Financial and Operational Policies and Internal Controls

BEAR RIVER ASSOCIATION OF GOVERNMENTS
FINANCIAL AND OPERATIONAL POLICES AND INTERNAL CONTROLS
December 31, 2009

CONTROL ENVIRONMENT

  1. The Bear River Association of Governments (BRAG) has established the following controls to ensure that those charged with governance are actively involved and have significant influence over the entity’s internal control environment and its financial reporting.
    1. The makeup and general construction of its governing body and committees are appropriate and adequate given the nature of the entity.
    2. Those charged with governance demonstrate a sufficient level of knowledge of accounting and regulatory requirements, industry experience, and entity operations.
    3. There is a succession planning process to continually evaluate the background and experience of those charged with governance in order to provide adequate oversight of the entity.
    4. A set meeting schedule is utilized to allow the governing body and audit committee to meet frequently enough to address important oversight responsibilities.
  2. BRAG has established the following controls to ensure that management, through its attitudes and actions, demonstrates character, integrity, and ethical values so that sound integrity and ethical values, particularly of top management, are developed and set the standard of conduct for the organization and financial reporting as a whole.
    1. A code of ethics has been included in the personnel policies manual.
    2. A training routine for management, employees, and others has been established so they are made familiar with the entity’s policies and practices with regard to ethics, accepted business practices, and positive control environment.
  3. BRAG has established the following controls to ensure that 1) management’s philosophy and operating style are consistent with a sound control environment and have a pervasive effect on the entity and 2) management analyzes the risks and benefits of new activities, assesses turnover among employees, investigates and resolves improper business practices, views accounting as a means to monitor and control the various activities of the organization, and adopts accounting policies that reflect the economic realities of the governmental unit.
    1. Management analyzes the potential benefits and key risk drivers associated with each of its new activities.
    2. Turnover of management and supervisory personnel is monitored, and the reasons for turnover are evaluated.
    3. Management maintains contact with, and consistently emphasizes appropriate behavior across its operations.
    4. Procedures and activities are in place to regularly educate and communicate to management and employees the importance of internal controls and to raise their level of understanding of controls.
    5. Management regards the accounting function as means for monitoring and exercising control over the entity’s various activities.
    6. Management follows a disciplined, objective process in selecting accounting principles and developing estimates.
    7. Management sets the tone that high-quality and transparent financial reporting is expected.
  4. BRAG has established the following controls to ensure that the organizational structure of the entity is appropriately designed to promote a sound control environment and that authority and responsibility, appropriate reporting lines, and free flow of information across the governmental unit provide unfettered influence to effectively run the entity and support effective financial reporting.
    1. Management periodically evaluates the entity’s organizational structure and makes necessary changes based on changes in its activities.
    2. The entity defines key areas of authority and responsibility, including management’s responsibility for activities, and how they affect the entity as a whole.
    3. There are policies for offering new services, conflicts of interest, and security practices that are adequately communicated to all employees in the organization.
    4. A process exists to support the identification and disclosure of related party transactions.
    5. There is no single individual capable of exerting substantial influence over the entity’s affairs.
  5. BRAG has established the following controls to ensure that human resource policies and procedures send messages to employees regarding expected levels of integrity, ethical behavior, and competence.
    1. Management establishes human resource policies and procedures that demonstrate its commitment to integrity, ethical behavior, and competence.
    2. Human resource policies and procedures are clearly communicated to employees and issued, updated, and revised on a timely basis.
    3. There are formal procedures for the hiring and retention of employees.
  6. BRAG has established the following controls to ensure that the entity assigns authority and responsibility to provide a basis for accountability and control.
    1. Those charged with governance oversee the entity’s process for defining responsibilities for key financial reporting roles.
    2. Job descriptions, reference manuals, or other forms of communication inform personnel of their duties.
  7. BRAG has established the following controls to ensure that the entity is committed to competence in the requirements of particular jobs and in translating those requirements into knowledge and skills.
    1. Job performance and competencies are periodically evaluated and reviewed with each employee.
    2. All departments are appropriately staffed.
    3. Management demonstrates a commitment to provide sufficient accounting and financial personnel to keep pace with the growth and/or complexity of the entity’s activities.
    4. The entity supplements in-house competencies by establishing outsourcing arrangements with other companies as permitted by regulatory standards.

