1 / 30

HHS Webinar

HHS Webinar. Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of Energy Assistance Programs State of Minnesota John.harvanko@state.mn.us. March 10, 2011. Presentation Intentions.

zohar
Download Presentation

HHS Webinar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HHS Webinar Internal Controls and You: How Internal Controls Can Improve and Protect Your Energy Assistance Program John M. Harvanko, Director Office of Energy Assistance Programs State of Minnesota John.harvanko@state.mn.us March 10, 2011

  2. Presentation Intentions • To introduce how internal controls are a means of being more effective, efficient, and address integrity concerns • Promote LIHEAP adoption of InternalControlsFramework (ICF)as a means to improvement and mitigate program risk • by • Explaining “why” internal controls? • Describing “what” ICF is • Showing examples of “how” Minnesota did it

  3. Why ICF Why Internal Controls? • All funds need good controls • Being good stewards of taxpayer’s funds • Minnesota Office of Legislative Auditor (OLA) • Three years of “No Findings” for EAP • OLA is requiring the development of an Internal Control Framework • National movement toward Internal Controls (aka COSO) including from the GAO

  4. Why ICF Pennsylvania

  5. Why ICF Internal Controls? • GAO (Government Accounting Office) • HHS efforts (this webinar, National Conferences, other) • The Committee of Sponsoring Organizations (COSO) • State or Local requirements

  6. Why ICF Minnesota Office of the Legislative Auditor Audit Issues • Significant weaknesses in common internal control concepts. • Opportunities for fraud • Common areas of noncompliance • Emerging Issue – Internal Control Maturity • Assessing how well an agency identifies its risks, whether it documents and assigns its control procedures, and how it monitors the performance and effectiveness of the procedures.

  7. Why ICF Tone at the Top Agency management has the primary responsibility to design, implement, and maintain an effective internal control system. This goes from: • Governor • Commissioner • Deputy Commissioner • Program Director • Service Provider Executive Directors • EAP Coordinator

  8. Why ICF Tone at the Top (continued) Management shapes an organization's guiding values, disciplined business conduct, and operating policies forming the foundation of an agency's internal control structure.

  9. Why ICF State Directive Agency head must develop a plan for establishing, implementing and maintaining an effective internal control system. This plan at a minimum requires documentation of: • Internal control procedures over financial management activities, • An analysis of relevant risks, • Periodic evaluation of these control procedures To satisfy management that these procedures are adequately designed, properly implemented, and functioning effectively.

  10. Why ICF EAP & ICF • Why does EAP have a ICF? • MN OLA required EAP to have or have a Audit finding • EAP took the “opportunity” to analyze and assess it’s existing business processes & controls & placed into ICF framework • What does existing program components, effort definitions, implementation plans and policies mean? • Asked how existing documents equated to internal controls • Incorporated existing documents into the ICF • Organized structure identified strengths and weaknesses • ICF is a evolving, living document EAP will be advancing in the coming year and maintain going forward

  11. What is ICF Internal Control Framework (ICF) • What is ICF? • How does it affect EAP?

  12. What is ICF What is ICF? The Framework is used assess the Internal Control Competency to determine how well an organization: • Identifies its risks • Whether it documents and assigns its control procedures, and • How it monitors the performance and effectiveness of the procedures

  13. What is ICF Internal Controls • Some pieces most likely already exist in your office and program operations (incrementally without regard to ICF) • ICF provided the framework allowing these pieces to fit together • You can (and should) incorporate ICF into any Local Plans, staff meetings, any training, and specially all aspects of monitoring

  14. What is ICF ICF outlines criteria EAP uses to: Frames State Office Operations • Management approach Determine competent Service Providers • Contract with Local Plans that include ICF Monitor and evaluate program performance • Field Monitoring, Routine review, Ad Hoc Review Build the competency of the SPs • Training, Support, Corrective Action and T&TA

  15. What is ICF Frames within Framework (ICF) • Federal & State Controls • Rules and fiscal practices • GAO, HHS, OLA, MMB • Department of Commerce • Mission & Fiscal Control • EAP State Office • Program Policy & Procedure Requirement • Risk and quality controls • Fiscal allocation and auditing • Monitoring • T&TA • EAP Service Providers • Execute Program mission • Implementation of policies and procedures with a quality control environment • Manage SP specific risks

  16. What is ICF Internal Control Definition Defines internal control as a process, effected by individuals within an organization, designed to provide reasonable assurance regarding the achievement of these objectives: 1. Effectiveness and efficiency of operations, 2. Reliability of financial reporting, and 3. Compliance with applicable laws & regulations

  17. What is ICF ICF Structure The three objectives are supported by the framework. The Framework, is comprised of five interrelated components that can react dynamically to changing conditions: • Control Environment • Risk Assessment & Management • Control Activities • Information & Communication • Monitoring

