INTERNAL CONTROLS POLICY AND MANUAL

2y ago
24 Views
4 Downloads
1.85 MB
39 Pages
Last View : 15d ago
Last Download : 2m ago
Upload by : Wren Viola
Transcription

INTERNAL CONTROLS POLICYAND MANUALFebruary 14, 2019Policy SummaryThe City of Columbia adopted an internal controls policy framework and manual to provide Citystaff with guidance with the development and documentation of internal control practices. Theestablishment of this policy, adoption by Council and ongoing review and revision is intended toprovide reasonable assurance to City officials and Columbia citizens that management continuallycontrols for risks to the organization with plans to mitigate such risks.Adopted on 2/14/2019Version 021419

TABLE OF CONTENTS1Introduction . 12Considerations in Development of Internal Controls . 32.13The Green Book states documentation is management’s responsibility: . 3Five Components of Internal Control. 43.1 Control Environment. 43.1.1Organization - Council Manager Form of Government . 73.1.2Departmental Structures . 83.2 Risk Assessment . 173.3 Control Activities . 193.3.1General Collections/ACHs . 193.3.2General Disbursements/Drafts . 233.3.2.1Payroll disbursements and payroll liabilities . 253.3.3Investments. 273.3.4Safeguarding Assets . 303.3.5Compliance. 323.4 Information and Communication . 343.5 Monitoring . 36Summary . 37Version 021419

Internal Controls Policy Framework1 INTRODUCTIONThe City of Columbia (herein after referred to as “the City”) has a responsibility to taxpayers, ratepayersand constituents regarding stewardship of public funds and property. In the City’s efforts to serve thepublic as City officials or employees, the City establishes this Internal Controls Policy Framework andManual using recognized best practices and state and federal directives.State of Tennessee statutes require the Comptroller’s Office, Department of Audit to prescribe uniformaccounting systems for entities that handle public funds. Those statutes require public officials to adoptand use the system designated by the Comptroller’s Office. The Tennessee Legislature amended Tenn.Code Ann. § 9-18-102 in 2015 to require local governments to establish and maintain internal controls inaccordance with guidance issued by the U.S. Government Accountability Office (GAO). The guidance istitled Standards for Internal Control in the Federal Government (Green Book). The Green Book follows theformat developed by the Committee of Sponsoring Organizations (COSO) which has been the goldstandard of internal control for all entities except the federal government for several years.The internal control system consists of three (3) objectives and five (5) main components. Within the five(5) components there are 17 principles that apply to certain components. The state considers the five (5)elements mandatory and the 17 principles optional. The City of Columbia has chosen to address the five(5) elements as required by state law within this manual; however, the seventeen (17) principles from theGreen Book are presented below for informational purposes and to help explain the five (5) components.THREE (3) OBJECTIVES OF INTERNAL CONTROLS:1.Reporting – reliability2.Operations – effective and efficient3.Compliance – compliant with applicable laws, regulations, contracts and grant agreementsFIVE (5) MAIN COMPONENTS OF INTERNAL CONTROLS THAT ARE REQUIRED TO BE ADDRESSED:1.Control Environment2.Risk Assessment3.Control Activities4.Information and Communication5.Monitoring1Version 021419

OV2.09 THE GREEN BOOKFigure 3: The Five Components and 17 Principles of Internal Control:CONTROL ENVIRONMENT:CONTROL ACTIVITIES:1. The governing body and managementshould conduct business with integrity andethical behavior.10. Management should design controlactivities to achieve objectives and respondto risks.2. The oversight body should oversee theCity’s internal control system.11. Management should design the entity'sinformation system and related controlactivities to achieve objectives and respondto risks.3. Management should establish anorganizational structure, assignresponsibility and delegate authority toachieve the entity's objectives.4. Management should demonstrate acommitment to recruit, develop and retaincompetent individuals5. Management should evaluate performanceand hold individuals accountable for theirinternal control responsibilities.RISK ASSESSMENT:6. Management should define objectivesclearly to enable the identification of risksand define risk tolerances.7. Management should identify, analyze andrespond to risks related to achieving thedefined objectives.12. Management should implement controlactivities through policies.INFORMATION AND COMMUNICATION:13. Management should use qualityinformation to achieve the entity'sobjectives.14. Management should internallycommunicate the necessary qualityinformation to achieve the entity'sobjectives.15. Management should externallycommunicate the necessary qualityinformation to achieve the entity'sobjectives.MONITORING:8. Management should consider the potentialfor fraud when identifying, analyzing andresponding to risks.16. Management should establish and operatemonitoring activities to monitor the internalcontrol system and evaluate the results.9. Management should identify, analyze andrespond to significant changes that couldimpact the internal control system.17. Management should remediate identifiedinternal control deficiencies on a timelybasis.Source: GAO. GAO-14-704G.Internal Control Policy and Manual Purpose: The purpose of this manual is to ensure that the objectivesof reporting and compliance are established. The policies to achieve objectives are derived from variousfinancial best practices, state and federal laws, and regulations and policies. Policies included in themanual have been developed to suit specific needs of City functions and resources. Detailed proceduresare then developed and documented as a means for the City to comply with its established policies.2Version 021419