RISK ASSESSMENT

  1. BRAG has established the following controls to ensure that entity and financial reporting objectives are established, documented, and communicated.
    1. Entity objectives are established, communicated, and monitored. The key elements of the entity’s strategic plans are communicated throughout the entity so all employees have a basic understanding of the entity’s overall strategy. The entity’s strategic plans and its objectives complement each other.
    2. A process is in place to periodically review and update strategic plans. The strategic plans are reviewed and approved by those charged with governance.
  2. BRAG has established the following controls to ensure that management has established practices for the identification of risks affecting the entity.
    1. Mechanisms are in place to identify risks applicable to the entity and financial reporting objectives, including (1) changes in operating, economic, and regulatory environments; (2) participation in new programs or activities; (3) new service offerings; (4) communication at various levels of management; (5) application processes; and (6) information technology infrastructure and processes.
    2. Management evaluates risks as part of the planning process.
    3. Management has a process to identify risks associated with nonroutine transactions.
    4. Management identifies risks related to laws or regulations that may affect financial reporting.
    5. Risks related to the ability of an employee to initiate and process unauthorized transactions are appropriately identified.
  3. BRAG has established the following controls to ensure that management has developed an appropriate fraud risk assessment and monitoring process.
    1. The entity assesses the potential for fraud in high-risk areas of the entity, including revenue recognition, management override, accounting estimates, and nonstandard journal entries.
    2. Those charged with governance understand and exercise oversight of the entity’s fraud risk assessment process.
  4. BRAG has established the following controls to ensure that management has implemented mechanisms to anticipate, identify, and react to changes.
    1. Budgets/forecasts are updated during the year to reflect changes in the entity’s activities.
    2. The budget is sufficiently detailed to provide meaningful comparison with actual transactions.
    3. The accounting principles used in budget preparation are the same as those used in preparing the financial statements.
    4. All budget amendments are properly authorized.
    5. Processes are in place to ensure that the accounting department and those charged with governance are sufficiently aware of significant related party transactions to ensure they are appropriately accounted for and disclosed.
  5. BRAG has established the following controls to ensure that management evaluates and mitigates risk appropriately.
    1. When risks are identified, existing controls are examined to determine whether there has been a failure in controls and action has been taken to address them.
    2. Management has specific programs or procedures in place to track fraud risk factors identified by management.
  6. BRAG has established the following controls to ensure that accounting principles are properly applied in the preparation of the financial statements.
    1. Changes to significant accounting policies are approved by management and are subject to review by those charged with governance.
    2. A process exists to identify changes within operating practices that may affect the method or process of recording transactions and the application of GAAP.
    3. A process exists to maintain current knowledge of GAAP principles and other relevant pronouncements.

INFORMATION AND COMMUNICATION

  1. BRAG has established the following control to ensure that information is identified, captured, and used at all levels of the entity to support the achievement of financial reporting objectives.
    1. Operating information used to develop accounting and financial information serves as a basis for reliable financial reporting, and operating information is used as the source of accounting estimates.
  2. BRAG has established the following controls to ensure that information relevant to financial reporting is identified, captured, processed, and distributed within the parameters established by the entity’s control processes to support the achievement of financial reporting objectives.
    1. Process procedures are sufficiently formal such that management can determine whether the control objective is met, documentation supporting the procedures are in place, and personnel routinely know the procedures that need to be performed.
    2. Data underlying financial statements are captured completely, accurately, and timely, in accordance with the entity’s policies and procedures and in compliance with laws and regulations.
    3. Financial personnel meet with program directors to discuss operational results.
    4. Financial personnel receive detailed information when reviewing financial results.
    5. Established and agreed-upon deadlines exist for period end reporting, which includes review by management.
  3. BRAG has established the following control to ensure that communication exists between management and those charged with governance so that both have relevant information to fulfill their roles with respect to governance and to financial reporting objectives.
    1. An open communications channel exists between management and those charged with governance.
  4. BRAG has established the following controls to ensure that personnel have an effective and nonretributive method to communicate significant information upstream in the entity.
    1. The entity effectively communicates an open-door policy that meets regulatory compliance requirements and promotes internal control.
    2. All reported potential improprieties are reviewed, investigated, and resolved in a timely manner.
    3. There is a process for tracking communications from citizens, vendors, regulators, and other external parties.