  18. What is ICF EAP Specific Control Examples 1. Environment (or Leadership or Tone at the Top) Ex: EAP Service Provider’s (SP) leadership supports mission, structure and staffing to effectively process EAP Applications and delivers energy assistance 2. Risk Assessment and Management Ex: SP has and is aware of Disaster Plan so in case of flood or fire the harm to households reduce. 3. Control Activities Ex: SP understands, collects & maintains income documentation as a control the services reach the intended households. SP has proper segregation of duties for payment certification 4. Information and Communication Ex: SP makes policy & procedural Information is available to agency fiscal staff, mechanical contractors, vendors etc. to enable the program mission and controls to be consistently performed 5. Monitoring Ex: SP monitors timeliness of application processing and improves processes when possible

  19. What is ICF 1. Control Environment • “Tone at the top" is set & demonstrated by an organization leader's actions & words • It is the foundation for all other components of internal control. It encompasses: • Integrity, ethical values & competence of all people in an organization • Management's philosophy & style • How management assigns authority, responsibility and organizes and develops its people • The attention & direction executive leadership provides

  20. How ICF ICF Implementations 1. Control Environment • Local Plan, contracts establish documented understanding of ICF competencies • SP connects Business Strategy Model (BSM) & SP Mission • EAP Manual is use to guide SP policy and procedures development • SP participates in EAP management methodology • Understands and adopts administrative policies and procedures documentation • Service Providers participates in EAP training and trains staff to: • Promotes program compliance and consistency • Shares common mission, intention, goals, values and approach to program delivery • Assure policies are understood

  21. How ICF 2. Risk Management • Involves the identification and analysis of relevant risks to achieve desired objectives • In the risk assessment process, management identifies: • Internal and external risks • Assesses the impact and the likelihood these risks might occur • Selects whether to avoid, reduce, share, or accept various risks • Considers controls to mitigate risk or to contain it to an acceptable level

  22. How ICF ICF Implementations 2. Risk Management (Risk assessment & Mitigation) • SP conduct risk assessment & mitigation activities • State and SP conduct oversight activities including: • Data, file and other checks • Data & Technology practices • SP make a maintain disaster plans • SP designs processes with proper segregation of duty in key areas • SP uses incident reporting process • SP uses error & fraud processes

  23. How ICF 3. Control Activities • Consists of policies & procedures to help ensure management directives are carried out • Control activities occur throughout the organization at all levels in all functions.

  24. How ICF ICF Implementations 3. Control Environment • SP processes have approvals & authorizations for benefit determination & payments • Separation of incompatible duties • SP conducts analytical procedures like quality controls including timely service • SP conduct and support verifications like: • Income eligibility and documentation • vendor registration & sound payment process • Household check points: • Benefit notification to assure accountability of service delivery • Appeals and compliant process • SP conducts reconciliations of funds • Reviews of operating performance • SP assures security of assets

  25. How ICF 4. Information & Communication • Addresses how an organization identifies, captures & communicates pertinent information in a timely manner to the right people to enable them to carry out their responsibilities • Information systems within the organization are key to this element of internal control • Internal information, and external events, activities & conditions must be communicated to enable management to make informed business decisions and employees to perform their assigned duties

  26. How ICF ICF Implementations 4. Communication & Information • SP has communication plan for dissemination of program information • SP has routines like meetings to inform staff and partners • SP conducts appropriate and effective outreach • SP retains information overtime • SP is up to date with routine EAP communication

  27. How ICF 5. Monitoring • Are activities to evaluate whether components of the internal control system are operating effectively • Is performed by management and supervisors sometimes with internal auditors on a continuous or periodic basis • Includes identified internal control deficiencies being reported to top management and remedied in a timely manner with appropriate corrective actions • Is periodic follow-up on corrective actions taken to ensure control weaknesses are strengthened and no longer exist

  28. How ICF ICF Implementations 5. Monitoring • SP and DOC conduct routine oversight and monitoring designed to facilitate: • Staff review of data for quality and performance controls • Review financial transactions • Onsite Monitoring including State Monitors • Formal and observational assessment including random file selection • Fiscal and audit requirements • DOC is working with the Minnesota Office of the Legislative Auditor (OLA) and implementing recommendations and suggestions and SPs will help develop and implement improvements

  29. How ICF Our Responsibility • Advance our understanding ICF • Understand how existing EAP controls fit ICF • Continue to implement new ICF activities • Strengthening controls when weaknesses are detected • Providing adequate supervision necessary to ensure internal controls are operating effectively as designed • Obtain information & training on internal controls for ourselves and staff, necessary to meaningfully take responsibility for internal controls • FFY2010 EAP Manual Chapters 1 & 3 have ICF integration

  30. Q & A

More Related