Docstoc

Suggestion Justification Order Form

Document Sample
Suggestion Justification Order Form Powered By Docstoc
					Instructions for completing forms

 Below are quick start instructions; more detailed instructions are included in the Risk Assessment Instructions.
 Use the list below to fill out information in each column
 An example of a completed risk assessment will be posted on the DFA - Internal Audit Website by July 31, 2007

    Column #

        1              F = Financial Objective, O = Operational Objective, C = Compliance Objective & Fr = Fraud Objective

                       Step One:
        2              List all operational, financial reporting, compliance and fraud objectives associated with the activity.

                       Step Two:
                       List all identified risks to the achievement of each objective. Consider both internal and external risk factors. For each
        3
                       objective, several different risks can be identified.

                       Step Three:
                       For each risk, estimate the potential impact on operations, financial reporting or compliance with laws and regulations
        4              assuming that the risk occurs. This rating is without consideration of existing controls. Consider both quantitative and
                       qualitative costs. Use Large, Moderate or Small.

                       For each risk, assess the likelihood of the risk occurring. This rating in without consideration of existing controls. Use
        5
                       Probable, Reasonably Possible, or Remote. Alternatively use High, Medium or Low.

                       Step Four:
                       For each risk with an impact greater than small or a likelihood greater than Remote (low), list the actual controls
                       currently in place to mitigate the risk to an acceptable level and the control activities that help ensure that those actions
        6
                       are carried out properly and in a timely manner. For risks with an impact of small and a remote (low) likelihood, no
                       controls need to be listed.

                       Management should indicate whether the listed control activities are sufficient to mitigate the risk to an acceptable level.
        7
                       Use "S" for Sufficient or "NS" for Not Sufficient.

                       For those controls listed as "NS" in column #7, a corrective action plan that includes both the new or additonal control
        8              activity needed to mitigate the risk to an acceptable level and an anticipated implementation date for implementing the new
                       or additional control activity.

                       If no cost efficient control was identified, then include the following statement in column #8 " Management has not
                       identified any control activities that would be cost efficient to implement in order to mitigate the risk to an acceptable level;
                       therefore, we accept the risk that the stated objective may not be achieved."

                       Step Five:
    Bottom of sheet    Check the approriate statement(s) at the bottom of the sheet regarding management's conclusion about the effectiveness
                       of the existing contol system.




Tips for Spreadsheet
    COMPLETE ONE EXCEL SPREADSHEET FOR EACH operational unit.
      Name the tabs at the bottom using the operational unit name.

    If you enter the information on the top of one spreadsheet (Agency, prepared by, etc), you can copy the first page to other
    sheets in the same Excel Spreadsheet.
        To copy the worksheet, highlight the entire worksheet, hit "copy", then go to the next sheet and hit "paste."

    When completing information in the Objectives and Actions, try to "copy" then delete, rather than "cut and paste". This
    should save time. If you cut and paste, you cut the lines around the box also.

    The columns were set to wrap text. If you typed information in a cell, but can not read it, you may need to increase the
    height of the cell. You may also want to check in the formatting, and click on wrap text again. (Format-- format
    cells- alignment tabs, and check WRAP TEXT box again)

    "Delete" any extra unused rows on the worksheet.
    "Insert" rows if you need more space

    For printing, on page setup in " preview", the page was set to print on two pages on landscape.
                                                                      Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                         Prepared By:

Activity:     Service Bureau (SB) Data Process/ Invoices and Cash Receipts                                      Date Prepared:


                                                                                        Risk Assessment                                                        Actions to Manage Risks/                                                                   Corrective Action Plan
 Objective                                                                                         Significance /                                                                                                             Mgmt
   Type                        Objectives                                      Risks                  Impact         Likelihood                                     Control Activities                                      Conclusion               New or Additional Control Activity

     (1)                            (2)                                         (3)                      (4)             (5)                                                (6)                                                (7)                                  (8)
                                                                                                                                                                          Legend
                                                                                                                                   Blue type are tasks currently performed by Service Bureau
                                                                                                                                   Black type is a control that is performed by AASIS
                                                                                                                                   Purple type is a control performed by State Treasurer
                                                                                                                                   Green type task should be performed by Agency
                                                                                                                                   Red type is suggestions and comments.

  F, Fr, C    Service Bureau processes and posts                Improperly keyed documents are                                     The SB employees (Position titles) review FI0001 for completeness before
              accurate, reliable and complete data for direct   posted to AASIS.                                                   entering any data into AASIS
              invoice processing.
                                                                                                                                   There is segregation between the park and post transaction. The park transaction
                                                                                                                                   employee (Position title) keys the invoice and verifies document was entered
                                                                                                                                   correctly through simulation.

                                                                                                                                   The post transaction employee (Position title) is given the FI0001 invoice to verify
                                                                                                                                   document was entered accurately before the transaction is posted.

                                                                                                                                   (Position title) agrees all transactions posted to AASIS to original invoice to ensure
                                                                                                                                   accuracy of postings.

                                                                Transactions are lost or not posted                                The Agency (position title) has a log to track all FI0001 sent to the SB and tracks
                                                                to AASIS.                                                          the invoices through to posting. (Position title) verifies that the invoice was
                                                                                                                                   recorded in AASIS.

                                                                Transaction are posted to AASIS                                    AASIS Controls prevent the posting of a document that exceeds available cash or
                                                                that exceed budget or there is                                     budget. Include controls used to monitor available funds.
                                                                insufficient cash.

                                                                An unauthorized invoice is posted                                  The agency has an invoice approval process in place. (Position title) reviews and
                                                                to AASIS.                                                          approves all invoices before submitting document to Service Bureau.

                                                                                                                                   The Board of the Agency reviews all reports compiled by the SB. Include
                                                                                                                                   information regarding the frequency of the board meetings and the documentation
                                                                                                                                   that is retained. For example, a motion is made to approve the documents which
                                                                                                                                   is then noted in the minutes.

