Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Department of Information Technology Biennial by jsz19772

VIEWS: 91 PAGES: 43

Revenue Cycle Management Audit Reports document sample

More Info
									                                                                                     Department of Information Technology
                                                                    Biennial Internal Control Evaluation (ICE) for Fiscal Year Ended 9/30/04
                                                                             RISK ASSESSMENT AND CONTROL ACTIVITIES WORKSHEET
                                                                                         (Financial/Accounting Transaction Cycles)
BUDGET TRANSACTION CYCLE

                                                     Risk Factors                           Actions/                                       Monitoring         Evaluation/Conclusion


                                                     Associated With                        Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
Objectives:                                          Objectives:                            Comments:
  1. Budget is developed in accordance with the        Budget approved is not adequate        Mission statements are included in budget
  missions of the Department (DIT) and its             to meet goals
  components                                           Budget approved is excessive           Budget is based on effective program
                                                       compared to actual needs               measures

                                                       Operations conducted are not           Budget is reviewed by management
                                                       properly authorized

                                                       Budget submissions are rejected

  2. Budget is authorized in accordance with laws,     Budget is not properly authorized      Budget approval process throughout
  requirements and management’s policy                                                        agency is defined
                                                       Unauthorized programs are              Controls are implemented to verify that
                                                       implemented                            approvals are obtained
  3. The Department’s budget is developed in           Budget is "illegal" or improper        Budget office (OAS) uses approved
  accordance with legal requirements, State Budget                                            policies and procedures
  Director and DIT management policy and
  procedures


                                                       Budget request does not properly       Budget system is used to accumulate
                                                       inform management of programs          budget data on an organizational and
                                                       planned                                programmatic basis

  4. Budget processing procedures used are             Budget process is uneconomical         Budget procedures are defined
  economical and efficient                             and inefficient
                                                                                              Personnel are trained in budget procedures



                                                                                              Automated budget system is utilized
  5. Budgetary information is properly classified in Budget is incorrectly prepared      Automated budget system is used
  accordance with state/federal budget guidelines
                                                    Budget is rejected in approval       Defined procedures and forms are used
                                                    process




BUDGET TRANSACTION CYCLE (Cont’d)

                                                    Risk Factors                         Actions/                                      Monitoring         Evaluation/Conclusion


                                                    Associated With                      Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                       Controls, etc.):
Objectives:                                         Objectives:                          Comments:
  1. Programs are planned in an economical and         Fraud, waste and abuse are          Budget procedures require program
  efficient manner                                     encouraged                          managers to supply and efficiently
                                                                                           measure data

                                                                                           Program operating procedures are
                                                                                           reviewed as part of budget process
  2. Approved final budgets are properly entered       Budget vs. actual reports are       Budget and / or financial personnel
  into appropriate agency systems                      incorrect                           monitor budget revisions
                                                       Overspending occurs because         Final budget used for expenditure control
                                                       personnel are unaware of budget     is approved by budget and management
                                                       changes                             personnel


                                                                                           Operating personnel are informed of
                                                                                           changes
  3. Apportionments made by the budget office are      Expenditures not properly           Automated budget system is used to
  properly accounted for and reconciled with           controlled                          control apportionments
  overall appropriations                               Overspending may occur              Management reviews and approves actual
                                                                                           vs. budget reports

                                                       Proper expenditures delayed
                                                       because of incorrect reporting
  4. Budget reports are prepared accurately,       Management not properly informed        Automated budget system is used
  promptly and on a consistent basis that          of budget and actual performance
  adequately presents the information they purport
  to display
                                                     Incorrect management decisions        Budget and accounting systems are properly
                                                     made                                  interfaced

                                                     Budget approvals are "invalid"        Reporting procedures are defined and
                                                                                           communicated



BUDGET TRANSACTION CYCLE (Cont’d)

                                                     Risk Factors                          Actions/                                        Monitoring         Evaluation/Conclusion


                                                     Associated With                       Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
Objectives:                                          Objectives:                           Comments:
  1. Detail budget data is properly controlled and     Individual operations overspend       Approval of allocations in systems is
  accounted for and reconciled with final              or underspend                         performed by management
  appropriations                                                                              Automated transfer of final budget data to
                                                                                              accounting systems
  2. Access to critical budget forms, records,       Incorrect budget data and reports are Access to records, forms, etc., is physically
  system programs and processing procedures is       prepared                              restricted
  permitted only in accordance with laws,
  regulations and management’s policy




EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Procurement

                                                     Risk Factors                          Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                       Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                     Objectives:                           Comments:
  1. Purchases are authorized within budget limits     Unauthorized purchases               Maintain written policies and procedures
  and made in accordance with applicable laws,                                              for requisition, reviewing, and approving
  regulations and directives                                                                of all purchases


                                                       Purchases from unauthorized          Maintain updated vendor information
                                                       vendors

                                                       Purchases exceed budget limits       Establish procedures for adding to,
                                                                                            changing, or deleting from the data bases



                                                                                            Review budget limits prior to approval of
                                                                                            requisition requests

                                                                                            Access to ADPICS is controlled by user
                                                                                            classes/security profiles
  2. Appropriate prices are paid for goods and         Unauthorized prices may be paid      Obtain competitive bids for each
  services                                                                                  acquisition periodically
                                                                                            Document and enforce procedures for
                                                                                            review of long-term supply contracts prior
                                                                                            to execution


                                                                                            Consider volume purchases by
                                                                                            determining total usage of similar
                                                                                            materials; combine orders to obtain
                                                                                            volume discounts


                                                                                            Monitor material price variances
  3. Appropriate quantities are ordered at           Unavailable or inaccurate            Maintain accurate perpetual inventory
  appropriate times                                  information on inventory levels or   records
                                                     production needs                     Match periodic production schedules to
                                                                                          inventory information and order lead-time
                                                                                          requirements


                                                                                          Appropriate review of purchase orders



EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Procurement(Cont’d)
                                                     Risk Factors                          Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                       Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                     Objectives:                           Comments:
  1. Items that meet appropriate specification are     Inappropriate production              Review existing and revised specifications
  ordered                                              specification                         by technical personnel
                                                                                             Monitor and analyze production problems
                                                                                             related to material specifications



                                                                                             Communicate production specifications to
                                                                                             procurement personnel



                                                                                             Appropriate review and approval of
                                                                                             contracts and purchase orders
  2. Items ordered are received on a timely basis      Unavailable or inaccurate             Specify shipment mode and delivery date
                                                       information on items ordered but      on purchase orders
                                                       not received                          Prenumber and account for purchase
                                                                                             orders

                                                                                              Match receiving information with
                                                                                              purchase order and promptly follow
                                                                                              through on outstanding order
  3. Purchases and acquisitions are received and     Unauthorized goods or services        Establish central receiving location that is
  examined for acceptability                         received                              separate from shipping, purchasing, and
                                                                                           storing functions


                                                     Excessive quantities or incorrect     Prenumber purchase orders that are
                                                     items received                        preprinted with receiving location

                                                     Canceled or duplicated orders         Prepare a receiving document at the
                                                     received                              receiving location for each shipment
                                                                                           received


                                                     Receipt of goods or services with     Compare goods received to a copy of
                                                     unacceptable quality specifications   purchase order
EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Procurement (Cont’d)

