ORS Compliance Extramurally Sponsored Programs Internal Control Plan (ICP)
Guiding Principals Mandated by 2 CFR § Internal Controls2 CFR § Based on guidance in the Standards for Internal Control in the Federal Government (the GAO “Green Book”) and the Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) which include the following elements: 1.An articulated Control Environment; 2.A Risk Assessment process to periodically evaluate where risks exist; 3.Design and Implementation of Control Activities; 4.Channels for Information and Communication; and 5.Perform Monitoring Activities, Identify Issues and Remediate Deficiencies
1.An Articulated Control Environment Compliant activity at the UH System is based on the Board of Regents Policy RP , Ethical Standards of Conduct System of Executive Policies promulgated by the UH System President and Administrative Procedures promulgated by System Vice Presidents: Business in Finance, Chapter 8 (effective 6/2016 – ORS moving to Chapter 12) Research, Chapter 12 Systems of checks-and-balances in award administration (myGRANT) and accounting (KFS) systems Separate but complementary systems, policies and procedures administered at the Research Corporation of the UH (RCUH) ORS Compliance is responsible for carrying out this ICP
2. A Risk Assessment Process to Periodically Evaluate Where Risks Exist Annual process of compiling a sample of extramural awards (> $1,000,000 in annual expenditures) based on the following risk profile: Risk Profile Formula Issues identified by or brought to ORS’ attention Award complexity: number of accounts, number of key personnel, number of subawards, subject matter Sponsor Type: limited experience, foreign Organizational changes: change in key personnel, new fiscal staff, new UH unit Previous audit findings
3.Design and Implementation of Control Activities Develop policies, procedures, techniques and mechanisms to achieve an effective internal control system Consider segregation of duties in designing control activities to help prevent fraud, waste, and abuse Design information systems with appropriate general controls and application control activities, including security management Periodically review control activities for effectiveness
4. Channels for Information and Communication Award Notice sent to Principal Investigator (PI) and Fiscal Administrator (FA) Completion of Internal Control Questionnaire (includes references to federal requirements) ORS Contracts and Grants Certification course, web tutorials and on-demand training Subscription to ORS’ list service Informational meetings with Research Administrators (RAs) and Pis ORS website monthly newsletter and announcementshttp:// ORS Helpline Upon request, ORS can provide additional consultation
5. Perform Monitoring Activities, Evaluate Issues and Remediate Deficiencies Questionnaire completed for each award selected based on ORS’ risk assessment Perform internal review, taking information from questionnaire into consideration Evaluate results and prepare report As necessary, required corrective actions are communicated by ORS Corrective actions are taken by responsible parties and confirmed by ORS PI / PD RA / FA ORS Compliance Escalation process for unsatisfactory corrective action handling
ICP Review Annual internal review of this ICP for its effectiveness Annual review and update of Control Self Assessment Continuous process improvement, as necessary Annual external review (i.e. Single audit) – to validate ICP and address audit findings, if necessary