MONITORING

  1. BRAG has established the following controls to ensure that management monitors controls over financial reporting through ongoing monitoring, independent evaluations, and remediation of identified deficiencies.
    1. Ongoing monitoring is built into operations throughout the entity and includes explicit identification of what constitutes a deviation from expected control performance, thereby signaling a need to investigate both potential control problems and changes in risk profiles.
    2. Reports from external sources (e.g., external auditors, regulators) are considered for their internal control implications, and timely corrective actions are identified and taken.
    3. Findings of an internal control deficiency are reported to (1) the individual who owns the process and control involved and who is in the position to take corrective actions and (2) at least one level of management above the process owner.

GENERAL COMPUTER CONTROLS

  1. BRAG has established the following controls to ensure that the entity maintains reliable systems that include appropriate data backup and recovery processes.
    1. A backup and data retention policy/schedule exists, specifying how often backups are to be performed, how long they are to be retained, and where the backup media is to be stored.
    2. Application data and file server backups are performed to minimize the risk of lost or corrupted data. Backup tapes or other media are secure (accessible only by authorized personnel).
    3. Application data and file server recovery procedures are tested at least once annually to ensure data integrity and recovery.
  2. BRAG has established the following controls to ensure that physical security and access to programs and data are appropriately controlled to prevent unauthorized use, disclosure, modification, damage, or loss of data.
    1. An informal information security policy exists to define information security objectives.
    2. Procedures exist and are followed to ensure timely action relating to requesting, establishing, issuing, suspending, modifying, and closing user accounts.
    3. New user accounts in the network, application, and database environments are set up in response to properly authorized requests from management.
    4. When user access rights are modified (due to job transfers or other reasons), the access rights of these users are reviewed in order to remove access rights that are no longer needed. Additional access rights are granted in response to properly authorized requests from management.
    5. User access rights are removed or suspended in a timely manner when employees are terminated. Standards exist to define timeliness requirements for various situations (i.e., voluntary or involuntary termination).
    6. User access rights (network, application, and database) are granted on a need-to-know, need-to-do basis.
    7. User access rights (network, application, and database) support necessary segregation of duties (as defined by the financial areas’ reliance on automated controls).
    8. Controls over perimeter and network security are in place. Such controls may include firewalls, routers, terminal service devices, wireless security, intrusion detection, and vulnerability assessments where appropriate.
    9. Software users are prohibited from having access to source code, the compiler, and programming documentation.