                                                     Risk Factors                        Actions/                                      Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                     Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                       Controls, etc.):
                                                     Objectives:                         Comments:
  1. Authorized purchase orders are recorded           Purchase orders may be lost         Prenumber and account for purchase
  completely and accurately                                                                orders
  2. Unauthorized use of purchase orders are           Inadequate policies and             Prenumber and account for purchase
  prevented                                            procedures to prevent               orders
                                                       unauthorized use                    Maintain physical security of purchase
                                                                                           orders

                                                                                           Notify vendors of company personnel
                                                                                           authorized to approve purchase orders

  3. Disbursements are valid and properly approved     Unsupported disbursements           Perform pre-audits


                                                       Duplicate payments                  Review Receiving/Disbursement vouchers
                                                                                           and/or payment vouchers processed for
                                                                                           proof of preaudit and approval



                                                       Incorrect or improper payments      Confirm that disbursements are properly
                                                                                           supported with vendor’s invoice and are
                                                                                           reviewed and approved by management

  4. Disbursements are made on a timely basis        Untimely payments                   Perform pre-audits


                                                     Interest penalty on late payments   Review Receiving/Disbursement vouchers
                                                                                         and/or payment vouchers processed for proof
                                                                                         of preaudit and approval
                                                                                         Confirm that disbursements are properly
                                                                                         supported with vendor’s invoice and are
                                                                                         reviewed and approved




EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Disbursements

                                                     Risk Factors                        Actions/                                      Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                     Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                       Controls, etc.):
                                                     Objectives:                         Comments:
  1. Disbursements are authorized in accordance        Disbursements may be made to        Establish procedures for adding to,
  with laws, regulations and management’s policy       unauthorized vendors, and cash      changing or deleting from the data bases
                                                       may be intentionally or
                                                       unintentionally dispersed to an
                                                       unauthorized party                  Maintain a vendor master file


                                                                                           Randomly review disbursements


                                                                                           All disbursements are approved by
                                                                                           management
  2. Disbursements are valid and properly approved     Unauthorized disbursements          Written policies and procedures for
                                                                                           approving, processing and recording
                                                                                           assistance payments to other governmental
                                                                                           units and individuals


                                                       Inaccurate or improper payments     Perform pre-audit functions



                                                       Fraud                               All disbursements are approved by
                                                                                           management

                                                       Unsupported payments
  3. Disbursements are recorded promptly and        Disbursements may be made, but         Pre-numbered forms are used for all
  accurately to the appropriate account             never recorded or recorded             payment transactions, that they are in
                                                    inaccurately; this could result in     sequential order, and properly accounted
                                                    misstatement of inventory and          for
                                                    cost of sales or in unrecorded
                                                    liabilities


                                                    Untimely or inaccurate expense         Batch balancing, logging and hash totals
                                                    reports                                to provide reasonable assurance that all
                                                                                           receipts have been posted to master files
                                                                                           or otherwise accounted for

  4. Disbursements are within budget limits and in Payments may exceed budget limits     Periodic comparison of payments with
  accordance with applicable laws, regulations, and                                      payment vouchers processed
  agreements                                        Payments are not consistent with     Documented procedures for initiating,
                                                    terms of agreement                   reviewing, and approving payment
                                                                                         transactions


                                                  Payments may be made to ineligible
                                                  recipients



EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Disbursements (Cont’d)

                                                  Risk Factors                           Actions/                                      Monitoring         Evaluation/Conclusion


Objectives:                                       Associated With                        Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                       Controls, etc.):

                                                  Objectives:                            Comments:
  1. Disbursements are accurately and promptly      Input to general ledger accounts       Documented processing cutoff and period-
  classified, summarized and reported               may be incomplete                      end closing procedures
                                                    Input to general ledger accounts       Documented chart of accounts
                                                    may be inaccurate

                                                    Unauthorized, duplicated or            Comparison of actual results with planned
                                                    erroneous data may be entered in       results and analysis of variance
                                                    a summary
                                                     Timing problems may develop              Batch totaling and logging of input
                                                     (e.g. backlog of vouchers or             documents and reconciling batch totals to
                                                     disbursements may result in a            the total of the resulting check and
                                                     failure to record all liabilities in     voucher register
                                                     the proper period)



                                                     Reports may be inaccurate with           Maintenance of logs at receiving locations
                                                     respect to the classification of
                                                     transactions


                                                                                              Investigation of breaks in the numerical
                                                                                              sequence of critical forms submitted for
                                                                                              summarizing
  2. Recorded balances of disbursements and        Reports may not fairly present what      Policy statements, procedures manuals,
  related transaction activity, are periodically   they purport to display                  organization charts and/or other
  substantiated and evaluated                                                               documentation

                                                   Critical decisions may be based          Techniques used to detect errors and
                                                   upon erroneous information               omissions

                                                   Some errors and omissions in         Techniques used to provide reasonable
                                                   physical safeguarding, authorization assurance that recorded balances are
                                                   and transaction processing go        evaluated
                                                   undetected and uncorrected




EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Disbursements (Cont’d)

                                                   Risk Factors                             Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                        Associated With                          Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                 Objectives:                               Comments:
1. Access to disbursement records, processing      Records may be destroyed or lost;         Safe, locked cabinets, secure tape and disk
areas and processing procedures are permitted      this could result in an inability to      library and off-site backup storage for
only in accordance with management’s policy        prepare reliable financial and            records, computer files, and programs and
                                                   operating reports                         related documentation


                                                   Records may be misused or                 Controlled custody and prenumbering of
                                                   altered by unauthorized personnel         critical forms (e.g., blank checks,
                                                   to the detriment of the entity or its     purchase orders, signature plates, master
                                                   vendors                                   file change forms), including periodic
                                                                                             accounting for such forms by independent
                                                                                             personnel



                                                                                             Segregation of responsibilities and
                                                                                             restriction of access

                                                                                             Periodic internal compliance audit
2. Disbursements are summarized and classified   Financial statements may be               Written entity-wide coding instructions
in accordance with management’s plan             misstated due to one or more of the
                                                 following


                                                   Omission of selected registers or       Written procedures for requesting and
                                                   journals from the summarization         approving changes in the chart of accounts
                                                   made to support journal entries

                                                   Omission of a journal entry
                                                   Incorrect coding                        Assignment of responsibility for each
                                                                                           account balance to a particular individual in
                                                                                           the cycle
                                                   Duplicate journal entry
                                                   Improper cutoffs                        Analyze significant variances between actual
                                                                                           and planned account balances

                                                 Budgetary control over operations         Written closing procedures stating, by
                                                 may be weakened                           function, the sources to be used to prepare
                                                                                           journal entries, cutoffs to be observed,
                                                                                           accruals to be made and who is responsible
                                                                                           to do what
EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Accounts Payable/ Vouchers Payable

                                                       Risk Factors                           Actions/                                    Monitoring         Evaluation/Conclusion


Objectives:                                            Associated With                        Control Activities/                         (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                       Objectives:                            Comments:
  1. Invoices are recorded accurately on a timely        Missing documents or information       Prenumber and account for purchase
  basis for all accepted goods and services that                                                orders and receiving reports
  have been authorized and only for such purchases       Inaccurate input of data               Match invoice, receiving and purchase
                                                                                                order information and follow up on
                                                                                                missing or inconsistent information



                                                         Invalid accounts payable               Use of control totals or one-for-one
                                                         fraudulently created for               checking
                                                         unauthorized or non-existent
                                                         purchases


