Using Internal Controls to Improve Operations

1
Using Internal Controls to Improve Operations

• North Carolinas Experience with Grants

Presented by Janet Hayes, Director
Management Services Nongovernmental Compliance
Division North Carolina Office of the
State Auditor Leslie W. Merritt, Jr., CPA,
CFP State Auditor
2
(No Transcript)
3
(No Transcript)
4
The Auditors involvement

• 1999 General Assembly directed OSA to compile
  annual list of grant awards
• 2000 First compilation completed based on data
  supplied by agencies
• 2004 General Assembly significantly increased
  grants reporting requirements
• Grantee requirements
• Grantor requirements
• OSA requirements
• 2005 OSA established new oversight and
  monitoring division
• 2007 OSA deploys an on-line reporting system
  for grants

5
Internal control initiatives

• In 2004, NC General Assembly re-wrote grants
  reporting legislation
• National scandals
• State-level scandals
• Legislation covered State and Federal
  pass-through grants
• Exempted University grants
• Exempted local governmental unit grants

6
Grants in North Carolina
7
(No Transcript)
8
NCGS 143C-6-23 grants

• Between 3,500 and 4,000 grantees each year
• Average 8,000 to 9,000 grants
• About 300 grantees receive more than 500,000 in
  grants
• 28 different State agencies award grants
• Grantees located in all 100 counties

9
Grantees statutory requirements

• Have to report on all grant awards
• Receipts and expenditures report
• Program activities and accomplishments report
• Certification that funds spent for intended
  purpose
• Copy of Conflict of Interest policy
• Certification of no overdue taxes

10
Grantors statutory requirements

• Establish grants proposal process
• Obtain current Conflict of Interest policy from
  grantee
• Outline relevant requirements in contact
• Expectations
• Performance measures
• Reporting requirements
• Attach signed No Overdue Taxes certification
• Conduct on-going monitoring and oversight
• Implement sanctions for noncompliance

11
Auditors charge

• Continue to compile annual listing of grant
  awards
• Confirm compliance with statutory requirements
• Grantees
• Grantors
• Devise and maintain reporting forms to increase
  consistency

12
The Auditors response

• Improve accuracy of grants database
• Develop searchable, web-based annual report
• Implement a concentrated training program for
• Grantors
• Grantees
• Enforce best practices on periodic basis

13
Types of internal control

• Preventive controls
• Designed to discourage before they occur
• Errors
• Irregularities
• Undesirable events
• Detective controls
• Designed to identify after they have occurred
• Errors
• Irregularities

14
Grants database

• Comprised of grants information supplied by
  agencies
• Inconsistencies
• Redundancies
• Relied on agency personnel to confirm grantee
  compliance prior to 2005
• Approximately 35 noncompliance to annual
  reporting requirement

15
Grants database response

• OSA - Manual review of all grantee reports
• Confirmation of identifying data for grantees
• Establishment of monthly, web-based noncompliance
  reports and annual report
• Reduction of noncompliance to 10 20
• Developed web-based reporting function for both
  grantors and grantees
• Elimination of redundant reporting
• More timely grants data
• Internal controls built into program

16
Results of control initiatives
17
Benefits received

• Funding agencies have better handle on how grant
  funds are spent
• Agencies can research grantees history of grants
  compliance before awarding grant
• Public, media has easily accessible grants data
• Legislators can see what grants have been given
  to nonprofits in their areas

18
Why require more internal controls?

• Good management practice
• Ensure performance
• Increase accountability
• Safeguard scarce resources
• Deter fraud and abuse
• Meet legal requirements
• NCGS143C-6-23 (state)
• Sarbanes-Oxley Act 2002 (federal)

19
Establishing grants training

• Developed series of 1 day courses
• Address key components of grants accountability
• Courses offered at no cost at locations around
  the State
• Established an Effective Grants Administration
  Certificate program
• 95 grantee and grantor personnel have earned the
  Certificate
• Through December 31, 2007, 10,000 grantor and
  grantee personnel have participated
• Initiating e-Learning offerings for these courses

20
Grants training program

• Initial efforts focused on grantor personnel
• Establishing effective grants monitoring programs
• Implementing internal controls
• Developing policies and procedures
• Identifying allowable and unallowable costs
• Basic accounting for grants

