DIVISION OF
LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY
INTERNAL CONTROLS
Table of Contents
Introduction....................................................................................................................... 1
Overview........................................................................................................................... 1
Web Sites..............................................................................................................13
Questionnaires........................................................................................................
14
Accounting Records
Segregation of Duties.................................................................................14
Timeliness and Usefulness........................................................................ 15
Cash Receipts
Segregation of Duties................................................................................ 16
Accountability............................................................................................. 17
Verifiability...................................................................................................18
Cash Disbursements
Segregation of Duties.................................................................................19
Cash Management............................................................................................... 20
Purchasing
Policies and Procedures............................................................................ 21
Segregation of Duties................................................................................ 22
Verifiability.................................................................................................. 23
Personnel
Segregation of Duties................................................................................ 24
Verifiability.................................................................................................. 25
Table of Contents
Part II Continued:
Dimension Issues...................................................................................... 27
Control Environment............................................................................................ 27
Safeguard Assets...................................................................................... 27
Compliance............................................................................................... 28
Information................................................................................................ 28
Communication
Operations.................................................................................................29
Safeguard Assets...................................................................................... 29
Compliance............................................................................................... 30
Information................................................................................................ 30
Control Activities
Operations.................................................................................................32
Safeguard Assets...................................................................................... 32
Compliance............................................................................................... 33
Information................................................................................................ 33
Monitoring
Operations.................................................................................................34
Safeguard Assets...................................................................................... 34
Compliance............................................................................................... 35
Information................................................................................................ 35
Introduction
Internal controls are essential to the effective operation of local governments. Simply
put, internal controls are those activities in place to provide reasonable assurance that
things are “going according to plan.” Without adequate safeguards, managers have
little assurance that their fiscal goals and responsibilities are being met. At the same
time, adequate controls can reduce the likelihood that errors and/or irregularities could
occur and go undetected. The right internal controls can help ensure that “good” things
happen and that “bad” things don’t.
Overview
The following sections are designed to help local managers assess the internal controls
of their local governments:
Local officials are faced with the daunting task of providing the services needed and
demanded by citizens with limited resources that are available to pay for these services.
Local governments provide services to their citizens, but in many ways they do not
operate in the same manner as private businesses. A private business providing
services to its customers bills and generally receives payment for these services upon
delivery, or soon after delivery. There is an agreement between the customer and the
business as to the value of that service, and the customer is generally able to choose
Internal Controls - 1
from a variety of service providers. This is not the case with local governments. The
taxpayer cannot choose from a variety of service providers when it comes to local
government services, and in many instances there is no direct link between the dollar
value of the service provided and the payment for the service. Taxes are paid, generally
at the beginning of the fiscal year, while services are delivered throughout the year.
The taxpayer, of course, is very aware of the amount paid in taxes. However, many
taxpayers do not associate the amount of taxes paid with all the services the local
government provides, but rather only the few services that directly benefit or are utilized
by that taxpayer. Such a situation can lead to the impression that the government is
inefficient and taxes are too high. There is a tendency in government to resist increases
in taxes, or reductions in services. Thus, it is imperative that local officials manage and
protect the resources at their disposal in the most effective way possible. Developing
and utilizing effective internal controls can help ensure that this is done properly.
Internal Controls
Government officials entrusted with public resources are responsible for complying with
laws and regulations, meeting goals and objectives, safeguarding assets, and issuing
reports that inform the public of the results of government activities. A good internal
control system is intended to assist local officials in meeting these responsibilities.
Internal controls have always been an important element of any organization’s financial
and operating structure. In the 1990s, concerns about fraudulent financial reporting
resulted in a group being formed and a study on internal controls being produced. This
group - the Committee of Sponsoring Organizations (COSO) - developed a report that
defines internal control and identifies five key elements of internal control.
The COSO report defined internal control as “a process, effected by an entity’s board of
directors, management and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives in effectiveness and efficiency of operations,
reliability of financial reporting, and compliance with applicable laws and regulations.”
