Received 12/13/2016
Clerk-Treasurer’s Office
Auburn, Indiana
ORDINANCE NO. 2016-22
AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS
SUMMARY:
This Ordinance establishes Internal Control Standards for the City of Auburn, Indiana as prescribed in I.C. § 5-11-1-27.
__________Recorder’s Office __________Publish Public Hearing | ||||||||
__________Auditor’s Office ____________________________ | ||||||||
__________Clerk’s Office __________Publish O/R after adoption | ||||||||
__________Other | ||||||||
*All Departments | ||||||||
APPROVED AND SIGNED by me this ___ day of_________________, 20__.
________________________________
NORMAN E. YODER, Mayor
VOTING: AYE NAY
Dennis Ketzenberger
James Finchum
Wayne Madden
Michael Watson
Kevin Webb
Dennis (Matthew) K. Kruse II
Michael Walter
EXHIBIT A
I. | Policy |
· Conveying periodic messages of the City’s internal control philosophy and expectations to all employees; | ||
· Evaluating the City’s internal control system for weaknesses on a periodic (but no less frequently than annual) basis, providing solutions to any discovered weaknesses, and inform employees of necessary changes in procedures; | ||
· Working towards establishing a confidential reporting system for individuals to report suspected fraud and abuse of internal control policies; and | ||
· Working towards procedures to address violations of policies and consequences for violations. |
Principle 4: Management demonstrates a commitment to recruit, develop, and retain competent individuals.
The City Employee Handbook provides a roadmap for recruiting and maintaining quality employees. Prior to employment individuals may be subject to pre-employment background screening and/or a credit history check. While employed City Employees are entitled to a benefits package including Health and Life Insurance and certain other Post-Employment Benefits. The City will continue to assess the best recruitment pools and tools for the different skill sets of skills necessary to adequately implement and maintain quality internal controls.
Job descriptions will be updated where necessary to reflect internal control responsibilities and duties. Employees will be regularly trained in internal control methods and all training will be documented in employees’ personnel files. Employees will be regularly evaluated by their supervisors on internal control duties and receive feedback on possible improvements.
Principle 5: Management evaluates performance and holds individuals accountable for their internal control responsibilities.
Individuals are held accountable for their internal control responsibilities through a recognized structure which includes relevant job descriptions, operating procedures, periodic reviews, regular feedback, and a progressive disciplinary policy. Additionally, City Administration seeks to address issues in specific departments and positions through regular one-on-ones with Department Heads.
1. The effectiveness and efficiency of operations.
2. The reliability of reporting for internal and external use.
3. Compliance with applicable laws and regulations.
For each category, the Clerk-Treasurer will define objectives in specific measurable terms in order to enable the design of internal control for related risk, increase understanding at all levels, assess performance, identify what is to be achieved, who is to achieve it, how it will be achieved, when it will be achieved and incorporate external requirements.
Principle 7: Management identifies, analyzes, and responds to risks related to achieving the defined objectives.
The Clerk-Treasurer will identify, analyze and respond to the risks identified in Principle 6 by determining:
1. How likely is the risk to occur?
2. How will it impact the objective?
3. Is the risk based on complex or unusual transactions?
4. Is the risk based on fraud?
Once each risk has been identified and analyzed, the Clerk-Treasurer will work with Department Heads to determine how to respond to each risk with a specific solution and action.
Principle 8: Management considers the potential for fraud when identifying, analyzing, and responding to risks.
Management is committed to fraud prevention by utilizing a “trust but verify” approach. The potential for fraud, misappropriation, and outright theft are contemplated as controls are designed for various City divisions. Fraud responses will include statutorily required responses to fraud, including, but not limited to Ind. Code § 5-11-1-27(l) relating to the Report of Misappropriation of Funds to State Board of Accounts and Prosecuting Attorney and Ind. Code § 5-11-1-27(j) relating to the Report of Material Variances, Losses, Shortages or Thefts to the State Board of Accounts. The City shall utilize a materiality threshold of $500.
Principle 9: Management identifies, analyzes, and responds to significant changes that could impact the internal control system.
