Internal Controls Nc

DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY

O F F I C E O F T H E N E W Y O R K S T A T E C O M P T R O L L E R

LOCAL GOVERNMENT MANAGEMENT GUIDE

INTERNAL CONTROLS

Table of Contents

Introduction.......................................................................................................................

Overview...........................................................................................................................

Part I Assessing Internal Controls................................................................................

Local Government Operations................................................................................ Internal Controls..................................................................................................... Control Environment................................................................................................. Risk Assessment.................................................................................................... Control Activities..................................................................................................... Information and Communication........................................................................... Monitoring............................................................................................................. Soft Controls......................................................................................................... Conclusion............................................................................................................

Part II Additional Resources........................................................................................

Web Sites..............................................................................................................

Questionnaires........................................................................................................

Accounting Records Segregation of Duties................................................................................. Timeliness and Usefulness........................................................................

Cash Receipts Segregation of Duties................................................................................ Accountability............................................................................................. Verifi ability................................................................................................... Cash Disbursements Segregation of Duties.................................................................................

Cash Management...............................................................................................

Purchasing Policies and Procedures............................................................................ Segregation of Duties................................................................................ Verifi ability..................................................................................................

Personnel Segregation of Duties................................................................................ Verifi ability..................................................................................................

1

1

1

12358

10111213

13

13

14

1415

161718

19

20

212223

2425

Table of Contents

Part II Continued:

Standards of Internal Control (Matrix)..................................................................

Dimension Issues......................................................................................

Control Environment............................................................................................ Safeguard Assets...................................................................................... Compliance............................................................................................... Information................................................................................................

Communication Operations................................................................................................. Safeguard Assets...................................................................................... Compliance............................................................................................... Information................................................................................................

Assessing and Managing Risk Operations................................................................................................. Safeguard Assets...................................................................................... Compliance............................................................................................... Information................................................................................................

Control Activities Operations................................................................................................. Safeguard Assets...................................................................................... Compliance............................................................................................... Information................................................................................................

Monitoring Operations................................................................................................. Safeguard Assets...................................................................................... Compliance............................................................................................... Information................................................................................................

Regional Offi ce Listing.....................................................................................................

Central Offi ce Listing.......................................................................................................

26

27

27272828

2929

3030

30

31

3131

32323333

34343535

36

37

Internal Controls - 1

INTERNAL CONTROLS

Introduction

Internal controls are essential to the effective operation of local governments. Simply put, internal controls are those activities in place to provide reasonable assurance that things are “going according to plan.” Without adequate safeguards, managers have little assurance that their fi scal goals and responsibilities are being met. At the same time, adequate controls can reduce the likelihood that errors and/or irregularities could occur and go undetected. The right internal controls can help ensure that “good” things happen and that “bad” things don’t.

Overview

The following sections are designed to help local managers assess the internal controls of their local governments:

• Local Government Operations• Internal Controls• Control Environment• Risk Assessment• Control Activities• Information and Communication• Monitoring• Soft Controls• Conclusion• Additional Resources

I. Assessing Internal Controls

Local Government Operations

Local offi cials are faced with the daunting task of providing the services needed and demanded by citizens with limited resources that are available to pay for these services. Local governments provide services to their citizens, but in many ways they do not operate in the same manner as private businesses. A private business providing services to its customers bills and generally receives payment for these services upon delivery, or soon after delivery. There is an agreement between the customer and the business as to the value of that service, and the customer is generally able to choose

2 - Chapter 14: Local Government Management Guide

and utilizing effective internal controls can help ensure that this is done properly.

Internal Controls

Government offi cials entrusted with public resources are responsible for complying with laws and regulations, meeting goals and objectives, safeguarding assets, and issuing reports that inform the public of the results of government activities. A good internal control system is intended to assist local offi cials in meeting these responsibilities.

Internal controls have always been an important element of any organization’s fi nancial and operating structure. In the 1990s, concerns about fraudulent fi nancial reporting resulted in a group being formed and a study on internal controls being produced. This group - the Committee of Sponsoring Organizations (COSO) - developed a report that defi nes internal control and identifi es fi ve key elements of internal control.

The COSO report defi ned internal control as “a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and effi ciency of operations, reliability of fi nancial reporting, and compliance with applicable laws and regulations.” The fi ve elements of internal control identifi ed by the COSO report are: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. We will discuss each of these elements and how they can be used in improving an internal control system.

from a variety of service providers. This is not the case with local governments. The taxpayer cannot choose from a variety of service providers when it comes to local government services, and in many instances there is no direct link between the dollar value of the service provided and the payment for the service. Taxes are paid, generally at the beginning of the fi scal year, while services are delivered throughout the year.

