6.1.1.2.1

Agency Responsibilities

Effective Date:

July 1, 1991

6.1.1.2.1.a

The agency director has the ultimate responsibility for establishing, maintaining, and reviewing the system of internal control in the agency. The agency director should designate one senior agency manager as the internal control officer. This person would have the responsibility for coordinating the overall agency-wide effort of evaluating, improving, and reporting on internal controls in conformance with this policy. Normally, this will not be the internal auditor. The internal control officer is to provide assurance to the agency director that these processes have been conducted in accordance with the guidelines in this policy.

6.1.1.2.1.b

The manager of each organizational unit and any other components within an agency is responsible for internal control in that unit. The internal control officer is responsible for assuring that the agency has performed the required risk assessments and performed the evaluative processes, as necessary, in accordance with these guidelines. A risk assessment of agency internal control systems is to be made annually. An internal control evaluation is to be made when the risk assessment indicates a high level of risk associated with an agency internal control system.

6.1.1.2.1.c

It is intended that agencies have the flexibility to assign the appropriate staff for completing the risk assessments and internal control evaluations required by this policy. This staffing may include those directly responsible for the system from first line supervisor on up, and also may include the internal auditor. Establishing the staffing plan for these assessments and reviews should be the responsibility of the internal control officer.

The internal auditor may provide technical assistance to the manager of an organizational unit in developing appropriate procedures to conduct risk assessments and internal control reviews and evaluations in accordance with this regulation.

6.1.1.2.2

Agency Reporting

Effective Date:

May 1, 1994

Annually, each agency director and chief financial officer shall sign and submit a Financial Disclosure Certificate to the Office of Financial Management (OFM), Accounting and Fiscal Services Division. This certificate will report the results of the agency compliance with this policy, including an attached summary description of material internal control weaknesses, if any, and a brief corrective action plan.

This certificate is provided to agencies annually in the Fiscal Year End Supplemental Reporting subsection located in Part 5 (5.1.3.1) of this manual. It is due each year by the date specified in those instructions.

6.1.1.2.3

Agency Documentation

Effective Date:

July 1, 1991

Agencies are to maintain adequate written documentation for activities conducted in connection with risk assessments, internal control reviews and follow-up actions. This documentation is to be available for review by agency management, the Office of State Auditor, and OFM.

6.1.1.2.4

Basic Principles

Effective Date:

July 1, 1991

6.1.1.2.4.a

Internal controls are to be established following basic internal control concepts and are to aid in the assurance that the accounting records are accurate and in conformity with generally accepted accounting principles.

6.1.1.2.4.b

Several basic internal control concepts underlie the characteristics of an internal control system for almost all types of assets. The following basic concepts are to be followed:

6.1.1.2.4.b(1)

Division of Duties - Whenever possible, no individual is to have complete control over any type of asset in any agency, department, or division of the state. The work of employees handling public assets should be complementary to or checked by other employees. This will not only decrease the chance of loss by means of fraud or dishonesty, but will also provide a means to detect errors.

6.1.1.2.4.b(2)

Sound Policies and Procedures - Every effort is to be made to ensure that the assets of the state are properly handled. By supplying employees with strict control procedures and ensuring that they are followed through the use of checks and audits, the chance of losses will be greatly decreased.

6.1.1.2.4.b(3)

Authorization and Record Procedures - A system of authorization and record procedures is to be provided in order to assure reasonable accounting control over assets, liabilities, revenues, and expenses. This includes the use of such forms as invoices, warrants, vouchers, and written receipts.

6.1.1.2.4.b(4)

Quality Personnel - The quality of personnel handling state assets is to be commensurate with the responsibilities given such personnel.

6.1.1.2.4.c

Agencies are to incorporate the above characteristics and definitions of internal control in the design of all internal operational systems. Particular care is to be taken in those areas that involve the physical handling of cash items, approval for payment of obligations, and control of the agency's assets.

6.1.1.2.4.d

Although internal control procedures are not intended to increase staffing levels, accepted accounting procedures are to be established and followed which may require changes in existing workloads and/or additional staff position(s). However, a periodic thorough review of internal controls and policies may identify certain procedures that are no longer required. It is recognized that some small to medium size operations may not be able to institute internal control procedures on the same level as larger, more complex agencies. In those cases where fiscal office staffing may prohibit or restrict the appropriate segregation of duties, it is strongly recommended to either have more active management oversight of operations or to utilize personnel from other organizational units to the extent possible to compensate for the lack of other internal controls.