                                                                                                Restrict ability to modify data


                                                                                                Reconcile vendor statements to accounts
                                                                                                payable items
  2. All payables and other claims against the state     Inaccuracy of unrecorded               Document procedures for recording and
  are recorded properly and accurately                   liabilities                            estimating payables debt and other
                                                                                                liabilities


                                                         Inaccurate estimated liabilities       Document methods of estimating payables
                                                                                                and follow consistently year after



                                                         Over or understated liabilities at     Have internal auditor review estimated
                                                         year-end                               payable for accuracy and consistency
  3. Validity and clerical accuracy of claims is      Payments made for goods or           Verify invoiced quantities, prices, and
  ensured prior to payment                            services which were never            terms by reference to the purchase order
                                                      received                             and receiving reports and documentation
                                                                                           of verification
  4. Completeness and accuracy of accounts          Unauthorized input for nonexistent Reconcile accounts payable subsidiary
  payable is ensured                                returns and unauthorized addition to ledger with purchase and cash disbursement
                                                    accounts payable                     transactions



                                                                                        Resolve differences between the accounts
                                                                                        payable subsidiary ledger and accounts
                                                                                        payable control account



EXPENDITURE TRANSACTION CYCLE - NON PAYROLL


ACTIVITY/EVENT: Accounts Payable/ Vouchers Payable (Cont’d)

                                                    Risk Factors                        Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                         Associated With                     Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                        Controls, etc.):

                                                    Objectives:                         Comments:
  1. Debt and other long-term liabilities are         Unauthorized transactions            Transactions are authorized by the
  properly authorized, recorded and serviced in                                            management
  accordance with applicable laws and regulations     Duplicate payments                   Randomly review and analyze posting of
                                                                                           interest bearing debt accounts and other
                                                                                           liabilities for accuracy and timeliness



                                                      Unrecorded transactions
  2. Accounts payable records are safeguarded       Unauthorized access to accounts     Restrict access to accounts payable and files
                                                    payable records and stored data     used in processing payables




EXPENDITURE TRANSACTION CYCLE - NON PAYROLL
ACTIVITY/EVENT: Travel Expense Reporting

                                                    Risk Factors                          Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                         Associated With                       Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                    Objectives:                           Comments:
  1. Travel reimbursements and advances are           Unauthorized travel expense may       Document policies and procedures for
  provided for properly authorized travel             be incurred                           granting travel requests and processing
                                                                                            travel reimbursements and advances


                                                      Travel may occur when it is not       Perform pre-audit function
                                                      completely necessary
  2. Amounts paid are in accordance with              Inaccurate or improper meal and       Follow "Standardized Travel Regulations"
  applicable travel regulations                       lodging rates and mileage rate        issued by Civil Service and DMB



                                                      Ineligible expense may be             Original receipts are required for
                                                      reimbursed                            reimbursement

                                                      Expenses incurred may be              State policy and procedure sets maximum
                                                      excessive                             limits for certain expenses

  3. Travel advances and/or reimbursements are        Advances may be issued too far in     Document policies and procedures
  timely, properly approved and properly recorded     advance of actual occurrence of
  to the appropriate account                          expense


                                                      Travel advances may not be            Document chart of accounts
                                                      properly recorded as accounts
                                                      receivable


                                                      Unauthorized travel expense may       Document processing, cutoff and year-end
                                                      be reimbursed                         closing procedures

                                                      Expense report may not be filed       Perform validation tests to verify postings
                                                      promptly

                                                                                            Review error message report
                                                                                          Randomly review travel vouchers
                                                                                          processed for timeliness and proof of pre-
                                                                                          audit
  4. Travel vouchers payable system and records     Unauthorized individuals may access Access is restricted to approved personnel
  are safeguarded                                   the system                          and password protected




EXPENDITURE TRANSACTION CYCLE - PAYROLL


ACTIVITY/EVENT: Personnel/Payroll

                                                    Risk Factors                           Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                         Associated With                        Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                    Objectives:                            Comments:
  1. Personnel procedures are in compliance with      Management or supervisory              Require supervisory and management
  applicable laws, regulations and company            personnel are unaware of legal and     personnel to attend training on labor laws
  policies                                            regulatory requirements and            and regulations and company policies
                                                      company policies


                                                      Management or supervisory              Periodic review of policies and procedures
                                                      personnel ignore legal and             by legal counsel for compliance with
                                                      regulatory requirements or             applicable legal and regulatory
                                                      company policies                       requirements


                                                                                             Encourage personnel to report suspected
                                                                                             violations of law, regulations or company
                                                                                             policies


                                                                                             Take appropriate disciplinary actions for
                                                                                             violations of legal or regulatory
                                                                                             requirements
  2. Positions are identified, described and        Positions established could be         Formal procedures followed to request new
  classified in accordance with laws, regulations                                          positions
  and management’s policy                             In excess of need                    Personnel department independently
                                                                                           classifies position using acceptable
                                                                                           evaluation techniques
  2. Positions are identified, described and
  classified in accordance with laws, regulations
  and management’s policy



                                                        Improperly described
                                                                                             Management approves new positions
                                                      Personnel hired for positions may
                                                      not be properly qualified for actual
                                                      job


                                                      Payroll costs may be excessive
  1. The appointment, change and termination of         Employees are not properly             Personnel department responsible for
  all employees is authorized in accordance with        qualified                              recruiting and testing applicants
  current personnel regulations and management’s
  policy


                                                         Employees improperly or illegally    Supervisors interview or assist in selecting
                                                         hired                                new hires
  2. Adjustments to personnel records are             Incorrect or improper adjustments    Documented procedures for adjustments are
  authorized                                          made                                 followed
                                                                                             Employees are notified of adjustments



EXPENDITURE TRANSACTION CYCLE - PAYROLL


ACTIVITY/EVENT: Personnel/Payroll (Cont’d)

                                                      Risk Factors                           Actions/                                         Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                        Control Activities/                              (i.e., Test of     Comments:
                                                                                                                                              Controls, etc.):
                                                      Objectives:                            Comments:
  1. Compensation rates are in accordance with          Personnel are paid improperly          Compensation rates are established after
  current established rates and pay regulations and                                            proper review and evaluation of
  employee authorizations                                                                      responsibilities, competition for personnel,
                                                                                               budget constraints, etc.


                                                        Payroll costs are excessive            Compensation scales are made public



                                                        Payroll deductions are incorrect       Management approves compensation
                                                                                               levels
                                                        Employees are dissatisfied and
                                                        leave, causing unnecessary
                                                        turnover
  2. Personnel ceilings are strictly enforced           Organization has more employees       Periodically compare the number of
                                                        than needed to accomplish             employees on the payroll to the personnel
                                                        assigned duty                         ceiling


                                                        Fictitious employees may be           Verify that each position and employee
                                                        added to the payroll                  added is properly authorized

  3. Employment records are promptly, completely,       Fictitious employees may be           Access to employee files is physically
  and accurately established with proper safeguards     added to the payroll system           limited to authorized personnel
  against unauthorized access or preparation of         Employee files may be altered         All employee personnel and payroll
  fictitious records                                    without knowledge or consent          transactions are approved by authorized
                                                                                              personnel


                                                        Classified and/or confidential        Duties for processing personnel
                                                        information may be released           transactions and payroll transactions are
                                                        without authorization                 segregated
  4. Appropriate standards of conduct are             Employees do not adhere to the        Verify that the appropriate standards of
  communicated and enforced                           appropriate standards of conduct      conduct are enforced equally for all
                                                                                            employees


