A-133 Compliance Internal Control Guide by Sj8eTJ


									                                                                                                                                                                 Information and
    Compliance                                  Risk Assessment Expected                              Control Activities Expected                         Communication Expected                                 Monitoring Expected
   Requirements            Objective                        Control                Existing Control               Control             Existing Control               Controls             Existing Control              Controls
A - Activities    To provide reasonable         Management assesses risks                             1. Accountability is provided                      1. Reports, such as a                               1. Management performs
Allowed or        assurance that the Program resulting from changes to                                for charges and costs made                         comparison of program                               routine or periodic reviews of
Unallowed         funds are expended for        cost-accounting systems that                          to the program, other Federal                      budget to actual expenses,                          supporting documentation of
                  allowable activities and that may have an impace on the                             and non-Federal activities.                        provided to appropriate                             program allowable cos
                  the cost of goods and         progam. In addition, key                              2. Procedures are in place to                      organization members are                            information. 2. Analytical
                  servcies charged to the       managers who oversee the                              ensure that there is                               reviewed on a timely basis.                         reviews are performed which
                  program are allowable and administration of the progam                              consistent treatment in the                        2. Employees are                                    includes a comparison of the
                  in accordance with the        have a sufficient                                     distribution of charges as                         encouraged to report                                program budget to actual or
                  Federal requirements and, understanding of staff,                                   direct and indirect costs to                       suspected program                                   prior year to current year
                  as applicable, appropriate processes, and controls to                               the program.                                       improprities to managements.                        program expenditures.
                  cost principles               identify where unallowable                            3. Organization procedures                         3. Training programs, both                          3. Management compares
                                                activities or costs could be                          are in place for checking the                      formal and informal, provide                        budgeted and actual
                                                charged to the program and                            accuracy of computations.                          knowledge and skills                                allowable costs of program
                                                not be detected.                                      4. Supporting documentation                        necessary to determine                              and variances are
                                                                                                      is compared to a list of                           activities allowed or                               investigated and resolved.
                                                                                                      allowable and unallowable                          unallowed.                                          4. Policies and procedures
                                                                                                      costs for the program.                             4. Interaction between                              are in place to ensure that
                                                                                                      5. Adequate segregatoin of                         management and staff                                appropriate management
                                                                                                      duties are in place in the                         regarding the handling and                          personnel has access to
                                                                                                      review and authorization of                        resolution of program                               necessary federal
                                                                                                      costs charged to the                               question costs is conducted.                        information.
                                                                                                      program.                                           5. Grant agreements and                             5. Internal Audits, either
                                                                                                      6. Payments are approved                           OMB circulars dealing with                          formal or informal, are
                                                                                                      by a person who is                                 cost principles are made                            performed on the program.
                                                                                                      knowledgeable of the                               available to staff responsible                      6. Management takes
                                                                                                      requirements for determining                       for determining activities                          appropriate follow-up action
                                                                                                      activities allowed or                              allowed or unallowed under                          on identified program
                                                                                                      unallowed for the program.                         the program.                                        weaknesses in internal

B- Allowable      To provide reasonable           1. Management has                                   1. There is a process in                           1. Reports, such as a                               1. Management reviews
Costs/Cost        assurance that the Program      established a process for                           place for timely updating of                       comparison of program                               supporting documentation of
Principles        funds are expended for          assessing risk resulting from                       procedures for changes in                          budget to actual expenses,                          allowable cost information.
                  allowable activities and that   changes to cost accounting                          activities allowed and cost                        provided to appropriate                             2. There is a process for the
                  the cost of goods and           systems.                    2.                      principles.                                        organization members are                            flow of information from the
                  servcies charged to the         Key managers have a                                 2. Supporting documentation                        reviewed on a timely basis.                         Federal agency to
                  program are allowable and       sufficient understanding of                         is compared to a list of                           2. There is an internal and                         appropriate management
                  in accordance with the          staff, processes, and controls                      allowable and unallowable                          external communication                              personnel.
                  Federal requirements and,       to identify where unallowable                       expenditures.            3.                        channel on activities and                           3. Comparions are made
                  as applicable, appropriate      activities or costs could be                        Adequate segregation of                            costs allowed.                                      with budget and expectations
                  cost principles                 charged to a Federal                                duties in the review and                           3. Training programs, both                          of allowable costs.
                                                  program and not be detected.                        authorization of costs.                            formal and informal, are in                         4. Analytical reviews (e.g.,
                                                                                                      4. Accountability is provided                      place to provide knowledge                          comparison of budget to
                                                                                                      for charges and costs                              and skills necessary to                             actual or prior year to current
                                                                                                      between Federal and non-                           determine activities and costs                      year) are performed.
                                                                                                      Federal activities                                 allowed.
                                                                                                                                                         4. Communication is in place
                                                                                                                                                         between management and
                                                                                                                                                         staff regarding the reporting
                                                                                                                                                         of questionable costs.
                                                                                                                                                         5. Grant agreements and
                                                                                                                                                         cost principle circulars are
                                                                                                                                                         made available to staff.
                                                                                                                                                                  Information and
    Compliance                                   Risk Assessment Expected                              Control Activities Expected                         Communication Expected                                   Monitoring Expected
   Requirements               Objective                      Control                Existing Control               Control             Existing Control               Controls               Existing Control              Controls
C- Cash             To provide reasonable        1. There are written                                  1. The accounting system is                        1. Variances between                                  1. There are periodic
Management          assurance that the draw      procedures in place to                                capable of scheduling                              expected and actual cash                              independent evaluations of
                    down of the Program cash anticipate, identify, and react                           payments for accounts                              disbursements of funds from                           the organization's cash
                    is only for immediate needs, to routine events that affect                         payable and requrests for                          the program and draw down                             management, budget and
                    states comply with           progam cash needs.                                    funds from the U.S Treasury                        of program funds to an                                actual results, repayments of
                    applicable Treasury          2. There are written                                  to avoid time lapse between                        appropriate level of program                          excess interest earnings, and
                    agreements,and recipients procedures in place to                                   draw downs of funds and                            management are analyzed.                              federal draw down activities.
                    limit payments to            assess the adequacy of                                actual disbursement of funds.                      2. Channels of                                        2. Subrecipient requests for
                    subrecipients to immediate subrecipient cash needs.                                2. Reconciliations of cash                         communication have been                               program funds are evaluated
                    cash needs                   3. Management is aware of                             draw downs to actual cash                          established (written and                              and monitored.            3.
                                                 the cash management                                   disbursements are performed                        verbal) between the                                   Management takes
                                                 requirements for the                                  monthly.             3. There                      organization and subrecipient                         appropriate follow-up action
                                                 program.                                              are written policies and                           regarding progam cash                                 on identified program
                                                                                                       procedures for requesting                          needs.              3. Key                            problems or weaknesses in
                                                                                                       program cash advances as                           organizational personnel who                          internal controls.
                                                                                                       reasonable close as possible                       handle cash management
                                                                                                       to actual program cash                             activities are provided with
                                                                                                       outlays?              4.                           applicable requirements and
                                                                                                       There are written procedures                       guidelines.
                                                                                                       for monitoring of cash
                                                                                                       management activities.
                                                                                                       5. There are written
                                                                                                       procedures in place for
                                                                                                       repayment of excess interest
                                                                                                       6. Draw down requests are
                                                                                                       reviewed and approved prior
                                                                                                       to being drawn down.