The taxpayer, of course, is very aware of the amount paid in taxes. However, many taxpayers do not associate the amount of taxes paid with all the services the local government provides, but rather only the few services that directly benefi t or are utilized by that taxpayer. Such a situation can lead to the impression that the government is ineffi cient and taxes are too high. There is a tendency in government to resist increases in taxes, or reductions in services. Thus, it is imperative that local offi cials manage and protect the resources at their disposal in the most effective way possible. Developing


Essential to internal control is the setting of goals and objectives. At the local government level, goals and objectives should be incorporated into a strategic plan that includes a mission statement and broadly defi ned initiatives. (See also our chapter on strategic planning.) Each department should identify goals and objectives that support the local government’s strategic plan. Goals and objectives for the three areas included in the defi nition of internal control might include:

• Operating Objectives - Achieving the basic mission of the local government or the department. Setting performance standards to measure the economy and effi ciency of department operations, effectiveness of its operations, and safeguarding assigned resources against loss.

• Financial Reporting Objectives - Preparation of reliable fi nancial reports, including the prevention of fraudulent public fi nancial reporting. While fi nancial reporting may primarily fall under the department responsible for the government’s overall accounting function, individual departments may have to provide essential information in producing reliable accounting records from which the resultant fi nancial reports are prepared. As examples, separate departments may be required to code purchases to the proper categories, document receipt and acceptance of goods so that payables can be properly reported, produce customer billings of various revenues, process collection of incoming cash receipts, and/or perform other applicable functions.

• Compliance Objectives - Identifi cation of laws and regulations applicable to the local government and departmental operations.

Control Environment

The control environment sets the tone of an organization, infl uencing the control consciousness of its people. Factors that determine the control environment of a local government are: the integrity, ethical values and competence of its people; management’s philosophy and operating style; the way in which management assigns authority and responsibility; the way management organizes and develops its people; and the attention and direction provided by the governing board.

The control environment has a pervasive infl uence on all the decisions and activities of an organization. A positive control environment is the foundation for all other standards of internal control, providing discipline and structure. A common term in current parlance is “tone at the top.” Management sets the tone for the control environment. This is displayed by the policies they adopt, the organizational structure they impose, how they assign authority and responsibility, hiring practices, the extent of involvement they maintain in operations and the ethical behavior they exhibit. Employees are also responsible for the control environment, but they generally take their lead from management.


Governing boards should look at the complexity of their government’s operations and decide which policies need to be adopted and the extent of those policies. Policies should not exist in a manager’s head. They should be in writing and made available to all employees. Governing boards should take an inventory of their written policies and consider the following questions: What are the current policies? Have they been reviewed for reasonableness under current conditions? Are they available to all employees? Do they cover all the needed areas of operations?

Some areas where written guidance could be developed to enhance the control environment are:

• Code of ethics - make sure the adopted code of ethics is in conformance with applicable statutes and clearly defi nes the standard of conduct expected of offi cers and employees.

• Policies and procedures manual - that addresses signifi cant activities and unique issues, employee responsibilities, limits to authority, performance standards, control procedures and reporting relationships.

• Job descriptions - that identify competence levels for knowledge, skills and experience.

• Personnel policies - that set forth hours, leave time, benefi ts, equal opportunity, and disciplinary procedures.

The governing board and other management personnel set the proper tone for the control environment when they establish and effectively communicate a code of ethics and written policies and procedures, behave in an ethical manner, observe the same rules they expect everyone else to observe and require the appropriate standard of conduct from everyone in the organization. Employees observe how management conducts itself, and that conduct speaks more fl uently than the written policies that management expects employees to follow. Accountability is a key element of the control environment. The control environment is greatly infl uenced by the extent to which individuals recognize that they will be held accountable.

Effective human resource policies and procedures can enhance a government’s control environment. The policies and procedures enacted by a local government may be determined by the size and complexity of the government’s operations. Such policies and procedures are also subject to applicable laws, regulations and collective bargaining agreements. Local offi cials should consider the following areas for human resource policy development: hiring, orientation, training, evaluations, counseling, promotions, compensation and disciplinary actions.


• Performance evaluations - with regularly scheduled evaluations and guidance on how to maximize the benefi ts of evaluations.

Risk Assessment

Risk assessment is the identifi cation of factors or conditions that threaten the achievement of management’s objectives. It involves identifying signifi cant risks to the effectiveness and effi ciency of operations, to the reliability of fi nancial reporting, and to compliance with applicable laws and regulations. Every local government faces a variety of risks from external and internal sources that must be assessed. Risk assessment also involves forming a basis for determining how the risks should be managed. Because conditions impacting operations will continue to change, processes are needed to identify and deal with the special risks associated with change.

The nature of some activities or assets makes them a greater risk than others. This is often referred to as inherent risk. The increased inherent risk of these items needs to be considered in assessing risk. Some characteristics that generally increase inherent risk are:

• Opportunity - The more liquid an asset, or the less centralized an operation, the greater the potential risk of fraudulent activity.

• New Activities - The newer the activity, the greater the risk that processes and procedures may not be as well understood as routine activities. Therefore, there is greater risk that objectives in these areas might not be realized.

• Complexity - The more complex an activity is, the greater the possibility of error in performing the operations. Complex legal requirements governing a specifi c program may increase the likelihood that compliance issues may arise.