2 CONSIDERATIONS IN DEVELOPMENT OF INTERNALCONTROLSInternal control is defined as a process effected by an entity’s oversight body, management and otherpersonnel that provides reasonable assurance the City’s objectives will be achieved. Before developing anInternal Control System (ICS), the City and various departments within the City should determine theirrespective missions, strategic goals and objectives, and then formulate a plan to achieve those objectives.The internal controls are policies and procedures put in place to help achieve goals and objectives. Bydescribing how the City and City departments expect to meet varied goals and objectives, usingcompensating controls to minimize risk, the City as a whole increases organizational awareness ofexpectations. Each department’s internal control plan will be unique; however, it must be based on policesincluded in this guide which incorporates or references to other comprehensive state, federal or standardsetting agency polices that have been adopted.Consistent monitoring of all components will ensure that the ICS (which must be reviewed and updatedat least annually) is updated whenever changing conditions justify.Since a City’s/department’s policies and procedures are the control activities for its internal control plans,it is important that they be reviewed in conjunction with the plans and referenced where appropriate.Everyone in the City has a responsibility to ensure that internal controls operate effectively.As directed by T.C.A. 9-18-102 (a) and in accordance with the guidance issued by Tennessee Comptroller’sOffice, the City has adopted this internal control manual. It is critical to note that the development andoperation of the internal control system involves everyone in the organization. As such, managementmust ensure that the manual is shared with all of its employees. The manual is a work in process and willbe assessed periodically.The following sections document the five (5) components of internal control and significant financial andcompliance areas that are deemed high risk.2.1THE GREEN BOOK STATES DOCUMENTATION IS MANAGEMENT’S RESPONSIBILITY:3.09 Management develops and maintains documentation of its internal control system.3.10 Effective documentation assists in management’s design of internal control byestablishing and communicating the who, what, when, where, and why of internalcontrol execution to personnel. Documentation also provides a means to retainorganizational knowledge and mitigate the risk of having that knowledge limited to a fewpersonnel, as well as a means to communicate that knowledge as needed to externalparties, such as external auditors.3Version 021419

3 FIVE COMPONENTS OF INTERNAL CONTROL3.1 CONTROL ENVIRONMENTOverviewThe control environment is the foundation for all other components of internal control, providingdiscipline and structure. Moreover, management establishes the tone at the top regarding the importanceof internal control and expected standards of conduct, and reinforces expectations at various levels.Control environment factors include the integrity, ethical values and competence of the City's personnel;the way management assigns authority and responsibility, and organizes and develops its personnel; andthe attention and direction provided by the governing body.OBJECTIVES1.2.3.4.The governing body and management should conduct business with integrity and ethicalbehavior.The oversight body and management should provide direction and oversight for City’s internalcontrol system.Management should demonstrate a commitment to hire qualified and competentmanagement.Management should establish structure, authority and responsibility and hold individualsaccountable for internal control responsibilitiesPolicies1. A related party questionnaire is completed annually by all elected and appointed officials.2. The governing body, through management, has adopted a personnel manual and hasestablished job descriptions with minimum job requirements.3. The governing body also uses the budget process as a means of oversight with departmentheads.4. Organizational charts are established and reviewed to reflect structure of authority andresponsibility.4Version 021419

