section 13400Government Code Section 13400

State Administrative Manual 20000 SectionState Administrative Manual 20000 Section

Senate Bill 1262/Charter 919 (Non-profit Integrity Act of 2004)Senate Bill 1262/Charter 919 (Non-profit Integrity Act of 2004)

34

Next Steps: Example Assessment ProcessNext Steps: Example Assessment Process

1 1 PLAN & SCOPE THE EVALUATIONPLAN & SCOPE THE EVALUATIONEstablish a sustainable process, identify resources, and define scope of assessment

Obtain an understanding of document controls and processes

Evaluate design and operating effectiveness of key controls, and document results of evaluation

Identify, accumulate, and evaluate design and operating control deficiencies; communicate findings and correct deficiencies

Prepare management’s written certification on effectiveness of ICFR

If warranted, prepare for independent auditor to conduct the internal control audit and attestation on management’s certification

22 DOCUMENT CONTROLSDOCUMENT CONTROLS

33 EVALUATE DESIGN & OPERATING EFFECTIVENESSEVALUATE DESIGN & OPERATING EFFECTIVENESS

44 IDENTIFY & CORRECT DEFICIENCIESIDENTIFY & CORRECT DEFICIENCIES

5 5 REPORT ON INTERNAL CONTROLREPORT ON INTERNAL CONTROL

6 6 INDEPENDENT AUDIT OF INTERNAL CONTROLINDEPENDENT AUDIT OF INTERNAL CONTROL

35

SAS No. 112SAS No. 112

36

SAS No. 112, Communicating Internal Control Related Matters Identified in an AuditSAS No. 112, Communicating Internal Control Related Matters Identified in an Audit

Establishes standards and provides guidance on Establishes standards and provides guidance on communicating matters related to an entity’s internal communicating matters related to an entity’s internal control over financial reporting identified in an audit of control over financial reporting identified in an audit of financial statements financial statements

Supersedes SAS No. 60, Supersedes SAS No. 60, Communication of Internal Communication of Internal Control Related Matters Noted in an Audit Control Related Matters Noted in an Audit (AU sec. 325)(AU sec. 325)

Applicable whenever an auditor expresses an opinion on Applicable whenever an auditor expresses an opinion on financial statements (including a disclaimer of opinion)financial statements (including a disclaimer of opinion)

37

SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit (cont’d)


Incorporates the definitions of the terms Incorporates the definitions of the terms control deficiency, control deficiency, significant deficiency, significant deficiency, and and material weaknessmaterial weakness used in used in PCAOB Auditing Standard No. 2, PCAOB Auditing Standard No. 2, An Audit of Internal An Audit of Internal Control Over Financial Reporting Performed in Conjunction Control Over Financial Reporting Performed in Conjunction With an Audit of Financial StatementsWith an Audit of Financial Statements..

Requires the auditor to communicate, Requires the auditor to communicate, in writingin writing, to , to management and those charged with governance, management and those charged with governance, significant deficiencies and material weaknesses identified significant deficiencies and material weaknesses identified in an audit in an audit

Provides guidance on evaluating the severity of control Provides guidance on evaluating the severity of control deficiencies identified in an audit of financial statements deficiencies identified in an audit of financial statements

38



Establishes standards and provides guidance on communicating Establishes standards and provides guidance on communicating matters related to an entity’s internal control over financial matters related to an entity’s internal control over financial reporting identified in an audit of financial statementsreporting identified in an audit of financial statements

The term financial reporting relates to the preparation of reliable The term financial reporting relates to the preparation of reliable financial statements that are fairly presented in conformity with financial statements that are fairly presented in conformity with GAAP (includes a comprehensive basis other than GAAP)GAAP (includes a comprehensive basis other than GAAP)

The definitions of control deficiency, significant deficiency, and The definitions of control deficiency, significant deficiency, and material weakness all hinge on the prevention or detection of material weakness all hinge on the prevention or detection of financial statement misstatements.financial statement misstatements.

The significance of a control deficiency depends on the The significance of a control deficiency depends on the potentialpotential for a misstatement, not on whether a misstatement actually has for a misstatement, not on whether a misstatement actually has occurred.occurred.

39



Severity of control deficiencies – definitions:Severity of control deficiencies – definitions:

Control DeficiencyControl Deficiency – design or operation of a control – design or operation of a control does not allow management or employees, in the normal does not allow management or employees, in the normal course of performing their assigned functions, to prevent course of performing their assigned functions, to prevent or detect misstatements on a timely basisor detect misstatements on a timely basis

Significant DeficiencySignificant Deficiency – more than a remote likelihood – more than a remote likelihood that a misstatement that is more than inconsequential that a misstatement that is more than inconsequential will not be prevented or detectedwill not be prevented or detected

Material WeaknessMaterial Weakness – more than a remote likelihood that – more than a remote likelihood that a material misstatement will not be prevented or a material misstatement will not be prevented or detecteddetected

40



Deficiencies in the following areas ordinarily are at least Deficiencies in the following areas ordinarily are at least significant deficiencies in internal control.significant deficiencies in internal control.Controls over the selection and application of accounting Controls over the selection and application of accounting principles that are in conformity with GAAP. Having sufficient principles that are in conformity with GAAP. Having sufficient expertise in selecting and applying accounting principles is an expertise in selecting and applying accounting principles is an aspect of such controls.aspect of such controls.

