Docstoc

INTERNAL CONTROL QUESTIONNAIRE

Document Sample
INTERNAL CONTROL QUESTIONNAIRE Powered By Docstoc
					Previous                             Accounting Contents                                      Next

                                 STATE OF GEORGIA
                            CHILD SUPPORT ENFORCEMENT
                           STATEWIDE ACCOUNTING MANUAL


PROCEDURE NUMBER: 900
PROCEDURE NAME:   LOCAL OFFICE AUDITS

PURPOSE:

An Internal Audit is an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization. The objective of internal
auditing is to assist members of the organization in the effective discharge of their financial
responsibilities.

SCOPE:

To meet the objective of assisting OCSE personnel in the effective discharge of their
responsibilities with respect to the financial and documentation needs of the Agency, priorities of
Audit testing need to be established. These are listed below.

OBJECTIVE:

01. Review, documentation and observation of Internal Control, which includes security
    controls and separation of duties, for the Judicial Circuit to assure the office is in compliance
    with $TARS Financial Management / Receipts and Collections Processing Procedures and
    Generally Accepted Accounting Principles.

02. Audit of adequate documentation for the audit trail in examining the maintenance of the
    local office accounting records and related financial reports.

03. Adherence to established policy and supervisory approval, including the audit of
    determination of account balances and account balance changes and the reversal process.

04. Audit of receipt processing through money batch processing to review the effectiveness of
    trained OCSE Managers and accounting staff when performing this function.

05. Audit of correction entries through Non-Money batch testing.

06. Audit of adherence to recoupment procedures.


The Management Questionnaire, Internal Questionnaire and Audit Guide can be found in the
Appendix




MT06                                       900-1                            Revised 3/11/05
PREPARATION:

01. The Region Financial Manager will send a notice announcing a Formal Audit to the Office
    Manager/Supervisor at least two weeks before the audit. Formal audit announcements are to
    be written on Division letterhead. (Exception: The Region Financial Manager and his/her
    Supervisor decide there is a need to conduct a Surprise Audit. At this time no letter would be
    sent.) Along with the notice, the Region Financial Manager will send a Management
    Questionnaire to be completed by the Office Manager. The Management Questionnaire
    should be returned to the Region Financial Manager within 5 (five) days of the scheduled
    audit.

02. Pulling Reports and Logs for review – some suggested reports/logs to use:
       A) Account Balance Adjustment Report
       B) Monthly Recoupment Report and Log
       C) Funds in Escrow
       D) Funds in Error
       E) Unidentified Report
       F) Prompt Delete Report
       G) Review and Modification Excel Log
       H) SIV Password Log

 Region Financial Manager should utilize the Internal Control and Management Questionnaire
during the review process. However, other logs and reports may be utilized at your discretion.

ENTRANCE CONFERENCE:

The Region Financial Manager will conduct an Entrance Conference with the local Office
Manager/Supervisor and primary Accounting Staff to define the content of the audit.

OPERATIONAL SCOPE OF AUDIT:

01. Security and Controls.

02. Collections and Processing
     Internal Control Questionnaire

03. Accounting Records

    A) Review Receipt Books and Receipt Book Logs
       (1) receipt processing on STARS

    B) Record of batches –
       (1) check completeness of batch records
       (2) check that all reports, as required, are attached
       (3) check for E-Batches and that all information, as required, is attached
       (4) check for Certified batches and that all information, as required, is attached

   C) Money Batch Testing-
     1) Review all Walk-In batches in which a cash payment was taken


MT06                                      900-2                            Revised 3/11/05
       2) Review a random sample of other payments processed at the local level (ex:
          application fees, Rev-Mod Fees, money orders, etc.) to ensure money was posted
          correctly

   D) Non-Money Batch Testing –
      A. Review a random sample of reversal requests
      (1) review original request and all necessary attachments
      (2) review for supervisor approval
      (3) ensure all information from start to finish has been documented in the case action log
      (4) ensure that appropriate notes are made on the receipt in question in the note field
      (5) ensure that requests processed correctly

       B. Review a random sample of funds in error, unidentified and funds in escrow
       (1) review original request and that all necessary attachments
       (2) ensure all information from start to finish has been documented in the case action log
       (3) ensure the appropriate notes are made on the receipt in question in the note field
       (4) ensure that requests processed correctly

   E) Recoupments –
     (1) Ensure that both the case and accounts are active/open
      (2) Ensure that the reason for recoupment and all actions taken to recover the money is
      documented in
           the case action log
       (3) Review actions taken and assure adherence to policy and procedure

   F) Changes of Account Balances –
      (1) source documentation to verify calculated or determined change in balance (affidavit
          of arrears)
      (2) request was made by Agent and then approved by Supervisor
      (3) request was processed correctly
      (4) documented in case action log or description field
      (Most of this information can be found in the actual case file / pull files at your
      discretion)

04. Compliance
    Previous Audit recommendations/ corrections
    Accounting Manual
    Monthly Reports

05. Management
    Case Management –
    A) Review sample of cases for type/subtype, support order and income deduction code
    B) Accounts set up appropriately and/or timely
       (1) correct FIPS Code on accounts
       (2) appropriately tied to support order
    C) Payor Status request submitted timely to reduce/stop deductions and follow up performed
       as needed
       (1) appropriate account changes/updates
       (2) assure adherence to case closure policy and procedure
    D) Case Management Reports
MT06                                     900-3                           Revised 3/11/05
SAMPLING PROCEDURES:

The purpose of sampling items is to determine if transacted items:

01) Comply with Financial Management / Receipts and Collections Processing and Generally
    Accepted Accounting Principles, and
02) Are reflected on the local office accounting records and related financial reports.