The five elements of internal control identified by the COSO report are: Control
Environment, Risk Assessment, Control Activities, Information and Communication,
and Monitoring. We will discuss each of these elements and how they can be used in
improving an internal control system.
Control Environment
The control environment sets the tone of an organization, influencing the control
consciousness of its people. Factors that determine the control environment of a
local government are: the integrity, ethical values and competence of its people;
management’s philosophy and operating style; the way in which management assigns
authority and responsibility; the way management organizes and develops its people;
and the attention and direction provided by the governing board.
The control environment has a pervasive influence on all the decisions and activities of
an organization. A positive control environment is the foundation for all other standards
of internal control, providing discipline and structure. A common term in current
parlance is “tone at the top.” Management sets the tone for the control environment.
This is displayed by the policies they adopt, the organizational structure they impose,
how they assign authority and responsibility, hiring practices, the extent of involvement
they maintain in operations and the ethical behavior they exhibit. Employees are
also responsible for the control environment, but they generally take their lead from
management.
Internal Controls - 3
The governing board and other management personnel set the proper tone for the
control environment when they establish and effectively communicate a code of ethics
and written policies and procedures, behave in an ethical manner, observe the same
rules they expect everyone else to observe and require the appropriate standard of
conduct from everyone in the organization. Employees observe how management
conducts itself, and that conduct speaks more fluently than the written policies that
management expects employees to follow.
Governing boards should look at the complexity of their government’s operations and
decide which policies need to be adopted and the extent of those policies. Policies
should not exist in a manager’s head. They should be in writing and made available
to all employees. Governing boards should take an inventory of their written policies
and consider the following questions: What are the current policies? Have they
been reviewed for reasonableness under current conditions? Are they available to all
employees? Do they cover all the needed areas of operations?
Some areas where written guidance could be developed to enhance the control
environment are:
• Code of ethics - make sure the adopted code of ethics is in conformance with
applicable statutes and clearly defines the standard of conduct expected of
officers and employees.
• Policies and procedures manual - that addresses significant activities and unique
issues, employee responsibilities, limits to authority, performance standards,
control procedures and reporting relationships.
• Job descriptions - that identify competence levels for knowledge, skills and
experience.
• Personnel policies - that set forth hours, leave time, benefits, equal opportunity,
and disciplinary procedures.
Points to Remember
Setting the proper control environment for a local government is crucial to the
effective implementation of all the other elements of internal control. Staff will
take their cue from the attitude and example displayed by management. If
employees see officials or department heads abusing their authority or not being
held to the appropriate policies, as are employees, then they may also begin
abusing the policies. As the old saying goes “Actions speak louder than words.”
Management must communicate its support for internal Controls to all levels of
staff within the organization. The control Environment is enhanced by written
policies governing employee activities that are communicated to employees and
acted upon.
Risk Assessment
The nature of some activities or assets makes them a greater risk than others. This is
often referred to as inherent risk. The increased inherent risk of these items needs to
be considered in assessing risk. Some characteristics that generally increase inherent
risk are:
• Opportunity - The more liquid an asset, or the less centralized an operation, the
greater the potential risk of fraudulent activity.
• New Activities - The newer the activity, the greater the risk that processes and
procedures may not be as well understood as routine activities. Therefore, there
is greater risk that objectives in these areas might not be realized.
• Complexity - The more complex an activity is, the greater the possibility of error
in performing the operations. Complex legal requirements governing a specific
program may increase the likelihood that compliance issues may arise.
Internal Controls - 5
Another element impacting on the ability to achieve objectives is the element of change.
We live in a rapidly changing society, and in order to meet taxpayer expectations, local
managers may need to change the way their governments operate. However, these
changes may present to managers unique risk problems that need to be identified and
addressed. Some risk elements of change are:
The process of risk assessment consists of trying to identify those events that could
impact the ability of the department to achieve its objectives. Risk assessment consists
of asking a series of questions and then answering those questions. Questions that
might be asked in a typical risk assessment are:
• Which of our assets are most liquid or desirable and, therefore, in most
need of protection?
