hhs webinar internal controls and you: how internal controls can improve and protect your energy...
TRANSCRIPT
1
HHS Webinar
Internal Controls and You:How Internal Controls Can Improve and Protect Your Energy Assistance Program
John M. Harvanko, DirectorOffice of Energy Assistance Programs
State of [email protected]
March 10, 2011
2
Presentation Intentions To introduce how internal controls are a means of being
more effective, efficient, and address integrity concerns Promote LIHEAP adoption of Internal Controls
Framework (ICF) as a means to improvement and mitigate program risk
by Explaining “why” internal controls? Describing “what” ICF is Showing examples of “how” Minnesota did it
3
Why Internal Controls? All funds need good controls Being good stewards of taxpayer’s funds Minnesota Office of Legislative Auditor (OLA)– Three years of “No Findings” for EAP
OLA is requiring the development of an Internal Control Framework
National movement toward Internal Controls (aka COSO) including from the GAO
Why ICF
4
Pennsylvania
Why ICF
5
Internal Controls?GAO (Government Accounting Office)HHS efforts (this webinar, National Conferences, other) The Committee of Sponsoring Organizations (COSO)State or Local requirements
Why ICF
6
Minnesota Office of the Legislative AuditorAudit Issues Significant weaknesses in common internal control concepts.
• Opportunities for fraud• Common areas of noncompliance
Emerging Issue – Internal Control Maturity• Assessing how well an agency identifies its risks, whether it
documents and assigns its control procedures, and how it monitors the performance and effectiveness of the procedures.
Why ICF
7
Tone at the TopAgency management has the primary responsibility to design, implement, and maintain an effective internal control system. This goes from: Governor Commissioner Deputy Commissioner Program Director Service Provider Executive Directors EAP Coordinator
Why ICF
8
Tone at the Top (continued)
Management shapes an organization's guiding values, disciplined business conduct, and operating policies forming the foundation of an agency's internal control structure.
Why ICF
9
State Directive
Internal control procedures over financial management activities,
An analysis of relevant risks, Periodic evaluation of these control procedures
Agency head must develop a plan for establishing, implementing and maintaining an effective internal control system. This plan at a minimum requires documentation of:
To satisfy management that these procedures are adequately designed, properly implemented, and functioning effectively.
Why ICF
10
EAP & ICF Why does EAP have a ICF?
• MN OLA required EAP to have or have a Audit finding• EAP took the “opportunity” to analyze and assess it’s existing
business processes & controls & placed into ICF framework What does existing program components, effort definitions,
implementation plans and policies mean?• Asked how existing documents equated to internal controls• Incorporated existing documents into the ICF• Organized structure identified strengths and weaknesses• ICF is a evolving, living document EAP will be advancing in
the coming year and maintain going forward
Why ICF
11
Internal Control Framework (ICF)What is ICF?How does it affect EAP?
What is ICF
12
What is ICF? The Framework is used assess the Internal Control Competency to determine how well an organization: Identifies its risks Whether it documents and assigns its control
procedures, and How it monitors the performance and effectiveness
of the procedures
What is ICF
13
Internal Controls Some pieces most likely already exist in your office
and program operations (incrementally without regard to ICF)
ICF provided the framework allowing these pieces to fit together
You can (and should) incorporate ICF into any Local Plans, staff meetings, any training, and specially all aspects of monitoring
What is ICF
14
ICF outlines criteria EAP uses to:Frames State Office Operations Management approach
Determine competent Service ProvidersContract with Local Plans that include ICF
Monitor and evaluate program performance Field Monitoring, Routine review, Ad Hoc Review
Build the competency of the SPs Training, Support, Corrective Action and T&TA
What is ICF
15
Frames within Framework (ICF) Federal & State Controls
• Rules and fiscal practices• GAO, HHS, OLA, MMB
Department of Commerce • Mission & Fiscal Control
EAP State Office• Program Policy & Procedure Requirement• Risk and quality controls• Fiscal allocation and auditing• Monitoring• T&TA
EAP Service Providers• Execute Program mission• Implementation of policies and procedures with a quality
control environment• Manage SP specific risks
What is ICF
16
Internal Control DefinitionDefines internal control as a process, effected by individuals within an organization, designed to provide reasonable assurance regarding the achievement of these objectives:
1. Effectiveness and efficiency of operations,2. Reliability of financial reporting, and 3. Compliance with applicable laws & regulations
What is ICF
17
ICF Structure
1. Control Environment2. Risk Assessment & Management3. Control Activities4. Information & Communication5. Monitoring
The three objectives are supported by the framework. The Framework, is comprised of five interrelated components that can react dynamically to changing conditions:
What is ICF
18
EAP Specific Control Examples1. Environment (or Leadership or Tone at the Top)
Ex: EAP Service Provider’s (SP) leadership supports mission, structure and staffing to effectively process EAP Applications and delivers energy assistance
2. Risk Assessment and ManagementEx: SP has and is aware of Disaster Plan so in case of flood or fire the harm to households reduce.