D- Davis-Bacon Act To provide reasonable           1. Procedures are in place to                       1. Contractors are informed                        1. Prevailing wage rates are                          1. Management performs
                   assurance that contractors      identify contractors and                            in the procurement                                 communicated to appropriate                           reviews to ensure that
                   and subcontractors were         subcontractors most at risk of                      documents of the prevailing                        organization employees and                            contractors and
                   properly notified of the        not paying the prevailing                           wage rates.                                        level of management.                                  subcontractors are properly
                   Davis-Bacon Act                 wage rates.                                         2. Contractors and                                 2. Channels of                                        notified of the Davis-Bacon
                   requirements and the            2. Policies and procedures                          subcontractors are required                        communication are in place                            Act requirements.
                   required certified payrolls     are in place at the                                 to submit certifications and                       to report noncompliance.                              2. Periodic reviews are
                   were submitted to the non-      organization to reduce the                          copies of payroll documents.                                                                             performed to ensure that
                   Federal entity.                 risk to an acceptable level.                        3. Contractor and                                                                                        certified payrolls are properly
                                                   3. Management has                                   subcontractor payrolls are                                                                               received.                3.
                                                   identified how Davis-Bacon                          monitored to ensure certified                                                                            Management takes
                                                   compliance will be monitored                        payrolls are submitted.                                                                                  appropriate follow up action
                                                   and the related risks of                                                                                                                                     on identified program
                                                   failure to monitor compliance.                                                                                                                               problems or weaknesses in in
                                                                                                                                                                                                                internal controls.

E- Eligibility      To provide reasonable          1. Risks for program                                1. Written policies provide                        1. Employees are informed                             1. Analytical reviews of
                    assurance that only eligible   eligibility are prepared                            direction for making and                           of eligibility requirements                           program eligibility
                    individuals and                internally or received from                         documenting eligibility                            through training sessions or                          determinations are performed
                    organizations receive          external sources.                                   determinations for the                             other means.                                          periodically.          2.
                    assistance under Federal       2. Policies and procedures                          program.                                           2. Channels of                                        Program quality control
                    award programs, that           are in place to reduce the                          2. Procedures are in place to                      communication exist that                              procedures are performed.
                    subawards are made only to     risk of payments to ineligible                      provide reasonable                                 allow people to report                                3. Management performs
                    eligible subrecipients, and    recipeints.                                         assurance that the methods                         suspected program eligibility                         risk assessments.
                    that the amounts provided      3. Conflict of interest                             used to calculate eligibilty                       improprieties.            3.                          4. Management takes
                    to or on behalf of eligibles   statements/independence                             amounts are consistent with                        Management is receptive to                            appropriate follow-up action
                    were calculated in             statements are maintained                           program requirements.                              suggestions to strengthen the                         for identified program
                    accordance with program        for personnel who determine                         3. Authorized signatures on                        eligibility determination                             problems or weaknesses in
                    requirements.                  eligibility for the program.                        eligibility documents are                          process.             4.                               internal controls.
                                                                                                       periodically reviewed.                             Documentation is maintained
                                                                                                       4. Access to eligibility                           of eligibility determinations in
                                                                                                       records are restricted.                            accordance with program
                                                                                                       5. Procedures are in place to                      requirements.
                                                                                                       provide reasonable
                                                                                                       assurance that data is
                                                                                                       accurately, properly and
                                                                                                       completely used in making
                                                                                                       eligibility determinations.
                                                                                                                                                                    Information and
    Compliance                                   Risk Assessment Expected                                Control Activities Expected                          Communication Expected                                  Monitoring Expected
   Requirements                 Objective                    Control                  Existing Control                Control             Existing Control              Controls               Existing Control              Controls
F- Equipment and      To provide reasonable      1. Management has                                       1. Detailed records are                             1. Channels of                                       1. Management reviews the
Real Property         assurance that proper      identified the risk of                                  maintained on all acquisitions                      communication are in place                           results of periodic inventories
Management            records are maintained for appropriation or improper                               & dispositions of property                          allowing people/employees to                         and follows up on inventory
                      equipment acquired with    disposition of property                                 acquired with Federal                               report suspected improprities                        discrepancies. 2.
                      Federal awards, equipment acquired with Federal                                    awards.                                             in the use or disposition of                         Management risk
                      is safeguarded and         awards.                                                 2. Property tags are placed                         equipment.            2.                             assessments are updated
                      maintained, disposition or 2. Procedures are in place to                           on equipment upon reciept.                          Program managers are                                 periodically.
                      encumbrance of any         identify potential areas of                             3. A physical inventory of                          provided with applicable                             3. Management reviews
                      equipment or real property noncompliance.                                          equipment is periodically                           requirements and guidelines.                         disposition of property to
                      is in accordance with                                                              taken and compared to                                                                                    ensure appropriate valuation
                      Federal requirements, and                                                          property records.                                                                                        and reimbursement to
                      the Federal awarding                                                               4. Policies and procedures                                                                               Federal awarding agencies.
                      agency is appropriately                                                            are in place covering record                                                                             4. Management takes
                      compensated for its share                                                          keeping responsibilities &                                                                               appropriate follow up action
                      of any property sold or                                                            dispostions.                                                                                             on identified problems or
                      converted to non-Federal                                                           5. Property records contain                                                                              weaknesses in internal
                      use.                                                                               description, (including serial                                                                           controls.
                                                                                                         number), source, who holds
                                                                                                         title, acquisition date and
                                                                                                         cost, percentage of Federal
                                                                                                         participation in the cost,
                                                                                                         location, condition &
                                                                                                         disposition data.
                                                                                                         6. Procedures have been
                                                                                                         established to provide
                                                                                                         reimbursement to the Federal
                                                                                                         agency for disposition of

G- Matching, Level To provide reasonable               1. Management has                                 1. Evidence pertaining to                           1. The accounting system is                          1. Supervisory review is
of Effort, Earmarking assurance that matching          identified areas where                            matching contributions                              able to separately account for                       conducted on matching level
                      level of effort, or earmarking   estimated values may be                           obtained from outside                               data used to support                                 of effort, or earmarking
                      requirements are met using       used for matching, level of                       organizations is obtained.                          matching, level of effort, or                        activities at the time reports
                      only allowable funds or          effort or earmarking                              2. The organization has                             earmarking amounts or limits                         on Federal awards are
                      costs that are properly          purposes.                                         procedures in place to                              or calculations.                                     prepared to ensure that
                      calculated and valued.           2. Management has a                               identify whether such                               2. The accounting system is                          transactions and
                                                       sufficient understanding of                       matching contributions are                          able to ensure that expenses,                        determinations are accurate
                                                       the accounting system so                          from non-Federal sources, do                        refunds, and revenues are                            and allowable and amounts
                                                       potential recording problems                      not involve Federal funds, or                       properly classified and                              claimed or used for matching
                                                       may be identified.                                were not used for another                           recorded only once as to                             purposes were determined in
                                                                                                         federal progam.                                     their efforts on matching,                           line with applicable laws
                                                                                                                                                             level of effort, or earmarking.                      regulations and OMB
                                                                                                                                                                   Information and
    Compliance                                    Risk Assessment Expected                              Control Activities Expected                           Communication Expected                                 Monitoring Expected
   Requirements                Objective                      Control                Existing Control               Control               Existing Control               Controls             Existing Control              Controls
H- Period of         To provide reasonable        1. The budgetary process                              1. The accounting system                             1. There is timely                                  1. Management periodically
Availability of      assurance that federal       considers the period of                               provides reasonable                                  communication of period of                          reviews expenditures just
Federal Funds        funds are used only during   availability of federal funds                         assurance that federal funds                         availability requirements and                       before and after cut-off dates
                     the authorized period of     as to both obligation and                             will not be expended or                              expenditure deadlines. 2.                           to ensure compliance with
                     availability.                disbursement of funds.                                obligated outside (after the                         There is periodic reporting of                      the period of availability
                                                  2. Management has                                     close of) the grant period.                          unarned federal grant                               requirements.       2.
                                                  assessed the risk that federal                        2. Program managers are                              balances to appropiate levels                       Management reviews reports
                                                  funds will be expended                                advised of impending cut-off                         of management.                                      showing the amount of
                                                  (obligated) outside the grant                         dates for period of                                                                                      budgeted and actual
                                                  period and policies and                               availability.                                                                                            expenditures of Federal
                                                  procedures are in place.                              3. A review of expenditures                                                                              funds for the period.
                                                                                                        is conducted by supervisors                                                                              3. Management takes
                                                                                                        knowledgeable of the period                                                                              appropriate follow-up action
                                                                                                        of availability for the funds.                                                                           on identified problems or
                                                                                                        4. Procedures are in place at                                                                            weaknesses in internal
                                                                                                        the end of the period of                                                                                 controls.
                                                                                                        availability to ensure that the
                                                                                                        cancellation of unliquidated