• What information do we rely on to achieve our objectives? What are the threats
to our obtaining this information?
• What typical decisions are made in our operations? Which of these decisions
require the most judgment?
It is best if the risk assessment is conducted at the department level and, within the
department, at the activity or process level. Remember to focus efforts on those risks
that are significant to the achievement of key objectives and that have a reasonable
likelihood of occurrence. The risk assessment process is facilitated when there is a
written mission statement and written goals and objectives.
Results of the above questions can be entered into the following table:
List the The risks should be For each risk, Identify where List the
objectives for associated with an identify the current corrective
the objective. There are a controls that controls are action
department. multitude of risks that could exist to either ineffective and to be
be identified with each prevent the plan to taken.
objective. It is best to focus risk from improve the
on control efforts that are occurring, or effectiveness
significant and have a help detect the of the controls.
reasonable likelihood of occurrence of
occurrence. Therefore, the risk.
both of these elements
should be considered when
assessing risk.
Example:
Complete Inability to identify vendor Vendor Services and Establish effective
year-end payables at year end statements goods delivered communication
accounting received at but not yet billed process to ensure
records and finance office, by vendor may department heads
file annual compared with not be included in notify finance office
report in time invoices and payables. of all vendor goods
to meet receiving and services
legislative documents, received as of year-
deadline. totaled and end.
posted.
As shown in the above table, the risks are related to the objectives, the controls
address the risks, any control deficiencies are identified and corrective action is
planned. This process of risk assessment helps managers develop a plan to improve
the internal controls of local operations. For the example given, the solution may be to
establish a process for all departments to ensure that delivered goods and services are
identified and appropriate information is promptly communicated to the finance office.
This process could also include developing forms and procedures to document and
communicate the needed information.
Internal Controls - 7
Control Activities
Control activities are the policies and procedures that help ensure that management
directives are carried out. They help ensure that necessary actions are taken to address
significant risks to the achievement of the entity’s objectives. COSO identifies a range
of control activities including approvals, authorizations, verifications, reconciliations, and
reviews of operating performance, security of assets and segregation of duties.
When undesirable events do occur, flaws in the process should be identified, and action
to correct the problem should be initiated. Such activities are called corrective control
activities.
Some control activities may provide information that other control activities are properly
working or that additional guidance is needed to improve the operations of those
control activities. For example, employees may be authorized to initiate transactions
up to a certain limit and need approval for transactions in excess of the stated limit. In
approving transactions above the stated limit, a supervisor may notice that the process
either is or is not in accordance with departmental policies. This provides the supervisor
with information regarding the transactions being executed by the employees, and
whether additional training or guidance is necessary to have the process function
properly.
In general, to help ensure that control activities are most effective, supervisory
approvals and authorizations should require:
• Written Guidance
• Limits to Authority
• Supporting Documentation
In addition, it is important for supervisors to take the approval function seriously. This
requires that they:
Sometimes it is not possible to completely control the risks that a local government
faces. When such risks are insignificant or not very likely to occur, and the cost to
reduce the risks further is prohibitive, the local government managers may decide
to simply accept the risk. Before this decision is made, the local officials should be
sure that they have adequately defined the risk, its likelihood of occurring and the
potential costs if the event does occur. Another option to local government officials
Internal Controls - 9
is to pass the risk on to someone else. This is sometimes called “insurance.” When
local governments purchase liability insurance, for example, they are transferring some
or most of the costs that would be incurred if certain risk events actually occur to the
insurance company.
Points to Remember
• Produce the financial, operational and compliance reports needed to run the
municipality, enable informed business decision-making, and issue reliable
external reports.