FINANCIAL CLOSE AND REPORTING

  1. BRAG has established the following controls for defining the financial closing and reporting process and for capturing and processing other nonroutine information requiring significant estimates and judgments from management.
    1. Management establishes a well-defined process for financial reporting. The process and its key attributes (e.g., overall timing, methodology, format, and frequency of analyses) are formally documented, approved, and reviewed on a regular basis.
    2. Management defines, documents, communicates, and periodically reviews roles and responsibilities in the financial close and reporting process.
    3. Knowledgeable personnel monitor changes in authoritative guidance and regulations that affect the entity and make the appropriate changes to the entity’s accounting policies and procedures on a timely basis.
    4. Significant estimates, judgments, and changes thereto, are reported to those charged with governance on a regular basis.
    5. An independent review of significant judgments and estimates included in the financial records is performed at the end of every accounting period by knowledgeable personnel.
    6. A supporting analysis is prepared for each nonroutine event or transaction that requires management’s judgment and/or estimate. The analysis documents compliance with relevant GAAP and the entity’s accounting policies.
    7. Management receives appropriate reporting packages, sign-offs, and representations from appropriate areas of the organization to ensure all relevant information has been disclosed on a timely basis.
  2. BRAG has established the following controls for performing the accounting period close.
    1. Budget to actual comparison statements, by the governmental unit’s level of budgetary control, are reviewed by management. Significant variances from budget and/or prior periods are investigated.
    2. Management establishes a well-defined process for financial reporting. The process and its key attributes (e.g., overall timing, methodology, format, and frequency of analyses) are formally documented, approved, and reviewed on a regular basis.
    3. Routine and nonroutine events and transactions occurring near period end are analyzed and reviewed to ensure they are accounted for in the correct accounting period.
    4. All related-party events and transactions are identified, and a schedule detailing them is prepared; the schedule is reviewed by those charged with governance, management, and other appropriate parties.
    5. Unusual items and exceptions in analyses and reconciliations are documented, resolved, and reviewed by management on a timely basis.
    6. All journal entries, including nonstandard/nonroutine entries, have adequate supporting documentation and are reviewed and approved independently prior to posting.
    7. Management has a process in place to ensure that the trial balance(s) used in the financial statement preparation process is final, contains all valid journal entries made, and is in balance.
    8. Entries recorded directly to the financial statements require direct approval of the entity’s principal accounting officer and such recording and approval follows a predetermined process.
    9. Individuals who prepare the reporting entity financial statements cannot review and approve the financial statement presentation.
  3. BRAG has established the following controls for reviewing and approving financial statement disclosures.
    1. Management and those charged with governance are briefed by financial reporting personnel on a regular basis and at each period end for which financial statements are released to the public. Such briefing includes a discussion of significant nonroutine events and transactions, selection and application of critical accounting policies, areas with unusual fluctuations, and other relevant significant issues.
    2. An independent review of the financial statements and all related disclosures is performed by management and/or other suitably qualified personnel for completeness, consistency, and compliance with GAAP and the entity’s accounting and disclosure policies.
    3. Management has an established process to identify and obtain all necessary consents, waivers, communications, and other legal documents prior to the issuance of the financial statements.
    4. The financial statements and related disclosures, in print and electronic form, are reconciled to the approved financial statements, trial balance, and supporting information prior to final publishing, printing, or electronic submission.
    5. All financial statements and related disclosures are approved by those charged with governance prior to the release of the reports to the public. Such approval is documented in the minutes.

GRANT AND SIMILAR PROGRAMS

  1. BRAG has established the following controls for recording grants and similar programs.
    1. The entity has procedures for identifying federal, state, and other awards.
    2. The entity has accounting procedures, charts of accounts, etc., for identifying and recording receipts and expenditures of program funds separately and in the appropriate cost category for each award or grant.
    3. The entity provides written or verbal notification to employees when grant provisions or regulations impose requirements that differ from the entity’s normal policies and procedures.
    4. Reconciliations of grant financial reports with supporting accounting records are prepared, reviewed, and approved by a responsible official before filing.
    5. Financial reports are prepared for required accounting periods within the time imposed and on the basis of accounting required by the grantor agencies.
    6. Financial reports and claims for advances and reimbursements agree with the supporting financial records and general ledger.
  2. BRAG has established the following controls for processing program receipts.
    1. Governmental funds are accounted for through grant fund control accounts.
    2. A responsible official approves requests for advances or reimbursement.
  3. BRAG has established the following controls for processing program expenditures.
    1. Management reviews the entity’s financial reports on a periodic basis and investigates significant variances from budgets and expected results.
    2. The entity has established controls to preclude charging federal award programs with unallowable costs and expenditures.
    3. The entity has procedures for tracking property and equipment purchased with federal award funds.
    4. If the entity has awards or grants with matching requirements, levels of effort, and earmarking limitations, a responsible member of management monitors activities to ensure that requirements and limitations were met and amounts claimed or used for matching were determined in accordance with applicable laws and regulations.
    5. The entity has written personnel policies covering job descriptions, hiring procedures, salary or wage levels, promotions, dismissals, and conflicts of interest.
    6. The entity has written policies prohibiting discrimination based on race, sex, age, or marital status in its employment practices.
    7. The entity has procedures that provide reasonable assurance that consistent treatment is applied in the distribution of charges as direct or indirect costs to all awards or grants.
    8. A responsible member of management reviews costs charged to direct and indirect cost centers in accordance with applicable grant agreements and applicable governmental management circulars pertaining to cost principles.
    9. If the entity provides services under award programs with eligibility requirements, a responsible member of management uses a set checklist to review and approve the provision of services to ensure that recipients are eligible under specific program requirements.
    10. The entity’s employee time allocation method is in accordance with the standards outlined in federal circulars or agency regulations.
    11. The entity has a written procurement manual that complies with the applicable grant agreements and government circulars.
    12. If the entity has subrecipients, it has policies and procedures for making required communications to the subrecipients and monitoring the subrecipients’ activities as required.
  4. BRAG has established the following controls for reporting grants and similar programs.
    1. The entity has a documented time schedule for filing financial reports with grantors and policies for identifying special requirements of grants.
    2. The appropriate level of management or another appropriate person reviews reports from audits of the government’s awards or grants prepared by other auditors.
    3. Reconciliations of grant financial reports with supporting accounting records are prepared, reviewed, and approved by a responsible official before filing.

