Accountable Financial Management: A Program Director’s Responsibilities Financial Management Intermediate Level Presented by: Colleen B. Mendel, MA, MBA, MS Executive Director Training & Technical Assistance Services Western Kentucky University 800-TTAS-4-TA (800-882-7482) www.ttas.org Workshop Objectives $ To effectively link the financial management system to other Head Start/Early Head Start systems and services $ To discuss the scope of internal controls and how they relate to responsible financial management $ To identify, assess and manage risks which could impact the financial health of a local Head Start or Early Head Start program Learning Outcomes $ Improved ability to integrate financial management with other Head Start/Early Head Start systems and services $ Intentional assessment of the standards of internal control as they relate to local program operations $ Use of standards of internal control to strengthen program operations, reliability of financial reporting and overall compliance with laws and regulations $ Ability to collect, compile, synthesize, integrate and use information to evaluate threats to a program’s ability to fulfill its mission and achieve its objectives $ Use of specific tools to ameliorate risks facing Head Start and Early Head Start programs Head Start and Early Head Start Directors’ Institute 1 Accountable Financial Management: Page 2 A Program Director’s Responsibilities Workshop Outline The Financial Management System Integrating Head Start Services with Financial Management Integrating Other Systems with Financial Management Responsible Financial Management Internal Controls Risk Assessment Applying the Techniques What’s in My In-Basket Today? Focus on Learnings Head Start and Early Head Start Directors’ Institute 2 Page 3 of handouts: 2006 PRISM Framework Landscape orientation, like next page Head Start and Early Head Start Directors’ Institute 3 Head Start and Early Head Start Directors’ Institute 4 INTEGRATING SYSTEMS Head Start and Early Head Start Directors’ Institute 5 Program Planning Communica- Recordkeep- Ongoing Self- Human Fiscal ERSEA SYSTEM ing/Reporting Governance tion Monitoring Assessment Resources Management Program Governance Planning Communica- tion Recordkeep- ing and Reporting Ongoing Monitoring Self- Assessment Human Resources Fiscal Management ERSEA Head Start and Early Head Start Directors’ Institute 6 Head Start and Early Head Start Directors’ Institute 7 Head Start and Early Head Start Directors’ Institute 8 INTERNAL CONTROL Quoted and adapted from: OMB Circular A-123, Management’s Responsibility for Internal Control, II. Standards, IV. Assessing Internal Control and Appendix A: Internal Control over Financial Reporting, III. Assessing Internal Control over Financial Reporting STANDARDS FOR INTERNAL CONTROL Internal control, in the broadest sense, includes the plan of organization, methods and procedures adopted by management to meet its goals. Internal control includes processes for planning, organizing, directing, controlling, and reporting on agency operations. The three objectives of internal control are: $ Effectiveness and efficiency of operations, $ Reliability of financial reporting, and $ Compliance with applicable laws and regulations. The safeguarding of assets is a subset of all of these objectives. Internal control should be designed to provide reasonable assurance regarding prevention of or prompt detection of unauthorized acquisition, use or disposition of assets. Management is responsible for developing and maintaining internal control activities that comply with the following standards to meet the above objectives: $ Control Environment, $ Risk Assessment, $ Control Activities, $ Information and Communications, and $ Monitoring Control Environment The control environment is the organizational structure and culture created by management and employees to sustain organizational support for effective internal control. When designing, evaluating or modifying the organizational structure, management must clearly demonstrate its commitment to competence in the workplace. Within the organizational structure, management must clearly: define areas of authority and responsibility; appropriately delegate the authority and responsibility throughout the agency; establish a suitable hierarchy for reporting; support appropriate human capital policies for hiring, training, evaluating, counseling, advancing, compensating and disciplining personnel; and uphold the need for personnel to possess and maintain the proper knowledge and skills to perform their assigned duties as well as understand Head Start and Early Head Start Directors’ Institute 9 the importance of maintaining effective internal control within the organization. The organizational culture is also crucial within this standard. The culture should be defined by management’s leadership in setting values of integrity and ethical behavior but is also affected by the relationship between the organization and central oversight agencies and Congress. Management’s philosophy and operational style will set the tone within the organization. Management’s commitment to establishing and maintaining effective internal control should cascade down and permeate the