Presentation on theme: "Anita Hairston DOI Office of Acquisition and Property Management"— Presentation transcript:
1 Financial Assistance Internal Controls and Administrative Review Checklists Anita HairstonDOI Office of Acquisition and Property ManagementFinancial Assistance Training Seminar
2 Internal Controls Defined Internal controls are the organization, policies, procedures, actions, and activities that management implements to ensure that goals and objectives are met.Effective internal control provides assurance that significant weaknesses in the design or operation of internal control, that could adversely affect the agency’s ability to meet its objectives, would be prevented or detected in a timely manner.Internal control should be an integral part of the entire cycle of planning, budgeting, management, accounting, and auditing. It should support the effectiveness and the integrity of every step of the process and provide continual feedback to management.Internal control – organization, policies, and procedures – are tools to help managers achieve results and safeguard the integrity of their programs and it applies to program, operational, and administrative areas not just accounting and financial management.
3 Internal Control Objectives Internal control is an integral component of an organization’s management that provides reasonable assurance that the following objectives are being achieved:- Effectiveness and efficiency of program activities and operations- Reliable, complete, and timely data are maintained- Compliance with applicable laws and regulations- Programs and resources are protected from waste, fraud, and mismanagement
4 RISKInternal control guarantees neither the success of agency programs, nor the absence of waste, fraud, and mismanagement, BUT is a means of managing the risk associated with Federal programs and operations.Managers should define the control environment (e.g., programs, operations, reporting) and perform risk assessments to identify the most significant areas within that environment in which to place or enhance internal control.The risk assessment is a critical step in the process to determine the extent of controls.Once significant areas have been identified, control activities should be implemented.Continuous monitoring and testing should help identify poorly designed or ineffective controls and should be reported.Financial Reporting, Revenue Management, Funds Management, Financial Assistance (grants and cooperative agreements), Inventory Management Environmental Management, Custodial Collections, Custodial Distributions, Budget Execution, Human Capital Management, Procurement, Contracting, Franchise Activities, Credit Program Management, Real Property Management, and Information Technology are control environments.Agency managers must ensure an appropriate balance between the strength of controls and the relative risk associated with particular programs and operations.We cannot rely on auditors instead of doing our own internal control reviews BUT we must consider results of OIG, GAO, and other reviews in performing risk assessments and preparing assurance statements.
5 Who is Responsible for Internal Controls? Management has a fundamental responsibility to develop and maintain effective internal control. The proper stewardship of Federal resources is an essential responsibility of agency managers and staff.Federal employees must ensure that Federal programs operate and Federal resources are used efficiently and effectively to achieve desired objectives.Programs must operate and resources must be used consistent with agency missions, in compliance with laws and regulations, and with minimal potential for waste, fraud, and mismanagement.
6 Actions RequiredAgencies and individual Federal managers must take systematic and proactive measures to:Develop and implement appropriate, cost-effective internal control for results-oriented management;Assess the adequacy of internal control in Federal programs and operations;Identify needed improvements;Take corresponding corrective action; andReport annually on internal control through management assurance statements.
7 Internal Control Standards – Two Approaches OLD CIRCULAR A-123General Control StandardsCompliance with Laws and RegulationsReasonable Assurance and SafeguardsIntegrity, Competence, and AttitudeSpecific StandardsDelegation of Authority and OrganizationSeparation of Duties and SupervisionAccess to and Accountability for ResourcesRecording and DocumentationResolution of Audit Findings and Other DeficienciesCIRCULAR A-123 (Revised)Emphasizes management’s responsibility for developing and maintaining internal control activities that comply with standards related to:Control EnvironmentRisk AssessmentControl ActivitiesInformation and CommunicationsMonitoring
8 Control EnvironmentEmphasizes importance of establishing organizational structure and culture by management and employees to sustain support for effective internal control. This includes:Well defined areas of authority and responsibility;Appropriate delegation of authority and responsibility throughout the agency;Establishment of a suitable hierarchy for reporting;Supporting appropriate human capital policies for hiring, training, evaluating, counseling, advancing, compensating and disciplining personnel; andUpholding the need for personnel to possess and maintain the proper knowledge and skills to perform their assigned duties as well as understand the importance of maintaining effective internal control within the organization.
