Current through all regulations passed and filed through September 16, 2024
(A) All
public officials are responsible for the design and operation of a system of
internal control that is adequate to provide reasonable assurance regarding the
achievement of objectives for their respective public offices in certain
categories, including but not limited to the categories
enumerated in paragraph (B) of this rule..
(B) "Internal control" means a process
effected by those charged with governance, management, and other
personnel designed to provide reasonable
assurance regarding the achievement of objectives in the following categories:
(1) Reliability of financial
reporting;
(2) Effectiveness and
efficiency of operations;
(3)
Compliance with applicable laws and regulations; and
(4) Safeguarding of assets against
unauthorized acquisition, use or disposition.
(C) Internal control consists of the
following five interrelated components:
(1)
Control environment sets the tone of an organization, influencing the control
consciousness of its people. It is the foundation for all other components of
internal control, providing discipline and structure.
(2) Risk assessment, which is the entity's
identification and analysis of relevant risks to the achievement of its
objectives, forming a basis for determining how the risks should be managed so
as to identify and assess the risks of material misstatements, whether due to
fraud or error, at the financial statement and relevant assertion
levels.
(3) Control activities,
which are policies and procedures that help ensure management directives are
carried out so as to identify and assess the risks of material misstatements,
whether due to fraud or error, at the financial statement and relevant
assertion levels.
(4) Information
and communication, which are the identification, capture, and exchange of
information in a form and time frame that enable people to carry out their
responsibilities.
(5) Monitoring,
which is a process that assesses the quality of internal control performance
over time.
(D) When
designing the public office's system of internal control and the specific
control activities, management should consider the following:
(1) Ensure that all transactions are properly
authorized in accordance with management's policies.
(2) Ensure that accounting records are
properly designed.
(3) Ensure
adequate security of assets and records.
(4) Plan for adequate segregation of duties
or compensating controls.
(5)
Verify the existence and valuation of assets and liabilities and periodically
reconcile them to the accounting records.
(6) Perform analytical procedures to
determine the reasonableness of financial data.
(7) Ensure the collection and compilation of
the data needed for the timely preparation of financial statements.
(8) Monitor activities performed by service
organizations.
(E)
Consideration should be given to the cost benefit of the controls. The cost of
controls should not exceed their benefit.