Points to Remember

Setting the proper control environment for a local government is crucial to the effective implementation of all the other elements of internal control. Staff will take their cue from the attitude and example displayed by management. If employees see offi cials or department heads abusing their authority or not being held to the appropriate policies, as are employees, then they may also begin abusing the policies. As the old saying goes “Actions speak louder than words.” Management must communicate its support for internal Controls to all levels of staff within the organization. The control Environment is enhanced by written policies governing employee activities that are communicated to employees and acted upon.


• Changes in Personnel - Staff turnover can impact achievement of objectives because it takes time for new employees to achieve the profi ciency of the employee they are replacing. Frequent staff turnover may be indicative of other problems.

• Rapid Growth - Rapid increases in the number of businesses and/or residents moving into a municipality can mean greater demands for services. Such demands can impact the ability of a department to achieve its objectives. They may even necessitate reevaluating the objectives of a department.

The process of risk assessment consists of trying to identify those events that could impact the ability of the department to achieve its objectives. Risk assessment consists of asking a series of questions and then answering those questions. Questions that might be asked in a typical risk assessment are:

• What are our primary objectives?

• What must go right for us to succeed?

• What events can prevent us from achieving these objectives?

• Which of our assets are most liquid or desirable and, therefore, in most need of protection?

• What information do we rely on to achieve our objectives? What are the threats to our obtaining this information?

• What typical decisions are made in our operations? Which of these decisions require the most judgment?

• What are our most complex activities?

• What laws and regulations signifi cantly impact our operations?

Another element impacting on the ability to achieve objectives is the element of change. We live in a rapidly changing society, and in order to meet taxpayer expectations, local managers may need to change the way their governments operate. However, these changes may present to managers unique risk problems that need to be identifi ed and addressed. Some risk elements of change are:

• Changes in Operating Environment - This can be brought about by changes in the regulations that affect a program (external) or by replacing a manual system with a computerized system (internal). Both changes impact the environment under which the employees are working and may affect the ability to achieve objectives.


• What potential legal liabilities can result from our operations?

• Where do we spend most of our money?

• What changes do we see on the horizon?

It is best if the risk assessment is conducted at the department level and, within the department, at the activity or process level. Remember to focus efforts on those risks that are signifi cant to the achievement of key objectives and that have a reasonable likelihood of occurrence. The risk assessment process is facilitated when there is a written mission statement and written goals and objectives.

Results of the above questions can be entered into the following table:

As shown in the above table, the risks are related to the objectives, the controlsaddress the risks, any control defi ciencies are identifi ed and corrective action is planned. This process of risk assessment helps managers develop a plan to improve the internal controls of local operations. For the example given, the solution may be to establish a process for all departments to ensure that delivered goods and services are identifi ed and appropriate information is promptly communicated to the fi nance offi ce. This process could also include developing forms and procedures to document and communicate the needed information.

Departmental Objectives

Risks to Achieving Objectives

Controls In Place

Control Deficiencies

Corrective Action

List the objectives for the department.

The risks should be associated with an objective. There are a multitude of risks that could be identified with each objective. It is best to focus on control efforts that are significant and have a reasonable likelihood of occurrence. Therefore, both of these elements should be considered when assessing risk.

For each risk, identify the controls that exist to either prevent the risk from occurring, or help detect the occurrence of the risk.

Identify where current controls are ineffective and plan to improve the effectiveness of the controls.

List the corrective action to be taken.

Example: Complete year-end accounting records and file annual report in time to meet legislative deadline.

Inability to identify vendor payables at year end

Vendor statements received at finance office, compared with invoices and receiving documents, totaled and posted.

Services and goods delivered but not yet billed by vendor may not be included in payables.

Establish effective communication process to ensure department heads notify finance office of all vendor goods and services received as of year-end.


When undesirable events do occur, fl aws in the process should be identifi ed, and action to correct the problem should be initiated. Such activities are called corrective control activities.

Through authorization, management identifi es who is permitted to execute specifi c transactions, and establishes parameters within which they must operate. Some activities may need supervisory approval before they can be executed. The supervisor’s approval should be based on some form of verifi cation that the activity is in accordance with policies and procedures. In this regard, supervisory approval also serves as a monitoring device, ensuring that policies are being followed. Since these controls are designed to control undesirable events, they would be considered preventive controls. They are primarily designed to prevent mistakes.

Another preventive control is segregation of duties. Segregation of duties is primarily designed to prevent fraudulent activity from occurring and remaining undetected. Management can achieve this control objective by dividing work among two or more people. Under a proper segregation of duties, no one person should control all the key aspects of a transaction or event, and the functions performed by one person may be checked by the functions performed by the other. In general, the transaction approval function, the accounting/reconciliation function and the asset custody function should be separated among employees whenever possible. In some cases, segregation is mandated by statute. When these functions are not or cannot be separated, then a detailed supervisory review of related activities should be undertaken by managers or offi cials as a compensatory control.

Control Activities

Control activities are the policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address signifi cant risks to the achievement of the entity’s objectives. COSO identifi es a range of control activities including approvals, authorizations, verifi cations, reconciliations, and reviews of operating performance, security of assets and segregation of duties.

Control activities may:

• provide guidance to employees to help achieve the desired objectives of the department (directive controls),

• be designed to deter the occurrence of undesirable events (preventive controls),

or • identify when undesirable events do occur (detective controls).