9 Control Environment (Continued) The organizational culture is also crucial within the control environment standard. The culture should be defined by management’s leadership in setting values of integrity and ethical behavior.Management’s philosophy and operational style will set the tone within the organization.Management’s commitment to establishing and maintaining effective internal control should cascade down and permeate the organization’s control environment which will aid in the successful implementation of internal control systems.
10 Risk AssessmentManagement should identify internal and external risks that may prevent the organization from meeting its objectives.When identifying risks, management should take into account relevant interactions within the organization as well as with outside organizations.Management should also consider previous findings, e.g., auditor identified, internal management reviews, or non-compliance with laws and regulations when identifying risks.Identified risks should then be analyzed for their potential effect or impact on the agency.
11 Risk Assessment, Continued Risk assessment is an internal management process for identifying, analyzing and managing risks relevant to achieving the objectives of reliable financial reporting, safeguarding of assets and compliance with relevant laws and regulations.
12 Risk MitigationMitigation is an important word in risk management. It simply means reducing the likelihood of occurrence or recurrence of situations or events. Mitigation strategies are essential components of the risk plan. These strategies may not totally prevent an occurrence but proactive interventions may diminish the consequences.
13 ExampleDiabetes can be life threatening but careful planning and adherence to a health risk plan may help keep the individual healthier and not as likely to go into crisis. Regular blood sugar checks will mean that appropriate interventions are taken to manage the disease before a person reaches a crisis point.
14 Control ActivitiesControl activities include policies, procedures and mechanisms in place to address or mitigate risk and help ensure internal control objectives are met. Examples include:Proper segregation of duties and supervision;Access to and accountability for resources, e.g., physical control over assets;Appropriate recording and documentation and access to that documentation; andGeneral and application controls over information systems
15 Information and Communications Information should be communicated to all relevant personnel at all levels within an organization.Information should be relevant, reliable, and timely.It is also crucial that an agency communicate with outside organizations as well, whether providing information or receiving it.Examples include:Receiving updated guidance from oversight offices;Management communicating requirements to the operational staff;Operational staff communicating with the information systems staff to modify application software to extract data requested in the guidance.
16 Monitoring IMonitoring the effectiveness of internal control should occur in the normal course of business.In addition, periodic reviews, reconciliations or comparisons of data should be included as part of the regular assigned duties of personnel.Periodic assessments should be integrated as part of management’s continuous monitoring of internal control, which should be ingrained in the agency’s operations.NEWS FLASH: If an effective continuous monitoring program is in place, it can level the resources needed to maintain effective internal controls throughout the year.
17 Monitoring IIDeficiencies found in internal control should be reported to the appropriate personnel and management responsible for that area.Please note, you cannot prepare an annual internal control assurance statement for your function if:Deficiencies identified, whether through internal review or by an external audit, are not evaluated and corrected.A systematic process is not in place for addressing deficiencies.
