internalcontrolmanual
0 likes151 views
This document discusses the importance of internal controls for local governments and provides guidance on developing an internal control manual. It describes two examples where a lack of internal controls led to theft from a city parks department and failure to draw down federal grant funds. The document outlines six key steps to develop an internal control manual, including planning, reviewing current controls, evaluating and designing new controls, documenting the manual, and educating staff. It recommends the manual define internal controls, address fraud awareness, and identify control activities for key financial processes. Developing and following an internal control manual can help prevent problems and ensure accountability.
internalcontrolmanual
- 1. 14 / March 2014 The Missouri Municipal Review www.mocities.com M any times problems arise at governmental entities due to the lack of appropriate internal controls or failure to follow already established internal controls. Here are two particular instances discovered when assisting government entities with internal audit and fraud investigations. City X – City X did not have internal controls established to ensure that recreational league fees paid to the parks department were properly safeguarded, accounted for and deposited. The city parks director collected these fees and was responsible for depositing them into the city bank account – without any additional oversight. As a result, the city parks director was able to steal approximately $15,000 over a three-year period in fees paid by residents for recreational leagues. City Y – City Y had established internal controls that were documented in its policies and procedures manual, over the drawdown of federal grant funds it was owed. However, the manual was seldom referred to and eventually forgotten over time. So, City Y was actively looking into finding out why they had failed to draw down in a timely manner more than $6 million in federal funds owed. It was discovered that an accountant, who had been hired in the past year, was not told about the controls established and documented in the policies and procedures manual, making the internal controls a moot point. These are just a couple of examples that show the need to document internal controls. This article will define what internal controls are, discuss why a manual is critical for local government, and outline the steps to develop a manual and the related components. Internal Control It is crucial to define what internal control is before delving any further into the topic of an internal control manual. The best and most widely accepted definition of internal control comes from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that was founded in 1992 and issued the Internal Control Integrated Framework. COSO defines internal control as: “A process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.” This definition translates well to local government entities by simply replacing “board of directors” with “elected officials” in the first line above. The definition also focuses on the fiduciary responsibilities of local government entities to ensure the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulation. DEVELOPING AN INTERNAL CONTROL MANUAL by Ron Steinkamp, CPA, CIA, CFE, CRMA, CGMA PLAN REVIEW EVALUATE DESIGN DOCUMENT EDUCATE I n t e r n a l C o n t r o l : “ A p r o c e s s , e f f e c t e d by an entity’s board of directors, management a n d o t h e r p e r s o n n e l . This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.” Why Develop An Internal Control Manual G o v e r n m e n t o f f i c i a l s a r e accountable to the public. They have been entrusted with four main fiduciary responsibilities. The first is the responsibility to comply with all federal, state and local laws and regulations. The second is the responsibility to properly handle and safeguard public funds. Their third responsibility is to operate in an efficient and effective manner. Finally, government officials are responsible for achieving results. The Government Finance Officers Association (GFOA) recommends that every governmental entity document accounting policies and procedures in order to enhance accountability and consistency. GFOA further recommends that this documentation: • Delineate the authority and responsibility of all employees, especially the authority to allow transactions and the responsibility for the safekeeping of assets and records. Figure 1
- 2. www.mocities.com The Missouri Municipal Review March 2014 / 15 STEPS KEYS PLAN Gain City Council and Management support. Establish clear objectives and timelines for completion. Select a project team and leader. Determine the format of the manual. Identify processes to include in the manual. Identify process owners. Meet with process owners to notify them of the project and gain their support. Assign team responsibilities. Schedule team check points. REVIEW Review currently documented policies and procedures. Walk-through “as is” process with the process owner. Document the “as is” process. Validate the “as is” process documentation with the process owner. EVALUATE Identify existing internal controls in the “as is” process. Determine the adequacy and effectiveness of the existing controls. Identify any missing controls or poorly designed controls. Discuss evaluation results with the process owner and seek input on the design and/or redesign of the process and related internal controls. DESIGN Redesign the process with adequate and effective internal controls. Walk-through the redesigned process with the process owner. Make changes as necessary to the process design. DOCUMENT Formally document the process and related internal controls. Compile an internal control manual with all processes and controls. EDUCATE Roll-out the manual and train all affected employees. As appropriate, based on position, make Internal Control Manual training part of new hire orientation. Consider periodic refresher training. Figure 2 • Indicate which employees are to perform which procedures. • Explain the design and purpose of control-related procedures to increase employee understanding and support of controls. Effective internal controls can assist every aspect of government operations by assuring compliance with applicable laws and regulations, safeguarding public funds, ensuring operational effectiveness and efficiency, and monitoring the achievement of results. Good governance through accountability and recommended practice dictate that local government entities develop internal control manuals. Steps for Developing An Internal Control Manual As depicted in Figure 1 (left), there are six key steps to developing an internal control manual. It is critical that these steps be followed in the order presented. With each step, there are several keys that should be considered as presented in Figure 2 above. Components Of An Internal Control Manual An Internal Control Manual should at a minimum contain the following sections detailed below. Introduction – The introduction should include the purpose, scope and authority of the manual. It should provide a discussion of how to use the manual, as well as whom to contact with questions related to the manual and internal controls. Internal Control Basics – This section should provide a definition of internal control and emphasize the importance of internal controls in the organization. It also should explain management’s responsibility for internal controls. F r a u d A w a r e n e s s – T h i s section should define fraud and its characteristics. It also should identify each employee’s responsibility for fraud reporting, as well as how to report fraud to management. Control Activities – This section is the heart of the manual and should identify procedures and critical internal controls within key processes such as: • Revenue – Taxes, fines, fees, etc. • Procurement • Expense disbursement • Human resources and payroll • Treasury • Financial reporting • Fixed assets • R e g u l a t o r y c o m p l i a n c e – including grants Information systems and security A properly developed and i m p l e m e n t e d I n t e r n a l C o n t r o l Manual will not solve all issues faced by an organization, but it can certainly assist in anticipating, preventing and controlling many problems that could arise. Ron Steinkamp is a principal of the firm Brown Smith and Wallace.