Some examples of detective controls are reconciliations and reviews of performance. Under reconciliations, an employee relates different sets of data to one another, identifi es and investigates differences, and takes corrective action where necessary. It is important that the person conducting the reconciliations understands the importance of the process and the implications of errors identifi ed. Examples of reconciliations are comparisons of cash amounts per general ledger to cash balances per bank statements, receivable amounts per general ledger control accounts to related subsidiary account totals, and physical counts of fi xed assets to amounts recorded on accounting records. Under reviews of performance, management compares information about current performance with budgets, prior periods, or other benchmarks to measure the extent to which goals and objectives are being met. Reasons for variances are investigated to determine what corrective actions are necessary.

Some control activities may provide information that other control activities are properly working or that additional guidance is needed to improve the operations of those control activities. For example, employees may be authorized to initiate transactions up to a certain limit and need approval for transactions in excess of the stated limit. In approving transactions above the stated limit, a supervisor may notice that the process either is or is not in accordance with departmental policies. This provides the supervisor with information regarding the transactions being executed by the employees, and whether additional training or guidance is necessary to have the process function properly.

In general, to help ensure that control activities are most effective, supervisory approvals and authorizations should require:

• Written Guidance• Limits to Authority• Supporting Documentation

In addition, it is important for supervisors to take the approval function seriously. This requires that they:

• Actively Examine Documentation• Question Unusual Items• Never Sign Blank Forms

Sometimes it is not possible to completely control the risks that a local government faces. When such risks are insignifi cant or not very likely to occur, and the cost to reduce the risks further is prohibitive, the local government managers may decide to simply accept the risk. Before this decision is made, the local offi cials should be sure that they have adequately defi ned the risk, its likelihood of occurring and the potential costs if the event does occur. Another option to local government offi cials


is to pass the risk on to someone else. This is sometimes called “insurance.” When local governments purchase liability insurance, for example, they are transferring some or most of the costs that would be incurred if certain risk events actually occur to the insurance company.

Information and Communication

In order for risks to be controlled, it is imperative that there be a sound communication process that captures the necessary information and then provides that information to all who have need of that information. Since controlling risk is the responsibility of all those involved in the various processes of the municipality, the information about identifi ed risks and the means of controlling those risks need to be communicated to everyone involved. It is important that the communication system allows for communication to fl ow in all directions throughout the organization to lessen the chance of misunderstandings. Problems may be identifi ed at the lower levels of the organization and if the information is not allowed to fl ow back up to those who are responsible for making corrections, those managers will not receive needed information on time.

The executive summary to COSO states, “Pertinent information must be identifi ed, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Information systems produce reports containing operational, fi nancial and compliance-related information that make it possible to run and control the business.” It goes on to state that information must fl ow throughout the organization so that individuals understand their own role in the internal control system and how their work relates to the work of others. Effective communication also must include communication with customers, suppliers and regulators.

Points to Remember

Control activities should be designed so as to limit the effects of risks identifi ed during the risk assessment process. Some risks may be so remote or the effects of such risks so minor that managers may decide to simply accept those risks without developing controls to address them. Some risks, if they occur, may be so signifi cant that, even though remote, they need to be limited. For these risks, local managers may decide to purchase insurance. For all other risks (and even for risks that are insured) manager should implement controls that will reduce the likelihood of such risks occurring or reduce the impact if suck risks do occur.


An effective information and communication system should do the following:

• Produce the fi nancial, operational and compliance reports needed to run the municipality, enable informed business decision-making, and issue reliable external reports.

• Enable employees to capture and exchange the information they need to conduct, manage and control operations.

• Identify, capture and communicate pertinent information in a form that enables people to effectively carry out their responsibilities.

• Enable communication to fl ow in all directions throughout the organization.

• Establish effective communication with external parties.

As part of the information and communication system, it is important to inform all employees that control responsibilities are to be taken seriously. Each employee should understand his or her role in the internal control system, as well as how their individual activities relate to the work of others. Employees also need to know that they have a responsibility to communicate problems they notice in the performance of their duties.

Information about the policies and procedures to be followed by employees fl ows down through the organization. Information about daily activities may fl ow across the organizations from employees that develop the information to those that need the information. Information about problems noted in daily activities needs to fl ow upward through the organization to those in a position to initiate corrective action.

Monitoring

Monitoring is a process that assesses the quality of the internal control system over time. As indicated above, there are specifi c control procedures that are established as part of the system of internal control. Monitoring helps confi rm that those procedures are actually being followed. Monitoring would also help ensure that defi ciencies are being communicated as needed. Also, with time, new risks may arise or processes change that impact on the exposure of the local government. Monitoring helps to identify where new risks arise and may reveal a need for new processes. For example, changing from a manual accounting system to a computerized accounting system will expose the organization to new risks that will need to be addressed.


One method of monitoring the functioning of internal controls is performance measures. Since internal controls are established to provide reasonable assurance regarding the achievement of objectives, then using performance measures to determine the extent to which the government is achieving its objectives is a useful way to monitor the effectiveness of the internal controls of a local government. When performance measure results indicate unsatisfactory results, managers (and staff) should identify where changes can be made to improve the outcomes.