18 GAO FrameworkDeveloped to assess the strengths and weaknesses of agencies’ acquisition functions.Framework comprises four interrelated cornerstones that promote an efficient, effective, and accountable acquisition function:- Organizational Alignment and Leadership- Policies and Processes- Human Capital- Knowledge and Information Management
19 Organizational Alignment and Leadership Clearly defined roles and responsibilities.While there is no single, optimal way to organize an agency’s financial assistance function, each agency must assess whether the current placement of its on function meets organizational needs and that any associated risk is identified and mitigated.Critical success factors to be evaluated/assessed in this area include:- Assuring appropriate placement of the acquisition function- Organizing the acquisition function to operate strategically- Clearly defining and integrating roles and responsibilities- Clear, strong, and ethical executive leadership- Effective communications and continuous improvement
20 Policies and Processes Effective policies and processes govern the planning, award, administration, and oversight of acquisition efforts, with a focus on assuring that these efforts achieve intended results.Critical success factors to be evaluated/assessed in this area include:- Partnering with internal organizations- Assessing internal requirements and the impact of external events- Managing and engaging suppliers- Monitoring and providing oversight to achieve desired outcomes- Enabling financial accountability- Using sound Capital Investment strategies
21 Human CapitalAgencies must think strategically about attracting, developing, and retaining talent, and creating a results-oriented culture within the acquisition workforce.Critical success factors to be evaluated/assessed in this area include:- Commitment to human capital management- Integration and alignment- Data-driven human capital decisions- Targeted investments in people- Human capital approaches tailored to meet organizational needs- Empowerment and inclusiveness- Unit and individual performance linked to organizational goals
22 Knowledge and Information Management Effective knowledge and information management provides credible, reliable, and timely data to make decisions.Critical success factors to be evaluated/assessed in this area include:- tracking acquisition data- tracking financial data into meaningful formats- analyzing goods and services spending- safeguarding the integrity of operations and data stewardship
23 Assessing Internal Control In conducting your reviews of internal control in the acquisition and financial assistance functions, use the standards in the GAO and OIG frameworks as the “lens” or the evaluation factors with which to assess the functions, identify areas of risk and weakness, and develop and implement corrective action plans.
25 Assessing Internal Control Identify deficiencies from reviews and other sources of information described above.Report deficiencies in accordance with annual guidelines.A control deficiency or combination of control deficiencies that in management’s judgment represents significant deficiencies in the design or operation of internal control that could adversely affect the function’s ability to meet its internal control objectives is a reportable condition (to be tracked and monitored within the Bureau).Managers and staff are encouraged to identify control deficiencies, as this reflects positively on the Bureau’s commitment to recognizing and addressing management problems. Failing to report a known reportable condition reflects adversely on the bureau and continues to place its operations at risk.
26 Assessing Internal Control In preparing their reports and assurance statements, Bureaus must carefully compare and review the results of all the reviews conducted during the reporting cycle and consider whether systemic weaknesses exist that adversely affect internal control across organizational or program lines. They must then develop a plan of action for addressing these types of weaknesses in addition to the individual corrective action plans resulting from each review.
27 Correcting Deficiencies Corrective actions plans must be developed to correct deficiencies identified in reviews.Taking timely and effective action to implement corrective actions.Progress must be tracked at the appropriate level to ensure timely and effective results.Maintain appropriate supporting documentation regarding corrective action plan implementation in order to support closure.
28 Reporting on Internal Control Bureau internal control assessment reports for financial assistance must include the following:findings of management reviews performed and corrective action plans implemented (including timeframes for complete implementation of corrective actions);summary findings of applicable OIG, GAO, and third party Notices of Finding and Recommendations, and corrective plans implemented (including timeframes for complete implementation of corrective actions);bureau-wide targets review and supplementary reports; andan assurance statement regarding the adequacy of bureau-wide internal controls, i.e., assurance that processes are in place for the bureaus to: (1) prevent or promptly detect unauthorized acquisition, use, or disposition of assets; and (2) implement and monitor corrective actions for identified compliance or systemic weaknesses in order to bring identified weaknesses in bureau acquisition and financial assistance processes/procedures into compliance with applicable laws, regulations, and policy.
29 QUIZInternal control only applies to accounting and financial management. (True/False)Internal control is basically a post-award “inspection”-type process. (True/False)Internal control guarantees the success of agency programs and the absence of waste, fraud, and mismanagement. (True/False)OMB Circular A-123 (Revised) states that only Federal managers are responsible for ensuring that Federal programs operate and Federal resources are used efficiently and effectively to achieve desired objectives. (True/False)Internal control is a means of identifying and managing risk associated with Federal programs and operations. (True/False)Federal managers must report annually on internal control through management assurance statements. (True/False)FalseTrue
30 RESOURCES DOI Office of Acquisition and Property Management Website: (GAO Framework can be accessed under “Acquisition”)DOI Office of Financial Management Website:DOI Office of Inspector General Website:Office of Management and Budget Website:Government Accountability Office Website: