EEC Internal Control Plan

Report
EEC
Internal Control Plan
(ICP)
FY2013
Direction from Secretary Malone
Acting EEC Commissioner Thomas Weber shall
initiate a top-to-bottom review of EEC’s Internal
Control Plan as soon as practicable. He should seek
the advice and guidance of the state Comptroller’s
Office in that review. He should evaluate and
implement any recommendations that result from
that review.
2
Internal Control Plan
3

Initiate a top-to-bottom review of EEC’s internal
control plan immediately

Seek advice and guidance from the State
Comptroller’s Office in that review.

Evaluate and implement any recommendations
that result from that review.
EEC Internal Control Plan Objectives

An ongoing process in which an organization
provides and strives to provide reasonable
assurance it will achieve its goals.

Encompasses all the measures and practices that
are used to counteract exposures to risks.
2007 CTR Internal Control Guide (pg. 6, 10)
4
Key Principles of an Internal Control Plan

Operations are effective and efficient.

Financial reporting is reliable.

The ICP is in compliance with all applicable laws
and regulations.

Satisfactory standards are met.

Resources are used efficiently and economically.

All objectives are successfully achieved.
2007 CTR Internal Control Guide (pg. 30)
5
Internal Control Facts

Internal Controls start with a strong control
environment.

Emphasis on tone is set at the top.

An internal control plan is the responsibility of Senior
Leadership with a commitment from entire agency.

Integral to every aspect of EEC’s operating functions,
not just finance.

Helps minimize risks through policies and procedures.
2007 CTR Internal Control Guide (pg. 6-7)
6
Compliance Requirements and Responsibilities
Federal

OMB Circulars A-133,
A-87, A-110, and A-123

Statement on Auditing
Standards (SAS No.
112)

Government Auditing
Standards (Yellow Book)

Committee of
Sponsoring
Organizations of the
Treadway Commission
(COSO)

7
Sarbanes-Oxley (SOX)
2007 CTR Internal Control Guide (pg. 25-30)
State

Chapter 647 of the Acts of
1989

Audit Committee (extension
of a governing body)

Internal Audit
5 Key Components of Internal Control System
Control Environment
First line of defense to mitigate risks. Builds a control consciousness within the control environment.
Risk Assessment
Impact to business objectives.
Control Activities
Actions, supported by policies and procedures that when carried out properly and timely, manage or reduce risk.
Information and Communication
Identify, capture, and communicate pertinent information that enables all to carry out their responsibilities.
Monitoring
Confirms all components are in place, properly designed and functioning effectively.
8
2007 CTR Internal Control Guide (pg. 26)
EEC: FY2013 ICP Key Areas of Focus
9

Review FY12 plan to ensure compliance with CTR
Internal Control Guide and Chapter 647 of the
Acts of 1989.

Respond to the findings in the FY2011 Single
State Audit.

Include new Control Activities and correlating
Unit goals.
 Field Operations (i.e. Licensing inspections)
 Human Resources related transactions
( i.e. Travel Reimbursements)
EEC: FY2013 ICP Key Areas of Focus (Cont’d)
10

Institute Business Continuity/Emergency Plan
 Ensure EEC’s operating functions continue
during an unpredicted event.

Clear delineation of Segregation of Duties
 Framework for processing transactions, report
submission, and signature authority

Update library of policies and procedures
manuals referenced in ICP.

Utilize EEC’s Internal Audit Software to conduct
Risk Assessment process and reporting.
EEC: FY2013 Internal Control Plan Process
11
1.
Review of 2009 and 2012 plan with CTR Quality
Assurance Bureau.
2.
Email notice from Commissioner to staff
indicating the ICP Process and importance of
participation.
3.
Review or development of Policies and
Procedures by all EEC Unit Directors.
4.
Conduct Internal Audits and Risk Assessments
on all EEC control activities.
5.
Disseminate Internal Control Plan to Unit
Directors for review and revision.
EEC: FY13 EEC Internal Control Plan Process
(Cont’d)
12
6.
Assemble all sections of the plan for first draft
review.
7.
Submission of first draft to CFO for review.
8.
Produce final draft for Commissioner review.
9.
Complete Internal Control Questionnaire as
directed by CTR.
10.
Distribute Fraud, Waste, and Abuse Statements
to be signed by all EEC staff.
EEC: FY2014 Internal Control Plan Process
Project Timeline
13
DATE
ACTIVITY
4/8/2013
Meet with CTR to review 2009 and 2012
EEC ICP.
4/15/2013
Notice to EEC staff from Commissioner on
ICP Process and timelines.
5/15/2013
Review or development of Policies and
Procedures by all EEC Unit Directors.
5/31/2013
Completion of Risk Assessments and
Internal Audits by Audit Unit.
6/3/2013
Dissemination of ICP to Unit Directors for
review and revision. Due to Audit Unit by
June 14.
6/21/2013
Assemble all section for first draft review.
6/28/2013
Completion of Final ICP for CFO review.
“Date” is the last date by which the activity should be completed.
EEC: FY2014 Internal Control Plan Process
Project Timeline (Cont’d)
14
DATE
ACTIVITY
7/5/2013
Submission of final draft to
Commissioner for review.
7/8/2013
Dissemination of Fraud, Waste, and
Abuse Statement by all EEC Staff with
7/31/2013 due date.
7/12/2013
Complete Internal Control Questionnaire
as directed by CTR.
15

similar documents