  F, Fr, C    Service Bureau processes and posts                Improperly keyed documents are                                     The SB employee reviews FI0003 for completeness before entering any data into
              accurate, reliable and complete data for          posted to AASIS.                                                   AASIS
              purchase order invoice processing.
                                                                                                                                   The SB employee enters the transaction MIRO which compares the invoice to the
                                                                                                                                   PO that was entered in the Material Module by Office of State Procurement.

                                                                                                                                   Material codes are directly linked to expenses codes in the general ledger which
                                                                                                                                   helps to ensure that correct g/l accounts are used.

                                                                Improperly keyed documents are                                     The Agency/Board (Position title) agrees all transactions posted to AASIS to
                                                                posted to AASIS. - continued                                       original invoice to ensure accuracy of postings.

                                                                                                                                   The Agency (position title) has a log to track all FI0001 sent to the SB and tracks
                                                                                                                                   the invoices through to posting. (Position title) verifies that the invoice was
                                                                                                                                   recorded in AASIS.

                                                                Transaction are posted to AASIS                                    AASIS Controls prevent the posting of a document that exceeds available cash or
                                                                that exceed budget or there is                                     budget.
                                                                insufficient cash.



                                                                                                                                                                                                                                         C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                    Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                        Prepared By:

Activity:     Service Bureau (SB) Data Process/ Invoices and Cash Receipts                                     Date Prepared:


                                                                                       Risk Assessment                                                        Actions to Manage Risks/                                                                 Corrective Action Plan
 Objective                                                                                        Significance /                                                                                                           Mgmt
   Type                         Objectives                                  Risks                    Impact         Likelihood                                       Control Activities                                  Conclusion               New or Additional Control Activity
  F, Fr, C    Service Bureau processes and posts              An unauthorized invoice is posted                                   The Agency has an invoice approval process in place that includes monitoring.
              accurate, reliable and complete data for        to AASIS.                                                           This control should include the position title of the person that processes the
              purchase order invoice processing. -                                                                                invoice and the position title of the person who approves/posts the invoice.
              Continued

                                                                                                                                  The Board of the Agency reviews all reports compiled by the Service Bureau.
                                                                                                                                  Information about the frequency of the board meetings and that the board has
                                                                                                                                  reviewed and approved the expenditures should be included.

     F        Service Bureau processes and posts              Improperly keyed receipts are                                       The SB employees review Deposit Form for completeness before entering any
              accurate, reliable and complete data for        posted to AASIS.                                                    data into AASIS
              receipts processing.
                                                                                                                                  The Service Bureau employee keys the information into AASIS and does a
                                                                                                                                  simulation to verify accuracy of information keyed. Then the employee parks the
                                                                                                                                  transaction.

                                                                                                                                  The post transaction employee is given the deposit form to verify document was
                                                                                                                                  entered accurately before the transaction is posted.

                                                                                                                                  The Agency/Board (position title)agrees all transactions posted to AASIS to
                                                                                                                                  original deposit information to ensure accuracy of postings.

                                                                                                                                  The Agency (position title) has a log to track all deposit forms sent to the SB and
                                                                                                                                  tracks the deposit through to posting.

                                                              Receipts are not entered into                                       The State Treasury will not receipt cash/checks if the Revenue Receipt is not
                                                              AASIS in a timely manner.                                           printed from AASIS or does not match exactly.

                                                                                                                                  Bank Reconciliations are performed monthly

                                                                                                                                  Agency can not make payments if there is not sufficient cash.

                                                                                                                                  Board reviews the financial information supplied by the Service Bureau. Include
                                                                                                                                  the frequency of the board meetings and whether the Board approves cash
                                                                                                                                  receipts reports.

    F, Fr     Revenue is accurately stated                    Receipts may not be deposited into                                  Board reviews the financial information supplied by the Service Bureau. Include
                                                              the Agency's accounts.                                              the frequency of the board meetings and whether the Board approves cash
                                                                                                                                  receipts reports.

                                                                                                                                  The cash receipting is performed by (position title) , and the issuing of license is
                                                                                                                                  performed by (position title). If the Director or Board reconciles the licenses to a
                                                                                                                                  cash receipts report, this should be included.

    F, Fr     Service Bureau processes and posts              Information submitted by Agency to                                  Agency should included actual control. If the 2005 recommendation to have bank
              accurate, reliable and complete data for bank   Service Bureau does not accurately                                  statements mailed directly to SB was implemented it should be included here.
              reconciliations of Non Treasury accounts        reflect underlying transactions.


                                                              Transaction are posted to AASIS                                     Agency should have process in place to monitor available funds and budget to
                                                              that exceed budget or there is                                      prevent expenditures in Non Treasury account from exceeding budget or available
                                                              insufficient cash.                                                  cash.

    F, Fr     Service Bureau processes and posts              Improperly keyed AJEs are posted                                    The Service Bureau employees review AJE for completeness before entering any
              accurate, reliable and complete data for        to AASIS.                                                           data into AASIS
              AJEs.




                                                                                                                                                                                                                                      C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                           Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                Prepared By:

Activity:       Service Bureau (SB) Data Process/ Invoices and Cash Receipts                                           Date Prepared:


                                                                                               Risk Assessment                                                        Actions to Manage Risks/                                                               Corrective Action Plan
 Objective                                                                                                Significance /                                                                                                         Mgmt
   Type                            Objectives                                       Risks                    Impact         Likelihood                                   Control Activities                                    Conclusion               New or Additional Control Activity
                                                                                                                                          There is segregation between the park and post transaction. The park transaction
                                                                                                                                          employee keys the AJE and verify document was entered correctly after
                                                                                                                                          simulation

    F, Fr       Service Bureau processes and posts                  Improperly keyed AJEs are posted                                      The post transaction employee is given the AJE to verify document was entered
                accurate, reliable and complete data for            to AASIS.- continued                                                  accurately before the transaction is posted.
                AJEs.- continued

                                                                                                                                          If AJE changes appropriation or fund then the Office of Accounting - Funds
                                                                                                                                          Management must posted the AJE.

                                                                                                                                          The Agency/Board (position title) agrees all transactions posted to AASIS to
                                                                                                                                          original AJE supporting documentation to ensure accuracy of postings.

                                                                                                                                          The Agency (position title) has a log to track all AJEs sent to the Service Bureau
                                                                                                                                          and tracks the AJEs through to posting.

