Integrating Internal Controls into Agency Contract Design

1

• Integrating Internal Controls into Agency
  Contract Design

2
Presenters
Linda Giovannone, CIA, CGAP Bernie McHugh, CPA,
CISA Joseph Morrissey, CGAP Jenny Reyes Roslyn
Watrobski, CFE, CIA, CGAP Office of the State
Comptroller Bureau of State Expenditures and
Bureau of Contracts
3
Internal Control Objectives

• Safeguard assets
• Compliance with applicable laws and regulations
• Achievement of goals and objectives
• Reliability of financial reporting
• Effective and efficient operations

4
Compliance

• Promote adherence to laws, regulations, contracts
  and management directives.
• Federal requirements
• New York State Law
• Contract terms
• G-bulletins
• Internal policies and procedures

5
Achievement of Goals and Objectives

• Internal controls are put in place to keep an
  organization on course toward achieving its
  mission and to minimize surprises along the way.

6
Reliability

• Develop and maintain reliable financial and
  management data, and accurately present that data
  in timely reports.

7
Efficient and Effective

• Promote orderly, economical, efficient and
  effective operations, and produce quality
  products and services consistent with the
  organizations mission.
• Review agency policies and procedures.

8
Safeguarding Resources

• Safeguard resources against loss due to waste,
  abuse, mismanagement, errors and fraud.

9
The Five Components of Internal Control

• Control Environment
• Risk Assessment
• Information and Communication
• Control Activities
• Monitoring

10
Control Environment

• Tone set by top management and the overall
  attitude, awareness and actions of all levels of
  management.
• It is the foundation for all other components of
  internal control, providing discipline and
  structure.
• Great place to start in the evaluation of an
  agencys controls!

11
Control Environment Some Things to Consider

• Integrity, ethical values, and behavior of key
  executives.
• Managements control consciousness and operating
  style.
• Managements commitment to competence.

12
Control Environment Some Things to Consider

• Board of Directors and/or audit committees
  participation in governance and oversight.
• Organizational structure and assignment of
  authority and responsibility.
• Human Resource policies and practices.

13
Risk Assessment

• The entitys identification and analysis of
  relevant risks (both internal and external) to
  the achievement of its objectives, forming a
  basis for determining how the risks should be
  managed.

14
Risk Assessment Some Things to Consider

• Entity-level objectives.
• Establish a process to identify significant
  risks, the likelihood of their occurrence, and to
  determine needed actions.
• Put mechanisms in place to anticipate, identify,
  and react to changes that may have a dramatic
  effect on the entity.

15
Information and Communication

• Support the identification, capture, and exchange
  of information in a form and time frame that
  enable management and other appropriate personnel
  to carry out their responsibilities.

16
Information Points to Consider

• The entitys information systems should provide
  management with necessary reports on the
  performance relative to established objectives.
• Information should be provided to the right
  people in sufficient detail and timely enough to
  enable them to carry our their responsibilities
  efficiently and effectively.
• Management should commit an appropriate level of
  resources to the development of the information
  system.

17
CommunicationPoints to Consider

• Management should communicate employees duties
  and control responsibilities in an effective
  manner.
• Communication across the organization should be
  adequate to enable people to discharge their
  responsibilities effectively.
• Management should take timely and appropriate
  follow-up action on communications received from
  customers, vendors, or other external parties.

18
Control Activities

• The policies and procedures that help ensure that
  managements directives are carried out.

19
Control Activities Some Things to Consider

• The entity should have appropriate policies and
  procedures to manage the risks with the highest
  likelihood and impact.
• Management should have clear objectives
  regarding financial and operating goals.
• Objectives should be written clearly,
  communicated throughout the entity, and monitored
  actively.

20
Control Activities Some Things to Consider

• There should be a clear segregation of duties.
• Adequate safeguards should be in place to prevent
  the unauthorized access to or destruction of
  documents, records, and assets.
• Adequate policies for controlling access to
  programs and data files should be established.

21
Monitoring

• The process that assesses the quality of internal
  control performance over time.

22
MonitoringSome Things to Consider

• The entity should evaluate internal controls
  periodically.
• Management should
• Implement internal control recommendations made
  by internal/independent auditors.
• Correct known deficiencies on a timely basis.
• Respond appropriately to reports and
  recommendations from regulators.
• Employees, in carrying out their regular duties,
  should obtain evidence as to whether the system
  of internal controls continues to function.
• Is there an internal audit shop?

