HomeMy Public PortalAbout027-2016 - Speical Ordinance - Internal ControlsAf
F*' 1
COMMON COUNCIL OF THE CITY OF RICHMOND, INDIANA
ORDINANCE NO.27-2016
AN ORDINANCE ESTABLISHING INTERNAL CONTROL STANDARDS AND A
MATERIALITY THRESHOLD AND PROCESS FOR REPORTING MATERIAL ITEMS
WHEREAS, Indiana Code (IC) § 5-11-1-27 requires all Indiana political subdivisions to adopt
minimum levels of internal control - standards developed by the State Board of
Accounts as published in the Uniform Internal Control Standards for Indiana
Political Subdivisions prior to June 30, 2016; and
WHEREAS, IC § 5-11-1-270) requires all political subdivisions to immediately report all erroneous
or irregular material variances, losses, shortages, or thefts of political subdivision funds
or property to the State Board of Accounts; and
WHEREAS, State Examiner Directive 2015-6 directs each political subdivision to determine its own
policy on materiality; and
WHEREAS, Failure to establish a policy on materiality would result in establishment of the City's
materiality reporting threshold to zero dollars and no cents ($0.00) with the State Board
of Accounts; and
WHEREAS, The City of Richmond, Indiana does not condone any erroneous or irregular material
variances, losses, shortages, or thefts of political subdivision funds or property but
recognizes that relatively small items may not justify the cost of the involvement of the
State Board of Accounts; and
WHEREAS, The Controller has reviewed and recommends adoption of the proposed internal
control standards and materiality threshold.
NOW, THEREFORE, be it ordained by the Common Council of the City of Richmond,
Indiana, as follows:
1. The City of Richmond, Indiana hereby adopts the Internal Control Policy attached hereto
and incorporated herein as Exhibit A.
2. The Controller is directed to ensure that all personnel receive training concerning the
internal control procedures and approved herein prior to June 30, 2016.
3. The Human Resources Director is directed to ensure that all new employees after June 1,
20161, will receive training concerning the internal control procedures and approved herein
prior to said new employee's first day of employment is completed.
4. All erroneous or irregular variances, losses, shortages, or thefts of The City of Richmond,
Indiana subdivision funds or property, or funds or property the City holds in trust, shall be
reported promptly to the Controller or his/her designee.
5. It will be the policy of the Controller to report to the Common Council and to the State
Board of Accounts any erroneous or irregular variances, losses, shortages or thefts of cash
in excess of $? .500, except for inadvertent clerical errors that are identified timely and
promptly corrected with no loss to the City.
6. It will be the policy of the Controller to report to the Common Council and to the State
Board of Accounts any erroneous or irregular variances, losses, shortages, or thefts of non -
cash in excess of $? .500, estimated market value, except for inadvertent clerical errors that
are identified timely and promptly corrected with no loss to the City, and except for tosses
from genuine accidents.
7. This Ordinance shall be in full force and effect from and after its passage, approval and
publication according to law.
Passed and adopted this :24 day o 2016, by the Common Council of the
City of Richmond, Indiana.
,President
(Bruce Wissel)
ATTES
(Karen Chasteen, IAMC, MMC)
PRESENTED to the Mayor of the City of Richmond, Indiana, thiw? daye�z g
,
2016, at 9:00 a.m. 09
(Karen Chasteen, IAMC, MMC)
APPROVED b me, David M. Snow, Mayor of the City of Richmond, Indiana, this day
of j , 2016, at 9:05 a.m.
ayor
_fDTV01'10rM. Sno
ATTES&• �
(Karen Chasteen, IAMC, M1V.
f
EXHIBIT A ORDINANCE 27-201G
CITY OF RICHMOND INDIANA Internal Controls Policy Pursuant to Indiana Code IC
5-11-1-27
The purpose of this policy is to communicate the Common Council's internal control objectives to
all employees and elected officials of the City of Richmond and to firmly commit the City to the
five (5) components and seventeen (17) key principles of internal controls as established by the
Indiana State Board of Accounts.
COMPONENT ONE: CONTROL ENVIRONMENT
Principle 1: The oversight body and management demonstrate a commitment to integrity
and ethical values.
The City has the responsibility to establish and maintain an adequate system of internal control and
to furnish to the Richmond Common Council, various boards and commissions, governmental
agencies, creditors and others reliable financial information on a timely basis. An adequate system
of internal control is necessary for the City to discharge these responsibilities.
Controls help ensure that assets are not exposed to unauthorized access and use, transactions are
properly recorded in the financial records, and the resultant financial information is reliable.