                                                                    An unauthorized AJE is posted to                                      The Agency (position title) has an AJE approval process in place that includes
                                                                    AASIS.                                                                monitoring. In addition, financial statements should be approved by the Director
                                                                                                                                          or the Board.

                                                                                                                                          The Board of the Agency reviews all reports compiled by the Service Bureau.
                                                                                                                                          Include the frequency of the board meetings and whether the approval of reports
                                                                                                                                          is noted in the minutes.

Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s), except for the control activities listed as not sufficient in
column #7. The new or additional control activities needed to mitigate the identified risk to an
acceptable level are included as the corrective action plan in column #8. The corrective action will
be sufficient to mitigate the risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a
reasonable basis for achieving the stated objective(s). Management has not identified any control
activities that would be cost efficient to implement in order to mitigate the risk to an acceptable level;
therefore, we accept the risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                                                                            C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                      Risk Assessment and Control Activities Worksheet
Agency

Department:          Administrative                                                                                                   Prepared By:

Activity:            Procurement                                                                                                     Date Prepared:


                                                                                                          Risk Assessment                                                              Actions to Manage Risks/                                                                       Corrective Action Plan
                                                                                                                    Significance /                                                                                                                     Mgmt
Objective Type                           Objectives                                         Risks                      Impact          Likelihood                                          Control Activities                                        Conclusion                  New or Additional Control Activity

       (1)                                    (2)                                             (3)                         (4)             (5)                                                      (6)                                                  (7)                                     (8)

   F, C, Fr, O       Efficient use of budget to meet expectation of         Employees are not aware of their                                          Employee receives a copy of the policies and procedures for procurement and
                     citizens of Arkansas (alternatives to citizens is      responsibility to ensure efficient use                                    acknowledges receipt and understanding in writing which is kept in employee's personnel
                     membership or clients)                                 of funds                                                                  file.

                                                                                                                                                      Staff meetings are conducted periodically to communicate procedures or clarify
                                                                                                                                                      procedures.

                                                                            Liabilities are not recorded in the                                       The agency establishes year end procedures for purchasing and employees are aware of
                                                                            appropriate fiscal year                                                   those procedures and their responsibility to ensure that the procedures have been
                                                                                                                                                      followed. Add the exact control, such as requiring all purchases for the fiscal year must be
                                                                                                                                                      submitted no later than May 1.

                                                                                                                                                      The CFO and Agency Director (or appropriate level of Mgt) affirm, in writing, that year end
                                                                                                                                                      procedures for cut-off have been followed. In the case of a one-employee agency, the
                                                                                                                                                      report should be reviewed and signed by the Board President and Treasurer.

                                                                            Arkansas Procurement Laws are                                             The agency's purchasing official (position title) is knowledgeable about Arkansas
                                                                            violated                                                                  procurement law. The control should include any training provided.
                                                                                                                                                      The agency only utilizes vendors from the approved vendor master list.


                                                                            Insufficient legislative authorization                                    Before a purchase order is released, the purchasing official (position title) reviews
                                                                            for expenditures                                                          available budget to ensure there are funds available for the expenditure.

                                                                            Unauthorized purchases                                                    Only approved purchase orders are released to vendors. The (position title) reviews the
                                                                                                                                                      purchase order with supporting justification and signs and dates authorized purchases. If
                                                                                                                                                      the Board reviews and approves purchase orders, this should be included.

                                                                            Disbursements made before goods                                           (Position title) matches packing slip to goods received and to original purchase order and
                                                                            are received                                                              initial and dates. For commercial bank account disbursements, the forms are sent to
                                                                                                                                                      accounts payable. For Treasury accounts, the SB is notified to MIGO the invoice.

                                                                            Goods received does not agree                                             (Position title) matches packing slip to goods received and original purchase order; initial
                                                                            with purchase order                                                       and dates packing slip.

                                                                            Quantities received does not agree                                        (Position title) matches packing slip to goods received and original purchase order; initial
                                                                            with quantity ordered                                                     and dates packing slip.

                                                                            Unit price does not agree with                                            (Position title) matches packing slip to goods received and original purchase order; initial
                                                                            purchase order                                                            and dates packing slip.



Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.


                                                                                                                                                                                                                                                                  C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                     Risk Assessment and Control Activities Worksheet
Agency

Department:          Administrative                                                                                                 Prepared By:

Activity:            Procurement                                                                                                   Date Prepared:


                                                                                                        Risk Assessment                             Actions to Manage Risks/                                    Corrective Action Plan
                                                                                                                  Significance /                                                 Mgmt
Objective Type                           Objectives                                        Risks                     Impact          Likelihood        Control Activities      Conclusion                  New or Additional Control Activity

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                            C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                          Risk Assessment and Control Activities Worksheet
Agency

Department:   Administrative                                                                                          Prepared By:

Activity:     Agency cash receipting                                                                                 Date Prepared:


                                                                                          Risk Assessment                                                               Actions to Manage Risks/                                                                        Corective Action Plan
 Objective                                                                                          Significance /                                                                                                                     Mgmt
   Type                         Objectives                                      Risks                  Impact          Likelihood                                           Control Activities                                       Conclusion                   New or Additional Control Activity

     (1)                             (2)                                         (3)                      (4)              (5)                                                     (6)                                                  (7)                                      (8)

F, Fr, O, C   Funds received are accurately recorded and         Employees are not aware of their                                     Employee receives a copy of the policies and procedures for cash receipting and
              deposited timely to ensure their use is for        responsibility to ensure integrity                                   acknowledges receipt and understanding in writing which is also kept in employee's
              purpose intended to meet expectation of citizens   and accuracy of cash receipting                                      personnel file. If employee performance evaluations are based on proficiency or
              of Arkansas (alternatives to citizens is           process                                                              accuracy, this should be included.
              membership or clients)
                                                                                                                                      Staff meetings are conducted periodically to communicate procedures or clarify
                                                                                                                                      procedures.

                                                                                                                                      Employees handling cash are bonded. Some agencies require that the Director is bonded
                                                                                                                                      and is responsible for the integrity of the funds. If your agency has this requirement, it
                                                                                                                                      should be included in this section.