I- Procurement and   To provide reasonable        1. Management has                                     1. There are appropriate                             1. There is a system in place                       1. Management periodically
Suspension and       assurance that procurement   identified risks arising from                         segregation of duties                                to assure that procurement                          conducts independent
Debarment            of goods and services are    conflict of interest (kickbacks,                      between employees who are                            documentation is retained for                       reviews of procurement and
                     made in compliance with      related party transactions,                           responsible for contracting,                         the period required by A-102                        contracting activities to
                     the Provisons of A-102       bribery, etc).            2.                          accounts payable, anc cash                           Common Rule, award                                  determine if policies and
                     "Common Rule" and that       Written policies and                                  disbursing.                                          agreements inlcude the basis                        procedures are being
                     covered transactions (as     procedures are in place to                            2. Written policies and                              for selecting the contractor,                       followed.
                     defined in suspension and    regarding conflict of interest.                       procedures are in place for                          justification for lack of                           2. Management risks are
                     debarment common rule)       3. Management has                                     the procurement of goods                             competition when competitive                        periodcially updated.
                     are not made with a          identified risks arising from                         and services.                                        bids or offers were not                             3. Management takes
                     debarred or suspended        vendor adequacy (quality of                           3. Contract files document                           obtained, and the basis for                         appropriate follow-up action
                     party.                       goods and services).                                  significant procurement                              award cost or price.                                for identified problems or
                                                  4. Conflict of interest                               history, suspension and                              2. Channels of                                      weaknesses in internal
                                                  (independence statements)                             debarment certifications are                         communication are provided                          controls.
                                                  statements are maintained                             obtained from each                                   for people/employees to
                                                  for personnel responsible for                         prospective vendor.                                  report suspected
                                                  the procurement of goods                              4. The organization has a                            procurement and contracting
                                                  and services.                5.                       suspension and debarment                             improprities.
                                                  Management has identified                             policy in place that prohibits
                                                  where noncompliance could                             the awarding of a contract,
                                                  likely occur for procurement,                         subaward, or any other
                                                  suspension and debarment.                             agreement with a suspended
                                                                                                        or debarred party.
                                                                                                        5. The organization reviews
                                                                                                        the contractor's performance
                                                                                                        with the terms and conditions
                                                                                                        specified in the contract.
                                                                                                                                                                  Information and
    Compliance                                   Risk Assessment Expected                             Control Activities Expected                           Communication Expected                                 Monitoring Expected
   Requirements               Objective                      Control               Existing Control               Control               Existing Control              Controls             Existing Control               Controls
J- Program Income    To provide reasonable       1. Management has                                    1. Pricing and collection                            1. Information systems                             1. Management compares
                     assurance that program      identified the risk of                               policy procedures are                                identify program income                            program income to budget
                     income is correctly earned, unrecorded or miscoded                               communicated to personnel                            collections and usage.                             and investigates significant
                     recorded, and used in       program income.                                      responsible for program                              2. Channels of                                     differences.
                     accordance with the         2. Policies and procedures                           income.                                              communication are in place                         2. Management risk
                     Program requirements.       are in place with regarrd to                         2. Procedures are in place to                        allowing employees to report                       assessments are periodically
                                                 progam income.                                       provide reasonable                                   suspected improprities in the                      updated.             3.
                                                 3. Management has                                    assurance that progam                                collection or use of program                       Management takes
                                                 established a policy to                              income is properly recorded                          income to an appropriate                           appropriate follow-up action
                                                 analyze variances between                            as earned and deposited in                           level of management.                               for identified problems or
                                                 expected and actual income                           the bank as collected.                                                                                  weaknesses in internal
                                                 on a regular basis.                                  3. Policies and procedures                                                                              controls.
                                                                                                      are in place to assure that
                                                                                                      program income will be used
                                                                                                      in accordance with federal
                                                                                                      program requirements.
                                                                                                      4. Policies and procedures
                                                                                                      are in place to insure that the
                                                                                                      Federal share of net income
                                                                                                      from the sale, use, or lease
                                                                                                      of property previously
                                                                                                      acquired with Federal funds
                                                                                                      is used for projects eligible
                                                                                                      under 23 USC.

K - Real Property    To provide reasonable          1. Management has                                 1. Training has been                                 1. The organization has a                          1. The organization monitors
Acquisition/Relocati assurance of compliance        identified the risk that                          provided to employees who                            system in place to ensure                          relocation assistance and
on Assistance        with the property              relocation will not be                            handle relocation assistance                         adequate documentation for                         real property acquisition for
                     acquisition, appraisal,        conducted in accordance                           and real property acquisition.                       relocation assistance and                          compliance with federal laws
                     negotiation, and residential   with the compliance                               2. Reviews and approvals on                          real property acquistion                           and regulations.
                     relocation requirements.       requirements (e.,g. improper                      all real property acquisition                        payments.                                          2. The organization's risk
                                                    payements will be made to                         and relocation assistance                                                                               assessment is updated
                                                    individuals or business that                      payments are conducted.                                                                                 periodically.
                                                    relocate).               2.                                                                                                                               3. Management takes
                                                    Policies and procedures are                                                                                                                               appropriate follow-up action
                                                    in place regarding real                                                                                                                                   on identified problems or
                                                    property acquisition and                                                                                                                                  weaknesses in internal
                                                    relocation assistance                                                                                                                                     controls.
                                                                                                                                                                  Information and
    Compliance                                   Risk Assessment Expected                            Control Activities Expected                            Communication Expected                                   Monitoring Expected
   Requirements              Objective                        Control             Existing Control               Control                Existing Control              Controls               Existing Control               Controls
L- Reporting      To provide reasonable          1. Management has                                   1. Written policies are in                            1. Policies and procedures                           1. A comparison of financial
                  assurance that reports of      identified risks of faulty                          place that define employee                            are in place to provide                              reports to supporting
                  Federal awards, submitted reporting caused by such                                 responsibilities and provide                          reasonable assurance that                            documentation is made
                  to the federal awarding        items as lack of current                            procedures for periodic                               the organization identifies,                         periodically by management.
                  agency or pass-through         knowledge, inconsistent                             monitoring, verification, and                         captures, and exchanges                              2. Management takes the
                  entity include all activity of application, or disregard for                       reconciliation of financial                           information to meet the                              appropriate follow-up action
                  the reporting period, are      the standards of financial                          reporting.                                            needs of the personnel                               for identified problems or
                  supported by underlying        reporting requirements of                           2. There is a system in place                         responsible for preparing                            weaknesses in internal
                  accounting or performance Federal awards.                                          that reminds staff when                               Federal financial reports.                           controls.
                  records, and are presented 2. Procedures are in place to                           reports are due to the                                2. The organization has an
                  fairly in accordance with      identify underlying financial                       Federal awarding and/or                               accounting system in place
                  program requirements.          source data that may not be                         pass through agency.                                  which provides for reliable
                                                 reliable.                                           3. There is a general ledger                          processing of financial
                                                                                                     or other reliable accounting                          information for reporting of
                                                                                                     records that is the basis for                         Federal awards.
                                                                                                     the required Federal financial
                                                                                                     reports.                      4.
                                                                                                     The required accounting
                                                                                                     method (cash or accrual) is
                                                                                                     used to prepare the Federal
                                                                                                     financial reports.
                                                                                                     5. The Federal financial
                                                                                                     reports are reconciled back
                                                                                                     to supporting documentation.
                                                                                                     6. Federal financial reports
                                                                                                     are reviewed and approved
                                                                                                     before they are submitted.

