Internal ControlInternal Control

Audio is via phone- at 1-800-621-7432Pass Code: 7320616

Close any boxes you don’t need. Move Q&A box so that slides are visible.

Sound check

Treatment of Recovery Act Funds

Internal Control processes and procedures for ARRA funds follow the same guidelines, rules and regulations that apply to other ED grants

for Government Organizations

(State and Local Government Agencies)

Learning Objectives• Define & explain internal controls

• Benefits

• Roles and responsibilities

• Internal controls & program objectives

• Key components in assessing controls

• Deficiencies and material weaknesses

Internal Control“…comprises the plans,

methods and procedures used to meet missions, goals and objectives,

and in doing so, support performance-based management.

It includes the processes for planning, organizing, directing, controlling and reporting on operations.”

Results via effective stewardship

• Federal Managers Financial Integrity Act (FMFIA)

• OMB Circular A-123• GAO Standards for Internal Control in the

Federal Government• GAO Internal Control Self-Assessment Tool

Origins of Internal ControlsKey Legislation/Guidance

Who Is Responsible?FinanceSecurity

AccountingProcurement

Project Personnel

“Management should ensure that all personnel in the organization … know their roles and responsibilities……it is every user’s responsibility to safeguard the information to which they have access, making security the job of every City employee.”

When Do You Utilize Internal Control?

Built in to each system

Regulate & guide operations

CONTINUALLY!

“…as the organization evolves the security structures will change as well. With this in mind, the computer security is not a one-time task, but a continual effort to improve data protection.”

Why Internal Control?…is the first line of defense in safeguarding assets and detecting and preventing errors and fraud.…helps achieve desired results through effective stewardship of public resources.

“Audit results indicate there is an increased risk to system vulnerabilities due to weak administrative, physical and logical security controls...”

Common State FindingViolation

Unallowable costsRecommendation

Return $1.3MDocument $52M or return funds

OutcomeHigh-risk designation & special conditions

Common School District Findings

ViolationFraudulent contracts, false invoices, embezzlement

OutcomeHome searched by FBI, property & assets seized, incarceration, probation, repay $92,000

Mandatory IG Reporting

Agencies must include in all grants “the requirement that each grantee or sub-grantee awarded funds made available under the Recovery Act shall promptly refer to an appropriate inspector general any credible evidence that a principal, employee, agent, contractor, sub-grantee, subcontractor, or other person has submitted a false claim under the False Claims Act or has committed a criminal or civil violation of laws pertaining to fraud, conflict of interest, bribery, gratuity, or similar misconduct involving those funds.”

1-800-MISUSEDOIG.HOTLINE@ED.GOV

FAX 202-260-0230

Transparency & Accountability

• Efficient• Economical• Effective• Ethical• Equitable

Federal Funding Accountability & Transparency Act

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Control Environment

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Info

rmat

ion

Co

mm

un

icat

ion

Comm

unication

Standards of Internal ControlsFive Standards of Effective Controls

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Info

rmat

i on

Co

mm

un

icat

ion

Comm

unication

Control Environment

Standards of Internal ControlsControl Environment

Factor Examples

Integrity and Ethical Values Are violators of Codes of Conduct or policy and procedures disciplined?

Commitment to competence Do employees receive candid, constructive feedback?

Management’s philosophy and operating style

Does management endorse performance-based management? Does management evaluate risks?

Organizational structure Are there sufficient employees/managers for the work?

Delegation of authority and responsibility

Are delegations appropriate? With increased delegation, does management monitor results?

Human capital policies and practices

Is performance linked to goals and objectives in the strategic plan?

Relationship with Oversight agencies

Does the agency maintain close, good working relationships?

Standards of Internal ControlsControl Environment Factors - Examples

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Control Environment

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Info

rmat

i on

Co

mm

un

icat

i on

Comm

unication

Standards of Internal ControlsRisk Assessment

• What could go wrong?• How could we fail?• What must go right for us to succeed?• Where are we vulnerable?• What assets do we need to protect?• Do we have liquid assets or assets with

alternative uses?• How could someone steal from the organization?• How could someone disrupt our operations?

Standards of Internal ControlsRisk Assessment – Risk Identification

• Management conferences• Executive round tables• Forecasting and strategic planning• Consideration of findings from audits and

other assessments

Standards of Internal ControlsRisk Assessment – Risk Identification

Methods

Once risks are analyzed, consider how to:• Manage risks; i.e., accept, mitigate• How to schedule periodic re-evaluation of

risks and evaluation of the effectiveness of risk mitigation mechanisms; i.e., control activities

Standards of Internal ControlsRisk Assessment – Risk Management

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Control Environment

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Info

rmat

i on

Co

mm

un

icat

i on

Comm

unication

Standards of Internal ControlsControl Activities

Standards of Internal Controls Control Activities – Example Control

Activities• Approvals (proper person)

