The URL can be used to link to this page

Home My WebLink About2016-OR-84 INTERNAL CONTROLS ORDINANCE NO. 8V AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS AND ESTABLISHING A MATERIALITY THRESHOLD WHEREAS, Ind. Code § 5-11-1-27 requires all Indiana political subdivisions to adopt minimum levels of internal control standards developed by the State Board of Accounts as published in the Uniform Internal Control Standards for Indiana Political Subdivisions prior to December 31, 2016; and WHEREAS, the Common Council of the City of Jeffersonville has reviewed and recommends adoption of the proposed internal control standards and materiality threshold. NOW, THEREFORE, BE IT ORDAINED BY THE COMMON COUNCIL OF THE CITY OF JEFFERSONVILLE, INDIANA, THAT: SECTION 1. The City of Jeffersonville, Indiana hereby adopts the Internal Control Policy attached hereto and incorporated herein as Exhibit A. SECTION 2. The City Controller is directed to ensure that all personnel receive training concerning the internal control procedures adopted and approved herein prior to December 31, 2016. SECTION 3. The City of Jeffersonville, Indiana hereby adopts a materiality threshold of One thousand dollars ($1000.00) for purposes of the internal control procedures adopted and approved herein. SECTION 4. This Ordinance shall be in full force and effect from and after its passage, approval and publication according to law. 1 EXHIBIT A CITY OF JEFFERSONVILLE, INDIANA Internal Controls Policy Pursuant to Ind. Code § 5-11-1-27 I. Policy The purpose of this policy is to communicate the Common Council's internal control objectives to all employees and elected officials of the City of Jeffersonville and to firmly commit the City to the seventeen (17) key principles of internal controls as established by the Indiana State Board of Accounts. COMPONENT ONE: CONTROL ENVIRONMENT Principle 1: The oversight body and management demonstrate a commitment to integrity and ethical values. The City has the responsibility to establish and maintain an adequate system of internal control and to furnish to the Jeffersonville Common Council, various boards and commissions, governmental agencies, creditors and others reliable financial information on a timely basis. An adequate system of internal control is necessary for the City to discharge these responsibilities. Controls help ensure that assets are not exposed to unauthorized access and use, transactions are properly recorded in the financial records, and the resultant financial information is reliable. External organizations and stakeholders of the City rely on financial information to make decisions toward appropriations, loans and other debt, grants, and other contractual relationships. City resources are dependent upon the system of internal control. Auditors are required annually to report upon the adequacy of the City's systems for control over financial reporting and compliance per I.C. 5-11-1- 27(e). The safeguarding of City assets and the reliability which the City and others can place upon its financial records is dependent upon the effectiveness of the internal control process. The system of internal control is meant to keep the City on course toward its mission to provide effective and efficient operations, reliable financial reporting, minimize risks of asset loss and comply with applicable laws and regulations. Internal control is a process. The control environment is the foundation upon which all components of internal control are based. Internal control can provide reasonable assurance, but no system of control can provide absolute assurance to the Common Council and other users of financial information. The City Controller shall be charged with: 3 Evaluating the City's internal control system for weaknesses on a periodic (but no less frequently than annual) basis, providing solutions to any discovered weaknesses, and inform employees of necessary changes in procedures; Working with the Human Resources Department to establish a confidential reporting system for individuals to report suspected fraud and abuse of internal control policies; and Working with the Human Resources Department to institute procedures to address violations of policies and consequences for violations. Principle 2: The oversight body oversees the entity's internal control system. As the City's Chief Fiscal Officer, the City Controller will be the Common Council's chief agent in implementing and managing the internal control policies and procedures. Principle 3: Management establishes an organizational structure, assigns responsibility, and delegates authority to achieve the entity's objectives. Individuals with delegated approval authority, e.g. Elected Officials and Department Heads are responsible for establishing, maintaining, and supporting a system of internal controls within their areas of responsibility and for creating the control environment that encourages compliance with City policies and procedures. All levels of management and supervision are responsible for strengthening internal controls when weaknesses are detected. Department managers should periodically review departmental procedures to ensure that the general principles of internal control are being followed. The City Controller has the primary responsibility for internal control over financial reporting and compliance with applicable laws, rules, and regulations. The City Controller is the City's chief source for information and assistance to staff and Department Heads and will make resources available to assist in administering this policy. The Human Resources Department is responsible for internal controls over employee recruitment, hiring, separation, promotion, job classification, employee