Monitoring
Monitoring is a process that assesses the quality of the internal control system over
time. As indicated above, there are specific control procedures that are established as
part of the system of internal control. Monitoring helps confirm that those procedures
are actually being followed. Monitoring would also help ensure that deficiencies are
being communicated as needed. Also, with time, new risks may arise or processes
change that impact on the exposure of the local government. Monitoring helps to
identify where new risks arise and may reveal a need for new processes. For example,
changing from a manual accounting system to a computerized accounting system will
expose the organization to new risks that will need to be addressed.
Internal Controls - 11
One method of monitoring the functioning of internal controls is performance measures.
Since internal controls are established to provide reasonable assurance regarding
the achievement of objectives, then using performance measures to determine the
extent to which the government is achieving its objectives is a useful way to monitor
the effectiveness of the internal controls of a local government. When performance
measure results indicate unsatisfactory results, managers (and staff) should identify
where changes can be made to improve the outcomes.
Another way to monitor internal controls is to test the operations of the local government
to determine if procedures are being applied as designed. This should be an ongoing
process. Some larger units of government may find it cost-effective to institute an
internal audit function to help monitor the functioning of internal controls and the
achievement of established objectives.
Soft Controls
Soft controls are those controls that involve attitudes and perceptions and
competencies. By their nature, they are less apparent and more difficult to measure
and assess. Such attributes as trust, strong leadership, openness and high ethical
standards are just as essential to the effective operation of local governments and
should not be overlooked or underestimated when developing or enhancing your
internal control system.
To evaluate these types of controls, managers should identify and agree on criteria for
evaluation. Through self-assessments, managers should ask themselves how they
assure themselves that objectives are being met, that policies and procedures are
followed, that legal compliance is met, etc. Through surveys, managers should ask
employees for confirming feedback. Results of soft controls should be evaluated to
provide further evidence of control effectiveness. When weaknesses are identified,
managers should focus on improving the underlying processes. Any improvements
should be discussed with all the people involved.
Internal controls are essential to the effective operation of local governments. Internal
controls are needed to help local officials achieve their objectives in a cost-effective
manner. Cost-effectiveness is an important concept in internal controls. In developing
the internal controls for a local government, it is important to identify the benefits to
be achieved by particular controls and to compare those benefits with the costs of
implementing proposed controls.
Actively thinking about the government’s objectives, the risks involved in achieving
those objectives and the means of controlling those risks enhances management’s
ability to achieve key objectives at minimum cost to the taxpayers. Communicating
the government’s objectives and values (and providing all employees a mechanism to
communicate throughout the organization) provides clear guidance to employees on
expected outcomes. Effective communication also provides managers with access to
the information that they need to achieve the goals established for the local government.
Continuously monitoring programs enables managers to keep current on the functioning
of their government’s operations towards those goals.
Web sites, questionnaires and a checklist (matrix) have been included to provide
additional information and guidance.
Web Sites:
http://www.osc.state.ny.us/audits/audits/controls/standards.htm
The following web site may contain information that could be helpful in developing
and implementing effective internal controls. However, some of the suggestions and
procedures identified by this site may not be in conformance with laws and regulations
in New York State. Consequently, any actions taken to implement some of the
suggestions and procedures should be reviewed for applicability in New York State.
Internal Controls - 13
Questionnaires:
Internal control questionnaires have been provided for the following key areas:
accounting records, cash receipts, cash disbursements, cash management, purchasing
and personnel.
Question Yes No
List the names of the individuals responsible for each of the above functions:
Maintaining Accounting Records:
Physical Custody of Assets (May be several individuals):
Maintaining Subsidiary Accounts (May be several individuals):
Reconciling Controls to Subsidiaries:
Where duties are not segregated among different people, indicate the supervisory review (of activities) in
place to limit risk:
What additional steps are planned to address weaknesses indicated by a lack of segregation of duties?
Question Yes No
Internal Controls - 15
Cash Receipts: Segregation of Duties
It is important to spread certain duties among several employees to reduce the risk of
fraudulent activities. Where duties are not required by law to be segregated, or cannot
be segregated, it is important to have increased supervisory review of activities.