                                                                 Cash receipts are not recorded                                       The State Treasury will not receipt cash/checks if the Revenue Receipt is not printed from
                                                                                                                                      AASIS or does not match exactly.

                                                                                                                                      A pre-numbered duplicate receipt is issued for each payment. The receipt includes date,
                                                                                                                                      payer, purpose, method, funds to be credited and employee's signature.

                                                                                                                                      Conspicuous signs are posted instructing citizens/members to request a receipt or notify
                                                                                                                                      management if a receipt is not issued.

                                                                 Cash may be lost or stolen                                           All checks and other negotiable instruments are restrictively endorsed upon receipt.
                                                                                                                                      Stamp inlcudes the name of the agency, the name of the financial institution and the
                                                                                                                                      account number.

                                                                                                                                      Cash is kept secured in a locked area during business hours. Cash is kept in a safe
                                                                                                                                      overnight. Access to the areas are restricted to authorize personnel.

                                                                                                                                      Deposits are made daily by position title.

                                                                                                                                      Cash receipts is reconciled to licenses issued on a monthly basis by position title. Ideally
                                                                                                                                      the person who reconciles the licenses to the cash receipts report does not process the
                                                                                                                                      cash receipts. If not, there should be a review of the reconciliation by the Director or
                                                                                                                                      Board Treasurer.

                                                                                                                                      Periodic surprise cash counts are performed by position title.   The Board Treasurer is
                                                                                                                                      preferred.

                                                                 Receipts are recorded in wrong                                       There are year end procedures for cash receipts. Employees are aware of the
                                                                 fiscal year                                                          procedures and their responsibility to ensure that the procedures are followed.

                                                                                                                                      The CFO and Agency Director (or appropriate level of Mgt) affirm, in writing, that year end
                                                                                                                                      procedures for cash receipting have been followed.

                                                                 Bad check is accepted

                                                                 Receipts are posted to incorrect                                     Fund coding is verified by position title.
                                                                 fund




                                                                                                                                                                                                                                                  C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                  Risk Assessment and Control Activities Worksheet
Agency

Department:      Administrative                                                                                                Prepared By:

Activity:        Agency cash receipting                                                                                       Date Prepared:


                                                                                                   Risk Assessment                                                            Actions to Manage Risks/                                                                         Corective Action Plan
 Objective                                                                                                   Significance /                                                                                                                   Mgmt
   Type                             Objectives                                          Risks                   Impact          Likelihood                                         Control Activities                                       Conclusion                   New or Additional Control Activity
                 Funds received are accurately recorded and
                 deposited timely to ensure their use is for
                 purpose intended to meet expectation of citizens
                 of Arkansas (alternatives to citizens is
                 membership or clients)-continued

                                                                        Receipts are posted to incorrect                                       Revenue codes are verified by position title. A review by the Treasurer or Director should
                                                                        general ledger account                                                 be performed as well.

                                                                        Licensee/Applicant is charged an                                       Cash receipts is reconciled to licenses issued on a monthly basis by position title. A
                                                                        incorrect fee                                                          review of the reconciliation by the Director or the Board Treasurer should be performed as
                                                                                                                                               well.

                                                                                                                                               Licensee would complain if they are overcharged.

                                                                        Duties are not segregated                                              Cash receipts is reconciled to licenses issued on a monthly basis by position title. The
                                                                                                                                               review of the reconciliation should be conducted by the Director or the Board Treasurer.

                                                                                                                                               Periodic surprise cash counts are performed by position title. In small agencies or
                                                                                                                                               service bureaus, the Board Treasurer could perform this task.


Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s), except for the control activities listed as not sufficient in
column #7. The new or additional control activities needed to mitigate the identified risk to an
acceptable level are included as the corrective action plan in column #8. The corrective action will be
sufficient to mitigate the risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a
reasonable basis for achieving the stated objective(s). Management has not identified any control
activities that would be cost efficient to implement in order to mitigate the risk to an acceptable level;
therefore, we accept the risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                                                                                         C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                              Risk Assessment and Control Activities Worksheet
Agency

Department:      Administrative                                                                                               Prepared By:

Activity:        Non Treasury Accounts - Cash disbursements                                                                  Date Prepared:


                                                                                                  Risk Assessment                                                             Actions to Manage Risks/                                                                        Corrective Action Plan
                                                                                                            Significance /                                                                                                                     Mgmt
Objective Type                       Objectives                                      Risks                     Impact          Likelihood                                          Control Activities                                        Conclusion                  New or Additional Control Activity

       (1)                               (2)                                          (3)                         (4)              (5)                                                     (6)                                                  (7)                                     (8)


   F, O, C, Fr   Efficient use of budget to meet expectation of      Employees are not aware of their                                         Employee receives a copy of the policies and procedures for processing cash
                 citizens of Arkansas (alternatives to citizens is   responsibility to ensure efficient use                                   disbursements and acknowledges receipt and understanding in writing which is also kept
                 membership or clients)                              of funds                                                                 in employee's personnel file.

                                                                                                                                              Staff meetings are conducted periodically to communicate procedures or clarify
                                                                                                                                              procedures.

                                                                     Disbursements are made to                                                Agency only uses vendors from the state approved master data list.
                                                                     fictitious vendors

                                                                     Disbursement is made before                                              The purchase order, packing slip (initialed and dated) and invoice are compared;
                                                                     goods are received                                                       discrepancies are investigated and resolved before invoice is approved for payment. This
                                                                                                                                              package accompanies the written check when give to the authorized signer for signature.
                                                                                                                                              Insert position titles of the individuals performing tasks.

                                                                     Duplicate payment is made                                                Agency only pays from original invoice. Once processed invoice is stamped paid and
                                                                                                                                              check number and date are noted on the invoice. Invoice is stapled to agency check copy.
                                                                                                                                              Agency should insert position titles of individuals performing tasks.

                                                                     Discounts is missed                                                      Position title maintains a tickler file of open invoices which is reviewed weekly. Items are
                                                                                                                                              processed in order of due dates.