External organizations and stakeholders of the City rely on financial information to make decisions
toward appropriations, loans and other debt, grants, and other contractual relationships. City
resources are dependent upon the system of internal control. Auditors are required annually to
report upon the adequacy of the City's systems for control over financial reporting and compliance
per IC 5-11-1--27(e). The safeguarding of City assets and the reliability which the City and others
can place upon its financial records is dependent upon the effectiveness of the internal control
process.
As the fiscal body, Common Council expects the City administration to effect an internal control
environment with policies and procedures necessary to provide reasonable assurance that practices
cause effective and efficient operations, reliable financial reporting, and compliance with
applicable laws and regulations.
The system of internal control is meant to keep the City on course toward its mission and to
minimize surprises. The system promotes efficiency, minimizes risks of asset loss, helps ensure
the reliability of financial information, and compliance with applicable laws, rules, and regulations.
Exhibit A
Page 1 of 13
Internal control is a process; a means to an end, and not an end unto itself. The control environment
is the foundation upon which all components of internal control are based. It sets the tone for City
operations. Internal control is about people, operations, communications, and the work
environment. It is not about policies and forms though it takes shape through the implementation
of relevant policies, procedures, and practices. Internal control can provide reasonable assurance,
but no system of control can provide absolute assurance to the Common Council and other users
of financial information.
The Finance Department shall be charged with:
1. Conveying periodic messages of the City's internal control philosophy and
expectations to all employees;
2. Evaluating the City's internal control system for weaknesses on a periodic
(but no less frequently than annual) basis, providing solutions to any
discovered weaknesses, and inform employees of necessary changes in
procedures;
3. working with the Human Resources Department to establish a confidential
reporting system for individuals to report suspected fraud and abuse of
internal control policies; and
4. working with the Human Resources Department to institute procedures to
address violations of policies and consequences for violations.
Principle 2: The oversight body oversees the entity's internal control system.
As the fiscal body for the City, the Common Council is responsible for setting the institutional
expectations for internal control, ensuring management is aware of the those expectations,
requiring the upward communications channels are open through all levels of management, and
evaluating management's effectiveness toward monitoring the control environment and
implementing sound control policies and procedures. As the City's Chief Fiscal Officer, the
Controller will be the Common Council's chief agent in implementing and managing the internal
control policies and procedures.
Principle 3: Management establishes an organizational structure, assigns responsibility,
and delegates authority to achieve the entity's objectives.
Individuals with delegated approval authority, e.g. Elected officials and Department Heads are
responsible for establishing, maintaining, and supporting a system of internal controls within their
Exhibit A
Page 2 of 13
areas of responsibility and for creating the control environment that encourages compliance with
City policies and procedures.
Adequate supervision is necessary to monitor that internal controls are operating as intended, and
to help ensure the reliability of accounting and operational controls by pointing out errors,
omissions, exceptions, and inconsistencies in procedures. Staff' in leadership roles are responsible
for the application of this policy and the design, development, implementation, and maintenance
of systems of internal controls focusing on the effectiveness of operations and the safeguarding of
assets within their respective areas of responsibility. All levels of management and supervision are
responsible for strengthening internal controls when weaknesses are detected. Department
managers should periodically review departmental procedures to ensure that the general principles
of internal control are being followed.
The Finance Department has the primary responsibility for internal control over financial reporting
and compliance with applicable laws, rules, and regulations. The Controller is the City's chief
source for information and assistance to staff and Department Heads on this topic and will make
resources available to assist in administering this policy.
The Human Resources Department is responsible for internal controls over employee recruitment,
hiring, separation, promotion, job classification, employee rights, and salary administration. The
Benefits Coordinator and Corporation Counsel are the City sources for information and assistance
on this topic and will make resources available to assist in administering this policy.
All levels of internal control are subject to examination by external auditors who are required to
report on the adequacy of internal controls over finance and compliance.
Department Heads are responsible for prompt corrective action on all internal control findings and
recommendations made by internal and external auditors. The audit process is completed only after
Department Heads receive the audit results and take action to correct internal control weaknesses,
improve systems, or demonstrate that management action is not warranted. Department Heads
have the responsibility to ensure that those who report to them have adequate knowledge, skills,
and abilities to function within, and contribute to, an effective internal control environment. This
includes providing access to appropriate training on topics relevant to their job responsibilities.
Principle 4: Management demonstrates a commitment to recruit, develop, and retain
competent individuals.
The City Employee Handbook provides a roadmap for recruiting and maintaining quality
employees. Prior to employment individuals may be subject to pre -employment background
screening and/or a credit history check. While employed City Employees are entitled to a benefits
Exhibit A
Page 3 of 13
package including Health and Disability Insurance and certain other Post -Employment Benefits.