Question Yes No
List the names of the individuals responsible for each of the above functions:
Collecting Cash
Recording Cash Receipts in Accounting Records
Verifying Daily Receipt Accountability
Reconciling Bank Accounts
Where duties are not segregated among different people, indicate the supervisory review (of
activities) in place to limit risk:
What additional steps are planned to address weaknesses indicated by a lack of segregation
of duties?
Individuals collecting cash should be held accountable for the transactions they
handle. It should be possible to determine the amount of cash for which each person is
responsible at any point in time.
Question Yes No
Does each person that collects cash have his own cash box that is
counted at the end of the day by a supervisor?
If the answer to the above question is ‘no,’ how is individual accountability determined for
daily collections?
Internal Controls - 17
Cash Receipts: Verifiability
It should be possible to verify the amounts each person is responsible for collecting
each day. This should be compared to the amounts that are turned in. Amounts
by which the collecting official or employee is over or short should be determined.
Amounts deposited in the appropriate bank accounts should agree with daily receipts
recorded in the accounting records.
Question Yes No
Where amounts are not verifiable from some source, how does the local government determine the
amounts for which each person collecting cash is responsible?
What additional steps are planned to address weaknesses indicated by an inability to verify amounts for
which each person collecting cash is responsible?
Question Yes No
Depositing receipts promptly reduces risks from loss due to misplacement. Including all receipts from the
time of the prior deposit makes it possible to tie amounts deposited to amounts recorded in accounting
records. Listing details of checks deposited makes it possible to compare deposits with details of receipts,
thereby identifying potential manipulations of cash receipts.
If the answer is ‘no’ to any of the above three questions, how are the risks associated with those answers
controlled?
What additional steps are necessary to adequately control verifiability of cash receipts?
It is important to spread certain duties among several officers and employees to reduce
the risk of fraudulent activities. Where duties are not required by law to be segregated,
or cannot be segregated, it is important to have increased supervisory review of
Question Yes No
List the names of the individuals responsible for each of the above functions:
Writing Checks:
Recording Checks in Accounting Records:
Distributing Checks:
Reconciling Bank Accounts:
Where duties are not segregated among different people, indicate the supervisory review (of
activities) in place to limit risk:
Internal Controls - 19
Cash Management:
The fundamental principle guiding the deposit and investment of public monies is that
an investment program should meet four elements: legality, safety, liquidity and
yield. Each local government is required to develop policies and procedures that are
in compliance with Section 39 of the General Municipal Law, and communicate those
policies and procedures to affected staff. The policies and procedures should consider
the four elements shown above.
Question Yes No
Are those involved in the investment function aware of the policies and
procedures?
(This question deals with how well these elements are communicated
to employees.)
Are cash flow projections used to determine amounts and time periods for
investments?
Purchasing here covers the decisions and processes involved in obtaining the goods
and services necessary for operating the local government. The process generally
begins with the initiation of a purchase requisition by an authorized officer or employee
who needs the goods or services and ends with the payment for the goods and services
received. Controls in purchasing should be concerned with acquiring quality goods and
services in the amounts needed to carry on the functions of the government at the best
possible price, and in conformance with all pertinent laws and policies.
Purchasing is limited to authorized officers and employees to help ensure that only
the goods and services needed are acquired, and that they are used for municipal
purposes. Larger local governments may have a centralized purchasing department to
enhance the acquisition of goods and services at favorable prices. Routine purchases
may not be subject to the same authorization levels as unusual purchases or purchases
of more expensive items. A local government’s purchasing policy will spell out the
authorization requirements for various levels of purchasing.
Larger units of government may also have a central receiving unit to receive goods
ordered. This provides for additional segregation of duties.
Section 104-b of the General Municipal Law requires local governments to adopt
written policies and procedures governing the procurement of goods and services
when competitive bidding is not required. This statute also requires local government
personnel to document certain purchase related decisions. In addition to provisions
to ensure compliance with Section 104-b, the adopted policies and procedures should
identify authorization limits, the use of requisitions and purchase orders, and the
process to follow in purchasing goods and services. For additional information on
Section 104-b and guidance on purchasing goods and services, see our chapter on
purchasing.