CASH

  1. BRAG has established the following controls for processing cash receipts.
    1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
    2. Delinquent receivables are reviewed.
    3. The receivables aging/subledger is reviewed and reconciled to the general ledger.
    4. Individuals who post cash receipts to the receivables subledger cannot:
  1. Open the mail or copy checks received.
  2. Reconcile bank accounts.
  • Authorize write-offs of delinquent accounts.
  1. Currently individuals who post cash receipts to the receivables subledger can perform the following, however, if resources become available these abilities would be removed:
    1. Review the receivables aging trial balance.
    2. Independently investigate receivables discrepancies.
    3. Maintain or authorize receivables adjustments.
    4. Edit the receivables master file.
    5. Process customer service calls and complaints.
    6. Investigate discrepancies or issues related to revenue.
    7. Prepare deposits.
    8. Deposit cash receipts.
    1. Prenumbered receipts or cash registers are effectively used and controlled.
    2. A list of daily cash receipts is compared to postings to accounts and deposits by a person independent of the cash receipts and accounts receivable functions.
    3. The government has a formal deposit policy that limits the government’s allowable deposits and addresses the specific types of risk to which the government is exposed.
    4. Bank reconciliations are prepared and reviewed in a timely fashion.
    5. Individuals who open mail or copy checks received cannot:
  1. Prepare deposits.
  2. Deposit cash receipts.
  • Reconcile bank accounts.
  1. Investigate discrepancies or issues related to cash.
  2. Maintain the cash receipts journal.
  3. Post journal entries to the general ledger.
    1. Individuals who deposit cash receipts cannot:
  1. Reconcile bank accounts.
  2. Investigate discrepancies or issues related to cash.
  1. BRAG has established the following controls for processing cash disbursements.
    1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
    2. Invoice is identified as paid during payment process.
    3. Accounts payable aging/subledger is reviewed and reconciled to the general ledger at year-end.
    4. Management/program directors review supporting documentation before approving payments.
    5. Individuals who review, authorize, or sign checks cannot:
  1. Initiate checks for expenditures.
  2. Prepare checks.
  • Mail checks.
  1. Edit the vendor master file.
  2. Investigate discrepancies or issues involving expenditures.
  3. Open the mail or copy checks received.
  • Reconcile bank accounts.
    1. Checks are prenumbered, the sequence is accounted for regularly, and unissued checks are controlled and kept in a secure location.
    2. The check signer reviews all supporting documentation prior to signing a check.
    3. Disbursements that require special approval of funding sources or the governing body are properly documented.
    4. Bank reconciliations are prepared and reviewed in a timely fashion.