Another way to monitor internal controls is to test the operations of the local government to determine if procedures are being applied as designed. This should be an ongoing process. Some larger units of government may fi nd it cost-effective to institute an internal audit function to help monitor the functioning of internal controls and the achievement of established objectives.

Soft Controls

An effective system of internal controls addresses each of the components discussed above. Policies and procedures developed for control environment, risk assessment, control activities, information and communication, and monitoring often consist of hard controls that are easily identifi ed, assessed and documented. The infl uence of these policies and procedures should also be identifi ed, assessed and documented. The effect that policies and procedures have on the people involved can result in a secondary set of soft controls, equally important as the paper and ink hard controls.

Soft controls are those controls that involve attitudes and perceptions and competencies. By their nature, they are less apparent and more diffi cult to measure and assess. Such attributes as trust, strong leadership, openness and high ethical standards are just as essential to the effective operation of local governments and should not be overlooked or underestimated when developing or enhancing your internal control system.

To evaluate these types of controls, managers should identify and agree on criteria for evaluation. Through self-assessments, managers should ask themselves how they assure themselves that objectives are being met, that policies and procedures are followed, that legal compliance is met, etc. Through surveys, managers should ask employees for confi rming feedback. Results of soft controls should be evaluated to provide further evidence of control effectiveness. When weaknesses are identifi ed, managers should focus on improving the underlying processes. Any improvements should be discussed with all the people involved.


Conclusion

Internal controls are essential to the effective operation of local governments. Internal controls are needed to help local offi cials achieve their objectives in a cost-effective manner. Cost-effectiveness is an important concept in internal controls. In developing the internal controls for a local government, it is important to identify the benefi ts to be achieved by particular controls and to compare those benefi ts with the costs of implementing proposed controls. Actively thinking about the government’s objectives, the risks involved in achieving those objectives and the means of controlling those risks enhances management’s ability to achieve key objectives at minimum cost to the taxpayers. Communicating the government’s objectives and values (and providing all employees a mechanism to communicate throughout the organization) provides clear guidance to employees on expected outcomes. Effective communication also provides managers with access to the information that they need to achieve the goals established for the local government. Continuously monitoring programs enables managers to keep current on the functioning of their government’s operations towards those goals.

II. Additional Resources

Web sites, questionnaires and a checklist (matrix) have been included to provide additional information and guidance.

Web Sites:

Standards for Internal Control in New York State Government:

http://www.osc.state.ny.us/audits/audits/controls/standards.htm

The following web site may contain information that could be helpful in developing and implementing effective internal controls. However, some of the suggestions and procedures identifi ed by this site may not be in conformance with laws and regulations in New York State. Consequently, any actions taken to implement some of the suggestions and procedures should be reviewed for applicability in New York State.

Control Self-Assessment Workshop Participant’s Manual, The University of Texas Sys-tem from web site http://www.utsystem.edu/aud/ (Click on “Audit Links,” “Compliance and Risk” then “Control Self-Assessment”)


Questionnaires:

Internal control questionnaires have been provided for the following key areas: accounting records, cash receipts, cash disbursements, cash management, purchasing and personnel.

Accounting Records: Segregation of Duties

It is important to spread certain duties among several offi cers or employees to reduce the risk of fraudulent activities. Where duties are not required to be segregated, or cannot be segregated, it is important to have increased supervisory review of activities.

Question Yes No Are the functions of maintaining the accounting records, physical custody of assets, maintaining subsidiary records and reconciling subsidiary records to control accounts spread among different people?

List the names of the individuals responsible for each of the above functions: Maintaining Accounting Records: Physical Custody of Assets (May be several individuals): Maintaining Subsidiary Accounts (May be several individuals): Reconciling Controls to Subsidiaries: For computerized accounting records, are there controls to limit access to computers, programs, and input? In a mainframe environment, access to the computer should be limited and programmers should not be running the programs they develop. For a PC environment, access to individual computers should be controlled by passwords, access to specific programs should be limited to certain individuals either through passwords or with “read only access,” and input controls should limit who is authorized to use application programs to enter data.

Where duties are not segregated among different people, indicate the supervisory review (of activities) in place to limit risk: What additional steps are planned to address weaknesses indicated by a lack of segregation of duties?


Accounting Records: Timeliness and Usefulness

Accounting records provide information needed to manage the fi nances of the local government. In order for this information to be useful, it must provide needed information that helps managers identify potential problems within a timeframe that allows for corrective action before any problems worsen.

Question Yes No Are the accounting records up-to-date? This means that receipts and disbursements are recorded daily; that ledger accounts are posted either simultaneously with other records (as in most computer operations) or within a day or two of the end of the month, that controls and subsidiaries are reconciled monthly, and that errors are identified and corrected immediately.

Are timely reports issued? If the accounting records are properly designed, reports should flow easily from them. Annual reports ideally should be completed within a month of the completion of the fiscal year; budgetary reports should be available within days of the completion of the month. Where this is not possible, causes for delays should be identified and corrected.