The Clerk-Treasurer, in coordination with Department Heads, will regularly evaluate and adjust internal control policies in order to accommodate for the impact of future changes, including but not limited to, personnel changes, newly elected officials, new programs, new technology, new laws and regulations, and financial fluctuations.
A. | General internal control principles for Departments are: |
1. | Separation of duties |
2. | Authorization and approval |
3. | Custodial and security arrangements |
4. | Timely and accurate review and reconciliation |
5. | The general internal control principles should be applied to all departmental operations, especially accounting records and reports, payroll, purchasing/receiving/disbursement approval, equipment and supply inventories, cash receipts, petty cash and change funds, billing and accounts receivable. |
B. | All City systems, processes, operations, functions, and activities are subject to evaluations of internal control systems. The results of these evaluations provide information regarding the City’s overall system of control. |
· Salaries and wage rates are verified by the City Clerk Treasurer. | ||
· The responsibilities for hiring, terminating, and approving promotions are segregated from those preparing payroll transactions or inputting data. | ||
· The responsibilities for approving time sheets are segregated from those for preparing payroll transactions or inputting data. | ||
· Payroll reports are reviewed/approved by someone outside of the payroll process. | ||
· Employees' time and attendance records are approved by their supervisors. | ||
· Corrections to recorded time and attendance records are approved by the employee and employee's supervisor. | ||
· Procedures are in place to ensure that changes in employment status are promptly reported to the payroll processing unit. | ||
· Payroll disbursements are reviewed and approved by an authorized individual prior to payment. | ||
· Access to payroll applications is appropriately controlled by user logins and passwords. | ||
· Changes to a payroll disbursement are approved by an individual other than the ones authorized to process the changes. | ||
· Payroll checks are accounted for in numerical order and reconciled to the payroll check register. | ||
· Payroll checks are mailed or distributed by someone outside the normal payroll distribution function. | ||
· Unclaimed payroll checks are returned to Clerk-Treasurer via the Department Head. | ||
· Employees are cross-trained on the payroll process; those assigned to payroll take regular vacations. |
· The responsibility for approving claims is segregated from those preparing the claims. | ||
· Checks are written by an individual other than the one approving the claim. | ||
· Checks are signed by an individual other than the one preparing them. | ||
· Claims for payment are reviewed and approved by the governing body prior to payment. | ||
· A reconcilement is completed between the claims for payment approved by the board and the actual disbursements posted to the ledger. | ||
· The responsibility for acknowledging the receipt of goods or services is segregated from those preparing claims and writing checks. | ||
· Vendor checks are accounted for in numerical order and reconciled to the disbursement ledger. | ||
· Invoices or other receipts are attached to each claim to support the disbursement. | ||
· A review is completed by an individual outside the disbursement process in which the claim amount is compared to the supporting documentation attached to the claim and the amount of the check. | ||
· Access to disbursement applications is appropriately controlled by user logins and passwords. |
Receipting Activities
· The responsibility for collecting money and issuing receipts is segregated from those preparing the bank deposit. | ||
· The responsibility for making bank deposits is segregated from those preparing the monthly bank reconcilement. | ||
· Pre-numbered receipts are issued for all money collected and the receipt is retained with supporting documentation. | ||
· Receipts are reconciled to the cash receipts ledger by an individual other than the one collecting money and issuing receipts. | ||
· Posting of receipts to the ledger is completed by an individual other than the one who collects money and makes the deposit. | ||
· Receipts indicate the type of payment received (cash, check, etc.) and this is reconciled to the make-up of the bank deposit. | ||
· Accounts receivable records are maintained by an individual other than the one(s) involved in the billing process. | ||
· The billing process is completed by an individual other than the one who collects cash payments from customers. |
Cash Activities
· A reconcilement between the recorded cash balance and the bank balance is completed monthly by an individual separate from the receipting and disbursing processes. | ||
· A reconcilement between the receipts ledger and the credits to the bank account is completed periodically by an individual separate of the receipting process. | ||
· A reconcilement between the disbursement ledger and the debits to the bank account is completed periodically by an individual separate of the disbursement process. | ||
· The monthly reconcilement between the cash balance and the bank balance is thoroughly reviewed and approved by the governing body. | ||
· Disbursements from and reimbursements to petty cash funds are periodically reviewed by an individual other than the one responsible for maintaining the petty cash fund. |
Credit Cards Transactions
· A designated official or employee oversees the issuance and use of the credit cards. | ||
· An ordinance or resolution specifically states the purposes for which the credit card may be used. |
· A designated person separate from disbursement process reviews transactions listed on the credit card statements for sufficient documentation and inclusion in claim to the Board.