3.1 Control Environment (Continued)ProceduresProcedures of policy 1 The Chief Financial Officer (CFO) requires completed related party questionnaires from electedofficials and management team members (annually during the budget process before June30th).The related party questionnaires are reviewed by the CFO. Any affirmative responses will beevaluated with regard to any relationship impacting City operations.Related party questionnaires are submitted to the City’s external audit team each year.Procedures for policy 2 Detailed job descriptions with minimum job requirements are on file with the PersonnelDepartment. The minimum job requirements are based on like positions in similargovernments and will meet state or federal requirements if applicable.Hiring procedures are detailed in the manual and prohibit hiring anyone who does not meetthe minimum job requirements.Revisions to the Personnel Manual are presented by the Personnel Director and revisions aremade by resolution as needed after City Council approval.The Personnel Manual is discussed with new hires at an orientation session conducted byPersonnel staff on or shortly after their first day of employment. All employees mustacknowledge receipt of the contents of the manual.Procedures for policy 3 In January, the City Manager’s Executive Secretary sends all department heads the budgetworksheets for the upcoming fiscal year along with guidelines for completion and the specifieddue date.The City Recorder estimates revenues using the past five (5) years of collection history, currentgrowth indicators, current year information and other related indicators relevant to revenuestreams.The CFO will estimate all the appropriations not otherwise assigned to a department head,incorporate salaries and benefits into the department head’s budgets, and assist withpreparation of the capital budget.The City Manager sets meetings with all department heads in order for them to present theirrespective budget requests, including requests for additional funding based on theirdepartment’s plan of operation and the City’s Strategic Plan. Department heads prioritize theirrequests in order to facilitate decision making related to items to fund based upon availableresources.5Version 021419

3.1 Control Environment (Continued) Procedures for policy 3 (continued)The City Manager and CFO then meet to determine which departmental requests will beincorporated within the proposed budget and identify any problem areas that still exist. TheCFO discusses recommended items with the department heads and makes adjustments todepartment spreadsheets.Adjusted budget spreadsheets are returned to departments in order for them to preparetheir budget narrative (including department description, budget highlights, current FYaccomplishments, new FY priorities and activity/budget summary).Department narratives are prepared and routed back to the City Manager’s office for reviewand compilation.The CFO prepares the budget message, budget issues, summary sheets for Capital EquipmentReplacement Plan, Management Information Systems Capital Improvement Program and anoverall expenditure summary. The Personnel Department prepares the personnel appendix.The CFO prepares the budget ordinance for its first consideration at the May Council meetingand on second consideration at the June meeting.The required public notice of comparative budget information is placed in the localnewspaper late in April and notice of the preliminary appropriation ordinance is also placedin the local newspaper prior to consideration (required to be published no less than 10 daysbefore final consideration).The budget document is presented to Council at or before the May study session. A budgetmeeting is set to review/discuss the proposed budget with the City Council. Per past practice,the Wastewater revenues and expenditures are typically presented at the May study sessionand a separate meeting is set to discuss the other departments/funds.The final budget consideration is held at the June Council meeting.Procedures for policy 4 City organizational charts were developed based on the City’s structure pursuant to theColumbia Municipal Charter.The charts are reviewed periodically as positions are added or changed to determine if thereporting structure, authority, and responsibility documented in the chart is still accurate.In addition to the personnel manual, all positions have detailed job descriptions whichidentifies the immediate supervisor and explains the responsibilities of the position.6Version 021419

3.1.1 Organization - Council Manager Form of Government7Version 021419

3.1.2 Departmental Structures3.1.2.1City Manager’s OfficeCITY MANAGER’S OFFICECity ManagerAssistant CityManager/CFOTourism & MarketingDirector3.1.2.2Executive SecretaryAdministrativeAssistant (PT)Finance DepartmentFINANCE DEPARTMENTAssistant CityManager/CFO, CMFOAssistant FinanceDirectorAccountingTechnician IIPurchasing AgentAccountingTechnician II8Version 021419

3.1.2.3City Recorder’s OfficeCITY RECORDER’S OFFICECity RecorderAssistant CityRecorderCourt Clerk3.1.2.4AccountingTechnician II (2)AccountingTechnician I (1)Personnel DepartmentPERSONNEL DEPARTMENTPersonnel DirectorHuman ResourcesTechnician (2)9Version 021419

3.1.2.5MIS DepartmentMIS DEPARTMENTMIS DirectorNetwork Administrator(2)Part-time Employee10Version 021419

3.1.2.6Development Services DepartmentDEVELOPMENT SERVICESDevelopment ServicesDirectorChief BuildingOfficialBuilding & Codes, AssistantChief of EnforcementCity EngineerCity PlannerAssistant CityEngineerBuilding InspectorsProperty Maintenance InspectorsCustodianStaff EngineerEngineer TechnicianAdministrative Assistants11Version 021419