3. Control ActivitiesEx: SP understands, collects & maintains income documentation as a control the services reach the intended households. SP has proper segregation of duties for payment certification
4. Information and CommunicationEx: SP makes policy & procedural Information is available to agency fiscal staff, mechanical contractors, vendors etc. to enable the program mission and controls to be consistently performed
5. MonitoringEx: SP monitors timeliness of application processing and improves processes when possible
What is ICF
19
1. Control Environment “Tone at the top" is set & demonstrated by an
organization leader's actions & words It is the foundation for all other components of
internal control. It encompasses: • Integrity, ethical values & competence of all people in
an organization • Management's philosophy & style • How management assigns authority, responsibility
and organizes and develops its people• The attention & direction executive leadership
provides
What is ICF
20
ICF Implementations1. Control Environment Local Plan, contracts establish documented understanding of ICF competencies SP connects Business Strategy Model (BSM) & SP Mission EAP Manual is use to guide SP policy and procedures development SP participates in EAP management methodology
• Understands and adopts administrative policies and procedures documentation Service Providers participates in EAP training and trains staff to:
• Promotes program compliance and consistency• Shares common mission, intention, goals, values and approach to program delivery• Assure policies are understood
How ICF
21
2. Risk Management Involves the identification and analysis of
relevant risks to achieve desired objectives In the risk assessment process, management
identifies:• Internal and external risks • Assesses the impact and the likelihood these risks
might occur • Selects whether to avoid, reduce, share, or accept
various risks• Considers controls to mitigate risk or to contain it to
an acceptable level
How ICF
22
ICF Implementations2. Risk Management (Risk assessment & Mitigation)
SP conduct risk assessment & mitigation activities State and SP conduct oversight activities including:
• Data, file and other checks• Data & Technology practices
SP make a maintain disaster plans SP designs processes with proper segregation of duty in key areas SP uses incident reporting process SP uses error & fraud processes
How ICF
23
3. Control Activities Consists of policies & procedures to help ensure management
directives are carried out Control activities occur throughout the organization at all
levels in all functions.
How ICF
24
ICF Implementations3. Control Environment SP processes have approvals & authorizations for benefit
determination & payments• Separation of incompatible duties
SP conducts analytical procedures like quality controls including timely service
SP conduct and support verifications like: • Income eligibility and documentation• vendor registration & sound payment process• Household check points:
– Benefit notification to assure accountability of service delivery – Appeals and compliant process
SP conducts reconciliations of funds Reviews of operating performance SP assures security of assets
How ICF
25
4. Information & Communication Addresses how an organization identifies, captures &
communicates pertinent information in a timely manner to the right people to enable them to carry out their responsibilities
Information systems within the organization are key to this element of internal control
Internal information, and external events, activities & conditions must be communicated to enable management to make informed business decisions and employees to perform their assigned duties
How ICF
26
ICF Implementations4. Communication & Information SP has communication plan for dissemination of program information SP has routines like meetings to inform staff and partners SP conducts appropriate and effective outreach SP retains information overtime SP is up to date with routine EAP communication
How ICF
27
5. Monitoring Are activities to evaluate whether components of the internal
control system are operating effectively Is performed by management and supervisors sometimes with
internal auditors on a continuous or periodic basis Includes identified internal control deficiencies being reported
to top management and remedied in a timely manner with appropriate corrective actions
Is periodic follow-up on corrective actions taken to ensure control weaknesses are strengthened and no longer exist
How ICF
28
ICF Implementations5. Monitoring SP and DOC conduct routine oversight and monitoring designed to facilitate:
• Staff review of data for quality and performance controls • Review financial transactions
Onsite Monitoring including State Monitors• Formal and observational assessment including random file selection • Fiscal and audit requirements
DOC is working with the Minnesota Office of the Legislative Auditor (OLA) and implementing recommendations and suggestions and SPs will help develop and implement improvements
How ICF
29
Our Responsibility Advance our understanding ICF Understand how existing EAP controls fit ICF Continue to implement new ICF activities Strengthening controls when weaknesses are detected Providing adequate supervision necessary to ensure internal
controls are operating effectively as designed Obtain information & training on internal controls for ourselves
and staff, necessary to meaningfully take responsibility for internal controls
FFY2010 EAP Manual Chapters 1 & 3 have ICF integration
How ICF
30
Q & A