What accounting records are not up to date? What reports are not issued in a timely fashion?

What additional steps are planned to address weaknesses indicated by the lack of timely accounting records and useful reports?


Cash Receipts: Segregation of Duties

It is important to spread certain duties among several employees to reduce the risk of fraudulent activities. Where duties are not required by law to be segregated, or cannot be segregated, it is important to have increased supervisory review of activities.

Question Yes No

Are the functions of collecting cash, recording cash receipts in the accounting records, verifying daily receipt accountability, and reconciling bank accounts spread among different people?

List the names of the individuals responsible for each of the above functions:Collecting CashRecording Cash Receipts in Accounting RecordsVerifying Daily Receipt AccountabilityReconciling Bank Accounts

Where duties are not segregated among different people, indicate the supervisory review (of activities) in place to limit risk:

What additional steps are planned to address weaknesses indicated by a lack of segregation of duties?


Cash Receipts: Accountability

Individuals collecting cash should be held accountable for the transactions they handle. It should be possible to determine the amount of cash for which each person is responsible at any point in time.

Question Yes No

Does each person that collects cash have his own cash box that is counted at the end of the day by a supervisor?

If the answer to the above question is ‘no,’ how is individual accountability determined for daily collections?

What additional steps are necessary to adequately assign accountability to employees for cash collections?


Cash Receipts: Verifi ability

It should be possible to verify the amounts each person is responsible for collecting each day. This should be compared to the amounts that are turned in. Amounts by which the collecting offi cial or employee is over or short should be determined. Amounts deposited in the appropriate bank accounts should agree with daily receipts recorded in the accounting records.

Question Yes No

Are amounts to be collected verifi able from: Press-numbered licenses or permits? Amounts billed to customers (for user charges)? Press-numbered duplicate receipts?

Where amounts are not verifi able from some source, how does the local government determine the amounts for which each person collecting cash is responsible?

What additional steps are planned to address weaknesses indicated by an inability to verify amounts for which each person collecting cash is responsible?

Question Yes No

Are deposits made promptly?

Do deposits include all receipts from the time of the prior deposit?

Do deposit slips include details of all checks deposited?

Depositing receipts promptly reduces risks from loss due to misplacement. Including all receipts from the time of the prior deposit makes it possible to tie amounts deposited to amounts recorded in accounting records. Listing details of checks deposited makes it possible to compare deposits with details of receipts, thereby identifying potential manipulations of cash receipts.

If the answer is ‘no’ to any of the above three questions, how are the risks associated with those answers controlled?

What additional steps are necessary to adequately control verifi ability of cash receipts?


Cash Disbursements: Segregation of Duties

It is important to spread certain duties among several offi cers and employees to reduce the risk of fraudulent activities. Where duties are not required by law to be segregated, or cannot be segregated, it is important to have increased supervisory review of

Question Yes No

Are the functions of writing checks, recording checks in the accounting records, distributing checks and reconciling bank accounts spread among different people?

List the names of the individuals responsible for each of the above functions:Writing Checks:Recording Checks in Accounting Records:Distributing Checks:Reconciling Bank Accounts:



Cash Management:

The fundamental principle guiding the deposit and investment of public monies is that an investment program should meet four elements: legality, safety, liquidity and yield. Each local government is required to develop policies and procedures that are in compliance with Section 39 of the General Municipal Law, and communicate those policies and procedures to affected staff. The policies and procedures should consider the four elements shown above.

Question Yes No

Has the local government adopted an investment policy?

Are procedures governing the investment function set down in writing?

Are those involved in the investment function aware of the policies and procedures?

(This question deals with how well these elements are communicated to employees.)

Are deposits in excess of FDIC coverage secured by a pledge of securities, an eligible surety bond, or an eligible letter of credit in proper amounts?

Are securities pledged to secure deposits covered by security and custodial agreements?

Are cash fl ow projections used to determine amounts and time periods for investments?


Purchasing:

Purchasing here covers the decisions and processes involved in obtaining the goods and services necessary for operating the local government. The process generally begins with the initiation of a purchase requisition by an authorized offi cer or employee who needs the goods or services and ends with the payment for the goods and services received. Controls in purchasing should be concerned with acquiring quality goods and services in the amounts needed to carry on the functions of the government at the best possible price, and in conformance with all pertinent laws and policies.

Purchasing is limited to authorized offi cers and employees to help ensure that only the goods and services needed are acquired, and that they are used for municipal purposes. Larger local governments may have a centralized purchasing department to enhance the acquisition of goods and services at favorable prices. Routine purchases may not be subject to the same authorization levels as unusual purchases or purchases of more expensive items. A local government’s purchasing policy will spell out the authorization requirements for various levels of purchasing.

Larger units of government may also have a central receiving unit to receive goods ordered. This provides for additional segregation of duties.

Policies and Procedures:

Section 104-b of the General Municipal Law requires local governments to adopt written policies and procedures governing the procurement of goods and services when competitive bidding is not required. This statute also requires local government personnel to document certain purchase related decisions. In addition to provisions to ensure compliance with Section 104-b, the adopted policies and procedures should identify authorization limits, the use of requisitions and purchase orders, and the process to follow in purchasing goods and services. For additional information on Section 104-b and guidance on purchasing goods and services, see our chapter on purchasing.