organization’s control environment which will aid in the successful implementation of internal control systems. Risk Assessment Management should identify internal and external risks that may prevent the organization from meeting its objectives. When identifying risks, management should take into account relevant interactions within the organization as well as with outside organizations. Management should also consider previous findings; e.g., auditor identified, internal management reviews, or noncompliance with laws and regulations when identifying risks. Identified risks should then be analyzed for their potential effect or impact on the agency. Control Activities Control activities include policies, procedures and mechanisms in place to help ensure that agency objectives are met. Several examples include: proper segregation of duties (separate personnel with authority to authorize a transaction, process the transaction, and review the transaction); physical controls over assets (limited access to inventories or equipment); proper authorization; and appropriate documentation and access to that documentation. Internal control also needs to be in place over information systems – general and application control. General control applies to all information systems such as the mainframe, network and end-user environments, and includes agency-wide security program planning, management, control over data center operations, system software acquisition and maintenance. Application control should be designed to ensure that transactions are properly authorized and processed accurately and that the data is valid and complete. Controls should be established at an application’s interfaces to verify inputs and outputs, such as edit checks. General and application control over information systems are interrelated, both are needed to ensure complete and accurate information processing. Due to the rapid changes in information technology, controls must also adjust to remain effective. Information and Communications Information should be communicated to relevant personnel at all levels within an organization. The information should be relevant, reliable, and timely. It is also crucial that an agency communicate with outside organizations as well, whether providing information or receiving it. Examples include: receiving updated guidance from central oversight agencies; management Head Start and Early Head Start Directors’ Institute 10 communicating requirements to the operational staff; operational staff communicating with the information systems staff to modify application software to extract data requested in the guidance. Monitoring Monitoring the effectiveness of internal control should occur in the normal course of business. In addition, periodic reviews, reconciliations or comparisons of data should be included as part of the regular assigned duties of personnel. Periodic assessments should be integrated as part of management’s continuous monitoring of internal control, which should be ingrained in the agency’s operations. If an effective continuous monitoring program is in place, it can level the resources needed to maintain effective internal controls throughout the year. Deficiencies found in internal control should be reported to the appropriate personnel and management responsible for that area. Deficiencies identified, whether through internal review or by an external audit, should be evaluated and corrected. A systematic process should be in place for addressing deficiencies. ASSESSING INTERNAL CONTROL Agency managers should continuously monitor and improve the effectiveness of internal control associated with their programs. This continuous monitoring, and other periodic assessments, should provide the basis for the agency head's annual assessment of and report on internal control. Agency management should determine the appropriate level of documentation needed to support this assessment. Documentation should be appropriately detailed and organized and contain sufficient information to support management’s assertion. Documentation should also include appropriate representations from officials and personnel responsible for monitoring, improving and assessing internal controls. Sources of Information The agency head's assessment of internal control can be performed using a variety of information sources. Management has primary responsibility for assessing and monitoring controls, and should use other sources as a supplement to -- not a replacement for -- its own judgment. Sources of information include: $ Management knowledge gained from the daily operation of agency programs and systems. Head Start and Early Head Start Directors’ Institute 11 $ Management reviews conducted (i) expressly for the purpose of assessing internal control, or (ii) for other purposes with an assessment of internal control as a by- product of the review. $ Reports, including audits, inspections, reviews, investigations, outcome of complaints, or other products. $ Program evaluations. $ Audits of financial statements including: information revealed in preparing the financial statements; the auditor's reports on the financial statements, internal control, and compliance with laws and regulations; and any