                                                                                            Each employee signs documentation
                                                                                            certifying that they have received the
                                                                                            handbook and acknowledge the rules and
                                                                                            regulations contained within



EXPENDITURE TRANSACTION CYCLE - PAYROLL


ACTIVITY/EVENT: Personnel/Payroll (Cont’d)

                                                      Risk Factors                          Actions/                                      Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                       Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                      Objectives:                           Comments:
  1. Sufficient number of appropriately qualified       Over-or underqualified candidates     Maintain appropriate candidate
  personnel are acquired                                may be hired                          identification, screening and hiring
                                                                                              practice
  1. Sufficient number of appropriately qualified      Over-or underqualified candidates      Maintain appropriate candidate
  personnel are acquired                               may be hired                           identification, screening and hiring
                                                                                              practice


                                                       Lack of awareness of entity’s          Maintain adequate job description and
                                                       current human resources                hiring criteria that can be used to measure
                                                                                              and compare candidates’ qualifications
                                                                                              with job requirement


                                                                                              Investigate and review potential
                                                                                              candidates inside the entity before
                                                                                              considering external candidates
  2. Employee turnover is maintained at an             Compensation and benefits are          Review and evaluate compensation and
  acceptable level                                     less than offered by other             benefits on a regular basis and compare
                                                       companies                              those offered by other companies within
                                                                                              the industry and within the local
                                                                                              geographical area


                                                       Employees may not feel their           Periodic, standardized performance
                                                       efforts are noticed or appreciated     evaluations and career counseling

  3. Personnel/payroll transactions are properly       Improper or incorrect entries to       Journal entries and general ledger
  authorized and prepared each period                  data bases made                        accounts are reviewed by supervisors
                                                       Reporting is incorrect                 Journal entries standardized


                                                       The general ledger is not              Reports issued of entries made
                                                       reconciled to payroll and other
                                                       records


                                                                                              Regular closing schedule followed
  4. Personnel/payroll transactions are accurately   Payrolls paid not properly reported    Accounting for payrolls paid is done
  and promptly classified, summarized and                                                   promptly
  reported                                                                                  All accounting entries verified to registers,
                                                                                            etc.

                                                                                            Costs compared to prior period and budget




EXPENDITURE TRANSACTION CYCLE - PAYROLL


ACTIVITY/EVENT: Personnel/Payroll (Cont’d)
                                                     Risk Factors                       Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                    Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                       Controls, etc.):
                                                     Objectives:                        Comments:
  1. Personnel/payroll transactions are accurately     Detail records disagree with       Detail records and accounts are regularly
  applied to proper records                            control accounts                   reconciled to control accounts
                                                       Errors are not corrected           Detail records are posted promptly


                                                       Incorrect reporting                Internal auditors verify reconciliation

  2. Personnel/payroll transactions are summarized     Payroll cast details incorrect     Journal entries reviewed by supervisors
  and classified in accordance with budget program
  and pay regulations                                  Program reporting incorrect        General ledger accounts reviewed by
                                                                                          supervisors

                                                       Reimbursements misstated           Reports issued of entries made


                                                       Management unaware of true         Regular closing schedule followed
                                                       costs

                                                                                          Costs compared to budgets
  3. Recorded balances of personnel data, and          Account balances are incorrect     Balances should be reported to supervisors
  related transactions activities are periodically                                        and management
  substantiated and evaluated                          Reporting of data is incorrect     Perform internal audit

  4. Access to and maintenance of personnel          Records lost, altered              Document management’s policy and
  records, critical forms, processing areas and                                         procedures
  processing procedures is permitted only in         Laws violated                      Physical controls in place
  accordance with laws, regulations and
  management policy
                                                     Incorrect data reported for        Documents are prenumbered
                                                     management or other staff

                                                                                        Reports are numbered




REVENUE TRANSACTION CYCLE
ACTIVITY/EVENT: Cash Receipts

                                                     Risk Factors                           Actions/                                         Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                        Control Activities/                              (i.e., Test of     Comments:
                                                                                                                                             Controls, etc.):
                                                     Objectives:                            Comments:
  1. Receipts are accepted from only those parties     Revenues may be received from          Clear statements of criteria
  authorized in accordance with laws, regulations      wrong parties
  and management’s policy                              Revenues may be recorded               Approved customer list, customer master
                                                       incorrectly                            file, and/or master file of charge customers



                                                       Violation of law or regulation may
                                                       occur
  2. Receipt processing procedures are established     Agencies may be reorganized and        Document procedures
  and maintained in accordance with laws,              personnel reassigned in ways that
  regulations and management’s policy                  reduce segregation of duties


                                                       Procedures may be implemented          Periodic verification of the required
                                                       that circumvent existing internal      management and user approvals of new
                                                       control techniques                     systems and procedures and changes in
                                                                                              systems, procedures and programs



                                                       Transactions may be processed
                                                       incorrectly by the wrong person

  3. Physical security safeguards maintained where Employee theft and collusion             Open mail and count cash in a central
  cash receipts are stored and processed                                                    location which can be observed by other
                                                                                            employees. Do not permit one employee to
                                                                                            handle transaction from beginning to end



                                                                                            Restrictively endorse all checks immediately
                                                                                            upon receipt

                                                                                            Separate mail opening and cash handling
                                                                                            from record keeping and depositing
REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Cash Receipts (Cont’d)

                                                   Risk Factors                          Actions/                                          Monitoring         Evaluation/Conclusion


Objectives:                                        Associated With                       Control Activities/                               (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                   Objectives:                           Comments:
  1. Accountability for cash items received is       Cash may be lost, misused or          Daily reconciliation of cash register tape
  established before cash can be misdirected         diverted resulting in an              totals to deposit slips
                                                     overstatement of accounts
                                                     receivable


                                                     Cash sales of merchandise may         Central mailroom that lists incoming cash
                                                     not be reported                       items for subsequent reconciliation to
                                                                                           deposits by an employee who is
                                                                                           independent of the cash receipts and
                                                                                           accounts receivable functions



                                                                                           Cash control techniques, such as
                                                                                           scheduled and frequent pickups of control
                                                                                           totals, prelisting and reporting of receipts,
                                                                                           required daily deposits, dual counting,
                                                                                           surprise counts, documented and verified
                                                                                           transfers of accountability



                                                                                           Segregation of duties between those who
                                                                                           handle and list cash receipts and those
                                                                                           responsible for posting to customer
                                                                                           accounts and general ledger accounts

  2. Cash receipts, check signing machine,           Unauthorized use of check signing     Keep undeposited receipts, check signing
  signature dies and blank, partially prepared,      machine                               machine, blank or voided checks in a safe
  mutilated and voided checks are protected from                                           or locked cabinet
  unauthorized use
  2. Cash receipts, check signing machine,            Unauthorized use of check signing     Keep undeposited receipts, check signing
  signature dies and blank, partially prepared,       machine                               machine, blank or voided checks in a safe
  mutilated and voided checks are protected from                                            or locked cabinet
  unauthorized use
                                                                                            Keys and safe combinations controlled by
                                                                                            authorized personnel

                                                                                            Use prenumbered receipt and
                                                                                            disbursement forms
  3. Receipts are recorded properly and timely and Receipts not recorded accurately or    Record cash receipts immediately
  deposited promptly                               deposited promptly
                                                                                          Deposit receipts daily



REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Cash Receipts (Cont’d)

                                                   Risk Factors                           Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                        Associated With                        Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                   Objectives:                            Comments:
  1. Cash items received are accurately and           Inputs to general ledger accounts     Documented processing, cutoff and period-
  promptly classified, summarized and reported        may be incomplete                     end closing procedures
                                                      Inputs to general ledger accounts     Documented charts of accounts
                                                      may be inaccurate

                                                      Unauthorized, duplicated or           Comparison of actual results with planned
                                                      erroneous data may be entered in      results and analysis of variances
                                                      a summary


                                                      Timing problem may develop            Periodic refooting of registers, journals
                                                                                            and reports

                                                      Reports may be inaccurate with        Batch totaling and logging of input
                                                      respect to the classification         documents and reconciling to the totals of
                                                                                            resulting register, journal, report or file
                                                                                            update


                                                                                            Review and follow-up on regular backlog
                                                                                            reports of unprocessed data, such as
                                                                                            invoice
  2. Receipts, collection on account and related     The detail posted to the subsidiary   Validation tests to verify postings e.g., key
  adjustments are accurately applied to the proper   ledger accounts or records may not    verification, check digits in customers’
  receivable accounts                                agree with the total activity that    account numbers and comparison of account
                                                     should be posted                      numbers to table of valid numbers



                                                     Detail activity may be incorrectly    Batching and reconciling input totals to
                                                     posted in the subsidiary ledger       processing totals and new balances
                                                                                           forwarded


                                                                                           Reconciling subsidiary accounts receivable
                                                                                           and sales ledger balances to general ledger
                                                                                           balances or other control totals on a regular
                                                                                           basis




REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Cash Receipts (Cont’d)

                                                     Risk Factors                          Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                       Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                     Objectives:                           Comments:
  1. Journal entries are prepared each accounting    Financial statements may not          Written chart of accounts containing a
  period for receipts and related adjustments        become available on a timely basis    description of each account



                                                     Financial statements may be           Written entity-wide coding instructions
                                                     misstated due to one or more of the
                                                     following:


                                                       Omissions of selected registers or Assignment of responsibility for each
                                                       journals for the summarizations    account balance to a particular individual in
                                                       made to support journal entries    the cycle

                                                       Omission of a journal entry
                                                        Incorrect coding                    Written closing procedures stating, by
                                                                                            function, the sources to be used to prepare
                                                                                            journal entries, cutoffs to be observed,
                                                                                            accruals to be made and who is responsible
                                                                                            to do what
                                                        Duplicate journal entries
                                                        Improper cutoffs


                                                      Budgetary control over operations
                                                      may be weakened
  1. Recorded balances of receipts and accounts       Reports may not fairly present what   Documented policy and procedure manuals,
  receivable, and related transaction activity, are   they purport to display               organization charts
  periodically substantiated and evaluated            Critical decisions may be based       Reconciliation of recorded balances and
                                                      upon erroneous information            activities with balances and activities
                                                                                            reported by custodians


                                                      Some errors and omissions in          Reconciliation of general ledger balances
                                                      physical safeguarding, authorization, with subsidiary ledger balances
                                                      and transaction processing may go
                                                      undetected and uncorrected



                                                                                            Periodic verification of activity reports with
                                                                                            underlying documentation



                                                                                            Periodic physical counts of cash and cash
                                                                                            items and reconciliation to recorded amounts




REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Cash Receipts (Cont’d)

                                                      Risk Factors                          Actions/                                         Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                       Control Activities/                              (i.e., Test of     Comments:
                                                                                                                                             Controls, etc.):
                                                      Objectives:                           Comments:
 1. Access to cash and cash items received is   Cash may be stolen, lost or   External storage is used (e.g., lockbox           Cash may be stolen, lost or
 permitted only in accordance with management’s temporarily diverted          services, banks, etc.)                            temporarily diverted
 criteria                                                                     Physical barriers (e.g., locked doors and
                                                                              cabinets and safes)

                                                                              Access restrictions (e.g., magnetic key
                                                                              devices, employee badges, sign-in logs)

                                                                              Detection and prevention devices (e.g., fire
                                                                              alarms, electronic sensing and monitoring
                                                                              devices, and security guards, detectives, etc.)



                                                                              Insurance and fidelity bonds


                                                                              Frequent collection and prompt storage of
                                                                              cash

                                                                              Restricted endorsement of all customer
                                                                              remittances by employee who opens mail



                                                                              Control of keys


                                                                              Review of any cash receipt items that, for
                                                                              one reason or another, are withheld from
                                                                              deposit

                                                                              Identification of specific individuals and
                                                                              specific locations authorized to receive cash



                                                                              Posting of customer receivable ledgers from
                                                                              cash receipts listings or remittance advices,
                                                                              not from cash items




REVENUE TRANSACTION CYCLE
ACTIVITY/EVENT: Cash Receipts (Cont’d)

                                                    Risk Factors                             Actions/                                          Monitoring         Evaluation/Conclusion


Objectives:                                         Associated With                          Control Activities/                               (i.e., Test of     Comments:
                                                                                                                                               Controls, etc.):
                                                    Objectives:                              Comments:
  1. Access to receipts and receivable records;      Records may be destroyed or lost;       Safes, lock cabinets, secure tape and disk
  critical forms; processing procedures is permitted this could result in                    library and off-site backup storage for
  only in accordance with management’s criteria                                              records, computer files and computer
                                                                                             programs and related documentation



                                                      An inability to prepare reliable       Controlled custody and prenumbering of
                                                      and/or timely financial and            critical forms including periodic accounting
                                                      operating reports or                   for those forms by independent personnel

                                                      An inability to realize asset values
                                                                                             Segregation of responsibilities and restriction
                                                                                             of access; for example
                                                    Records may be misused or altered
                                                    by unauthorized personnel to the
                                                    detriment of the entity or its
                                                    customers (e.g., receivable detail
                                                    records may be adjusted to cover a
                                                    misappropriation of customer
                                                    remittances)


                                                                                               Segregation of accounts receivable,
                                                                                               cashier and accounting activities
                                                    Computer programs may be altered           Denying access of cash receipts records to
                                                    by unauthorized persons                    those persons responsible for posting to
                                                                                               accounts receivable ledgers and the
                                                                                               general ledgers


                                                    Processing capabilities, particularly    Denying access to the accounts receivable
                                                    computer processing capabilities         ledgers to those who authorize extension of
                                                    may be lost, destroyed or altered by     credit or approve customer discounts, returns
                                                    unauthorized persons; this could         or allowances
                                                    result in
                                                        An inability to report               Segregation of the maintenance of accounts
                                                                                             receivable ledgers from preparation of sales
                                                                                             invoices or sales registers

                                                        Distortion of reported activities




REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Receivables

                                                      Risk Factors                           Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                        Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                             Controls, etc.):
                                                      Objectives:                            Comments:
  1. All receivables are recorded promptly and          Employee fraud and collusion           Establish procedures for recording and
  accurately                                                                                   processing of receivables
  2. All goods shipped are accurately billed in the     Missing documents or incorrect         Use standard shipping or contract terms
  proper period                                         information
                                                        Improper cutoff of shipment at the     Communicate nonstandard shipping or
                                                        end of a period                        contract terms to accounts receivable