REVENUE AND RECEIVABLES

  1. BRAG has established the following controls for processing and managing billings.
    1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
    2. The governmental unit has established procedures to ensure that all reimbursable costs or contract costs are billed and adherence to those procedures is periodically reviewed by the appropriate level of management or another appropriate person.
    3. Delinquent receivables are reviewed at year-end.
    4. The receivables aging/subledger is reviewed and reconciled to the general ledger at year-end.
    5. Revenues by revenue source and/or activity are reviewed regularly by management.
  2. BRAG has established the following controls for recording deferred revenue.
    1. Accounting policies and procedures specify the correct treatment for calculating deferred revenue.
    2. A supporting analysis is prepared at year-end for calculating deferred revenue. The analysis documents compliance with relevant GAAP and the government’s accounting policies.

 EXPENDITURES FOR GOODS AND SERVICES AND PAYABLES

  1. BRAG has established the following controls for recording purchases.
    1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
    2. Management or governing body approval of purchase orders is required for purchases that exceed established limits according to entity policy.
    3. A current purchasing manual defines restrictions on purchases of goods or services from governing body members, employees, or other suppliers that would create a conflict of interest.
    4. Purchases are reviewed for compliance with requirements of laws and regulations, the governing body, and of funding sources, if applicable (for example, competitive bidding requirements).
    5. The government has procedures for coding expenditures in compliance with funding and organization accounting requirements.
  2. BRAG has established the following controls for processing accounts payable and accruals.
    1. Accounts payable aging/subledger is reviewed and reconciled to the general ledger at year-end.

 PAYROLL

  1. BRAG has established the following controls for processing payroll.
    1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
    2. Bank reconciliations are prepared and reviewed in a timely fashion.
    3. Access to data and/or transaction files is appropriately restricted.
    4. Standard programmed algorithms perform significant payroll calculations.
    5. The payroll system automatically calculates the journal entry, which accounting then manually posts to the general ledger.
    6. The appropriate level of management or another appropriate person periodically reviews the allocation of payroll costs to account, funds, and programs.
    7. The appropriate level of management or another appropriate person reviews monthly payroll-related accruals for completeness and reasonableness.
    8. There is adequate segregation of duties among those who:
  1. Review and authorize electronic payroll disbursements.
  2. Resolve employee payroll inquiries.
  • Edit the payroll master file.
    1. Current payrolls are compared with previous payrolls and variances are investigated and documented.

CAPITAL ASSETS AND EXPENDITURES

  1. BRAG has established the following controls for acquiring and safeguarding capital assets.
  1. Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.
  2. Management or governing body approval of purchase orders is required for purchases that exceed established limits according to entity policy.
  3. Management tracks capital asset acquisitions and remaining costs and compares to capital budgets.
  4. Periodically, capital asset listings are routed to the appropriate managers to determine whether the assets still physically exist.
  5. The entity has a capitalization and useful lives policy, and the policy has been formally reviewed and approved by management and communicated to departments that request capital asset purchases.
  6. Capital assets are located in an appropriately secured area, where access is restricted to authorized personnel.
  7. Prior to entry, accounting personnel compare capital asset information to the capitalization policy to ensure appropriate accounting treatment.
  8. The capital assets subledger is reviewed and reconciled to the general ledger at year-end.
  9. The government has written policies for determining the fair value of contributed capital assets, including collections, and adherence to those policies is periodically reviewed by the appropriate level of management or another appropriate person.
  10. Individuals are designated with responsibility for assuring compliance with the terms and conditions of all grants, restricted contributions, exchange contracts, etc., that relate to capital assets.
  11. Individuals are designated with responsibility for monitoring all significant construction projects.

 EQUITY

  1. BRAG has established the following controls for recording equity transactions.
    1. Net asset restrictions and fund balance classifications have adequate supporting documentation and are periodically reviewed by the appropriate level of management or another appropriate person.
    2. Net asset restrictions and fund balance reserves, designations, and commitments are approved by the governing board.
    3. Management or the governing board authorizes the use of restricted, reserved, designated, committed, or assigned resources.
    4. Management periodically reviews equity accounts.
    5. An equity rollforward is performed. Unusual or reconciling items are investigated and resolved in a timely manner.