rights, and salary administration. The Human Resources Department and City Attorney are the City sources for information and assistance and will make resources available to assist in administering this policy. Principle 4: Management demonstrates a commitment to recruit, develop, and retain competent individuals. The City Employee Handbook provides a roadmap for recruiting and maintaining quality employees. Prior to employment individuals may be subject to pre-employment screening and/or a credit history check. The City will continue to assess the best recruitment pools necessary to adequately implement and maintain quality internal controls. Job descriptions will be updated where necessary to reflect internal control 4 responsibilities and duties. Employees will be trained in internal control methods and all training will be documented in employees' personnel files. Principle 5: Management evaluates performance and holds individuals accountable for their internal control responsibilities. Individuals are held accountable for their internal control responsibilities through a recognized structure which includes relevant job descriptions, operating procedures, periodic reviews, and corrective action procedures. COMPONENT TWO: RISK ASSESSMENT Principle 6: Management defines objectives clearly to enable the identification of risks and risk tolerances. The City Controller with the assistance of the City Attorney will lead a risk analysis of three major areas: 1. The effectiveness and efficiency of operations. 2. The reliability of reporting for internal and external use. 3. Compliance with applicable laws and regulations. The City Controller will define objectives in specific measurable terms in order to enable the design of internal control for related risk and identify who is to achieve it, how it will be achieved, and when it will be achieved. Principle 7: Management identifies, analyzes, and responds to risks related to achieving the defined objectives. The City Controller will identify risks to the achievement of the objectives across the city departments as a whole and within each department. Analysis of risk through determination of objective measures and variance tolerances is the basis for determining how the risks should be managed and the response. Principle 8: Management considers the potential for fraud when identifying, analyzing, and responding to risks. Management is committed to fraud prevention by utilizing a "trust but verify" approach. The potential for fraud, misappropriation, and outright theft are contemplated as controls are designed for various City divisions. Fraud responses will include statutorily required responses to fraud, including, but not limited to Ind. Code § 5-11-1-27(I) relating to the Report of Misappropriation of Funds to State Board of Accounts and Prosecuting Attorney and Ind. Code § 5-11-1-270) relating to the Report of Material Variances, Losses, Shortages or Thefts to the State Board of Accounts. The City shall utilize a materiality threshold of one thousand dollars ($1000.00). 5 Principle 9: Management identifies, analyzes, and responds to significant changes that could impact the internal control system. The City Controller, in coordination with Department Heads, will regularly evaluate and adjust internal control policies in order to accommodate for the impact of future changes, including but not limited to, personnel changes, newly elected officials, new programs, new technology, new laws and regulations, and financial fluctuations. COMPONENT THREE: CONTROL ACTIVITIES Principle 10: Management designs control activities to achieve objectives and respond to risks. The City Controller will establish and maintain a system of internal controls that satisfies the City's objectives in the following: 1. Controls over information processing. 2. Control over vulnerable assets 3. Establishment and review of performance measures and indicators. 4. Segregation of duties. 5. Proper execution of transactions. 6. Accurate and timely recording of transactions. 7. Access restrictions to and accountability for resources and records. 8. Documentation of transactions 9. Meeting established objectives and goals for City operations and programs. A. General internal control principles for Departments are: 1. Separation of duties a. Duties are separated so that one person's work routinely serves as a check on another's work. b. No one person has complete control over more than one key function or activity (e.g., authorizing, approving, certifying, disbursing, receiving, orreconciling). 2. Authorization and approval a. Proposed transactions are authorized when proper and consistent with City policy and the department's plans. 3. Custodial and security arrangements a. Responsibility for physical security/custody of City assets is separated from record keeping/accounting for those assets. b. Unauthorized access to City assets and institutional data is prevented. 6 4. Timely and accurate review and reconciliation a. Departmental accounting records and documents are examined by employees who have sufficient understanding of the City accounting and financial systems to verify that recorded transactions actually took place and were made in accordance with City policies and procedures. b. Departmental accounting records and documentation are compared with City accounting system reports and financial statements to verify their reasonableness, accuracy, and completeness. 