Question Yes No

Has the local government adopted a purchasing policy?

Are procedures governing the purchasing function set down in writing?

Are those involved in the purchasing function aware of the purchasing policies and procedures?

(This question deals with how well these elements are communicated to employees.)


Purchasing: Segregation of Duties


Question Yes No

Are the functions of requesting goods and services, authorizing purchase orders, receiving goods and approving invoices for payment spread among different individuals?

List the names of the individuals responsible for each of the above functions:Requesting goods and services:Issuing purchase orders:Receiving goods and services:Approving invoices for payment:




Purchasing: Verifi ability

The purchasing process should make it possible to verify the orders placed to date, and the amount of orders remaining open at given dates. It should also enable the matching of goods received with purchase orders placed. In municipalities, a good purchasing system should include the verifi cation of available appropriations before orders are placed.

Question Yes No

Are purchase orders used for all purchases?

Are purchase orders pre-numbered?

Is availability of appropriations verifi ed prior to issuing purchase orders?

Are purchase orders written from requisitions from authorized individuals?

Does someone approve the condition of goods received and compare amounts received with receiving slips?

Are receiving slips signed and sent to the person responsible for approving payment on invoices?

Are receiving slips matched to purchase orders to verify that only goods ordered are received, and that amounts received agree with amounts ordered?

Are receiving slips matched to invoices to verify that only amounts received are being billed?

Are unit prices on an invoice matched to the purchase order to verify that billed amounts agree with purchase orders?

Is the mathematical accuracy of the invoice verifi ed? (Consists of multiplying unit price by number of units received and adding total column)

If there are additional controls over the purchasing function to ensure that purchases are controlled and that claims are only paid for goods and services received for municipal purposes, indicate them here:

What additional steps are planned to address risks involved in the purchasing function?


Personnel:

Personnel here covers the decisions and processes involved in identifying and hiring the staff necessary for operating the local government. Local governments provide services to constituents and those services require the employment of staff. Controls in this area should deal with identifying staff needs, hiring qualifi ed personnel, supervising work and payment of compensation.

Segregation of Duties:


Question Yes No

Has the local government adopted a personnel policy?

Has the local government adopted a code of ethics meeting the requirements of Section 806 of the General Municipal Law?

Are all employees provided with a copy of the personnel policy and the code of ethics?

Question Yes No

Are the functions of hiring staff, approving payroll records, preparing payrolls, preparing payroll checks and distributing payroll checks segregated?

List the names of the individuals responsible for each of the above functions:Hiring Employees:Approving Payroll Input Sheets:Preparing Payrolls:Preparing Payroll Checks:Distributing Payroll Checks:




Personnel: Verifi ability

It is important to be able to determine the employees hired and the amounts paid to those employees for services provided. The payroll function should enable the determination of hours worked, leave used, leave accrued, and salary rates.

Question Yes No

Are policies in place for justifying need for staff hired? (This may include budgetary authorization for positions.)

Is employee attendance documented?

Is excessive employee absence investigated?

Is overtime controlled?

Are records maintained of accumulated leave time?

Do time cards or some other form of attendance verifi cation support payrolls?

Are amounts paid employees determined by either properly approved contracts or other approved actions?(This may include approval of the budget and/or the passage of a resolution).

Are the above functions subject to collective bargaining agreements?


Standards for Internal Control (Matrix)

In an effort to assist managers in defi ning the appropriate scope and range of an effective system of internal control, the State Comptroller’s Offi ce of Internal Control Management has developed a matrix that delineates the dimensions of an organization. The matrix is based on the “Standards for Internal Control in New York State Government” issued by the Offi ce of the State Comptroller. By combining the fi ve components and four purposes of internal control, as identifi ed in the standards, a matrix is formed. The points of intersection of the components and purposes create 20 Dimensions of an Organization.

Within each dimension there are many issues that should be addressed to help ensure there is a sound system of internal control. Below are the 20 Dimensions along with examples of issues to be considered within each dimension. This listing is not exhaustive, but provides a starting point in the process of identifying all of the pertinent issues within each dimension. It should be noted that the dimensions are not limited to the 20 identifi ed herein. For example, additional components, supporting activities or purposes that may be further identifi ed by management could be added to expand the matrix. This listing can be used (after all additional issues are identifi ed and added to the listing): a) as a checklist to determine which issues are true about your organization and which issues are false and, therefore, may require attention; b) as the focus of a meeting or task force that is charged with assessing the effectiveness of a dimension and/or issue; or c) as a source for identifying issues to be included in a formal evaluation of a system of internal control.

Note: The parenthetical references following each dimension heading are the attributes of the purpose of internal control that is being considered.