                                                                     Payments are recorded in wrong                                           The agency establishes year end procedures for cash disbursements and employees are
                                                                     fiscal year                                                              aware of those procedures and their responsibility to ensure that the procedures have
                                                                                                                                              been followed.

                                                                                                                                              The CFO and Agency Director (or appropriate level of Mgt) affirm, in writing, that year end
                                                                                                                                              procedures for non Treasury accounts have been followed. If the agency has only one
                                                                                                                                              employee, the reports should be reviewed and signed by the Board President and
                                                                                                                                              Treasurer.


                                                                     Extensions and footing on invoice                                        Position title checks extensions and footing to ensure invoice is accurate before
                                                                     are incorrect                                                            processing for payment.

                                                                     Unauthorized purchases are made                                          Only approved purchase orders are released to vendors. The position title reviews the
                                                                                                                                              purchase order with supporting justification and signs and dates authorized purchases.

                                                                                                                                              Position title receives check with supporting documentation which is reviewed before
                                                                                                                                              check is signed.

                                                                     Check is altered after being signed                                      Checks are printed on tamper resistant paper.
                                                                                                                                              Authorize signer(s), position title(s) signs checks and then mails. The signed checks are
                                                                                                                                              NOT returned to preparer.



                                                                     Check stock is not secured                                               Check stock is kept in locked safe with restricted access. Identify who has access to the
                                                                                                                                              safe.




                                                                                                                                                                                                                                                          C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                      Risk Assessment and Control Activities Worksheet
Agency

Department:          Administrative                                                                                               Prepared By:

Activity:            Non Treasury Accounts - Cash disbursements                                                                  Date Prepared:


                                                                                                      Risk Assessment                                                              Actions to Manage Risks/                                                                        Corrective Action Plan
                                                                                                                Significance /                                                                                                                      Mgmt
Objective Type                           Objectives                                        Risks                   Impact          Likelihood                                            Control Activities                                       Conclusion                  New or Additional Control Activity
                     Efficient use of budget to meet expectation of         Check stock is not secured -                                          Supplies of checks are tracked and physical count taken monthly and compared to
                     citizens of Arkansas (alternatives to citizens is      continued                                                             inventory record by (position title). Ideally the person reconciling the check stock would be
                     membership or clients) - continued                                                                                           independent of the check writing process. If that is not possible, someone--probably a
                                                                                                                                                  board member--should verify the reconciliation periodicall.y

                                                                            Authorized signers are not updated                                    Agency utilizes a check list when personnel or board members terminate services to
                                                                            promptly                                                              ensure that all applicable procedures are followed. One of the steps on the checklist is to
                                                                                                                                                  remove person as authorized signer. Final payments can not be processed until the
                                                                                                                                                  checklist is completed and given to the Director.

                                                                            Unauthorized checks are issued                                        Authorize signer, position title, receives check with supporting documentation which is
                                                                                                                                                  reviewed before check is signed.

                                                                            Insufficient legislative authorization                                Before a check is prepared, position title, the disbursement official, reviews available
                                                                            for expenditures                                                      budget to ensure there is funds available for the expenditure.


Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).


( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                                                                                               C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                 Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                   Prepared By:

Activity:        OPM - payroll processing                                                                                    Date Prepared:


                                                                                                   Risk Assessment                                                            Actions to Manage Risks/                                                                        Corrective Action Plan
                                                                                                            Significance /                                                                                                                     Mgmt
Objective Type                       Objectives                                       Risks                    Impact         Likelihood                                           Control Activities                                        Conclusion                  New or Additional Control Activity

       (1)                               (2)                                            (3)                       (4)             (5)                                                       (6)                                                 (7)                                     (8)
                                                                                                                                                                                         Legend
                                                                                                                                              Blue type are task currently performed by Office of Personnel Management.
                                                                                                                                              Black type is a control that is performed by AASIS.
                                                                                                                                              Green type means task should be performed by Agency.

     F, Fr, C    Efficient us of personnel and personnel cost to        Improperly keyed timesheets are                                       The OPM employee reviews the timesheet/leave request for completeness before entering
                 meet the expectations of the citizens of Arkansas      posted to AASIS.                                                      any data into AASIS
                 (alternative to citizens is membership or clients)


                                                                                                                                              There is segregation between the park and post transaction. The park transaction
                                                                                                                                              employee keys the time and leave information and verify document was entered correctly.


                                                                                                                                              The Agency/Board (position title) agrees all transactions posted to AASIS to original
                                                                                                                                              timesheet/leave requests to ensure accuracy of postings.

                                                                                                                                              Employees review remuneration statements for pay accuracy and leave balances.

                                                                                                                                              The Agency (position title) has a log to track all timesheets and leave requests sent to
                                                                                                                                              OPM and to track the information through to posting.

                                                                        Employees use leave time that is                                      AASIS Controls prevent the posting of leave time that exceeds the available leave quotas.
                                                                        not earned.

                                                                        Employee takes leave time but                                         Agency requires a leave request for all employees when the employee is away during
                                                                        does not report it in AASIS                                           regularly scheduled work periods. The Agency (position title) reconciles leave in AASIS to
                                                                                                                                              ensure that when leave is taken it is recorded in AASIS. If this is a one-person agency, the
                                                                                                                                              Board should approve leave requests.

                                                                        Employee receives pay that is not                                     Supervisor approval is required on the timesheet and leave request before the information
                                                                        authorized                                                            is entered in AASIS. Or in the case of a one person shop - one of the officers of the board
                                                                                                                                              approve the timesheet and leave request.

                                                                                                                                              The Board of the Agency reviews all reports provided by OPM. Include information
                                                                                                                                              regarding the frequency of the board meeting and that the board formally approves all
                                                                                                                                              reports.

                                                                        Fictitious employee could be added                                    Agency (position title) reviews all information that is supplied by OPM
                                                                        to agency.