21
Grants training program

• Courses applicable to grantee personnel
• Implementing internal controls
• Developing policies and procedures
• Identifying allowable and unallowable costs
• Board roles and responsibilities
• Basic accounting for grants
• Assessing client satisfaction

22
Benefits received

• Approximately 10,000 individuals have completed
  the grants training
• Many have attended multiple offerings
• Agencies report improved information from
  grantees who have attended
• Compliance increased once courses started

23
Quarterly newsletter

• Best Practices focuses on a topic to re-enforce
  internal control principles
• Distributed to grants mailing list
• 4,000 grantees
• 1,500 grantor staff
• Used to convey any important information relative
  to grants

24
Types of internal control

• Preventive controls
• Designed to discourage before they occur
• Errors
• Irregularities
• Undesirable events
• Detective controls
• Designed to identify after they have occurred
• Errors
• Irregularities

25
Grants investigations

• Beginning in June 2006, OSA began conducting
  grant investigations
• Grantees on noncompliance list
• Grantees on suspension of funding list
• Grantees on overdue tax list
• Reports of problem grantees from agency monitors
• Allegations of misuse or abuse of grant fund

26
Investigation results

• Initiated 58 grant investigations
• 6 closed unable to locate grantee
• 22 of 52 investigations had no findings
• 30 of 52 had findings
• Questioned costs in 22
• Recommended repayment of 1.3 million
• Average per investigation 23,987

27
Where to focus

• Misrepresentation of required reporting forms or
  financial statements
• Grantee managements commitment to ethics
• Financial fraud
• Theft of assets or services
• Undocumented agreements (side agreements) on
  contracts
• Potential for kick-backs
• Quid pro quo

28
Benefits received

• Repayments resulted in more grant funds available
  for other programs
• Agencies improve monitoring
• Learned what to look for
• Grantees improve procedures for handling grant
  funds
• Implemented recommendations
• Requested specific training
• Public has more information on effective programs
• Improved compliance to reporting requirements

29
(No Transcript)
30
Potential grant problem areas

• Processes that involve large expenditure or
  appropriation of cash
• Processes that lack sufficient management
  oversight
• Processes involving granting approval to receive
  funds in the form of grants, loans, contracts
• Problems that have been noted in an audit report

31
Red flags

• Uncharacteristic behavior by employees
• Appearance of conflict of interest by employees
  or Board members
• Nepotism
• Unaccountable funds
• One person in control (e.g., no separation of
  duties)
• Altered, inadequate, or missing documentation

32
Basic internal control principles

• Must be built into framework of operations
• Internal controls effected by people in an
  organization
• Cost should not outweigh risks

Risk and internal control are virtually
inseparable.
33
Control environment core factors

• Management philosophy and operating style
• Integrity and ethical values
• Direction and attention of Board
• Commitment to competencies
• Organizational structure
• Responsibility and authority
• Development of staff

34
Basic control activities

• Documentation
• Approvals and authorizations
• Transactions accurately recorded
• Appropriate reporting of transactions
• Segregation of duties
• Ensuring assets safeguarded
• Tracing accountability

35
Risk challenges for grantees

• Sufficient resources for segregation of duties
• Management override of controls
• Attracting Board members with financial /
  operational expertise
• Obtaining qualified accounting personnel
• Controlling information technology
• Source COSO Small Business Task Force

36
Best practices to improve program operations

• Identify internal control points for program
• Understand primary operational objectives and
  related risks
• Monitor operational activities and key
  performance indicators continuously
• Consider audit or other report findings
• Get involved in new/technology projects
• Identify resources needed for strong internal
  control

37
Summary

• Analyze weaknesses in your processes
• Develop plan to address risks
• Make sure all parties have adequate information,
  know requirements
• Look for ways to improve efficiency and
  effectiveness
• Shine light on accountability of State and
  Federal funds
• Results improved program operations

38
Contact information

• State Auditor Leslie W. Merritt, Jr.
• NC Office of the State Auditor
• 20601 Mail Service Center
• Raleigh, NC 27699-0601
• Leslie_Merritt_at_ncauditor.net
• 919-807-7500
• Janet Hayes, Director
• Management Services and
• Nongovernmental Compliance Division
• NC Office of the State Auditor
• 20601 Mail Service Center
• Raleigh, NC, 27699-0601
• Janet_Hayes_at_ncauditor.net
• 919-807-7558