The City will continue to assess the best recruitment pools and tools for the different skill sets of
skills necessary to adequately implement and maintain quality internal controls.
Job descriptions will be updated where necessary to reflect internal control responsibilities and
duties. Employees will be regularly trained in internal control methods and all training will be
documented in employees' personnel files. Employees will be regularly evaluated by their
supervisors on internal control duties and receive feedback on possible improvements.
Principle S: Management evaluates performance and holds Individuals accountable for
their internal control responsibilities.
Individuals are held accountable for their internal control responsibilities through a recognized
structure which includes relevant job descriptions, operating procedures, periodic reviews, regular
feedback, and a progressive disciplinary policy. Additionally, City Administration seeks to address
issues in specific departments and positions through regular one -on -ones with Department Heads.
COMPONENT TWO: RISK ASSESSMENT
so
Principle C: Management defines objectives clearly to enable the identification of risks and
risk tolerances.
Through the creation of standard operating procedures and accurate organizational reporting charts
R.
management conveys and identifies objectives, missions, policies, and risk tolerances to
employees. The Finance Department will lead a risk analysis of three major areas:
1. The effectiveness and efficiency of operations.
Z. The reliability of reporting for internal and external use.
3. Compliance with applicable laws and regulations.
For each category, the Finance Department will define objectives in specific measurable terms in
order to enable the design of internal control for related risk, increase understanding at all levels,
assess performance, identify what is to be achieved, who is to achieve it, how it will be achieved,
when it will be achieved and incorporate external requirements.
Principle 7: Management identifies, analyzes, and responds to risks related to achieving the
defined objectives.
Exhibit A
Page 4 of 13
The Finance Department will identify, analyze and respond to the risks identified in Principle b by
determining:
l . How likely is the risk to occur?
2. How will it impact the objective?
3. Is the risk based on complex or unusual transactions?
4. Is the risk based on fraud?
Once each risk has been identified and analyzed, the Finance Department will work with
Department Heads to determine how to respond to each risk with a specific solution and action.
Principle 8: Management considers the potential for fraud when identifying, analyzing, and
responding to risks.
Management is committed to fraud prevention by utilizing a "trust but verify" approach. The
potential for fraud, misappropriation, and outright them are contemplated as controls are designed
for various City divisions. Fraud responses will include statutorily required responses to fraud,
including, but not limited to IC § 5-11-1-2 7(l) relating to the Report of Misappropriation of Funds
to State Board of Accounts and Prosecuting Attorney and IC § 5-11-1-270) relating to the Report
of Material Variances, Losses, Shortages or Thefts to the State Board of Accounts. The City shall
utilize a materiality threshold of $500.
Principle 9: Management identifies, analyzes, and responds to significant changes that
could impact the internal control system.
The Finance Department, in coordination with Department Heads, will regularly evaluate and
adjust internal control policies in order to accommodate for the impact of future changes, including
but not limited to, personnel changes, newly elected officials, new programs, new technology, new
laws and regulations, and financial fluctuations.
COMPONENT THREE: CONTROL ACTIVITIES
Principle 10: Management designs control activities to achieve objectives and respond to
risks.
The Finance Department will establish and maintain a system of internal controls that satisfies the
City's objectives in the following categories:
Exhibit A
Page 5 of 13
1. Risks are identified and effectively managed;
2. Safeguarding of City assets;
3. Reliability and integrity of financial information;
4. Compliance with City policy, plans, procedures, laws and regulations;
5. Economical and efficient use of City resources; and
6. Meeting established objectives and goals for City operations and programs.
A. General internal control principles for Departments are:
1. Separation of duties.
a. Duties are separated so that one person's work routinely serves as a check
on another's work.
b. No one person has complete control over more than one key function or
activity (e.g., authorizing, approving, certifying, disbursing, receiving, or
reconciling).
2. Authorization and approval.
a. Proposed transactions are authorized when proper and consistent with City
policy and the department's plans.
b. Transactions are approved by the person who has delegated approval
authority, which is usually delegated on the basis of special competency or
knowledge.
3. Custodial and security arrangements.
a. Responsibility for physical security/custody of City assets is separated from
record keeping/accounting for those assets.
b. Unauthorized access to City assets and institutional data is prevented.
Exhibit A
Page 6 of 13
4. Timely and accurate review and reconciliation.
a. Departmental accounting records and documents are examined by
employees who have sufficient understanding of the City accounting and
financial systems to verify that recorded transactions actually took place and
were made in accordance with City policies and procedures.
b. Departmental accounting records and documentation are compared with
City accounting system reports and financial statements to verify their
reasonableness, accuracy, and completeness.