Principle 11: Management designs the political subdivision’s information system and related control activities to achieve objectives and respond to risks.
The Clerk-Treasurer and Department Heads will work with the Information Technology Department to ensure that information technology is used as an integral part of the internal control system. This may include, but not be limited to:
· Setting permission such that only certain users may perform certain tasks | ||
· Using technology to accomplish segregation of duties by forcing duties to be completed by different users | ||
· Automating certain processes and calculations | ||
· Limiting the authority to access different components of various software to employees with duties specifically related to that component | ||
· Prohibiting user ID and password sharing among employees | ||
· Restricting the authority to correct or make adjustments to records to key employees | ||
· Requiring the use of prescribed forms or the approval of alternative forms |
Principle 12: Management implements control activities through policies.
The City has an employee handbook that is regularly updated to communicate policies to employees. Additionally, the Clerk-Treasurer regularly works with departments and employees who handle financial transactions to recommend and ensure best practices. All procedures are in writing and communicated frequently to all relevant employees. Policies are available both electronically and in hard copy form.
COMPONENT FOUR: INFORMATION AND COMMUNICATION
Principle 13: City Administration uses quality information to achieve the political subdivision’s objectives.
The City strives to lead in the areas of financial transparency and accountability. By adopting standards and investing in systems that exceed State mandated minimums, City management provides employees with high quality information and Information systems. The City Clerk-Treasurer, Deputy Clerk-Treasurer, and Legal Department attend training and industry seminars to stay abreast of changes and developments in requirements and communicate that information effectively to impacted employees.
Principle 14: Management internally communicates the necessary quality information to achieve the political subdivision’s objectives.
Internal communications on internal controls are communicated through adoption of formal policies by relevant boards and commissions and/or the legislative body or documented through memos from the Clerk-Treasurer, Legal or relevant Department Head. Internal memos and reports are maintained to document communication.
Principle 15: Management externally communicates the necessary quality information to achieve the entity’s objectives.
Communications with the State Board of Accounts, other State agencies, grantor agencies, and regulatory agencies are documented by email, memos, letters and other forms of written correspondence. Logs are kept for information provided verbally. All documents are maintained in accordance with the City and state’s record retention policies. Reports and policies are cross checked for accuracy, relevancy and timeliness of information.
COMPONENT FIVE: MONITORING ACTIVITIES
Principle 16: Management establishes and operates monitoring activities to monitor the internal control system and evaluate the results.
City Administration monitors and evaluates compliance with internal control policies via multiple vectors. Separation of duties, redundancy polices, layered approval systems, monthly reports, and physical controls such as video monitoring allow management to both review and evaluate control systems.
The City Clerk-Treasurer shall implement a system of monitoring that includes:
· Periodic checks to determine if controls are in place and working effectively | ||
· Reviewing control activities to determine if the actual activities are in compliance with established procedures | ||
· Documenting deficiencies in the internal control processes and remediating them quickly |
Monitoring activities will be documented by signatures, initials, or other appropriate methods.
Principle 17: Management remediates identified internal control deficiencies on a timely basis.
Breaches of internal controls are subject to significant levels of internal scrutiny. If informed of a material breach of internal controls, the City Clerk-Treasurer and Mayor’s Office actively investigate and address said breach and adjust policies and procedures to prevent such breaches in the future. Once breaches are identified and investigated, a formal or informal corrective action plan will be developed.