M- Subrecipient   To provide reasonable           1. Managers have the                               1. Federal award information                          1. Standard award                                    1. A tracking system is in
Monitoring        assurance that federal          necessary skill and                                (e.g., CFDA title and number,                         documents used by                                    place that assures timely
                  award information and           experience necessary to                            award name, name of federal                           subrecipients include a listing                      submission of required
                  communication                   understand the subrecipient                        agency, and amount of                                 of federal requirements that                         reporting, such as: financial
                  requirements are identified     environment, systems, and                          award) and applicable                                 the subrecipient is required                         reports, performance reports,
                  to subrecipients,               controls sufficient so as to                       compliance requirements are                           to follow, the description and                       audit reports, on-site
                  subrecipient activities are     identify the level and                             provided to all recipients.                           program number for each                              monitoring reviews of
                  monitored, subrecipient         methods of monitoring                              2. The requirement to                                 program as stated in the                             subrecipients, and timely
                  audit findings are resolved,    required.                                          comply with all compliance                            CFDA, and a statement                                resolution of audit findings.
                  and the impact of any           2. Procedures exist to                             requirements applicable to all                        signed by an official of the                         2. Management risk
                  subrecipient noncompliance      identify and react to changes                      applicable federal programs,                          subrecipient, stating that the                       assessments are updated
                  on the pass-through entity      in subrecipients such as                           including the audit                                   subrecipient was informed of,                        periodically.
                  is evaluated. Also, the pass-   financial problems that could                      requirements of OMB                                   understands, and agrees to                           3. Management takes
                  through entity should           lead to diversion of funds,                        Circulare A-133, is included                          comply with the applicable                           appropriate follow-up action
                  perform procedures to           loss of essential personnel,                       in all subrecipient                                   compliance requirements.                             for identified problems or
                  provide reasonable              loss of license or                                 agreements.                                           2. A system of record                                weaknesses in internal
                  assurance that the              accreditations to operate the                      3. Performing site visits to                          keeping is in place to assure                        controls.                     4.
                  subrecipient obtained           program, organizational                            subrecipients to review                               that documentation is                                Supervisory reviews are
                  required audits and takes       restructuring, etc.                                financial records and                                 retained for the time period                         performed to determine the
                  appropriate corrective                                                             observing operations is                               required by the recipient.                           adequacy of subrecipient
                  action on audit findings.                                                          conducted.                   4.                       3. Procedures are in place to                        monitoring.
                                                                                                     Logging and follow up with all                        provide channels for
                                                                                                     subrecipients required to                             subrecipients to
                                                                                                     submit A-133 audit reports is                         communicate concerns to the
                                                                                                     conducted.           5. A                             pass-through entities.
                                                                                                     tracking system is in place to
                                                                                                     follow up on reported audit
                       Control Environment
Existing Control        Expected Controls            Existing Control
                   1. Management sets
                   reasonable budgets for the
                   program, other Federal and
                   non-Federal programs so
                   that no incentive exists to
                   miscode expenditures.
                   2. There is organization wide
                   cognizance for the need of
                   separate identification of
                   allowable program costs.
                   3. Program questioned costs
                   are resolved in a timely
                   basis.                       4.
                   There is a list of allowable
                   and unallowable
                   expenditures provided to
                   personnel responsible for
                   approving expenditures.

                   1. Management sets
                   reasonable budgets for the
                   program, other Federal and
                   non-Federal programs so
                   that no incentive exists to
                   miscode expenditures.
                   2. Management enforces
                   appropriate penalties for
                   misappropriation or misuse of
                   3. Organization wide
                   cognizance of need for
                   separate identification of
                   allowable Federal costs.
                   4. Management provides
                   personnel approving and pre-
                   auditing expenditures with a
                   list of allowable and
                   unallowable expenditures.
                        Control Environment
Existing Control         Expected Controls          Existing Control
                   1. Staff is knowledgeable
                   and has been trained about
                   program cash management
                   compliance requirements.
                   2. The organization's cash
                   draw down requests from the
                   U.S Treasury are approved
                   by a supervisor or manager.
                   3. Subrecipient cash
                   payment requests are
                   approved by a responsible
                   4. Budgets for cash draw
                   downs are prepared.
                   5. Management takes
                   corrective action plans for
                   known departures from
                   approved policies and

                   1. The organization
                   understands and
                   communicates to its staff,
                   contractors and
                   subcontractors the
                   requirement to pay wages in
                   accordance with the Davis-
                   Bacon Act.              2.
                   The organization takes
                   appropriate corrective action
                   for known departures from
                   approved policies and

                   1. The size and competence
                   level of the staff is adequate
                   for making required program
                   eligibility determinations.
                   2. Realistic
                   targets are established for
                   program eligibility
                   3. Lines of authority and
                   responsibility are clear for
                   determining program
                   4. Management takes
                   appropriate corrective action
                   for known departures from
                   approved policies and
                   procedures and program
                   compliance requirements.
                       Control Environment
Existing Control        Expected Controls            Existing Control
                   1. Management is committed
                   to providing proper
                   stewardship for property
                   acquired with Federal funds.
                   2. Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures.
                   3. Procedures are in place to
                   prevent assets from being
                   under-valued at the time of
                   disposition.              4.
                   Separation of duties is in
                   place to discourage
                   tempation of misuse of
                   Federal assets.

                   1. Commitment from
                   management to meet
                   matching, level of effort, and
                   earmarking requirements
                   (e.,g adequate budget
                   resources to meet a specified
                   matching rqmnt or maintain a
                   required level of effort)
                   2. Budget process
                   address/provides adequate
                   resources to meet matching,
                   level of effort, or earmarking
                   3. Official written policy
                   exists outling responsibilities
                   for determing required
                   amounts or limits of
                   matching, level of effort, or
                   earmarking, methods ov
                   valuing matching
                   requirements, allowable
                   costs that may be claimed,
                   methods of accounting for
                   and documenting amts used
                   to calculate amts claimed.
                       Control Environment
Existing Control        Expected Controls           Existing Control
                   1. Management is committed
                   to complying with the period
                   of availability requirement.
                   2. Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures.

                   1. Codes of conduct and
                   other policies regarding
                   acceptable practices,
                   conflicts of interest, or
                   expected standards of ethcial
                   and moral behavior for
                   making procurement exist
                   and have been implemented.
                   2. The procurement policy
                   and/or manual (which
                   includes federal
                   requirements) are made
                   available to management and
                   employees.                  3.
                   Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures and
                   compliance requirements.
                   4. There is a clear
                   assignment of authority for
                   issuing purchase orders and
                   contracting for goods and
                   services.                   5.
                   Management prohibits
                   intervention or overriding
                   established procurement
                        Control Environment
Existing Control         Expected Controls         Existing Control
                   1. Management understands
                   it responsibility for program
                   2. Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures.