other materials prepared relating to the statements. $ Reviews of financial systems. $ Annual evaluations and reports. $ Annual performance plans and reports. $ Other reviews or reports relating to agency operations. $ Results from tests of key controls performed as part of the assessment of internal control over financial reporting using items in Section II, Internal Controls and Monitoring, of the 2006 Head Start Fiscal Checklist. Use of a source of information should take into consideration whether the process included an evaluation of internal control. Agency management should avoid duplicating reviews which assess internal control, and should coordinate their efforts with other evaluations to the extent practicable. Identifying Deficiencies Agency managers and staff should be encouraged to identify control deficiencies, as part of the agency's commitment to recognizing and addressing management problems. Failing to report a known reportable condition reflects adversely on the agency and places the agency’s operations at risk. Agencies should carefully consider whether systemic weaknesses exist that adversely affect internal control across organizational or program lines. ASSESSING INTERNAL CONTROL OVER FINANCIAL REPORTING Evaluate Internal Control at the Entity Level Internal control at the entity level refers to those elements of the five components of internal control that have an overarching or pervasive effect on the agency. Specific elements of internal control that should be evaluated at this level are discussed below. Head Start and Early Head Start Directors’ Institute 12 Control Environment The assessment should include obtaining a sufficient knowledge of the control environment to understand management's attitude, awareness, and actions concerning the control environment. The assessment should consider the collective effect on the control environment, since management's strengths and weaknesses can have a pervasive effect on internal control. Specific elements of the control environment that should be considered include: $ Integrity and ethical standards $ Commitment to competence $ Management philosophy and operating style $ Organizational structure $ Assignment of authority and responsibility $ Human resource policies and practices Risk Assessment The assessment should include obtaining sufficient knowledge of the agency's process on how management considers risks relevant to financial reporting objectives and decides about actions to address those risks. The assessment should determine how management identifies risks, estimates the significance of risks, assesses the existence of risks in the current environment, and relates them to financial reporting. The results of this assessment at the agency-wide level will drive the extent of testing and review performed at the process, transaction, or application level. Some significant circumstances or events that can affect risk include: $ Complexity or magnitude of programs, operations, transactions, etc; $ Accounting estimates; $ Related party transactions; $ Extent of manual processes or applications; $ Decentralized versus centralized accounting and reporting functions; $ Changes in operating environment; $ New personnel or significant personnel changes; $ New or revamped information systems; $ Significant new or changed programs or operations; $ New technology; and $ New or amended laws, regulations, or accounting standards. Control Activities Control activities are the policies and procedures that help ensure that management directives are carried out and that management's assertions in its financial reporting are valid. The assessment should include obtaining an understanding of the control activities applicable at the entity level, such as: Head Start and Early Head Start Directors’ Institute 13 $ Policies and procedures; $ Management objectives (clearly written and communicated throughout the agency); $ Planning and reporting systems; $ Analytical review and analysis; $ Segregation of duties; $ Safeguarding of records; and $ Physical and access controls. Information and Communication The assessment should include obtaining an understanding of the information system(s) relevant to financial reporting. Such an understanding should include: $ The type and sufficiency of reports produced; $ The manner in which information systems development is managed; $ Disaster recovery; $ Communication of employees' control related duties and responsibilities; and $ How incoming external communication is handled. Monitoring The assessment should include obtaining an understanding of the major types of activities the agency uses to monitor internal control over financial reporting, including the source of the information related to those activities, and how those activities are used to initiate corrective actions. Several examples include: $ Self assessments by management; $ Evaluations by the PRISM Review Team or external auditor; and $ Direct testing. Head Start and Early Head Start Directors’ Institute 14 INTERNAL CONTROL WORKSHEET Instructions: Think about the financial management system in your organization and apply the five standards for internal control to your activities, policies, procedures and practices. Cite at