                                                                                                                                              The Board of the Agency reviews all reports provided by OPM. Include information
                                                                                                                                              regarding the frequency of the board meeting and that the board formally approves all
                                                                                                                                              reports.
                                                                        Personnel actions are not
                                                                        completed timely and employee
                                                                        receives incorrect pay

                 Efficient us of personnel and personnel cost to        Terminated employee continues to                                      Agency utilizes a check list when personnel terminate services to ensure that all applicable
                 meet the expectations of the citizens of Arkansas      receive payments                                                      procedures are followed. One of the steps is to notify OPM of termination. Final payments
                 (alternative to citizens is membership or clients) -                                                                         can not be processed until the checklist is completed and given to the Director.
                 continued

                                                                        Master data on employee is
                                                                        changed without authorization




                                                                                                                                                                                                                                                          C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                       Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                           Prepared By:

Activity:            OPM - payroll processing                                                                                        Date Prepared:


                                                                                                           Risk Assessment                            Actions to Manage Risks/                                    Corrective Action Plan
                                                                                                                    Significance /                                                 Mgmt
Objective Type                           Objectives                                         Risks                      Impact         Likelihood         Control Activities      Conclusion                  New or Additional Control Activity

                                                                            Unauthorized deductions are set up


                                                                            Bank information is changed
                                                                            without authorization



Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                              C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                               Risk Assessment and Control Activities Worksheet
Agency

Department:      Administration                                                                                                 Prepared By:

Activity:        Administration                                                                                                Date Prepared:


                                                                                                    Risk Assessment                                                            Actions to Manage Risks/                                                                        Corrective Action Plan
                                                                                                              Significance /                                                                                                                  Mgmt
Objective Type                      Objectives                                         Risks                     Impact          Likelihood                                        Control Activities                                       Conclusion                    New or Additional Control Activity

       (1)                               (2)                                             (3)                        (4)              (5)                                                   (6)                                                 (7)                                       (8)

   O, C, F, Fr   Establish a positive public image through efficient   A culture of honesty is not establish                                    The agency has established a written Code of Ethics for Employees
                 and ethical operation

                                                                       Employees are not aware of their                                         New employees are exposed to the Code of Ethics in their orientation and annually all
                                                                       ethical responsibilities                                                 employees receive a copy of the Code of Ethics. Employees acknowledge in writing their
                                                                                                                                                receipt and understanding of the Code which is kept in their personnel file.

                                                                       Employees are not aware of the                                           The Code of Ethics include the consequences of violating the Code and this information is
                                                                       consequences of violating the Code                                       included in the employees orientation.
                                                                       of Ethics.

                                                                       Board members are not aware of                                           The agency has established a written Code of Ethics for Board Members; Board members
                                                                       their ethical responsibilities                                           acknowledge, in writing, receipt of the code annually.

                                                                       Employees are not aware of how to                                        The Code of Ethics includes how to report unethical behavior and the employee bulletin
                                                                       report unethical behavior                                                board includes a poster for the Fraud Hotline.

                                                                       Board members are not aware of                                           The Code of Ethics includes how to report unethical behavior.
                                                                       how to report unethical behavior

                                                                       Staff is afraid of retribution for                                       During orientation, employees are made aware of the Whistleblowers Act.
                                                                       reporting fraud, waste or abuse

                                                                       Understaffing causes service to                                          Breaks and lunches are staggered and scheduled during slow time of the business day.
                                                                       public to be slow                                                        Temporary services are utilized during license renewal season.

                                                                       Overstaffing causing inefficient use                                     Management evaluates work flow daily and makes necessary adjustments
                                                                       of funding

                                                                       Unqualified personnel are hired                                          Job positions have minimum qualifications which must be met to be considered for
                                                                                                                                                position. Candidates are interviewed with standard job relevant questions by immediate
                                                                                                                                                supervisor and ________________. Candidates are scored based on their responses to
                                                                                                                                                interview questions. All available references are checked. Background checks are
                                                                                                                                                performed through the State Police.

                                                                       Unqualified personnel are                                                Job positions have minimum qualifications which must be met to be considered for
                                                                       promoted                                                                 position. Annually employees receive a performance evaluations which tracks employees
                                                                                                                                                progress.

                                                                       Staff is unaware of their job duties                                     New employees receive copy of job description which includes job duties.


                                                                       Staff is not trained to perform job                                      Weekly staff meetings are utilized to clarify procedures etc. Performance evaluations are
                                                                       duties efficiently                                                       utilized to highlight staffs strengths and determine appropriate training needs.

                                                                       Loss of qualified staff                                                  Management has an open door policy to address staff concerns.

                                                                       Low employee moral                                                       Management has an open door policy.

                                                                       Patrons are unsatisfied with                                             Agency has suggestion complaint box and signs posted to ask for a manager if clientele is
                                                                       services provided                                                        unsatisfied. Results are given to board of directors at monthly board meetings.



                                                                                                                                                                                                                                                         C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                               Risk Assessment and Control Activities Worksheet
Agency

Department:      Administration                                                                                                Prepared By:

Activity:        Administration                                                                                               Date Prepared:


                                                                                                   Risk Assessment                                                              Actions to Manage Risks/                                                                          Corrective Action Plan
                                                                                                             Significance /                                                                                                                      Mgmt
Objective Type                      Objectives                                         Risks                    Impact          Likelihood                                           Control Activities                                        Conclusion                    New or Additional Control Activity

   O, C, F, Fr   Establish a positive public image through efficient   Public is unaware of services                                           Agency maintains a website with all services available. Annually, with license renewal
                 and ethical operation - continued                     provided                                                                notices, agency notifies members of available services. Agency advertises in publications
                                                                                                                                               that target the profession they license/regulate. Agency has contact with the appropriate
                                                                                                                                               training schools, universities etc.

                                                                       Management is unaware of
                                                                       negative public image

                                                                       Agency makes front page with                                            Agency policy require all media questions to be answered by the Executive Director or the
                                                                       negative article                                                        Chairman of the Board.

       O         Facilities are well maintained and present a          Facilities are not maintained                                           Building is cleaned and maintained by ABA. Office Manager has avenue to complain if
                 professional atmosphere                               properly                                                                problems arise

                                                                       Individual is harmed due to                                             Agency has liability insurance
                                                                       inappropriate maintenance

    O, F, Fr     Required office equipment is available and well       Obsolete equipment is not replaced                                      Agency has an equipment replacement program in place. Office manager maintains the
                 maintained to allow employees to perform job                                                                                  schedule and ensures equipment is replaced as needed.
                 duties in an efficient manner

                                                                       Purchase of unnecessary                                                 Executive Director and Board approve all equipment purchases
                                                                       equipment

                                                                       Frequent break down of equipment                                        Maintains contract with equipment dealer

                                                                       Theft of office equipment                                               All equipment is tagged and inventoried. Annual inventory are taken and compared to
                                                                                                                                               general ledger. Office Manager is responsible for equipment.