                                                                                               Identify shipments as being before or after
                                                                                               period-end by means of a shipping log and
                                                                                               prenumbered shipping document

  3. Ability to determine and report sources and        Inaccurate recording of receivable     Periodic reconciliation of subsidiary
  age of receivables                                    and subsequent collections             ledgers and control accounts and
                                                                                               preparation of a receivables aging
                                                                                               schedule
  4. Continuous and timely attempts are made to         Improper year-end cutoffs              Verify that sufficient efforts have been
  collect receivable due                                                                       made to collect over-due receivables

  5. The portion of the receivable that may not be      Unauthorized write-off of              Periodic reconciliation of uncollectible’s
  collected are identified                              receivables                            status report
  5. The portion of the receivable that may not be       Unauthorized write-off of
  collected are identified                               receivables
                                                                                               Observe actual practices for procedural
                                                                                               compliance and document

  6. Accounts are turned over to the Department of       Uncollectible receivables not         Define procedures for collecting and
  Treasury at proper intervals                           written off or turned over to the     processing uncollectible receivables
                                                         Dept. of Treasury at proper
                                                         intervals
  7. Continued completeness and accuracy of            Unauthorized input for nonexistent    Reconcile accounts receivable subsidiary
  accounts receivable is ensured                       returned, allowances and write-offs   ledger with sale and cash receipt transactions



                                                                                             Resolve differences between the A/R
                                                                                             subsidiary ledger and control accounts



REVENUE TRANSACTION CYCLE


ACTIVITY/EVENT: Receivables (Cont’d)

                                                       Risk Factors                          Actions/                                         Monitoring         Evaluation/Conclusion


Objectives:                                            Associated With                       Control Activities/                              (i.e., Test of     Comments:
                                                                                                                                              Controls, etc.):
                                                       Objectives:                           Comments:
  1. All authorized sales returns and allowances are     Missing documents or incorrect        Authorize credit memos by individuals
  recorded accurately                                    information                           independent of accounts receivable
                                                                                               function


                                                         Inaccurate input of data              Prenumber and account for credit memos
                                                                                               and receiving documents

                                                                                               Match credit memos and receiving
                                                                                               documents and resolve unmatched items
                                                                                               by individuals independent of the
                                                                                               accounts receivable functions


                                                                                               Mail customer statements periodically and
                                                                                               investigate and resolve disputes or
                                                                                               inquiries by individuals independent of
                                                                                               the invoicing functions
  2. Accounts receivable records are safeguarded     Unauthorized access to accounts       Restrict access to accounts receivable files
                                                     receivable records and stored data    and data used in processing receivables




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: General Ledger

                                                     Risk Factors                          Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                       Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                     Objectives:                           Comments:
  1. All general ledger transactions are properly      The amounts recorded or adjusted      Supporting documentation for each
  valued                                               may not be at the proper amount       transaction is retained at the departmental
                                                                                             level


                                                                                             Agencies monitor their accounts for
                                                                                             proper recording and classification
  2. All general ledger transactions are for valid     Entered transactions and/or           Agencies have access to only their
  items                                                adjustments may not be proper         accounts on R*STARS and not the
                                                                                             accounts of other agencies


                                                                                             Agencies monitor their accounts for
                                                                                             proper recording and classification

                                                                                             Access to R*STARS is controlled by
                                                                                             security profiles, which restrict types of
                                                                                             transactions, by individuals
  3. General ledger entries and adjustments to the     Journal voucher adjustments           Access to R*STARS is controlled by
  accounting records or reclassifications are made     and/or reclassifications could be     security profiles, which restrict types of
  by authorized personnel                              made by an employee assigned          transactions, by individuals
                                                       incompatible functions
  3. General ledger entries and adjustments to the      Journal voucher adjustments
  accounting records or reclassifications are made      and/or reclassifications could be
  by authorized personnel                               made by an employee assigned
                                                        incompatible functions


                                                                                              Agencies monitor their accounts for
                                                                                              proper recording and classification
  4. General ledger entries or adjustments are to/for Journal voucher adjustments may       Journal voucher adjustments are not posted
  the correct accounts                                not be to/for the correct accounts    until an authorized agency employee enters
                                                                                            an action approval code


                                                     Agencies may reclassify expenditure Central agency is authorized to approve all
                                                     to other funds and circumvent the     large amount journal vouchers
                                                     budgetary process. There are no
                                                     controls to ensure this risk does not
                                                     occur



                                                                                            Agencies monitor their accounts for proper
                                                                                            recording and classification




GENERAL ACCOUNTING


ACTIVITY/EVENT: General Ledger (Cont’d)

                                                     Risk Factors                           Actions/                                     Monitoring         Evaluation/Conclusion


Objectives:                                          Associated With                        Control Activities/                          (i.e., Test of     Comments:
                                                                                                                                         Controls, etc.):
                                                     Objectives:                            Comments:
  1. When initiating recurring transactions ensure   Incomplete recurring transactions     R*STARS automated applications provide
  that spending is not in excess of funds            entries may lead to accounting errors system edits checks to insure data and
  appropriated by the legislature                                                          process integrity


                                                     Recurring transactions may not be      Responsible financial personnel reconcile
                                                     purged when they are no longer         balance sheet accounts
                                                     proper


                                                     Recurring transactions may be set up Recurring transactions must be approved by
                                                     without proper authorization         the chief Accountant of a department or
                                                                                          designate
GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Project Accounting

                                                      Risk Factors                         Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                      Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                      Objectives:                          Comments:
  1. Project is authorized in accordance with laws,     All projects may not be properly     Criteria for project approval and
  regulations and management’s policy                   authorized                           processing requirements for agency clearly
                                                        Resources wasted on unauthorized     defined
                                                        projects
  2. Project management procedures are established      Resources wasted on unauthorized     Defined procedures
  and maintained in accordance with                     projects
  management’s policy                                                                        Training


                                                                                             Audit review of procedures used
  3. Project results are in accordance with laws,       Project results achieved are not     Results compared to plans
  regulations and management’s policy and plan          authorized
                                                        Results are not achieved             Project periodically reviewed against
                                                        economically                         current needs

                                                        Fraud, waste and abuse
  4. Project procedures used to control, monitor        Excessive costs are incurred in      Forms designed to expedite processing
  and report project status are economical and          project
  efficient                                             Funds needed for project must be     Unnecessary clerical steps eliminated
                                                        used to pay for monitoring costs



                                                                                             Economy and efficiency audits performed
                                                                                            Costs of processing transactions
                                                                                            determined and reported
  5. Resources used in projects are reported            Resources improperly used           Defined procedures
  accurately and properly
                                                        Excessive costs are incurred
  6. Results of the project activities are reported     Research is wasted                  Timetables and project reporting
  accurately and promptly
                                                        Projects overrun time and costs     Assigned project manager responsibility

  7. Resources used are applied accurately to the     Resources improperly used           Reporting procedures and timetable defined
  proper detailed records
                                                      Incorrect decisions made




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Project Accounting (Cont’d)

                                                      Risk Factors                        Actions/                                         Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                     Control Activities/                              (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                      Objectives:                         Comments:
  1. Costs of resources used and the accounting         Project costs may be charged in     Reporting procedures and timetable
  distribution of those costs are computed and          excess of approved contracts or     defined
  reported accurately and promptly                      approved project budgets


                                                        Payments may be made for costs
                                                        not applicable to the projects