5. The general internal control principles should be applied to all departmental
operations, especially accounting records and reports, payroll,
purchasing/receiving/disbursement approval, equipment and supply
inventories, cash receipts, petty cash and change funds, billing and accounts
receivable.
B. All City systems, processes, operations, functions, and activities are subject to evaluations
of internal control systems. The results of these evaluations provide information regarding
the City's overall system of control.
Information and communication — Information must be timely and communicated in a
manner that enables people to carry out their responsibilities.
1. All covered employees must be trained on Internal Controls according to IC §
5- 11-1-27(g).
2. All personnel must receive a clear message from the City's administration that
control responsibilities are to be taken seriously. Failure to comply with
established practices will subject individuals to the terms of disciplinary action
or dismissal.
3. Employees must understand their own roles in the internal control system, as
well as how individual activities relate to the work of others. To this end,
whenever a new budgetary unit, financial activity, etc. is set up, the Controller
will provide notification to the appropriate parties of the responsibilities
incumbent on them for good business practices and sound financial
management, including reference to the principles within this policy.
Exhibit A
Page 7 of 13
4. Employees must have a means of communicating significant information to the
City's administration.
5. The City must communicate effectively with external parties, such as auditors,
creditors, contractors, suppliers, regulators and other stakeholders.
D. Internal control is meant to keep the City focused on achieving its mission while avoiding
surprises. There is a balance between effective controls and mission accomplishment.
Costs associated with internal controls should not exceed their benefit, nor should controls
be allowed to stifle mission effectiveness and timely action. All levels of management
must assess the costs, benefits, and risks when designing controls to develop a positive
control environment and compensate for the risks of non-compliance, loss of assets, or
unreliable reporting while accomplishing the City mission.
E. The following specific internal control policies are adopted for use by City Departments:
Payroll Activities
L Salaries and wage rates are verified by the Human Resources Department.
ii. The responsibilities for hiring, terminating, and approving promotions are segregated
from those preparing payroll transactions or inputting data.
iii. The responsibilities for approving time sheets are segregated from those for preparing
payroll transactions or inputting data.
iv. Payroll adjustment reports are approved by someone outside of the payroll process.
v. Employees' time and attendance records are approved by their supervisors.
vi. Corrections to recorded time and attendance records are approved by the employee
and employee's supervisor.
vii. Procedures are in place to ensure that changes in employment status are promptly
reported to the payroll processing unit.
v i i i. Payroll disbursements are reviewed and approved by an authorized individual prior to
payment.
Exhibit A
Page 8 of 13
ix. Access to payroll applications is appropriately controlled by user logins and
passwords.
x. Changes to a payroll disbursement are approved by an individual other than the ones
authorized to process the changes.
xi. Payroll checks are accounted for in numerical order and reconciled to the payroll
check register.
xii. Payroll checks are mailed or distributed by someone outside the normal payroll
distribution function.
xiii. Unclaimed payroll checks are returned to Finance Department via the Department
Head.
xiv. Employees are crass -trained on the payroll process; those assigned to payroll take
regular vacations.
Disbursement Activities
i. The responsibility for approving claims is segregated from those preparing the
claims.
ii. Checks are written by an individual other than the one approving the claim.
iii. Checks are signed by an individual other than the one preparing them.
iv. Claims for payment are reviewed and approved by the management prior to
payment and then by the governing body.
V. A reconcilement is completed between the claims for payment approved by the
board and the actual disbursements posted to the ledger.
vi. The responsibility for acknowledging the receipt of goods or services is segregated
from those preparing claims and writing checks.
vii. Vendor checks are accounted for in numerical order and reconciled to the
disbursement ledger.
viii. Invoices or other receipts are attached to each claim to support the disbursement.
Exhibit A
Page 9 of 13
ix. A review is completed by an individual outside the disbursement process in which
the claim amount is compared to the supporting documentation attached to the
claim and the amount of the check.
X. Access to disbursement applications is appropriately controlled by user logins and
passwords.
Receipting Activities
i. The responsibility for collecting money and issuing receipts is segregated from those
preparing the bank deposit.
ii. The responsibility for making bank deposits is segregated from those preparing the
monthly bank reconcilement.
iii. Pre -numbered receipts are issued for all money collected and the receipt is retained
with supporting documentation.
iv. Posting of receipts to the ledger is completed by an individual other than the one who
collects money and makes the deposit.
v. Receipts indicate the type of payment received (cash, check, credit card, etc.) and this
is reconciled to the make-up of the bank deposit.
vi. Accounts receivable records are maintained by an individual other than the one(s)
involved in the billing process.
vii. The billing process is completed by an individual other than the one who collects cash
payments from customers.
viii. Adjustments to customer accounts above our managerial threshold are approved by
the governing body only after review.