    O, C, Fr     Agency's information is protected                     Applicants' sensitive information is                                    All applicant files are maintained in locked filing cabinets or secured data files on server.
                                                                       compromised                                                             Access to the area is limited to authorized personnel.

                                                                       Hacker access data base(s)

                                                                       Employees' sensitive information is                                     All employees files are maintained in a locked filing cabinet with limited access.
                                                                       compromised

                                                                       Network security is bypassed

                                                                       Employees share passwords                                               Agency has a policy prohibiting employees from sharing pass words. Employees
                                                                                                                                               acknowledge, in writing, understanding of policy and consequences for violating the policy.


                                                                       Data files are lost                                                     Agency makes weekly back up of all files, back ups are stored off site in fireproof safe.

   O, F, C, Fr   Board members have required tools to allow            Board members are not aware of                                          New board members receive an orientation of the agencies mission and the vital role
                 them to oversee the efficient operations of the       their responsibilities                                                  board members play.
                 agency

                                                                       Board vacancies are not filled                                          Some boards legislation may require procedures for filling the vacancy which will address
                                                                       timely                                                                  this risk. For example: The Board of Psychology has a requirement that the Governor shall
                                                                                                                                               fill all vacancies on the board within thirty (30) days after the vacancy occurs.




                                                                                                                                                                                                                                                            C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                     Risk Assessment and Control Activities Worksheet
Agency

Department:          Administration                                                                                                 Prepared By:

Activity:            Administration                                                                                                Date Prepared:


                                                                                                        Risk Assessment                                                           Actions to Manage Risks/                                                                        Corrective Action Plan
                                                                                                                  Significance /                                                                                                                 Mgmt
Objective Type                         Objectives                                          Risks                     Impact          Likelihood                                       Control Activities                                       Conclusion                    New or Additional Control Activity
                     Board members have required tools to allow             Financial reports are not reviewed                                      Standing item on monthly agenda is review of AASIS financial statements.
                     them to oversee the efficient operations of the        timely
                     agency -continued

                                                                            Inaccurate financial reports are                                        Financial statements are reviewed by agency personnel and board treasurer prior to be
                                                                            given to the board                                                      presented to the full board.

                                                                            Quorums are not established to                                          Meeting schedules are published a year in advanced and distributed to all board members.
                                                                            conduct business                                                        Meeting agenda is e ailed to board members a week before the meeting and an e-mail
                                                                                                                                                    reminder is sent the day of a meeting.



Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                                                                                            C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                                      Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                           Prepared By:

Activity:            Regulation                                                                                                      Date Prepared:


                                                                                                          Risk Assessment                                                            Actions to Manage Risks/                                                                     Corrective Action Plan
                                                                                                                    Significance /                                                                                                                 Mgmt
Objective Type                           Objectives                                         Risks                      Impact          Likelihood                                         Control Activities                                     Conclusion                  New or Additional Control Activity

       (1)                                    (2)                                             (3)                         (4)              (5)                                                   (6)                                                (7)                                     (8)

      O, C           Promulgate rules and regulations that are              Legal authority of board is                                               This control should include some type review by persons who was knowledgeable about
                     relevant to effectively govern the profession          exceeded                                                                  the enabling law. The control would ensure that the document was not released for
                                                                                                                                                      publication until this review was complete. There could also be several levels of review
                                                                                                                                                      and the processes is documented possibly through a route slip.

                                                                            Administrative Procedures Act is                                          This control should include some type review by persons who was knowledgeable about
                                                                            not followed                                                              the Administrative Procedures Act. The control would ensure that all the required
                                                                                                                                                      procedures of the Administrative Procedures Act were followed and documented. The
                                                                                                                                                      document should also have some type of documentation that it was reviewed to be in
                                                                                                                                                      compliance with the Administrative Procedures Act. Possibly on the route slip.



                                                                            Document is ambiguous                                                     This control should include some type review by persons who has a legal background.
                                                                                                                                                      The control would ensure that the document was not released for publication until this
                                                                                                                                                      review was complete. The process should be documented possibly through a route slip.




Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).


( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                                                                                              C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                   Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                               Prepared By:

Activity:        Complaints and Investigations                                                                           Date Prepared:


                                                                                              Risk Assessment                                                        Actions to Manage Risks/                                                                Corrective Action Plan
                                                                                                        Significance /                                                                                                          Mgmt
Objective Type                      Objectives                                   Risks                     Impact          Likelihood                                    Control Activities                                   Conclusion               New or Additional Control Activity

       (1)                              (2)                                        (3)                        (4)              (5)                                                (6)                                            (7)                                  (8)

      O, C       Protect the public by enforcing the rules and   Complaint is lost or ignored                                             There should be a mechanism in place to document that a complaint was
                 regulations as established by legislation                                                                                received. There should be someone responsible to ensure that complaints are
                                                                                                                                          acknowledged and reviewed.

                                                                 Incomplete or inaccurate data is                                         The control for this might be a preprinted form with all relevant data necessary
                                                                 documented in the complaint                                              to initiate an investigation. The form should include a notation of who took the
                                                                                                                                          initial complaint including the date and time.

                                                                 Staff are not qualified to investigate                                   This risk could be addressed in a variety of ways - training of staff - staff are
                                                                 the complaint                                                            sent with seasoned investigators, investigators have access to other
                                                                                                                                          individuals. It could be the experience of the current investigators coupled with
                                                                                                                                          a review process.

                                                                 Investigator is biased                                                   A review process could address this issue. The investigators findings are
                                                                                                                                          reviewed by a panel. There is an appeals process if citizens believe they are
                                                                                                                                          treated unfairly.

                                                                 Investigations is not thorough                                           A review process could address this issue.