Question Yes No
(This question deals with how well these elements are communicated
to employees.)
Internal Controls - 21
Purchasing: Segregation of Duties
It is important to spread certain duties among several employees to reduce the risk of
fraudulent activities. Where duties are not required by law to be segregated, or cannot
be segregated, it is important to have increased supervisory review of activities.
Question Yes No
List the names of the individuals responsible for each of the above functions:
Requesting goods and services:
Issuing purchase orders:
Receiving goods and services:
Approving invoices for payment:
Where duties are not segregated among different people, indicate the supervisory review (of
activities) in place to limit risk:
What additional steps are planned to address weaknesses indicated by a lack of segregation of
duties?
The purchasing process should make it possible to verify the orders placed to date, and
the amount of orders remaining open at given dates. It should also enable the matching
of goods received with purchase orders placed. In municipalities, a good purchasing
system should include the verification of available appropriations before orders are
placed.
Question Yes No
Are receiving slips signed and sent to the person responsible for approving
payment on invoices?
Are receiving slips matched to purchase orders to verify that only goods
ordered are received, and that amounts received agree with amounts
ordered?
Are receiving slips matched to invoices to verify that only amounts received
are being billed?
Are unit prices on an invoice matched to the purchase order to verify that
billed amounts agree with purchase orders?
If there are additional controls over the purchasing function to ensure that purchases are controlled and that
claims are only paid for goods and services received for municipal purposes, indicate them here:
What additional steps are planned to address risks involved in the purchasing function?
Internal Controls - 23
Personnel:
Personnel here covers the decisions and processes involved in identifying and hiring the
staff necessary for operating the local government. Local governments provide services
to constituents and those services require the employment of staff. Controls in this area
should deal with identifying staff needs, hiring qualified personnel, supervising work and
payment of compensation.
Question Yes No
Are all employees provided with a copy of the personnel policy and the
code of ethics?
Segregation of Duties:
It is important to spread certain duties among several employees to reduce the risk of
fraudulent activities. Where duties are not required by law to be segregated, or cannot
be segregated, it is important to have increased supervisory review of activities.
Question Yes No
List the names of the individuals responsible for each of the above functions:
Hiring Employees:
Approving Payroll Input Sheets:
Preparing Payrolls:
Preparing Payroll Checks:
Distributing Payroll Checks:
Where duties are not segregated among different people, indicate the supervisory review (of
activities) in place to limit risk:
What additional steps are planned to address weaknesses indicated by a lack of segregation of
duties?
It is important to be able to determine the employees hired and the amounts paid
to those employees for services provided. The payroll function should enable the
determination of hours worked, leave used, leave accrued, and salary rates.
Question Yes No
Is overtime controlled?
Internal Controls - 25
Standards for Internal Control (Matrix)
20 Dimensions of an Organization
Effective Comply
Efficient Safeguard with Laws Reliable
Operations Assets and Rules Information
Control
Environment 1 2 3 4
Communication
5 6 7 8
Assessing and
Managing Risk 9 10 11 12
Control
Activities 13 14 15 16
Monitoring 17 18 19 20
Developed by the New York State Office of the State Comptroller
Office of Internal Control Management
February 1999
In an effort to assist managers in defining the appropriate scope and range of
an effective system of internal control, the State Comptroller’s Office of Internal
Control Management has developed a matrix that delineates the dimensions of an
organization. The matrix is based on the “Standards for Internal Control in New York
State Government” issued by the Office of the State Comptroller. By combining the
five components and four purposes of internal control, as identified in the standards, a
matrix is formed. The points of intersection of the components and purposes create 20
Dimensions of an Organization.