Sampling should be performed in each local office at least annually. Region Financial Manager
or Management may request an OCSE Supervisor or other designee perform this task.

The Region Financial Manager should make an independent determination regarding the size of
the sample to be examined. The sample size should represent the overall Accounting and
Operational aspect of the “Financial Management / Receipts and Collections Process”. Sample
size can be 100% if the Region Financial Manager determines the need to verify all transactions.

It is advisable to audit ALL cash receipts collected by the local office.


Rating:
Each office should be assigned an overall rating of Satisfactory, Needs to Improve, or
Unsatisfactory as part of each Financial Audit conducted by OCSE.

The five components, Collections and Processing, Accounting Records, Security and Controls,
Compliance, and Management are used to assess the adequacy of each office's financial system
and operations. Each section will be assigned a numerical rating between 1 and 5, with 1 being
the best and 5 being the worst. Based on a composite of the Audit findings, an over all rating of
Satisfactory, Needs to Improve, or Unsatisfactory will be assigned to each office. A rating of
Satisfactory indicates: the strongest performance with effective procedures and practices in
place. A Needs to Improve rating indicates: a generally acceptable level of performance with a
moderate level of deficiencies, which needs immediate attention to prevent further deterioration
in performance. An Unsatisfactory rating indicates: the most critically deficient level of
performance with inadequate procedures and practices in place.


Satisfactory
Any weaknesses are minor and can be handled in a routine manner. Procedures and practices are
in place to ensure the accuracy and integrity of the financial records. The office is in substantial
compliance with OCSE Accounting Manual, and GAAP. The financial staff is well trained and
provided with tools necessary to perform assigned functions; additionally staffing levels are
maintained at a level necessary to ensure the timely, efficient, and accurate collection and
disbursement of Child Support payments.




MT06                                       900-4                            Revised 3/11/05
Needs to Improve

Moderate weaknesses are present, but are well within Management’s capabilities and willingness
to correct. Overall procedures and practices are satisfactory and the office is in substantial
compliance with OCSE Accounting Manual, and GAAP.

Unsatisfactory

Severe weaknesses exist. The weaknesses and problems are not being satisfactorily addressed or
resolved by Management. There may be significant noncompliance with OCSE Accounting
Manual and GAAP.


Audit Findings Rating:
Collections and Processing

       1- necessary procedures have been developed and implemented to insure the accuracy
       and timeliness of collecting and posting child support receipts. In addition, appropriate
       supervisory controls and procedures are in place to insure compliance with established
       policies and procedures.

       2- minor deficiencies exist, which can easily be corrected, in the collection and
       processing practices and/or procedures.

       3- a level of deficiencies in collection and processing practices exists which need
       improvement or satisfactory Supervisory and/or monitoring efforts.

       4- an unacceptable level of deficiencies, resulting in poor collection and processing
       practices.

       5- unsatisfactory practices and controls compounded by inadequate Supervision and
       monitoring.

Accounting Records

       1- required documentation is maintained and available for use and review by the
       Financial Staff. Accounting records are accurate and up to date and adequately reflect
       the financial activities of the office.

       2- minor deficiencies exist, which can be easily corrected, in terms of accuracy,
       availability, and retention.

       3- accounting records are inadequate in terms of accuracy, availability, and retention.

       4- an unacceptable level of deficiencies exists, which render the Accounting Records
       unreliable, i.e. missing, incomplete, or inaccurate documentation or records.

       5- an unacceptable level of deficiencies exists, as defined for a '4' rating, which
       Management is unable or unwilling to correct.
MT06                                       900-5                            Revised 3/11/05
Security and Controls

       1- sound guidelines of internal control and security procedures have been adopted and
       implemented. Risk of loss through fraud, misappropriation of funds, theft, etc., is
       minimal.

       2- minor deficiencies in security and control policies and/or procedures that can be easily
       corrected by Management.

       3-a level of deficiencies that if not corrected, could lead to an increased risk of loss to the
       OCSE fund balance.

       4- Security and Internal Control weaknesses that increase the risk of loss to unacceptable
       levels and need be addressed by Management immediately.

       5-absence of Security and Control guidelines and/or procedures, resulting or likely to
       result in loss to the CSE fund balance.

Compliance

       1- the office is in substantial compliance with the Accounting Manual and GAAP.

       2- minor deviations from policy or technical compliance issues exists which do not
       adversely impact the Office’s ability to perform its Financial Accounting responsibilities,
       i.e. the size of the Office precludes separation of duties, so Supervisor approval or
       enforced absences from the duties in question is used as a control in lieu of separation of
       duties.