  2. Project activities are summarized and              Inaccurate and untimely reports     Reporting procedures and timetable
  classified in accordance with management’s plan                                           defined
                                                        Management makes incorrect          Quarterly project status reports are sent to
                                                        decisions                           user departments for review and approval

  3. Costs utilized are summarized, classified and      All project costs may not be        Project budgets are set and monitored by
  reported accurately and promptly                      recorded                            management
  3. Costs utilized are summarized, classified and
  reported accurately and promptly
                                                          Project costs may not be recorded     Expenditures for projects are monitored
                                                          at the proper amounts                 by Facilities, the user department and the
                                                                                                project architect/engineer on an on-going
                                                                                                basis



                                                          Expenditures not authorized for
                                                          the project may be charged to it

  4. Project status is periodically substantiated and     Projects are not performed as         Management reviews of status
  evaluated                                               authorized
                                                          Projects overrun costs and            Auditor General audits
                                                          deadlines

                                                                                                Project cost review by management
  5. Access to project materials is permitted only in Materials, reports, etc., lost or       Physical controls
  accordance with management’s policy                 misplaced
                                                        Improper use made of data




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Project Accounting (Cont’d)

                                                        Risk Factors                          Actions/                                       Monitoring         Evaluation/Conclusion


Objectives:                                             Associated With                       Control Activities/                            (i.e., Test of     Comments:
                                                                                                                                             Controls, etc.):
                                                        Objectives:                           Comments:
  1. Access to project records, forms, areas and          Materials, reports, etc., lost or     Physical control
  procedures are permitted only in accordance with        misplaced
  management’s policy                                     Improper use made of data
  2. Federal Government is billed timely and            Departments may bill the Federal     Annual budgets are set and monitored
  accurately for federally funded projects              Government for project costs that do through the budgetary process. Federal share
                                                        not qualify for federal funding      of projects are determined prior to the start
                                                                                             of the project
  2. Federal Government is billed timely and
  accurately for federally funded projects




                                                   All project costs may not be recorded Federal billings are generated by departments
                                                   and therefore not billed              based upon project financial information
                                                                                         accumulated, reviewed and approved by the
                                                                                         both the department and facilities



                                                   Departments may bill the Federal       Department receive and review project status
                                                   Government for project funding at      reports provided by OAS on a quarterly basis
                                                   inaccurate amounts



                                                   Departments may not bill the Federal Year-end reporting and closing instructions
                                                   Government for project               to department from DMB
                                                   reimbursement in a timely manner



                                                   Departments may not bill the Federal
                                                   Government for project
                                                   reimbursement in accordance with
                                                   regulatory policy



                                                   Departments may bill the Federal
                                                   Government for fraudulent project
                                                   costs




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Project Accounting (Cont’d)

                                                   Risk Factors                           Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                        Associated With                        Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                          Controls, etc.):
                                                   Objectives:                            Comments:
  1. Federal Government’s share of project costs   Only valid Federal share costs are     Project budgets are set prior to the start of
  are calculated accurately and billed timely      billed                                 the project
  1. Federal Government’s share of project costs
  are calculated accurately and billed timely
                                                        All Federal reimbursable costs are       Management monitors project costs and
                                                        recorded                                 Federal reimbursements

                                                        All Federal reimbursable costs are       Automated billing system computes Federal
                                                        recorded at the proper amounts           share of project cost based upon a
                                                                                                 predetermined formula or agreement



                                                        All Federal reimbursable costs are
                                                        billed on a timely basis

                                                        All federal billings are in accordance
                                                        with Federal guidelines




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Grant Accounting

                                                        Risk Factors                             Actions/                                      Monitoring         Evaluation/Conclusion


Objectives:                                             Associated With                          Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                               Controls, etc.):
                                                        Objectives:                              Comments:
  1. Distribution formulas are reviewed annually to       Lack of maintenance of the factors       Verify that annual review of distribution
  verify formula is in accordance with the                used in distribution formulas for        formula is performed by the grantor
  federal/state laws, grantees needs, and eligibility     entitlement grants



                                                          Lack of understanding of
                                                          relationships between grant
                                                          factors and eligibility for grant
                                                          would effect equally distribution
                                                          of the grant monies
  2. Grants recipients are eligible to receive grants     Grantees program eligibility            Eligibility requirements are written in
                                                          requirements are not sufficiently       terms that expected beneficiaries and other
                                                          detailed to ensure that the             interested parties can easily understand
                                                          program beneficiaries and other
                                                          interested parties don’t understand
                                                          the qualifications to obtain
                                                          prescribed benefits


                                                                                                  Standard application forms that contain all
                                                                                                  the eligibility requirements

  3. Grant awards are approved at the appropriate     Lack of proper authorization                Verify that grantees are approved at the
  level                                                                                           appropriate management level
  4. Grant award contract specify that grantees are Grant funds are not properly                Review contract provisions for completeness
  required to submit periodic budgets and financial accounted for or distributed by the
  reports to the grantor                            grantee                                     Verify that grantees are submitting required
                                                                                                reports in a timely manner

                                                                                                Review documentation supporting the
                                                                                                review and evaluation of the budget and
                                                                                                financial reports by the grantor




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Grant Accounting (Cont’d)

                                                        Risk Factors                            Actions/                                        Monitoring   Evaluation/Conclusion
Objectives:                                            Associated With                       Control Activities/                           (i.e., Test of     Comments:
                                                                                                                                           Controls, etc.):
                                                       Objectives:                           Comments:
  1. Grantees are in compliance, through grant           Irregularities could occur in the     Verify that the grant award contracts
  award contract, with state and federal                 grantee procurement process           require the grantee to comply with
  procurement regulations                                                                      procurement regulations


                                                         Loss of federal funding due to        Review grantee procurement process to
                                                         noncompliance with regulations        verify that the grantee is in compliance
                                                                                               with all regulations
  2. Cost allocation plans and overhead rates are        Grant expensed may be over-           Require the grantee to submit copies of
  maintained                                             reported to the grantor               cost allocation plans and overhead rate
                                                                                               computations on an annual basis

                                                         Financial statements provided by      Evaluate the basis for the rate
                                                         the grantee may not be                computations and cost allocation
                                                         representative of the actual cost
                                                         activity
  3. Government financed property and equipment          Conversion of property and            Require the grantee to maintain proper
  are properly maintained, safeguarded, and              equipment for personal use            safeguards over government financed
  accounted for                                                                                property and equipment
  4. The distribution of costs to accounts are           Unreported expenditure                Mangement review of reports
  periodically reviewed and evaluated
                                                         Unspent funds                         Grant manager review of financial reports



                                                         Overspending against budget           Auditor General audits
  5. Recorded data is periodically substantiated and     See above                             Cerification of reports by supervisors
  evaluated
                                                                                               Auditor Generals audits
  6. Resources used, program results and related       Unreported expenditure                Defined recording procedures and records
  adjustments are accurately applied to the proper
  records                                              Unspent funds                         Reconciliation of independent systems and
                                                                                             records

                                                       Overspending against budget           Review of reports by management


                                                                                             Trained personnel
GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Fixed Asset Accounting