Antifraud programs and controls.Antifraud programs and controls.

Controls over nonroutine and nonsystematic transactions.Controls over nonroutine and nonsystematic transactions.

Controls over the period-end financial reporting process, including Controls over the period-end financial reporting process, including controls over procedures used to enter transaction totals into the controls over procedures used to enter transaction totals into the general ledger; initiate, authorize, record, and process journal general ledger; initiate, authorize, record, and process journal entries into the general ledger; and record recurring and entries into the general ledger; and record recurring and nonrecurring adjustments to the financial statements.nonrecurring adjustments to the financial statements.

41



Each of the following is an indicator of at least a significant Each of the following is an indicator of at least a significant deficiency and a strong indicator of a material weakness deficiency and a strong indicator of a material weakness in internal control.in internal control.Ineffective oversight of the entity's financial reporting and internal Ineffective oversight of the entity's financial reporting and internal control by those charged with governancecontrol by those charged with governance

Restatement of previously issued financial statements to reflect the Restatement of previously issued financial statements to reflect the correction of a material misstatementcorrection of a material misstatement

Identification by the auditor of a material misstatement in the Identification by the auditor of a material misstatement in the financial statements for the period under audit that was not initially financial statements for the period under audit that was not initially identified by the entity's internal controlidentified by the entity's internal control

An ineffective internal audit function or risk assessment function at An ineffective internal audit function or risk assessment function at an entity for which such functions are important to the monitoring or an entity for which such functions are important to the monitoring or risk assessment component of internal control, such as for very large risk assessment component of internal control, such as for very large or highly complex entitiesor highly complex entities

42



Indicators of at least a significant deficiency and a strong Indicators of at least a significant deficiency and a strong indicator of a material weakness in internal controls, indicator of a material weakness in internal controls, continued:continued:

For complex entities in highly regulated industries, an For complex entities in highly regulated industries, an ineffective regulatory compliance functionineffective regulatory compliance function

Identification of fraud of any magnitude on the part of Identification of fraud of any magnitude on the part of senior managementsenior management

Failure by management or those charged with governance Failure by management or those charged with governance to assess the effect of a significant deficiency previously to assess the effect of a significant deficiency previously communicated to them and either correct it or conclude communicated to them and either correct it or conclude that it will not be correctedthat it will not be corrected

An ineffective control environmentAn ineffective control environment

43



The issues that may cause concern include:The issues that may cause concern include:

Auditor identification of misstatements including those Auditor identification of misstatements including those involving estimation and judgment – even if involving estimation and judgment – even if management corrects the misstatementmanagement corrects the misstatement

Extent of auditor involvement in drafting the entity’s Extent of auditor involvement in drafting the entity’s financial statements and footnotes (e.g. statement of financial statements and footnotes (e.g. statement of cash flows)cash flows)

Management who lack the qualifications and training to Management who lack the qualifications and training to fulfill their assigned functionsfulfill their assigned functions

Collaboration is good…but the auditor cannot be part Collaboration is good…but the auditor cannot be part of a client’s internal controls.of a client’s internal controls.

44



Significant deficiencies or material weaknesses must Significant deficiencies or material weaknesses must be communicated in writing to management and those be communicated in writing to management and those charged with governance, no later than 60 days charged with governance, no later than 60 days following the report release date. If significant following the report release date. If significant deficiencies or material weaknesses previously deficiencies or material weaknesses previously communicated have not yet been remediated, they communicated have not yet been remediated, they must continue to be communicated.must continue to be communicated.

Auditors may communicate that no material Auditors may communicate that no material weaknesses were identified but should not state that weaknesses were identified but should not state that no significant deficiencies were identified.no significant deficiencies were identified.

45

Andrew F. Gottschalk Andrew F. Gottschalk

PartnerPartner

KPMG Government PracticeKPMG Government Practice

KPMG LLPKPMG LLP

(312) 665-2883(312) 665-2883

[email protected]@kpmg.com

www.us.kpmg.comwww.us.kpmg.com

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Presenter’s Contact Information

Date post:	11-Jan-2016
Category:	Documents
Upload:	samantha-lester
View:	212 times
Download:	0 times

1 Commercial Sector Applications of Internal Controls and SAS No. 112 NASC Annual Conference March...

Documents