                   1. The organization has
                   written policies and
                   procedures provding
                   direction for handling
                   relocation assistance and
                   real property acquisition
                   2. Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures.
                        Control Environment
Existing Control         Expected Controls          Existing Control
                   1. Management promotes
                   accurate and fair financial
                   reporting presentations.
                   2. Personnel preparing,
                   reviewing, and approving
                   reports possess the required
                   skill and experience.
                   3. There is appropriate
                   assignment of responsibility
                   and delagation of authority
                   for financial reporting
                   4. Management takes
                   appropriate action for known
                   departures from approved
                   policies and procedures and
                   compliance requirements.

                   1. Management has a strong
                   commitment to monitoring
                   subrecipients.              2.
                   A structure is in place to
                   provide the necessary
                   information flow to monitor
                   subrecipients adequately.
                   3. Sufficient resources are
                   dedicated to subrecipient
                   4. Subrecipeints
                   demonstrate that they are
                   willing and able to comply
                   with the requirements of the
                   award and they have the
                   accounting systems including
                   the use of applicable cost
                   principles, and internal
                   control systems adequate to
                   administer the award.
                   5. Sanctions are taken for
                   subrecipient noncompliance.
                   6. Management takes
                   appropriate action for known
                   departures from approvied
                   policies and procedures.
                                                 RISK ASSESSMENT DOCUMENTATION
NO:                                        POINTS OF FOCUS

1.1.   Describe the entity-wide objectives and key strategies that have been
       established. (For: Operations, Financial Reporting, and Compliance)

1.2.   Extent to which the entity-wide objectives provide sufficiently broad statements
       and guidance on what the entity desires to achieve, yet which are specific
       enough to relate directly to this entity.
       1.2.1. Management has established entity-wide objectives .

1.3.   Effectiveness with which the entity-wide objectives are communicated to
       employees and the director.
       1.3.1. Management obtains feedback from key managers, other employees
               and the director signifying that communication to employees is effective.

1.4.   Relation and consistency of strategies with entity-wide objectives.
       1.4.1. The strategic plan supports the entity-wide objectives.
       1.4.2. It addresses high level resource allocations and priorities.

1.5.   Consistency of business plans and budgets with entity-wide objectives,
       strategic plans and current conditions.
       1.5.1. Assumptions inherent in the plans and budgets reflect the entity's
               historical experience and current conditions.

2.1.   Linkage of activity-level objectives with entity-wide objectives and strategic plans.
       2.1.1. Activity-level objectives are reviewed from time to time for continued

2.2.   Consistency of activity-level objectives with each other.

2.3.   Relevance of activity-level objectives to all significant business processes.
       2.3.1. Objectives are established for key activities in the flows of goods and
              services and support activities.
       2.3.2. Activity-level objectives are consistent with past practices and perform-
              ances or with industry or functional analogues, or the reasons for
              variance have been considered.
       2.3.3. Objectives are established for each significant activity. These include:
     Analyze and Reconcile
     Process Payroll

2.4.   Specificity of activity-level objectives.

2.5.   Adequacy of resources relative to objectives.
       2.5.1. Plans exist for acquiring necessary resources.

2.6.   Identification of objectives that are important to achievement of entity-wide
       2.6.1. Management has identified what must go right, or where failure must be
               avoided, for entity-wide objectives to be achieved.
       2.6.2. The objectives serving as critical success factors provide a basis for
               particular management focus.

2.7.   Involvement of all levels of management in objective setting and extent to
       which they are committed to the objectives.
       2.7.1. Managers participate in establishing activity objectives for which they
              are responsible.
       2.7.2. Procedures exist to resolve disagreements.
       2.7.3. Managers support the objectives, and do not have "hidden agendas."

 3.    RISKS
3.1.   An entity's risk assessment (RA) process should identify and consider the
       implications of relevant risks, at both the entity level and the activity level.
       The RA process should consider external and internal factors that could
       impact achievement of the objectives, should analyze the risks, and
       provide a basis for managing them.

3.2.   Adequacy of mechanisms to identify risks arising from external sources.
       3.2.1. Supply sources
       3.2.2. Technology changes
       3.2.3. Economic conditions
       3.2.4. Political conditions
       3.2.5. Regulation
       3.2.6. Natural events

3.3.   Adequacy of mechanisms to identify risks arising from internal sources.
       3.3.1. Human resources; retention of key people.
       3.3.2. Information systems; adequacy of back-up systems.

3.4.   Identification of significant risks for each significant activity-level objective.

3.5.   Thoroughness and relevance of the risk analysis process, including estimating
       the significance of risks, assessing the likelihood of their occurring and
       determining needed actions.
       3.5.1. The identified risks are relevant to the corresponding activity objective.

4.1.   Existence of mechanisms to anticipate, identify and react to routine events
       or activities that affect achievement of entity or activity-level objectives.
       4.1.1. Routine changes are addressed as part of the normal risk identification
              analysis process, or through separate mechanisms.

4.2.   Existence of mechanisms to identify and react to changes that can have a
       more dramatic and pervasive effect on the entity, and may demand the
       attention of top management.
       4.2.1. Changed operating environment
       4.2.2. New personnel
       4.2.3. New or redesigned information systems
       4.2.4. Rapid growth
       4.2.5. New technology
       4.2.6. New activities and acquisitions
       4.2.7. Agency restructuring
Risk is identified as:
                                             CONTROL ACTIVITIES DOCUMENTATION
NO:                                         POINTS OF FOCUS                                CONCLUSIONS / ACTIONS NEEDED

 1.    Control activities encompass a wide range of policies and the related
       implementation procedures that help ensure that management's directives
       are effected. They help ensure that those actions identified as necessary to
       address risks to achieve the entity's objectives are carried out.

1.1.   Existence of appropriate policies and procedures necessary with respect to
       each of the entity's activities.
       1.1.1. All relevant objectives and associated risks for each significant activity
              should have been identified in conjunction with evaluating Risk

1.2.   Identified control activities in place are being applied properly.
       1.2.1. Supervisory personnel review the functioning of controls.
       1.2.2. Controls described in policy manuals are actually applied and are applied
               the way that they're supposed to be.
       1.2.3. Appropriate and timely action is taken on exceptions or information
               that requires follow-up.

            Audit Assignment No.                                       4/26/2012                           INDEX NO. __________
                                                        25e77c81-4e3c-490e-a3c3-2c9d5c4f5774.xls                             19
                                    INFORMATION & COMMUNICATION DOCUMENTATION
NO:                                          POINTS OF FOCUS

       Information is identified, captured, processed and reported by information
       systems. Relevant information includes industry, economic and regulatory
       information obtained from external sources, as well as internally generated

1.1.   Obtaining external and internal information, and providing management
       with necessary reports on the entity's performance relative to established
       1.1.1. Mechanisms are in place to obtain relevant external information.
       1.1.2. Internally generated information critical to achievement of the entity's
               objectives, including that relative to critical success factors, is identified
               and regularly reported.
       1.1.3. The information that managers need to carry out their responsibilities is
               reported to them.

1.2.   Providing information to the right people in sufficient detail and on time to enable
       them to carry out their responsibilities efficiently and effectively.
       1.2.1. Managers receive analytical information that enables them to identify
              what action needs to be taken.
       1.2.2. Information is provided at the right level of detail for different levels of
       1.2.3. Information is summarized appropriately, providing pertinent information
              while permitting closer inspection of details as needed rather than just
              a "sea of data."
       1.2.4. Information is available on a timely basis to allow effective monitoring
              of events and activities.