5. The general internal control principles should be applied to all departmental operations, especially accounting records and reports, payroll, purchasing/receiving/disbursement approval, equipment and supply inventories, cash receipts, petty cash and change funds, billing and accounts receivable. B. All City systems, processes, operations, functions, and activities are subject to evaluations of internal control systems. The results of these evaluations provide information regarding the City's overall system of control. C. Information and communication — Information must be timely and communicated in a manner that enables people to carry out their responsibilities. 1. All covered employees must be trained on Internal Controls according to Ind. Code § 5-11-1-27(g). D. Internal control is meant to keep the City focused on achieving its mission while avoiding surprises. All levels of management must assess the costs, benefits, and risks when designing controls to develop a positive control environment and compensate for the risks of noncompliance, loss of assets, or unreliable reporting while accomplishing the City mission. The City Controller will specifically monitor compliance with Payroll Activities, Disbursement Activities, Receipting Activities, Cash Activities, and Credit Cards Transactions. Principle 11: Management designs the political subdivision's information system and related control activities to achieve objectives and respond to risks. The City Controller and Department Heads will work with the Technology Representatives with City is contracted with to ensure that information technology is used as an integral part of the internal control system. This may include, but not be limited to: Disaster recovery. Backing up systems. Setting permission such that only certain users may perform certain tasks. Using technology to accomplish segregation of duties. Limiting the authority to access different components of various softwares to employees with duties specifically related to that component. Prohibiting user ID and password sharing among employees. Restricting the authority to correct or make adjustments to records to key employees. Requiring the use of prescribed forms or the approval of alternative forms. Principle 12: Management implements control activities through policies. The City has an employee handbook that is regularly updated to communicate policies to employees. Additionally, the City Controller regularly works with departments and employees who handle financial transactions to recommend and ensure best practices. All procedures are in writing and communicated frequently to all relevant employees. Policies are available both electronically and in hard copy form. COMPONENT FOUR: INFORMATION AND COMMUNICATION Principle 13: Management uses quality information to achieve the political subdivision's objectives. The City strives to lead in the areas of financial transparency and accountability. Using online resources and by adopting standards and investing in systems that exceed State mandated minimums, City management provides employees and stakeholders with high quality information and informatics systems. The City Controller and City Attorney attend training and seminars to stay abreast of changes and developments in requirements and communicate that information effectively to impacted employees. Principle 14: Management internally communicates the necessary quality information to achieve the political subdivision's objectives. Internal communications on internal controls are communicated through adoption of formal policies by relevant boards and commissions and/or the legislative body or documented through memos from the City Controller, Legal or relevant Department Head. Principle 15: Management externally communicates the necessary quality information to achieve the entity's objectives. Communications with the State Board of Accounts, other State agencies, grantor agencies, and regulatory agencies are documented by email, memos, letters, and other forms of written correspondence. All documents are maintained in accordance with the City and state's record retention policies. Reports and policies are cross checked for accuracy, relevancy, and timeliness of information. 8 COMPONENT FIVE: MONITORING ACTIVITIES Principle 16: Management establishes and operates monitoring activities to monitor the internal control system and evaluate the results. City Administration monitors and evaluates compliance with internal control policies. Separation of duties, layered approval systems, and monthly reports allow management to both review and evaluate control systems. The City Controller shall implement a system of monitoring that includes: Periodic checks to determine if controls are in place and working effectively. Reviewing control activities to determine if the actual activities are in compliance with established procedures. Documenting deficiencies in the internal control processes and remediating them quickly. Principle 17: Management remediates identified internal control deficiencies on a timely basis. Breaches of internal controls are subject to significant levels of review. If informed of a material breach of internal controls, the City Controller will report to the Human Resources Department and City Attorney to actively investigate. The City Controller will address said breach and adjust policies and procedures to prevent such breaches in the future. Once breaches are identified and investigated, a formal or informal corrective action plan will be developed. 9 Voted For: Voted Against: r PASSED AND ORDAINED by the Common Council of the City of Jeffersonville, Clark County, Indiana, upon this l 9 day of December, 2016. Matt n, rest nt Jeffersonville ommon Council TEST: j � Vicki Conlin, Clerk City of Jeffersonville PRESENTED by me to the Mayor of the City of Jeffersonville Clark County, Indiana zz% day of December, 2016. Vicki Conlin, Clerk City of Jeffersonville SIGNED and APPROVED by me upon this day of 4 2016. *More, ayo 2