23
Components ? Objectives

• The five components of internal control are
  implemented to achieve the five objectives of
  internal control.

24
THE CLAUSE IS RIGHT
Our two-year agreement will consist of periodic
preventative maintenance for Xerox Phaser 6280 by
the contractor.
25
THE CLAUSE IS RIGHT
To cover the Agencys rising needs, the addition
or deletion of services and locations may occur
throughout the contract term with mutual consent
from the contractor.
26
THE CLAUSE IS RIGHT
Prices during the first year shall remain firm.
After the first year the contractor may receive
an increase or decrease based on the percentage
change as listed in the CPI index.
27
Other Clauses To Be Aware Of

• Unit to be serviced must be maintained per
  manufacturers guidelines.
• Contractor to abide by agencys procedures
  manual.
• Travel reimbursement to be made per OSC Travel
  guidelines.

28
Other Clauses To Be Aware Of

• Prices for additional items to be negotiated with
  the contractor.
• Services to be provided by qualified personnel.
• As per industry standards.

29
Other Clauses To Be Aware Of

• Contractor is to receive a 25 advance in payment
  and should invoice quarterly thereafter.
• Contractor is to be held responsible for all
  confidential documents to be handled.
• Prices for storage and handling shall be per bid
  cost sheet. Fees for the removal of items upon
  contract expiration to be negotiated.

30
Types of Contracts

• Commodity
• Service
• Technology
• Grant

31
Integrating Internal Controls into Contract
Design

• Control Environment
• Commit to identifying risks related to your needs
• Create an open environment to encourage the
  sharing of ideas

32
Integrating Internal Controls into Contract
Design

• Control Environment
• Establish contract monitor(s)
• Involve the contract monitor, program and fiscal
  staff and subject-matter experts in the contract
  development process

33
Integrating Internal Controls into Contract
Design

• Risk Assessment
• Identify as many ways as possible that something
  can go wrong
• Assess the likelihood and impact of those things
  happening
• Use this to identify what risks to focus on

34
Integrating Internal Controls into Contract
Design

• Control Activities
• Identify what can help prevent things from going
  wrong
• Build those requirements into the terms
  conditions
• Be specific write clear, measurable criteria

35
Integrating Internal Controls into Contract
Design

• Information Communication
• Identify what you need from the contractor to
  monitor the contract effectively
• Specify the format of the information you want
  from the contractor
• Define where the contractor should send the
  information

36
Integrating Internal Controls into Contract
Design

• Information Communication
• Establish clear responsibility for approving
  payments
• Ensure Contract Monitor has clear guidance and
  training as to their role and responsibilities

37
Integrating Internal Controls into Contract
Design

• Information Communication
• Ensure individuals have the information they need
  and know what is covered under the contract
• Contract Monitor should meet with the contractor
  to establish/reinforce documentation and
  reporting expectations

38
Integrating Internal Controls into Contract
Design

• Monitoring
• Identify what you need to detect if something is
  going wrong
• Identify what you can build into the contract to
  detect this
• Just do it!

39
Tool to Integrate Internal Controls into Contract
Design
40
Questions and Answers
QUESTIONS?
?
41
Presenter Contact Information
Linda Giovannone, CIA, CGAP Bureau of State
Expenditures Office of the State
Comptroller lgiovannone_at_osc.state.ny.us (518)
474 - 8721
Bernie McHugh, CPA, CISA Bureau of State
Expenditures Office of the State
Comptroller bmchugh_at_osc.state.ny.us (518) 402 -
4104
OSC Website www.osc.state.ny.us
42
Presenter Contact Information
Joseph Morrissey, CGAP Bureau of State
Expenditures Office of the State
Comptroller jjmorrissey_at_osc.state.ny.us (518)
474 - 6025
Jenny Reyes Bureau of Contracts Office of the
State Comptroller jreyes_at_osc.state.ny.us (518)
473 - 2404
OSC Website www.osc.state.ny.us
43
Presenter Contact Information
Roslyn Watrobski, CFE, CIA, CGAP Bureau of State
Expenditures Office of the State
Comptroller rwatrobski_at_osc.state.ny.us (518)
402 - 4228
OSC Website www.osc.state.ny.us