                                                                 Investigation is not completed in a                                      Management should have a system in place to track investigations.
                                                                 timely manner                                                            Investigators should be held accountable through performance evaluations.

                                                                 Understaffing                                                            Overtime, temporary help - budget requests

                                                                 Conclusion is incorrect                                                  Review process, appeals process

                                                                 Investigator is bribed                                                   Review process, Quality Control Measures, immediate termination

                                                                 Hearings are not scheduled in a                                          Procedures for tracking cases, how the agency ensures hearings are scheduled
                                                                 timely manner                                                            promptly.

                                                                 Administrative Procedures Act is                                         Documenting the compliance with the act, who is responsible etc. Tied to
                                                                 not followed regarding the hearing                                       performance evaluation



                                                                 Judge/panel are biased                                                   Code of ethics, professional code of conduct, appeals process

                                                                 Communication of the judgment is                                         Review procedures - quality control.
                                                                 inaccurate

                                                                 Penalties assessed are not                                               review procedures
                                                                 accurate based on judgment

                                                                 Judgment is not issued in a timely                                       standards that are required to be adhered to; possible disciplinary action if
                                                                 manner                                                                   standards are not achieved.

                                                                 Practitioner continues to practice                                       re inspection required before establishment can be opened.
                                                                 when license/permit was revoked

                                                                 Violation is not satisfactorily                                          re inspection - approval
                                                                 corrected.



                                                                                                                                                                                                                                           C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                 Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                 Prepared By:

Activity:        Complaints and Investigations                                             Date Prepared:


                                                                Risk Assessment                             Actions to Manage Risks/                                  Corrective Action Plan
                                                                          Significance /                                                 Mgmt
Objective Type                     Objectives           Risks                Impact          Likelihood        Control Activities      Conclusion               New or Additional Control Activity




                                                                                                                                                    C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                               Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                          Prepared By:

Activity:            Complaints and Investigations                                                                                  Date Prepared:


                                                                                                         Risk Assessment                             Actions to Manage Risks/                                  Corrective Action Plan
                                                                                                                   Significance /                                                 Mgmt
 Objective Type                            Objectives                                          Risks                  Impact          Likelihood        Control Activities      Conclusion               New or Additional Control Activity
Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).

( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.

( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                             C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                             Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                           Prepared By:

Activity:            Licensing                                                                                                       Date Prepared:


                                                                                                          Risk Assessment                                                     Actions to Manage Risks/                                                              Corrective Action Plan
                                                                                                                    Significance /                                                                                                       Mgmt
Objective Type                           Objectives                                         Risks                      Impact          Likelihood                                  Control Activities                                  Conclusion             New or Additional Control Activity

       (1)                                    (2)                                             (3)                         (4)              (5)                                              (6)                                           (7)                                (8)

     O, C, F         Issue license to qualified applicants in a timely      Unqualified applicant is licensed                                         What verifications are done to ensure applicant is qualified - review of test
                     manner                                                                                                                           results etc. Is this documented, is there a review procedure utilized by the
                                                                                                                                                      agency

                                                                            Qualified applicant is not licensed                                       the is a review of the file etc - approved by panel

                                                                            Fraudulent information is received                                        Verification process?
                                                                            from applicant

                                                                            Required information is not                                               those reviewing the applicant information have a checklist to ensure all
                                                                            received from applicant                                                   information is submitted?

                                                                            Required continuing professional                                          verification process that is documented
                                                                            education is not received by
                                                                            applicant

                                                                            Understaffing                                                             temporary help during renewal time/ staggering of licenses etc

                                                                            Equipment failure                                                         regular maintenance is performed/ scheduling renewals to allow time
                                                                                                                                                      incase there is a breakdown in the equipment.

                                                                            Other processing delays occur

                                                                            License/permit is sent to wrong                                           Use window envelopes that fits the license/ quality control during
                                                                            applicant or incorrect address                                            processing

                                                                            Fee for license is not applied to the                                     verification that payment is posted to correct licensees account.
                                                                            applicants account

      O, C           Safeguarding public by licensing qualified             Individual practices without required
                     applicants                                             license/permits

                                                                            Professionals are unaware of                                              Distribute information to training schools/ colleges/universities etc.
                                                                            requirement to be registered

      O, C           Administer examination in a professional and           Facilities are inadequate                                                 before facility is retained it is inspected by those persons administering the
                     ethical manner                                                                                                                   test
                                                                            Test is compromised                                                       method used to secure test; punishment for releasing test questions

                                                                            Understaffing of exam                                                     utilize a ratio to staff test? Temporary help

                                                                            Scoring results are incorrect                                             how does agency know scoring is correct - test sample occasionally etc


                                                                            Participants cheat                                                        ratio of monitors to candidates?

Management's Conclusion:
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s).




                                                                                                                                                                                                                                                    C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls
                                                                             Risk Assessment and Control Activities Worksheet
Agency

Department:                                                                                                                           Prepared By:

Activity:            Licensing                                                                                                       Date Prepared:


                                                                                                          Risk Assessment                             Actions to Manage Risks/                                Corrective Action Plan
                                                                                                                    Significance /                                                 Mgmt
 Objective Type                            Objectives                                          Risks                   Impact          Likelihood        Control Activities      Conclusion             New or Additional Control Activity
( ) The control activities are sufficient to mitigate all of the identified risks and provide a reasonable basis
for achieving the stated objective(s), except for the control activities listed as not sufficient in column #7.
The new or additional control activities needed to mitigate the identified risk to an acceptable level are
included as the corrective action plan in column #8. The corrective action will be sufficient to mitigate the
risk when implemented.


( ) Some control activities are not sufficient to mitigate all of the identified risks and provide a reasonable
basis for achieving the stated objective(s). Management has not identified any control activities that would
be cost efficient to implement in order to mitigate the risk to an acceptable level; therefore, we accept the
risk that the stated objective(s) may not be achieved.




                                                                                                                                                                                              C:\Docstoc\Working\pdf\0a70f3da-79d9-4aff-b668-fc7cb796aa47.xls

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:8/17/2011
language:English
pages:21
Description: Suggestion Justification Order Form document sample