Post Award MUHAS, Dartmouth, UCSF Basics of Internal Controls Tuesday October 21, 2014
Agenda O Internal Controls and the new Uniform Guidance O Risk Assessment O Delegations of Authority O Organization Models and Accountability O Training O Policies and Procedures O Internal Audit
Where does the money come from? Government Funds Other Sources NIH (Fogarty, NIDCD, etc) CDCSIDA Other Governments FoundationsCollege Funds Private Donations Corporate /Industry
ApplicationNotice of AwardAccount Setup Project Implementation Reporting and Publication Closeout Lifecycle of an Award Internal Controls Regulation Contractual Obligations Reporting and Documentation
Internal Controls vs. Award Terms O Internal Controls are part of the institutional environment that enables effective management of all awards AND institutional funds O Good internal controls are the foundation necessary to comply with sponsor requirements O Good management of awards cannot happen without internal controls O It can’t be about the single PI, grant manager or department complying with a sponsor’s terms
O Internal control is not a serial process but a dynamic and integrated process O each organization may choose to implement internal control differently. O Internal control is defined as follows: O Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. What Are Internal Controls?
Internal Controls under New Uniform Guidance O Non-Federal entities must establish and maintain effective internal control that provides reasonable assurance that entity is managing Federal award in compliance with Federal statutes, regulations, and terms and conditions of Federal award. O Internal controls should be in compliance with COSO (Internal Control Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission), and Green Book (Standards for Internal Control in the Federal Government, issued by the Comptroller General of the United States) O Will non-US recipients be exempt from the new guidance? There may be differences but compliance will be necessary. Note: We are still waiting for the NIH implementation of the new rules
COSO 2013 Updated Internal Control – Integrated Framework (2013 Framework) issued on May 14, 2013 Companion documents: Internal Control – Integrated Framework: Executive Summary Illustrative Tools for Assessing Effectiveness of a System of Internal Control Internal Control over External Financial Reporting: A Compendium of Approaches and Examples COSO 1992 Framework will be available until December 15, 2014, then superseded
Types of Objectives O Operations Objectives—These pertain to effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss. O Reporting Objectives—These pertain to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity’s policies. O Compliance Objectives—These pertain to adherence to laws and regulations to which the entity is subject.
Control Environment O set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. O tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organization. O comprises the integrity and ethical values of the organization; O the organizational structure and assignment of authority and responsibility; O the process for attracting, developing, and retaining competent individuals; O performance measures, incentives, and accountability. O pervasive impact on the overall system of internal control.
Control Environment Risk Assessment Control Activities Information and Communication Monitoring Internal Controls Framework
Control Environment 1. The organization demonstrates a commitment to integrity and ethical values. 2. The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Risk Assessment 6. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. 7. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. 8. The organization considers the potential for fraud in assessing risks to the achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control.
Control Activities 10. The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels. 11. The organization selects and develops general control activities over technology to support the achievement of objectives. 12. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
Information and Communication 13. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control. 14. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control. 15. The organization communicates with external parties regarding matters affecting the functioning of internal control.
Monitoring Activities 16. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. 17. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Control Environment Discussion
Internal Control: Practical Questions O Does your organization have a code of conduct? O Does your organization have written policies and procedures ? O How often are policies and procedures reviewed and updated? O Do institutional officials involved in compliance have regular communication?
Discussion O How are faculty and staff trained on policies and procedures? O Are reporting lines effective? O How are questions concerning allowable costs or other issues addressed? O Are roles and responsibilities clearly defined? O Do internal and external audits test compliance?
Resources/References O Office of Management and Budget, Uniform Guidance financial/grant_reform/proposed-omb-uniform- guidance-for-federal-financial-assistance.pdf financial/grant_reform/proposed-omb-uniform- guidance-for-federal-financial-assistance.pdf O Committee of Sponsoring Organizations of the Treadway Commission (COSO) O Changes to Federal Grant Policies and Single Audits, KPMG, institutes.com/institutes/government- institute/events/2014/01/ govt-single- audit.htmlhttps:// institutes.com/institutes/government- institute/events/2014/01/ govt-single- audit.html
Resources O Federal Demonstration Partnership, meeting presentations on Uniform Guidance /PGA_ /PGA_ O Compliance with the New OMB Uniform Guidance in Federally-Funded International Projects, Hogan Lovells andPrograms/2014Global/Compliancewitht heNewOMBUniformGuidance.pdf andPrograms/2014Global/Compliancewitht heNewOMBUniformGuidance.pdf