117-2-01 Internal controls.  

117-2-01                      Internal controls.

(A)    All public officials are responsible for the design and operation of a system of internal control that is adequate to provide reasonable assurance regarding the achievement of objectives for their respective public offices in certain categories.

(B)    "Internal control" means a process effected by an entity's governing boardthose charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

(1)   Reliability of financial reporting;

(2)   Effectiveness and efficiency of operations;

(3)   Compliance with applicable laws and regulations; and

(4)   Safeguarding of assets against unauthorized acquisition, use or disposition.

(C)  Internal control consists of the following five interrelated components:

(1)    Control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure.

(2)    Risk assessment, which is the entity's identification and analysis of relevant risks to the achievement of its objectives, forming a basis for determining how the risks should be managed so as to identify and assess the risks of material misstatements, whether due to fraud or error, at the financial statement and relevant assertion levels.

(3)      Control activities, which are policies and procedures that help ensure management directives are carried out so as to identify and assess the risks of material misstatements, whether due to fraud or error, at the financial statement and relevant assertion levels.

(4)     Information and communication, which are the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.

(5)    Monitoring, which is a process that assesses the quality of internal control performance over time.

(D)   When designing the public office's system of internal control and the specific control activities, management should consider the following:

(1)      Ensure  that  all  transactions  are  properly  authorized  in  accordance  with management's policies.

(2)   Ensure that accounting records are properly designed.

(3)   Ensure adequate security of assets and records.

(4)   Plan for adequate segregation of duties or compensating controls.

(5)     Verify the existence and valuation of assets and liabilities and periodically reconcile them to the accounting records.

(6)   Perform analytical procedures to determine the reasonableness of financial data.

(7)     Ensure  the  collection  and  compilation  of  the  data  needed  for  the  timely preparation of financial statements.

(8)   Monitor activities performed by service organizations.

(E)   Consideration should be given to the cost benefit of the controls. The cost of controls should not exceed their benefit.

Replaces:                                                              117-2-01

Effective:                                                             02/05/2016

Five Year Review (FYR) Dates:                         08/28/2015 and 02/05/2021