1.3.   Development or revision of information systems based on a strategic plan
       for information systems-linked to the agency's overall strategy- and responsive
       to achieving the entity-wide and activity-level objectives.
       1.3.1. A mechanism is in place for identifying emerging information needs.
       1.3.2. A long-range information technology plan has been developed and
               linked with strategic initiatives.

1.4.   Management's support for the development of necessary information systems
       is demonstrated by the commitment of appropriate resources-human and financial.
       1.4.1. Sufficient resources are provided.

2.1.   Communication is inherent in information processing. Communication also
       takes place in a broader sense, dealing with expectations and responsibilities
       of individuals and groups. Effective communication must occur down, across
       and up an organization and with parties external to the organization.

2.2.   Effectiveness with which employees' duties and control responsibilities are
       2.2.1. Employees understand how their duties affect, and are affected by,
               duties of other employees.
2.3.   Establishment of channels of communication for people to report
       suspected improprieties.
       2.3.1. Anonymity is permitted
       2.3.2. Employees actually use the communication channel.
       2.3.3. Persons who report suspected improprieties are provided feedback,
              and have immunity from reprisals.

2.4.   Receptivity of management to employee suggestions of ways to enhance
       productivity, quality or other similar improvements.
       2.4.1. Management acknowledges good employee suggestions by
              providing cash awards or other meaningful recognition.
       2.4.2. Realistic mechanisms are in place for employees to provide recom-
              mendations for improvement.

2.5.   Adequacy of communication across the organization and the completeness
       and timeliness of information and its sufficiency to enable people to discharge
       their responsibilities effectively.

2.6.   Openness and effectiveness of channels with customers, suppliers and other
       external parties for communication information on changing customer needs.
       2.6.1. Feedback mechanisms with all pertinent parties exist.
       2.6.2. Suggestions, complaints and other input are captured and communicated
              to relevant internal parties.
       2.6.3. Information is reported upstream as necessary and follow-up action taken.

2.7.   Extent to which outside parties have been made aware of the entity's
       ethical standards.
       2.7.1. Senior executive periodically explains in writing the entity's ethical
               standards to outside parties.
       2.7.2. Suppliers, customers and others know the entity's standards and
               expectations regarding actions in dealing with the entity.
       2.7.3. Such standards are reinforced in routine dealings with outside parties.

2.8.   Timely and appropriate follow-up action by management resulting from
       communications received from customers, vendors, regulators or other
       external parties.
       2.8.1. Personnel are receptive to reported problems regarding products,
              services or other matters, and such reports are investigated and acted upon.
       2.8.2. Errors in customer billings are corrected, and the source of the error is
              investigated and corrected.
       2.8.3. Appropriate personnel-independent of those involved with the original
              transaction-process complaints.
       2.8.4. Top management is aware of the nature and volume of complaints.
                                                        MONITORING DOCUMENTATION
NO:                                         POINTS OF FOCUS

       Ongoing monitoring occurs in the ordinary course of operations, and includes
       regular management and supervisory activities, and other actions personnel
       take in performing their duties that assess the quality of internal control
       system performance.

1.1.   Extent to which personnel, in carrying out their regular activities, obtain
       evidence as to whether the system of internal control continues to function.
       1.1.1. Operating management compares production, inventory, sales or other
              information obtained in the course of their daily activities to systems-
              generated information.
       1.1.2. Integration or reconciliation of operating information used to manage
              operations with data generated by the financial reporting system.
       1.1.3. Operating personnel are required to "sign off" on the accuracy of their
              unit's financial statements, and are held responsible if errors are discovered.

1.2.   Extent to which communications from external parties corroborate internally
       generated information, or indicate problems.
       1.2.1. Customers implicitly corroborate billing data by paying their invoices,
              or customer complaints about billings-indicating system deficiencies in
              the processing of sales transaction-are investigated for their underlying
       1.2.2. Communications from vendors and monthly statements of accounts payable
              are used as a control monitoring technique.
       1.2.3. Suppliers' complaints of unfair practices by purchasing agents are
              fully investigated.
       1.2.4. Regulators communicate information to the entity regarding compliance
              or other matters that reflect on the functioning of the internal control
       1.2.5. Controls that should have prevented or detected the problems are

1.3.   Periodic comparison of amounts recorded by the accounting system with
       physical assets.
       1.3.1. Inventory levels are checked when goods are taken from inventory
              storage for shipment, and differences between recorded and actual
              amounts are corrected.
       1.3.2. Securities held in trust are counted periodically and compared with
              existing records.

1.4.   Responsiveness to internal and external auditor recommendations
       on means to strengthen internal controls.
       1.4.1. Executives with proper authority decide which of the auditors'
              recommendation will be implemented.
       1.4.2. Desired actions are followed up to verify implementation.

1.5.   Extent to which training seminars, planning sessions and other meetings
       provide feedback to management on whether controls operate effectively.
       1.5.1. Relevant issues and questions raised at training seminars are captured.
       1.5.2. Employee suggestions are communicated upstream and acted on as

1.6.   Whether personnel are asked periodically to state whether they understand
       and comply with the entity's code of conduct and regularly perform
       critical control activities.
       1.6.1. Personnel are required periodically to acknowledge compliance with
                the code of conduct.
       1.6.2. Signatures are required to evidence performance of critical control
                functions, such as reconciling specified amounts.

1.7.   Effectiveness of internal audit activities.
       1.7.1. There are appropriate levels of competent and experienced staff.
       1.7.2. Their position within the organization is appropriate.
       1.7.3. They have access to the Director.
       1.7.4. Their scope, responsibilities and audit plans are appropriate
               to the organization's needs.

       It is useful to take a fresh look at the internal control system from time
       to time, focusing directly on system effectiveness. The scope and frequency
       of separate evaluations will depend primarily on an assessment of risks,
       and ongoing monitoring procedures.

2.1.   Scope and frequency of separate evaluations of the internal control systems.
       2.1.1. Appropriate portions of the internal control system are evaluated.
       2.1.2. The evaluations are conducted by personnel with the requisite skills.
       2.1.3. The scope, depth of coverage and frequency are adequate.

2.2.   Appropriateness of the evaluation process.
       2.2.1. The evaluator gains a sufficient understanding of the entity's activities.
       2.2.2. An understanding is obtained of how the system is supposed to work
              and how it actually does work.
       2.2.3. An analysis is made, using the evaluation results as measured
              against established criteria.

2.3.   Whether the methodology for evaluating a system is logical and appropriate.
       2.3.1. Such methodology includes checklists, questionnaires or other tools.
       2.3.2. The evaluation team is brought together to plan the evaluation process
              and ensure a coordinated effort.
       2.3.3. The evaluation process is managed by an executive with
              requisite authority.

       Internal control deficiencies should be reported upstream with certain
       matters reported to top management and the board.
3.1.   Existence of mechanism for capturing and reporting identified internal control
       3.1.1. From both internal sources and external sources.
       3.1.2. Resulting from ongoing monitoring or separate evaluations.

3.2.   Appropriateness of reporting protocols.
       3.2.1. Deficiencies are reported to the person directly responsible for the
              activity and to a person at least one level higher.
       3.2.2. Specified types of deficiencies are reported to more senior management
              and to the board.

