Post Award
MUHAS, Dartmouth, UCSF
Basics of Internal Controls
Tuesday October 21, 2014
Agenda
O Internal Controls and the new Uniform
O
O
O
O
O
O
Guidance
Risk Assessment
Delegations of Authority
Organization Models and Accountability
Training
Policies and Procedures
Internal Audit
Where does the money come
from?
Other Sources
Government
Funds
Corporate
/Industry
Other Governments
Private
Donations
SIDA
College Funds
CDC
Foundations
NIH (Fogarty,
NIDCD, etc)
Lifecycle of an Award
Application
Closeout
Notice of Award
•
•
•
•
Internal Controls
Regulation
Contractual
Obligations
Reporting and
Documentation
Reporting and
Publication
Account Setup
Project
Implementation
Internal Controls vs.
Award Terms
O Internal Controls are part of the institutional
environment that enables effective management
of all awards AND institutional funds
O Good internal controls are the foundation
necessary to comply with sponsor requirements
O Good management of awards cannot happen
without internal controls
O It can’t be about the single PI, grant manager or
department complying with a sponsor’s terms
What Are Internal Controls?
O Internal control is not a serial process but a
dynamic and integrated process
O each organization may choose to implement
internal control differently.
O Internal control is defined as follows:
O Internal control is a process, effected by an
entity’s board of directors, management, and
other personnel, designed to provide reasonable
assurance regarding the achievement of
objectives relating to operations, reporting, and
compliance.
Internal Controls under New
Uniform Guidance
O Non-Federal entities must establish and maintain effective
internal control that provides reasonable assurance that entity
is managing Federal award in compliance with Federal
statutes, regulations, and terms and conditions of Federal
award.
O Internal controls should be in compliance with COSO (Internal
Control Integrated Framework, issued by the Committee of
Sponsoring Organizations of the Treadway Commission), and
Green Book (Standards for Internal Control in the Federal
Government, issued by the Comptroller General of the United
States)
O Will non-US recipients be exempt from the new guidance?
There may be differences but compliance will be necessary.
Note: We are still waiting for the NIH implementation of the
new rules
COSO 2013
Updated Internal Control – Integrated
Framework (2013 Framework)
issued on May 14, 2013
Companion documents:
• Internal Control – Integrated Framework:
Executive Summary
• Illustrative Tools for Assessing
Effectiveness of a System of Internal
Control
• Internal Control over External Financial
Reporting: A Compendium of Approaches
and Examples
COSO 1992 Framework will be available
until December 15, 2014, then superseded
Types of Objectives
O Operations Objectives—These pertain to
effectiveness and efficiency of the entity’s
operations, including operational and financial
performance goals, and safeguarding assets against
loss.
O Reporting Objectives—These pertain to internal and
external financial and non-financial reporting and
may encompass reliability, timeliness, transparency,
or other terms as set forth by regulators, recognized
standard setters, or the entity’s policies.
O Compliance Objectives—These pertain to adherence
to laws and regulations to which the entity is subject.
Control Environment
O set of standards, processes, and structures that provide the
O
O
O
O
O
O
basis for carrying out internal control across the organization.
tone at the top regarding the importance of internal control
including expected standards of conduct. Management
reinforces expectations at the various levels of the
organization.
comprises the integrity and ethical values of the organization;
the organizational structure and assignment of authority and
responsibility;
the process for attracting, developing, and retaining competent
individuals;
performance measures, incentives, and accountability.
pervasive impact on the overall system of internal control.
Internal Controls Framework
Control
Environment
Monitoring
Risk
Assessment
Information and
Communication
Control
Activities
Control Environment
1. The organization demonstrates a commitment to
integrity and ethical values.
2. The board of directors demonstrates independence
from management and exercises oversight of the
development and performance of internal control.
3. Management establishes, with board oversight,
structures, reporting lines, and appropriate authorities
and responsibilities in the pursuit of objectives.
4. The organization demonstrates a commitment to
attract, develop, and retain competent individuals in
alignment with objectives.
5. The organization holds individuals accountable for
their internal control responsibilities in the pursuit of
objectives.
Risk Assessment
6. The organization specifies objectives with sufficient
clarity to enable the identification and assessment of
risks relating to objectives.
7. The organization identifies risks to the achievement
of its objectives across the entity and analyzes risks as
a basis for determining how the risks should be
managed.
8. The organization considers the potential for fraud in
assessing risks to the achievement of objectives.
9. The organization identifies and assesses changes
that could significantly impact the system of internal
control.
Control Activities
10. The organization selects and develops control
activities that contribute to the mitigation of risks
to the achievement of objectives to acceptable
levels.
11. The organization selects and develops general
control activities over technology to support the
achievement of objectives.
12. The organization deploys control activities
through policies that establish what is expected
and procedures that put policies into action.
Information and
Communication
13. The organization obtains or generates and
uses relevant, quality information to support the
functioning of internal control.
14. The organization internally communicates
information, including objectives and
responsibilities for internal control, necessary to
support the functioning of internal control.
15. The organization communicates with external
parties regarding matters affecting the functioning
of internal control.
Monitoring Activities
16. The organization selects, develops, and
performs ongoing and/or separate evaluations
to ascertain whether the components of
internal control are present and functioning.
17. The organization evaluates and
communicates internal control deficiencies in
a timely manner to those parties responsible
for taking corrective action, including senior
management and the board of directors, as
appropriate.
Control Environment
Discussion
Internal Control:
Practical Questions
O Does your organization have a code of
conduct?
O Does your organization have written policies
and procedures ?
O How often are policies and procedures
reviewed and updated?
O Do institutional officials involved in
compliance have regular communication?
Discussion
O How are faculty and staff trained on policies
O
O
O
O
and procedures?
Are reporting lines effective?
How are questions concerning allowable
costs or other issues addressed?
Are roles and responsibilities clearly
defined?
Do internal and external audits test
compliance?
Resources/References
O Office of Management and Budget, Uniform
Guidance
http://www.whitehouse.gov/sites/default/files/omb/
financial/grant_reform/proposed-omb-uniformguidance-for-federal-financial-assistance.pdf
O Committee of Sponsoring Organizations of the
Treadway Commission (COSO)
http://www.ic.coso.org/IC.htm
O Changes to Federal Grant Policies and Single Audits,
KPMG , https://www.kpmginstitutes.com/institutes/governmentinstitute/events/2014/01/2014-01-govt-singleaudit.html
Resources
O Federal Demonstration Partnership, meeting
presentations on Uniform Guidance
http://sites.nationalacademies.org/PGA/fdp
/PGA_051651
O Compliance with the New OMB Uniform
Guidance in Federally-Funded International
Projects, Hogan Lovells
http://www.nacubo.org/Documents/Events
andPrograms/2014Global/Compliancewitht
heNewOMBUniformGuidance.pdf