least one example for each standard. Control Environment Risk Assessment Control Activities Information and Communication Monitoring Head Start and Early Head Start Directors’ Institute 15 RISK IDENTIFICATION, ASSESSMENT AND MANAGEMENT Risk is any threat to your ability to fulfill your mission. RISK IDENTIFICATION AND ASSESSMENT The first step in managing risk is to identify it. What threatens an organization’s ability to fulfill its mission? When managers identify risk, it is important to look both within and outside the Head Start or Early Head Start program. A classic technique, SWOT Analysis, can be used as one strategy to identify risks. The SWOT technique examines organizational Strengths and Weaknesses and external Opportunities and Threats. This technique is often, either formally or informally, part of Head Start’s assessment and monitoring processes. Risk managers: $ use their intuition, professional experience and common sense to identify and assess risks; $ conduct thorough annual program self-assessments; $ engage in ongoing monitoring; and $ draw conclusions based on fact-based assessment. However, the General Accounting Office chastises Head Start, saying that although Head Start programs collect much information, they do not compile, synthesize and use it to assess risks and identify improved processes. Once managers have identified potential risks, they must assess their magnitude. To assess risks to Head Start and Early Head Start, managers must examine the notion of uncertainty - the inability to know in advance the exact likelihood or impact of future events. Evaluating these two concepts - likelihood and impact - is a critical component in assessing the risk inherent in any event. Is an event likely to occur and if it does, will it damage organizational performance or reputation? To engage in effective risk management it is important first to organize the plethora of information programs have from documents, experience, monitoring activities, etc., compile it, synthesize it and use that information to mitigate threats to the agency’s ability to fulfill its mission. RISK MANAGEMENT Risk management then is all about anticipating problems. Once managers have identified the risks which face them and have assessed their seriousness, they must turn their attention to managing as effectively as possible those risks which threaten the organization’s ability to fulfill its mission. This process begins with establishing and reviewing goals and objectives, being Head Start and Early Head Start Directors’ Institute 16 clear about mission and direction, and understanding what it will take to achieve the program’s purpose. It is a process by which Board members and managers provide reasonable assurance that: $ operations are effective and efficient; $ financial reporting is reliable; and $ the program is complying with laws and regulations. (Government Accounting Office, Standards for Internal Control in the Federal Government, November, 1999) Risk management falls under the rubric of internal control, which undergirds the operations of all successful organizations. Internal control = management control. Management control includes managing risks. Once risks have been identified and assessed, the risk management process identifies and evaluates possible responses, evaluates options, and selects and executes the chosen response. As managers evaluate their risk management options, it is important to consider the following: $ the interrelationships among Head Start systems and services; $ data sources; $ timeliness and accuracy of data; $ multiple sources of information; $ back-up systems; and $ checks and balances. In thinking about responses to risks, it is useful to explore the different ways in which risk can be managed. Different tools for risk management are appropriate for different types of risk. In many cases, some combination of tools will be used. There are five tools which organizations should consider as they identify and evaluate possible responses to any given risk: $ Prevent it - determining the cause of an event and taking measures to ensure that it does not occur or protect against it (e.g., sharing information, providing training; instituting safety, security and other protective measures) $ Eliminate it - recognizing that what is currently done is risky and stopping it $ Avoid it - not putting yourself in the situation in the first place $ Minimize it - diminishing the likelihood that something will occur or lessening its impact if it happens (e.g., instituting rules, procedures, safety measures) $ Insure it - purchasing an insurance policy to safeguard the agency, its assets, staff and clients against injury, damage, or loss Life and business are replete with risks. But good management identifies, assesses the impact and likelihood of those risks, and uses the appropriate tool(s) to mitigate threats to an organization’s ability to fulfill its mission and achieve its objectives. Head Start and Early Head Start Directors’ Institute 17 RISK MANAGEMENT WORKSHEET Instructions: Think about the five tools for risk management. How do you use each one to mitigate risks in the financial management system in your program/agency? Prevent it Eliminate it Avoid