3.3.   Appropriateness of follow-up actions.
       3.3.1. The transaction or event identified is corrected.
       3.3.2. The underlying causes of the problem are investigated.
       3.3.3. There is follow-up to ensure the necessary corrective action is taken.
                                             CONTROL ENVIRONMENT DOCUMENTATION
NO:                                        POINTS OF FOCUS
1.1. Existence and implementation of codes of conduct and other policies regard-
     ing acceptable business practice, conflicts of interest, or expected standards
     of ethical and moral behavior.
      1.1.1. Codes are periodically acknowledged by all employees.
     1.1.2. Employees understand what behavior is aceptable or unacceptable, and
              know what to do if they encounter improper behavior.

1.2.   Establishment of the "tone at the top" -including explicit moral guidance about
       what is right and wrong.
       1.2.1. Management appropriately deals with signs that problems exist, e.g.,
                hazardous wastes, defective work, etc.
       1.2.2. Commitment to integrity and ethics is communicated effectively throughout
                the agency, both in words and deeds.

1.3.   Appropriateness of remedial action taken in response to departures from
       approved policies and procedures or violations of the code of conduct.
       1.3.1. Management responds to violations of behavioral standards.
       1.3.2. Employees believe that if caught violating behavioral standards,
               they'll suffer the consequences.

1.4.   Managements attitude towards intervention or overriding established controls.
       1.4.1. Manager override is explicitly prohibited.
       1.4.2. Deviations from established policies are investigated and documented.

2.1.   Formal or informal job descriptions or other means of defining tasks that
       comprise particular jobs.

2.2.   Analysis of the knowledge and skills needed to perform jobs adequately.
       2.2.1. Evidence exists indicating that employees appear to have the
               requisite knowledge and skills.

3.1.   Nature of business risks accepted, e.g., whether management often enters
       into particularly high-risk ventures, or is extremely conservative in
       accepting risks.

3.2.   Personnel turnover in key functions.
       3.2.1. There has been excessive turnover of mgmt or supervisory personnel.
       3.2.2. There is a pattern to turnover.

3.3.   Frequency of interaction between senior management and operating mgmt,
       particularly when operating from geographically removed locations.

3.4.   Attitudes and actions toward financial reporting, including disputes over
       application of accounting treatments.
       3.4.1. Estimates do not stretch facts to the edge of reasonableness and beyond.

4.1.   Appropriateness of the entity's organizational structure, and its ability to pro-
       vide the necessary information flow to manage its activities.
       4.1.1. The organizational structure is appropriately centralized or decentralized
                given the nature of the entity's operations.

4.2.   Adequacy of definition of key managers' responsibilities, and their under-
       standing of these responsibilities.
       4.2.1. Responsibilities and expectations are communicated clearly.

4.3.   Adequacy of knowledge and experience of key managers in light of responsibilities.
       4.3.1. Executives in charge have the required knowledge, experience and
              training to perform their duties.

4.4.   Appropriateness of reporting relationships.

4.5.   Sufficient numbers of employees exist, particularly in management and
       supervisory capacities.
       4.5.1. Managers and supervisors have sufficient time to carry out their
                responsibilities effectively.
       4.5.2. Managers and supervisors work excessive overtime and are fulfilling
                the responsibilities of more than one employee.

5.1.   Assignment of responsibility and delegation of authority to deal with organi-
       zational goals and objectives, operating functions and regulatory requirements,
       including responsibility for information systems and authorizations for changes.
       5.1.1. Responsibility for decisions is related to assignment of authority and

5.2.   Appropriateness of control-related standards and procedures, including
       employee job descriptions.
       5.2.1. Job descriptions exist.
       5.2.2. They contain specific references to control related responsibilities.

5.3.   Appropriate numbers of people, particularly with respect to data processing and
       accounting functions, with the requisite skill levels relative to the size of the
       entity and nature and complexity of activities and systems.
       5.3.1. They have an adequate workforce to carry out mission.

5.4.   Appropriateness of delegated authority in relation to assigned responsibilities.
       5.4.1. Employees at the "right" level are empowered to correct problems or
               implement improvements, and empowerment is accompanied by
               appropriate levels of competence and clear boundaries of authority.

6.1.   Extent to which policies and procedures for hiring, training, promoting and
       compensating employees are in place.
       6.1.1. Level of attention given to recruiting and training the right people is

6.2.   Extent to which people are made aware of their responsibilities and
       expectations of them.
       6.2.1. Supervisory personnel meet periodically with employees to review job
                performance and suggestions for improvement.

6.3.   Appropriateness of remedial action taken in response to departures
       from approved policies and procedures.
       6.3.1. Employees understand that ineffective performance will result in
               remedial consequences.

6.4.   Extent to which personnel policies address adherence to appropriate
       ethical and moral standards.
       6.4.1. Integrity and ethical values are criterion in performance appraisals.

6.5.   Adequacy of employee candidate background checks, particularly
       with regard to prior actions or activities considered to be unacceptable
       by the entity.
       6.5.1. Candidates with frequent job changes or gaps in employment history
               are subjected to particularly close scrutiny.

6.6.   Adequacy of employee retention and promotion criteria and information-
       gathering techniques and relation to the code of conduct or other
       behavioral guidelines.
       6.6.1. Promotion and salary increase criteria are detailed clearly so that
               individuals know what management expects prior to promotions or
                                                                            ACTIONS NEEDED

   1.1. Does management adequately convey the
             message that integrity cannot be compromised?

      1.2. Does a positive control environment exist,
             whereby there is an attitude of control con-
             sciousness throughout the organization, and a
             positive "tone at the top"?

      1.3. Is the competence of the entity's people com-
             menusrate with their responsibilities?

      1.4. Is management's operating style, the way it
             assigns authority and responsibility, and organ-
             izes and develops its people appropriate?

      1.5. Does the Director provide the right level of

   2.1. Are entity-wide objectives and supporting activity-
             level objectives established and linked?

      2.2. Are the internal and external risks that influence
             the success or failure of the achievement
             of the objectives identified and assessed?

      2.3. Are mechanisms in place to identify changes af-
             fecting the entity's ability to achieve its objectives?

      2.4. Are policies and procedures modified as needed?

   3.1. Are control activities in place to ensure adher-
             ence to established policy and the carrying out
             of actions to address the related risks?

      3.2. Are there appropriate control activities for each
             of the entity's activities?

   4.1. Are information systems in place to identify and
             capture pertinent information-financial and non-
             financial, relating to external and internal events-
             and bring it to personnel in a form that enables
            them to carry out their responsibilities?

    4.2. Does communication of relevant information
            take place?

    4.3. Is it clear with respect to expectations and re-
            sponsibilities of individuals and groups, and
            reporting of results?

    4.4. And does communication occur down, across
            and upward in the entity, as well as between
            the entity and other parties?

   5.1. Are appropriate procedures in place to monitor on
            an ongoing basis, or to periodically evaluate the
            functioning of the other components of IC?

    5.2. Are deficiencies reported to the right people?

    5.3. Are policies and procedures modified as needed?
Audit Area                              End of Period Financial Statements
                                                                                                                                                                                   Do controls          Testing     Resolution /
                                                                                                                                                                      Documen-        meet             exceptions   remediation/
                                                                                                                                 Assertion                            tation W/P   objective?   Test     noted?      comments
   Process      Control Objective              Risk                         Control Considerations                       P/D     E,A,C,V,P   Description of control       Ref.      Yes/No     W/P Ref   Yes/No       W/P Ref
Segregation   Accounting functions      Unauthorized and    The following functions should be segregated:                      E,A,C,V,P
of Duties     are properly              inaccurate                            Authorization of transactions
              segregated.               transactions may
                                                                              Execution of transactions
                                        be recorded
                                                                              Recording of transactions
                                                                              Reconciliations
                                                                              Consolidations
                                                                              Maintenance of master files & tables

                                                            Access rules adequately support segregation of duties.