3.1.2.7Police DepartmentPOLICE DEPARTMENT12Version 021419

3.1.2.8Fire DepartmentFIRE AND RESCUE13Version 021419

3.1.2.9Parks and RecreationPARKS AND RECREATION DEPARTMENTParks & RecDirectorAdministrativeAssistant(2)Parks & RecAssistant DirectorCrew LeaderRidleyBuilding and Grounds(4)Crew LeaderMaintenanceProgramManagerBuilding and Grounds(7)RecreationCoordinatorPoolManagerB & G Part time(5)ProgramCoordinator(2)HeadLife Guards(2)B & G Part time(3)RecreationSpecialist(2)Seasonal rsion 021419

3.1.2.10 Public WorksPUBLIC WORKS DEPARTMENT15Version 021419

3.1.2.11 Wastewater DepartmentWASTEWATER16Version 021419

3.2 RISK ASSESSMENTOverviewCity officials and management assess risk of operations on an ongoing basis. The City has chosen totransfer the most common types of risk through the purchase of the following types of insurance: Property and Casualty Liability Errors and Omissions Worker CompensationThere are risks that cannot be anticipated or known about and as it relates to financial and complianceissues, the following assessed areas have been identified as certain risks that need to be addressed by thedevelopment of internal control policies and procedures. Internal controls will not eliminate all risk butwill help reduce risk to gain reasonable assurance that reporting and compliance objectives are being met.Objectives1.2.3.4.Collections are complete, timely and accurate.Disbursements are for a valid City purpose and properly recorded.Assets are properly safeguarded.City is in compliance with contractual, local, state and federal laws and regulations.RiskObjective 11. Collections could be lost or misappropriated.2. Collections could be recorded improperly.3. Collections may not be deposited in the bank and recorded timely.17Version 021419

3.2 Risk Assessment (Continued)RiskObjective 21. Disbursements could be unauthorized.2. Disbursements could be for personal items.3. Disbursements could be made for items never received.RiskObjective 31.2.3.4.Bank balances may be inaccurate due to failure to reconcile bank accounts.Capital assets or inventory items could be missing.Cash is not available when needed.Inventory is not available when needed.RiskObjective 41. Grant funds could be spent for

Internal Control Policy and Manual Purpose: The purpose of this manual is to ensure that the objectives of reporting and compliance are established. The policies to achieve objectives are derived from various . growth indicators, current year information and other related indicators relevant to revenue streams.

Related Documents:

Course Title: Internal Controls in Accounts Payable Learning Objectives: Determine what can be prevented with strong internal controls Pinpoint a hidden cost of weak internal controls Identify what may occur when proper attention is paid to the invoice processing function Spot a

Good Internal Controls Affect an Employee Plan Audit The EP agent will evaluate the effectiveness of the plan's internal controls to determine to perform A focused audit (just look at 3-5 issues) or Expand the scope of the examination Good internal controls are a key factor in keeping an audit "focused"

Internal control is a process that "controls" or mitigates risk, for example: In accounting, internal control is a process to provide reasonable assurance over the accuracy and reliability of financial reporting (internal and external). In compliance, internal control is a process to provide reasonable assurance over adherence to laws, regulations, internal policies, etc.

Working with ASP.NET Server Controls WHAT YOU WILL LEARN IN THIS CHAPTER: ‰ What ASP.NET Server Controls are ‰ The di! erent kinds of server controls you have at your disposal ‰ The common behavior shared among most of the server controls ‰ How the ASP.NET run time processes the server controls on your page ‰ How server controls are able to maintain their state across postbacks

May 15, 2020 · Inventory Control Activities Directive Controls: –Job description, ethics policy, personnel policy, capital asset policy, vehicle policy, surplus policy Preventative Controls: –Segregation of duties, restricted access Detective Con

4.1 Sample Bank Reconciliation Format . 4.2 Sample Cash Count and Verification . 4.3 Sample Internal Control Checklist . 4.4 Sample Reconciliation Problems and Tips . Section 6: Role of the Internal Audit . 6.1 Sample Internal Auditor Job Description . Section 7: Implementing the Internal Audit Function . 7.1 Sample Internal Audit Annual Work Plan

1. Area Controls: Manual controls that control lighting in each area separately 2. Multi-level Controls: Allow occupants to choose the appropriate light level for each area 3. Shut-off Controls: Automatically shuts off lighting or reduces light levels when illumination is not needed 4. Automatic Daylighting Controls: Adjust electric lighting in

1992 on the Internal Controls-Integrated Framework. Because, Internal control has different meanings to different parties, COSO tries to establish a common definition and standard that can serve such parties. Under COSO’s report, (quoted from July 1994 Edition of COSO Internal Controls-Integrated Framework, “COSO Report”), “Internal