       3- noncompliance in one or more areas which increase the office’s risk of loss and/or
        adversely impacts the office’s ability to perform its financial accounting responsibilities.

       4- substantial noncompliance in critical areas which requires Management's immediate
       attention.

       5- continued noncompliance in critical areas and Management’s inability and/or
       unwillingness to correct.

Management

The criteria for determining appropriate ratings for Audit findings are fairly straightforward with
specific requirements which can be objectively evaluated. A wide range of criteria, both tangible
and intangible, must be considered when assigning the Management rating.

Management actively controls and is responsible for successfully managing the criteria used to
evaluate the other four (4) categories, therefore, a rating of "4" or worse in any of the other
categories preclude a Management rating higher than "3".

The capability and performance of Management is rated based upon, but not limited to, an
assessment of the following evaluation factors:

MT06                                       900-6                             Revised 3/11/05
        The ability of Management to plan for, and respond to, risks that may arise from
         changing conditions or the initiation of new activities.
        The adequacies of, and conformance with, appropriate Internal Policies and Controls
         addressing the operations and risks of significant activities.
        The accuracy, timeliness, and effectiveness of Management information and risk
         monitoring systems.
        The adequacy of Internal Controls and procedures to: promote effective operations
         and reliable financial data; safeguard assets; and ensure compliance with laws,
         regulations, and internal policies.
        Responsiveness to recommendations from CSE Region Financial Manager.
        Reasonableness and adequacy of staffing levels, training, and overall competence of
         the staff.

       1-strong performance by and strong Risk Management practices relative to the office size,
       complexity, and risk profile. All significant risks are consistently and effectively
       identified, measured, monitored, and controlled. Management has demonstrated the ability
       to promptly and successfully address existing and potential problems and risks.

       2-satisfactory Management and Risk Management practices relative to the office's size,
       complexity, and risk profile. Minor weaknesses may exist, but are not material to the
       integrity of the financial aspects of the office and are being addressed. In general,
       significant risks and problems are effectively identified, measured, monitored, and
       controlled.

       3-Management needs improvement or Risk Management practices are less than
       satisfactory given the nature of the office activities. The capabilities of Management may
       be insufficient for the type, size, or condition of the office. Problems and significant risks
       may be inadequately identified, measured, monitored, or controlled.

       4-deficient Management or Risk Management practices that are inadequate considering
       the nature of an office activities. The level of problems and risk exposure is excessive.
       Problems and significant risks are inadequately identified, measured, monitored, or
       controlled and require immediate action by Management to preserve the integrity of the
       Financial Program.

       5-there are critically deficient Management or Risk Management practices. Management
       has not demonstrated the ability to correct problems and implement appropriate Risk
       Management practices. Problems and significant risks are inadequately identified,
       measured, monitored, or controlled.

Disclosure of Ratings

The Region Financial Manager should discuss the recommended ratings with Senior
Management at the conclusion of the Audit. Region Financial Managers should discuss the
factors they considered when assigning the ratings. They should also indicate that the ratings are
not based on a numerical average, but rather that it is based on a qualitative evaluation of an
institution's overall Managerial, Operational, and Financial performance.


MT06                                        900-7                            Revised 3/11/05
The rating of Management is important yet sensitive. The quality of Management is often the
single most important element in the success or failure of the Financial operations of an office,
and is usually the factor that is most indicative of how well risk is identified, measured,
monitored, and controlled. For this reason, Region Financial Managers should thoroughly review
and explain the factors considered when assigning the Management rating.

Written comments in support of the Management rating should include an assessment of the
effectiveness of existing policies and procedures in identifying, monitoring, and managing risk.

Finally, the ratings should be fully and prominently disclosed in the written audit.


COMPLETION:

01) Compile results of the Questionnaires
02) Compile results of the Sampling review
03) Compile results of the Ratings


EXIT CONFERENCE:

Conduct exit conference with the OCSE Manager/Supervisor to discuss results and
recommendations, (corrective action plan) if needed.


SUBMIT AUDIT REPORT TO LOCAL OFFICE:

The Region Financial Manager must follow-up with an audit report to the OCSE
Manager/Supervisor within thirty (30) calendar days of the exit conference. This follow-up will
present the findings of the audit examination and recommendation(s). The letter must be copied
to the Region Manager and CSCA Manager.
The OCSE Manager/Supervisor has only fifteen (15) calendar days to respond to the findings
presented by the Region Financial Manager. The response must specifically address each
recommendation made within the audit report and include a written plan for addressing
deficiencies.

The CSE Manager/Supervisor will be allowed thirty (30) calendar days to enforce the Corrective
Action Plan recommended by the Region Financial Manager.

AUDIT FILE:
The Region Financial Manager will compile an audit file for each office, to be retained at the
Region Office. Information should include, but not limited to, the following information:
01) The Management and Internal Control Questionnaire and responses;
02) Financial data information that was tested and the findings;
03) Findings of review of recoupments;
04) Findings of the money batch review;
05) Findings of the non-money batch review;
06) Findings of case management review;
07) Copy of final letter and audit findings sent to the local office.


MT06                                       900-8                           Revised 3/11/05