Master File Changes to the general      Unauthorized        New general ledger accounts are approved before entry        P         E,A,C
Maintenance ledger/ consolidation       additions/changes into the system.
            master files and related    can be made to the
            tables, or similar tools,   master files/tables Changes to tables are authorized before entry into the       P          E,A
            are properly                                    system.
            authorized, accurate
            and recorded timely
                                                            Edits and validation procedures prevent invalid data from    P         C,A
                                                            entering the system.

                                                            System reports of changes to master file/tables are          D          A
                                                            independently verified to the source documents.

                                        Master file/table   Master File/Table data is periodically reviewed by           D          A
                                        data does not       management.
                                        remain accurate

Asset /       Estimations and         Assets and            AREAS TO CONSIDER:
Liability     valuations are recorded liabilities may not                Foreign currency
Estimations   accurately, completely be properly stated
                                                                         Investments
and           and on a timely basis.
Valuations                                                               Allowance for doubtful accounts
                                                                         Asset impairment
                                                                         Depreciation of assets
                                                                         Amortization of pre-paids and intangibles
                                                                         Warranty reserves
                                                                         Pension and OPEB liabilities
                                                                         LIFO or lower of cost or market calculations
                                                                         Accruals
                                                                         Income taxes (current and deferred)

                                                            Transactions are reviewed (including assumptions for               E,A,V
                                                            transaction calculations) and properly authorized prior to
                                                            entry into the system.

                                                                                                                             Page 40 of 43
                                                                                                                                                                                 Do controls          Testing     Resolution /
                                                                                                                                                                    Documen-        meet             exceptions   remediation/
                                                                                                                               Assertion                            tation W/P   objective?   Test     noted?      comments
  Process     Control Objective             Risk                         Control Considerations                         P/D    E,A,C,V,P   Description of control       Ref.      Yes/No     W/P Ref   Yes/No       W/P Ref
                                                         Supporting schedules are reconciled to the general ledger.           E,A,C

                                                         Entries/account balances are reviewed against: budgets,              E,A,C,V
                                                         source documents, other metrics and reports and
                                                         compliance with GAAP.

                                                         FOR FOREIGN EXCHANGE

                                                         Rates used for translation of both foreign currency                  A
                                                         transactions and balances are compared to published rates.

                                                         FOR DEPRECIATION AND AMORTIZATION

                                                         The system automatically calculates the expense and posts            A
                                                         to the proper ledgers.

                                                         Edit checks exist to prevent depreciation/amortization in            A
                                                         excess of the original value of the asset.

                                                         Accounting department is notified of and considers                   A
                                                         acquisitions, transfers, sales and abandonments of assets in
                                                         computing depreciation/amortization.

                                                         FOR INCOME TAXES

                                                         Details of sources of tax information are prepared,                  C,A
                                                         updated, and compared to items recorded during the
                                                         accounting period prior to period end to determine
                                                         whether all events and transactions with significant tax
                                                         consequences and book-to-tax differences have been
                                                         identified and accounted for.

                                                         Calculation of the tax provision and changes to the                  C,E,A,V
                                                         deferred tax accounts and any valuation allowances are
                                                         performed by knowledgeable personnel on a timely basis
                                                         and are independently reviewed.

                                                         The tax provision and deferred tax accounts are reconciled           C,E,A
                                                         to the tax return on a timely basis.

Transfers   Transfer entries from    The general ledger Only appropriate and authorized people can transfer data              C,E,A
from Sub-   other systems are        may not be         to the general ledger.
ledgers     accurate, complete and   accurate and
            processed on a timely    complete.

                                                                                                                          Page 41 of 43
                                                                                                                                                                                     Do controls          Testing     Resolution /
Transfers     Transfer entries from     The general ledger                                                                                                              Documen-        meet             exceptions   remediation/
from Sub-     other systems are         may not be                                                                                                                      tation W/P   objective?   Test     noted?      comments
ledgers       accurate, complete and    accurate and                                                                                                                                  Yes/No
   Process      Control Objective              Risk                            Control Considerations                      P/D    E,A,C,V,P    Description of control       Ref.                 W/P Ref   Yes/No       W/P Ref
              processed on a timely     complete.
                                                             All sub-ledger totals by account are compared to the                C,E,A
                                                             general ledger system.

General      All valid entries are      All entries may not The completed general ledger closing checklist is reviewed           C,E,A
Ledger Close updated to the             be reflected        by management.
             appropriate accounts       properly in the
             prior to period-end        general ledger.
                                                            The prior period’s closing balance is reconciled to the              C,E,A
                                                            current period’s opening balance.

                                                             All reconciliations are reviewed by management.                     C,E,A

                                                             Management reviews all suspense accounts and resolves               C,E,A
                                                             all items before the close.

Inter-        Inter-company             Inter-company        Reconciliations of all inter-company accounts are                   C,E,A
company       accounts are recorded     accounts may not     performed and reviewed by management.
Accounts      completely, accurately    be properly
              and in a timely manner.   eliminated

 Consolida-   Corporate              Corporate               The completed consolidation checklist is reviewed by                C,E,A
   tions      consolidations are     consolidations are      management.
              complete and accurate. inaccurate

                                                             The financial statements in the consolidation package are           C,E,A
                                                             reconciled to the trial balances from each entity’s general
                                                             ledger, including any post-closing (top-side) adjustments.

                                                             All consolidating and eliminating entries are reviewed by           C,E,A,V

                                        Unauthorized top- All top-side entries are properly authorized.                          E,V
                                        side entries can be
                                        made                Only authorized and appropriate individuals can post top-            E,V
                                                            side entries.

                                                             Adequate audit trails exist for all top-side entries.               E,A,V

                                                             Top-side entries are compared to source documents after             C,E,A,V
                                                             they are entered into the system or otherwise reviewed by

Preparation   Financial statements    Financial         Management has established and documented a process for                  C,E,A,V,P
of the        are prepared accurately statements may be preparing and reviewing financial statements based on the
Financial     and timely.             misstated         accumulation of the relevant data from throughout the
Statements                                              company.

                                                                                                                             Page 42 of 43
Preparation   Financial statements    Financial                                                                                                                                     Do controls          Testing     Resolution /
of the        are prepared accurately statements may be                                                                                                                Documen-        meet             exceptions   remediation/
Financial     and timely.             misstated                                                                                   Assertion                            tation W/P   objective?   Test     noted?      comments
    Process     Control Objective             Risk                           Control Considerations                     P/D       E,A,C,V,P   Description of control       Ref.      Yes/No     W/P Ref   Yes/No       W/P Ref

                                                            Applicability of new accounting pronouncements is                 C,E,A,V.P
                                                            considered, documented, and communicated to appropriate
                                                            personnel throughout the company.

                                                            Financial statement account groupings are prepared                C,E,A,V,P
                                                            consistently with prior periods, and are reviewed by

                                                            Financial statements are independently reconciled to the          C,E,A
                                                            appropriate supporting schedules.

                                                            Financial statements are tested for clerical accuracy.            A

Final         All necessary contents   Contents or format   The completed disclosure checklist is reviewed by                 P
Financial     and disclosures are      of financial         management.
Statements    included in the          statements may be
and           financial statements.    incorrect or
                                                            Management and the board of directors review and                  C,E,A,V,P
Disclosures                            missing
                                                            approve the financial statements, including the related

                                                            The footnotes are reconciled to supporting documentation.         C,E,A

                                                                                                                          Page 43 of 43

To top