it Minimize it Insure it Head Start and Early Head Start Directors’ Institute 18 Accountable Financial Management: A Program Director’s Responsibilities In-Basket Activity Instructions: On the following pages you will find items that might be in a director’s in-basket (or in this day of electronic communication, many might be in your inbox or mailbox). As the Head Start Director, review and evaluate this information within the context of risk management and the standards of internal control. Note the issues and concerns that your review reveals, indicate what management control or risk management strategies you would pursue to fulfill your responsibilities in developing and maintaining an accountable financial management system. Program Facts $ You are the Director of Blue Moon Head Start, one of several programs which operate under the auspices of Wansinna Lifetime Opportunity Corporation, a community action agency. $ Financial operations of the agency are centralized, under the direction of the agency’s Fiscal Officer, Kevin Locke, CPA. $ The agency has a negotiated indirect cost rate of 10% of salaries and wages. $ Blue County Head Start serves 400 preschool age children. $ The program’s year end date is December 31. Head Start and Early Head Start Directors’ Institute 19 Blue Moon Head Start Monthly Financial Report for October, 2005 Cost Category Budgeted Monthly Year-to-Date Balance Percent Amount Expenditure Expenditure Unspent Unspent Personnel $1,653,545 $150,000 $1,567,800 $ 85,756 5.2% Fringe Benefits 546,455 50,000 500,000 46,455 8.5 Travel 20,000 3,000 17,000 0 0.0 Equipment 12,000 0 12,000 0 0.0 Supplies 40,000 750 35,750 4,250 10.6 Contractual1 56,000 4,600 46,800 9,200 16.4 Construction 0 0 0 0 0.0 Other2 306,645 25,555 290,000 16,645 5.4 Total Direct 2,634,645 233,905 2,469,350 165,295 6.3 Indirect Cost 165,355 15,000 156,780 8,575 5.2 TOTALS $2,800,000 $248,905 $2,626,130 $173,870 6.2 Non-Federal $ 700,000 75,000 750,000 (50,000) 107.1 1 Final payment of $2,000 was paid to Gemini Mental Health Services in October; contract complete. An additional $1,000 a month is to be paid to Starburst Health Associates for the services of the RD. 2 All Other costs have been paid for the year with the exception of $1,645 remaining in rent for Galaxy Center. Respectfully submitted, Chen-ru Ma, Fiscal Assistant Head Start and Early Head Start Directors’ Institute 20 When you go to your email, you find the following messages. From: Kevin Locke, Fiscal Officer Subject: Health Insurance Date: Nov 28, 2005 To: Head Start Director Just a reminder that, on top of the July health insurance premium increase of 10%, our Employee Assistance Program took effect on October 1, 2005, and increases your fringe benefits cost by about $750/month. By the way, sorry that Chen-ru, my new assistant failed to get you a financial report for September. It was her first month and she was just overwhelmed. She tells me that we’re caught up now though. From: Leona Starr, Education Manager Subject: Managing Child Outcomes Training Date: Nov 28, 2005 To: Head Start Director I just received a wonderful flyer about a Head Start Child Outcomes Seminar in Orlando on Dec. 14-16. The registration fee is $500 and I expect that my travel expenses would be about $1,200. I sure would like to go, and since we had that conflict with NAEYC, I haven’t had any other professional development travel this year. Can you let me know right away? Thanks so much! From: Skyla Schultz, HR Director Subject: Position Vacancies Date: Nov 28, 2005 To: Head Start Director I have the report from the personnel committee and the personnel action form (PAF-4) that you signed last week to fill the Operations Manager position, vacated by Estrella Ortiz on June 30th. You neglected to note on the PAF-4 the date that you wanted Mr. Aquarius to start. Please let me know and I’ll contact him to get the paperwork completed and get him on board. Head Start and Early Head Start Directors’ Institute 21 From: Virginia Luna, Health/Nutrition Specialist Subject: In-Kind Date: Nov 28, 2005 To: Head Start Director Guess what! The Health Coordinator at Children’s Place Head Start told me that we could count meals and snacks that parents provide at home to their children on weekends as part of our in- kind. So I figured breakfast and lunch (no dinner, since that’s not part of our services) at the USDA reimbursement rates for 16 meals a month (2 a day for Sat/Sun) and 8 snacks - - it’s probably more than 8 really, but I wanted to be conservative. I started last quarter and, boy, has that generated a ton of in-kind! Pretty cool, huh?! From: UKLOTTERY Subject: YOU ARE A WINNER Date: @#$%^&* To: Recipient Congratulations! You may be a winner in the UKLOTTERY. To claim your prize of up to $5,000,000, please send the following account information by return email and $500 processing fee by check, cash or money order to the following address . . . Head Start and Early Head Start Directors’ Institute 22 Accountable Financial Management: A Program Director’s Responsibilities Issues and Concerns Internal Control and Risk Management Strategies Issues/Concerns Strategies Head Start and Early Head Start Directors’ Institute 23
"Head Start Program Swot Analysis - DOC"