                                                      Risk Factors                              Actions/                                    Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                           Control Activities/                         (i.e., Test of     Comments:
                                                                                                                                            Controls, etc.):
                                                      Objectives:                               Comments:
  1. Sources of assets are authorized in accordance     The management may be subject             Clear statements of criteria, including
  with laws, regulations and management’s policy        to violations of budgetary,               documentation of sources of assets
                                                        appropriation or legislative
                                                        limitations
  2. The amounts, timing and conditions of              The agency may fail to comply             Clear statements of criteria
  transactions is authorized in accordance with         with laws or regulation; this could
  laws, regulations and management’s policy             affect not only the financial
                                                        statement classification of its asset
                                                        but its overall operating policies



                                                        Unauthorized transactions may             Transactions are authorized by senior
                                                        occur                                     management

                                                         Unrecorded transactions may
                                                         occur
  3. Asset management procedures are established      Agencies may be reorganized and           Clear statements of procedures. e.g.,
  and maintained in accordance with                   personnel reassigned in ways that
  management’s policy                                 reduce segregation of duties


                                                      Procedures may be implemented that          Policy manuals
                                                      circumvented existing internal
                                                      control techniques

                                                                                                  Procedure manuals
                                                      Computer programs may be                    Training routines
                                                      modified to circumvent controls, to
                                                      change accounting policies, or to
                                                      reduce safeguard over assets

                                                                                                  Supervisory requirements
                                             Transactions may be processed           Systems and program documentation
                                             incorrectly by the wrong person



                                                                                  Periodic verification of the required
                                                                                  management and user approvals

                                                                                  Periodic verification of required supervisory
                                                                                  approvals for reassignments of
                                                                                  responsibilities


                                                                                  Periodic comparison of actual processing
                                                                                  procedures with documentation and
                                                                                  authorization



GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Fixed Asset Accounting (Cont’d)

                                             Risk Factors                         Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                  Associated With                      Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                  Controls, etc.):
                                             Objectives:                          Comments:
  1. Fixed assets transfers, acquisitions,   Acquisition documents may be lost    Prenumber individual capital expenditure
  dispositions and related depreciation is   or otherwise not communicated to     authorizations and investigate missing
  completely and accurately recorded         proper personnel                     documents



                                             Acquired assets may not be           Route copy of purchase orders for capital
                                             adequately described                 expenditures to personnel who process fixed
                                                                                  assets; investigate purchase orders not
                                                                                  matched with receiving documentation after
                                                                                  anticipated receipt date



                                             Asset disposals or transfers may not Reconcile fixed asset additions with capital
                                             be communicated to proper            expenditure authorizations
                                             personnel
                                                      Incorrect depreciation lives or   Dispose of or transfer fixed assets only with
                                                      methods may be used               proper authorization, a copy of which is
                                                                                        provided to appropriate personnel



                                                                                        Prenumber fixed asset disposal and transfer
                                                                                        authorization forms and investigate missing
                                                                                        documents


                                                                                        Count fixed assets periodically, reconcile
                                                                                        count with fixed asset records and
                                                                                        investigate difference


                                                                                        Establish policies regarding depreciation
                                                                                        lives and methods, communicate them to
                                                                                        appropriate personnel



                                                                                        Review depreciation detail for accuracy and
                                                                                        compliance with policies



GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Fixed Asset Accounting (Cont’d)

                                                      Risk Factors                      Actions/                                        Monitoring         Evaluation/Conclusion


Objectives:                                           Associated With                   Control Activities/                             (i.e., Test of     Comments:
                                                                                                                                        Controls, etc.):
                                                      Objectives:                       Comments:
  1. Only those requests to buy or sell assets that     The agency may fail to comply     Clear statements of criteria, including
  meet laws, regulations and management’s policy        with laws or regulation           documentation of sources of assets
  are approved                                          The management may be subject     Transactions are authorized by senior
                                                        to violations of budgetary,       management
                                                        appropriation or legislative
                                                        limitations


                                                        Unauthorized transactions may
                                                        occur
                                                         Unrecorded transactions may
                                                         occur
  2. Journal entries for assets acquired and retired, Reports may not become available    Written chart of accounts containing a
  and related adjustments, are prepared and posted on a timely basis                      description of each account
  each accounting period                              Reports may be misstated due to one Written entitywide coding instructions
                                                      or more of the following



                                                         omission of selected registers and Assignment of responsibility for each
                                                         journals                           account balance to a particular individual in
                                                                                            the cycle
                                                         Omission of journal entry
                                                         Incorrect coding                   Budgeting and reporting according to the
                                                                                            same chart of accounts, and analysis of
                                                                                            significant variances between actual and
                                                                                            planned account balances

                                                         Duplicate journal entries
                                                         Improper cutoffs                   Written cutoff and closing schedules


                                                    Budgetary control over operations
                                                    may be weakened
  1. Detailed subsidiary records are maintained for Inaccurate recording                    Perform periodic reconciliation of subsidiary
  individual assets and reconciled periodically to                                          accounts to control accounts
  control accounts




GENERAL ACCOUNTING TRANSACTION CYCLE


ACTIVITY/EVENT: Fixed Asset Accounting (Cont’d)

                                                       Risk Factors                         Actions/                                                        Monitoring                        Evaluation/Conclusion


Objectives:                                            Associated With                      Control Activities/                                             (i.e., Test of Controls, etc.):   Comments:
                                                       Objectives:                          Comments:
  1. The existence and condition of fixed assets are     Over or understatement of assets at year end                                       Document physical inventory count
  periodically verified
1. The existence and condition of fixed assets are     Over or understatement of assets at year end
periodically verified
                                                                                                                         Verify that physical inventory count of fixed assets
                                                                                                                         is performed annually in accordance with the
                                                                                                                         administrative and accounting manual
2. Physical security safeguards are maintained         Assets may be stolen, lost, destroyed or temporarily diverted     Restrict access to facilities during non-working
where assets are stored                                                                                                  hours

                                                                                                                         Affix an identification plate and number to office
                                                                                                                         furniture and fixtures, equipment and other
                                                                                                                         portable fixed assets


                                                                                                                         Develop, implement and communicate
                                                                                                                         safeguarding policies
3. Changes in values, where required by generally      The balances in asset accounts may be misstated                   Documented procedures for periodic comparisions
accepted governmental accounting principles, are                                                                         of recorded values with market values
computed accurately and recognized promptly


                                                                                                                         Review of changes in values by an individual who
                                                                                                                         did not participate in the initial determinations



                                                                                                                         Utilization of outside services to report changes in
                                                                                                                         market values
4. Retirement or dispositions of assets to           Receivables and payables may not be reported                      Defined procedures
outsiders are accurately and promptly reported
                                                     Assets may be lost or stolen                                      Reporting forms


                                                                                                                       Periodic inventories


                                                                                                                       Auditor General audits of retirement




                                                                Department of Management & Budget
                        Evaluation of Internal Accounting and Administrative Control Structure (IAAACS) In Effect During the Year Ended 9/30/04
                               RISK ASSESSMENT AND CONTROL ACTIVITIES WORKSHEET
                                    (Financial/Accounting Transaction Cycles)




FINANCIAL/ACCOUNTING
TRANSACTION CYCLES - Overall
Conclusion/Control System
Strengths and Weaknesses
I certify that this evaluation of the IAAACS (FINANCIAL/ACCOUNTING TRANSACTION CYCLES) in effect during the year ended 9/30/04 has been conducted in
a reasonable and prudent manner, and I concur with the conclusions documented above as a result of this evaluation.

______________________________________________________________________

Agency Director Signature   Date

								
To top