Cash Activities
i. A reconcilement between the recorded cash balance and the bank balance is
completed monthly by an individual separate from the receipting and disbursing
processes.
Exhibit A
Page 10 of 13
ii. A reconcilement between the receipts ledger and the credits to the bank account
is completed periodically by an individual separate of the receipting process.
iii. A reconcilement between the disbursement ledger and the debits to the bank
account is completed periodically by an individual separate of the disbursement
process.
iv. The monthly reconcilement between the cash balance and the bank balance is
thoroughly reviewed and approved by the governing body.
v. Disbursements from and reimbursements to petty cash funds are periodically
reviewed by an individual other than the one responsible for maintaining the petty
cash fund.
Credit Cards Transactions
i. A designated official or employee oversees the issuance and use of the credit cards.
ii. An ordinance or resolution specifically states the purposes for which the credit card
may be used.
iii. A designated person separate from disbursement process reviews transactions listed
on the credit card statements for sufficient documentation and inclusion in claim to
the Board.
Principle 11: Management designs the political subdivision's information system and
related control activities to achieve objectives and respond to risks.
The Finance Department and Department Heads will work with the Information Technology
Department to ensure that information technology is used as an integral part of the internal control
system. This may include, but not be limited to:
1. Setting permission such that only certain users may perform certain tasks;
2. Using technology to accomplish segregation of duties by forcing duties to be
completed by different users;
3. Automating certain processes and calculations;
Exhibit A
Page 11 of 13
■
4. Limiting the authority to access different components of various software to
employees with duties specifically related to that component;
5. Prohibiting user ID and password sharing among employees;
6. Restricting the authority to correct or make adjustments to records to key
employees; and/or
7. Requiring the use of prescribed forms or the approval of alternative forms.
Principle 12: Management implements control activities through policies.
The City has an employee handbook that is regularly updated to communicate policies to
employees. Additionally, the Finance Department regularly works with departments and
employees who handle financial transactions to recommend and ensure best practices. All
procedures are in writing and communicated frequently to all relevant employees. The Human
Resources Director makes sure policies are available both electronically and in hard copy form.
COMPONENT FOUR: INFORMATION AND COMMUNICATION
Principle 13: Management uses quality information to achieve the political subdivision's
objectives.
The City strives to lead in the areas of financial transparency and accountability. By adopting
standards and ingesting in systems that exceed State mandated minimums, City management
provides employees and stakeholders with high quality information and informatics systems. The
City Finance Department and Legal Department attend training and industry seminars to stay
abreast of changes and developments in requirements and communicate that information
effectively to impacted employees.
Principle 14: Management internally communicates the necessary quality information to
achieve the political subdivision's objectives.
Internal communications on internal controls are communicated through adoption of formal
policies by relevant boards and commissions and/or the legislative body or documented through
memos from the Finance, Legal or relevant Department Head. Internal memos and reports are
maintained to document communication.
Principle 15: Management externally communicates the necessary quality information to
achieve the entity's objectives.
Exhibit A
Page 12 of 13
Communications with the State Board of Accounts, other State agencies, grantor agencies, and
regulatory agencies are documented by email, memos, letters, and other forms of written
correspondence. Logs are kept for information provided verbally. All documents are maintained
in accordance with the City and state's record retention policies. Reports and policies are cross
checked for accuracy, relevancy, and timeliness of information.
COMPONENT FIVE: MONITORING ACTIVITIES
Principle 16: Management establishes and operates monitoring activities to monitor the
internal control system and evaluate the results.
City Administration monitors and evaluates compliance with internal control policies via multiple
vectors. Separation of duties, redundancy polices, layered approval systems, monthly reports, and
physical controls allow management to both review and evaluate control systems.
A system of monitoring includes:
1. Periodic checks to determine if controls are in place and working effectively;
2. Reviewing control activities to determine if the actual activities are in compliance
with established procedures; and
3. .Documenting deficiencies in the internal control processes and remediating them
quickly.
Monitoring activities will be documented by signatures, initials, or other appropriate methods.
Principle 17: Management remediates identified internal control deficiencies on a timely
basis.
Breaches of internal controls are subject to significant levels of internal scrutiny. If informed of a
material breach of internal controls, the Finance Department and Mayor's Office actively
Investigate and address said breach and adjust policies and procedures to prevent such breaches in
the future. once breaches are identified and investigated, a formal or informal corrective action
plan will be developed.
Exhibit A
Page 13 of 13