• Authorization (proper usage)

• Verification

• Reconciliation

• Independent checks on performance

• Access controls

• Recording/documenting

Factor ExamplesGeneral application Policies and procedures

Top-level and program reviews

Tracking of achievements against strategic plans and goals/outcomes

Human capital mgmt. Written job descriptions, supervision

Information processing Edit checks, access control

Physical control over vulnerable assets

Valuable assets secured in locked area, sprinkler systems

Performance measures Measures are defined and tracked

Segregation of duties Key duties of authorization, record keeping and custody

Documentation Who, what, when, why documented. Is available to others

Standards of Internal ControlsControl Activities – Factors to Consider

Type Definition Example

Preventative

Deters risk from being realized

Eligibility requirements are verified against independent party information prior to award

Detective

Finds if risk does get realized

Data mining to detect fraud patterns

Corrective

Detects if risk realized and reacts

Thermostat in computer room that protects valuable equipment

Standards of Internal ControlsControl Activities – Types of Controls

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Control Environment

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Com

munication

Info

rmat

ion

Co

mm

un

icat

ion

Standards of Internal ControlsInformation and Communication

Standards of Internal Controls Information and Communication

What information should be communicated?• Performance data

– need to determine progress towards organization’s mission and vision

• Operational data– need to determine organization's compliance with

laws and regulations• Financial data

– need to develop financial statements, budget reports, and other accounting based data

Standards of Internal Controls Information and Communication

Forms of communication:• Performance management systems• Information systems• Policy & procedures manuals• Management directives• Memos & emails• Internet & Intranet• Speeches & briefings• “Grapevine”

Standards of Internal Controls Information and Communication Factors

Factors to be considered• Internal and external information on

operational performance provided to management

• Information distributed to the "right" people• Effective internal communications• Effective external communications• Diverse organization information systems

1. Control environment2. Risk assessment3. Control activities4. Information and communication5. Monitoring

Control Environment

Risk

Control Activities

Assessment

Monitoring

Info

rmat

ion

Info

rmat

i on

Co

mm

un

icat

i on

Comm

unication

Standards of Internal ControlsMonitoring

Factors to be considered:• Monitoring should be ongoing• Separate evaluations take place• Findings are resolved

Standards of Internal ControlsMonitoring Factors

• Monitoring of grantees by reviewing and using the Single Audit reports to help assess grantee performance

• Monitoring contractor performance against terms and conditions of contract

• Monitoring usage of cell phones, purchase/phone cards

Source: U.S. Department of Education

Standards of Internal ControlsMonitoring Ongoing Examples

Factors to be considered• Monitoring should be ongoing• Separate evaluations take place• Findings are resolved

Standards of Internal ControlsMonitoring Factors

• U.S. Department of Education • Financial statement auditors• Peer reviews• Inspector General/Public Auditor• Management control reviews

Standards of Internal ControlsExamples of Separate Evaluations

Factors to be considered:• Monitoring should be ongoing• Separate evaluations take place• Findings are resolved

Standards of Internal ControlsMonitoring Factors

Internal Control - Recap

• Who – Everyone• What – Procedures to help meet goals• When – All the time• Where – Everywhere• Why – Avoid mistakes – ACHIEVE RESULTS!

Resource Documents EDGAR §80.20 http://www.ed.gov/policy/fund/reg/edgarReg/edgar.html

Internal Control and Management & Evaluation Tool http://www.gao.gov/new.items/d011008g.pdf

Standards for Internal Control in the Federal Government http://www.gao.gov/special.pubs/ai2131.pdf

Resource Documents Monitoring Tools http://www.agacgfm.org/intergovernmental/resources.aspx

Federal Managers Financial Integrity Act of 1982 http://www.whitehouse.gov/omb/financial_fmfia1982/

OMB Circular A-123 http://www.whitehouse.gov/omb/rewrite/circulars/a123/a123.html

ARRA Contact Information

State Fiscal Stabilization Fund: State.Fiscal.Fund@ed.gov, Subject = ARRA

Title I, Part A Grants to LEAs: oese@ed.gov, Subject = ARRA

IDEA, Parts B & C: IDEARecoveryComments@ed.gov

Voc-Rehab, Independent Living Services & Centers for Independent Living: RSARecoveryActComments@ed.gov

Impact Aid: impact.aid@ed.gov

ED-OIG Hotline: oig.hotline@ed.gov, 1-800-MIS-USED

General Info: 1-800-USA-LEARN (1-800-872-5327)

For archived and future web conferences see - http://www.ed.gov/policy/gen/leg/recovery/web-conferences.html#schedule

Questions

AnswersFurther Recovery Act questions- ED contact listed on the Grant Award Notification or,email RMSCommunications@ed.gov

Thank you for attending!

Please complete an evaluation-- http://www.ed.gov/policy/gen/leg/recovery/web-conferences.html