Within each dimension there are many issues that should be addressed to help
ensure there is a sound system of internal control. Below are the 20 Dimensions along
with examples of issues to be considered within each dimension. This listing is not
exhaustive, but provides a starting point in the process of identifying all of the pertinent
issues within each dimension. It should be noted that the dimensions are not limited to
the 20 identified herein. For example, additional components, supporting activities or
purposes that may be further identified by management could be added to expand the
matrix.
This listing can be used (after all additional issues are identified and added to the
listing): a) as a checklist to determine which issues are true about your organization
and which issues are false and, therefore, may require attention; b) as the focus of a
meeting or task force that is charged with assessing the effectiveness of a dimension
and/or issue; or c) as a source for identifying issues to be included in a formal
evaluation of a system of internal control.
Note: The parenthetical references following each dimension heading are the attributes
of the purpose of internal control that is being considered.
Internal Controls - 27
♦ Management supports programs that promote employee well being.
♦ Employees understand and appreciate the importance of the special
procedures established for the retention, use and disposal of
confidential and sensitive information, subject to legal requirements.
♦ Management creates an atmosphere that enables the reporting of
fraud or mismanagement of assets.
♦ Management establishes monitoring processes to deter misuse or loss
of assets.
Internal Controls - 29
7. Communication: Compliance (Laws, Regulations, Contracts, Policies and
Procedures)
♦ Risk assessment and management are based on the most current and
reliable information.
♦ A process is established for capturing information needed to effectively
assess and manage risk.
♦ A formal process is established for communicating new risks or
changes in existing risk and risk tolerance levels.
Internal Controls - 31
13. Control Activities: Operations (Effective, Efficient, Orderly, High Quality)
Internal Controls - 33
17. Monitoring: Operations (Effective, Efficient, Orderly, High Quality)
♦ Goals are monitored and reported upon to ensure they are being attained and
an acceptable degree of progress is being made towards accomplishment of
objectives and the mission.
♦ Costs and the use of resources are monitored and reported upon to ensure
products and services are being produced efficiently.
♦ Monitoring and reporting systems are established to ensure quality products
and services are provided.
♦ Processes are in place that effectively monitor changes in risk and identify
opportunities for improvement.
♦ Appropriate levels of supervision are established for ongoing monitoring of
daily activities.
♦ Upper level management periodically reviews and evaluates the effectiveness
and efficiency of supervisory activities.
♦ Control activities are monitored to help ensure they are effective and continue
to function as designed.
♦ Implementation of improvements is monitored to help ensure improvements
are completed in a timely fashion.
Internal Controls - 35
OFFICE OF THE STATE COMPTROLLER
DIVISION OF LOCAL GOVERNMENT SERVICES
AND SCHOOL ACCOUNTABILITY
Steven J. Hancox, Deputy Comptroller (518) 474-4037
Cole H. Hickland, Director - Direct Services (518) 474-5480
Jack Dougherty, Director - Direct Services (518) 474-5480
NEED HELP?
TECHNICAL ASSISTANCE IS AVAILABLE AT THE FOLLOWING
REGIONAL OFFICES
Serving: Allegany, Cattaraugus, Chautauqua, Erie, Serving: Clinton, Essex, Franklin, Fulton, Hamilton,
Genesee, Niagara, Orleans, Wyoming counties Montgomery, Rensselaer, Saratoga, Warren, Washington
counties
Serving: Broome, Chenango, Cortland, Delaware, Serving: Orange, Putnam, Rockland, Westchester
Otsego, Schoharie, Sullivan, Tioga, Tompkins counties
counties
Executive .......................................................................................................................................474-4037
Steven J. Hancox, Deputy Comptroller
John C Traylor, Assistant Comptroller
Electronic Filing
Questions Regarding Electronic Filing of Annual Financial Reports ............................................... 474-4014
Questions Regarding Electronic Filing of Justice Court Reports ..................................................... 486-3166
Research 473-0617
Internal Controls - 37
New York State
Office of the State Comptroller
Division of
Local Government and School Accountability
110 State Street, 12th Floor • Albany, New York 12236