1 2 3 4

5 6 7 8

9 10 11 12

13 14 15 16

17 18 19 20

Developed by the New York State Offi ce of the State Comptroller Offi ce of Internal Control Management

February 1999

20 Dimensions of an Organization

EffectiveEffi cient

OperationsSafeguard

Assets

Complywith Lawsand Rules

ReliableInformation

ControlEnvironment

Communication

Assessing and Managing Risk

Control Activities

Monitoring


♦ Management and employees understand and refl ect the agency’s values.

♦ Employees understand organizational structure and plans, their place within the structure and how their responsibilities contribute to the overall plan.

♦ Employees understand their job descriptions and responsibilities.♦ Competent staff is hired in accordance with legal requirements and

appropriate hiring practices.♦ Management encourages quality services to customers.♦ Employees understand who their customers are and the need to

provide them with quality services.♦ Employees understand the purpose of all controls within their areas of

responsibility.♦ Management advocates and supports controls and discourages

overriding controls.♦ Employee performance programs include evaluation of compliance

with internal control objectives.♦ Employee morale is established and maintained at an appropriate

level.♦ Employees are rewarded for identifying opportunities for improving

operations.

2. Control Environment: Safeguard Assets (Human, Data, Equipment, Property)

♦ Management practices encourage ethical, honest behavior by employees.

♦ Management establishes and employees understand safety regulations and procedures that ensure a safe work environment.

♦ Management establishes and employees understand and comply with control activities that safeguard assets.

♦ Management and employees are intolerant of waste, mismanagement and abuse of assets.

♦ Management and employees are alert to new risks or changes in risk that may threaten assets.

♦ Management promotes activities that discourage fraud.

Dimension Issues

1. Control Environment: Operations (Effective, Effi cient, Orderly, High Quality)

(continued on following page)


♦ Management supports programs that promote employee well being.♦ Employees understand and appreciate the importance of the special

procedures established for the retention, use and disposal of confi dential and sensitive information, subject to legal requirements.

♦ Management creates an atmosphere that enables the reporting of fraud or mismanagement of assets.

♦ Management establishes monitoring processes to deter misuse or loss of assets.

3. Control Environment: Compliance (Laws, Regulations, Contracts, Policies and Procedures)

♦ Management promotes compliance with all applicable laws, regulations, contracts, policies and procedures.

♦ Employees understand all laws, regulations, contracts, policies and procedures that are relevant to their responsibilities and the ramifi cations of not complying with them.

♦ Employees understand and comply with a comprehensive code of eth-ics.

♦ Management establishes processes to monitor compliance with all applicable laws, regulations, contracts, policies and procedures.

♦ Management creates an atmosphere that enables the reporting of noncompliance with laws, regulations, contracts, policies and procedures.

♦ Management ensures appropriate and consistent actions towards those who fail to comply with laws, regulations, contracts, policies or procedures subject to collective bargaining agreement provisions.

4. Control Environment: Information (Reliable, Accurate, Timely)

♦ An atmosphere exists that promotes the accuracy and integrity of information generated in the unit.

♦ Resources are provided to develop and maintain all necessary fi nancial and management data.

♦ Realistic time frames are established for processing data.♦ Management requires suffi cient levels of reporting information for

review and analysis.♦ Management demonstrates to employees the value of the information

the employees have developed. ♦ An atmosphere exists that allows the communication of unfavorable

information without fear.


5. Communication: Operations (Effective, Effi cient, Orderly, High Quality)

♦ The organization’s mission, objectives and goals are clearly communicated to employees.

♦ Organizational structure and plans are clearly communicated to employees.

♦ Job descriptions and responsibilities are clearly communicated to employees.

♦ All relevant control activities and their purposes are clearly communicated to employees.

♦ Values of the organization are clearly communicated to employees.♦ Value of the customer and the need for quality products/services are

clearly communicated to employees.♦ Risk tolerance levels are clearly communicated to the organization’s

decision-makers and those responsible for managing risk.♦ Policies and procedures are established and communicated.♦ Open lines of communication exist.♦ A communication network is established that ensures everyone is

given the information needed to satisfactorily perform his/her function.♦ A process is established that encourages and enables employees to

suggest opportunities for improvement.♦ Clear positive and negative feedback are provided to employees.

6. Communication: Safeguard Assets (Human, Data, Equipment, Property)

♦ The conduct expected from employees is clearly communicated to them.

♦ Employee safety regulations and procedures are clearly communicated.

♦ Responsibility for control activities and the purpose of the control activities that safeguard assets are clearly communicated to all who need to know.

♦ A network is established for reporting changes in risks and new risks that may threaten assets.

♦ Lines of communication are established that report breakdowns in control activities that safeguard assets.

♦ Procedures are established for communicating inappropriate use of assets.


7. Communication: Compliance (Laws, Regulations, Contracts, Policies and Procedures)

♦ All relevant laws, regulations, contracts, policies and procedures are clearly communicated.

♦ The purpose and assignment of responsibility for control activities established to help ensure compliance with laws, regulations, contracts and policies and procedures are clearly communicated.

♦ Ramifi cations for violations are clearly communicated.♦ A communication network is established that ensures notifi cation of

changes in laws, regulations, contracts, policies and procedures.

8. Communication: Information (Reliable, Accurate, Timely)

♦ A communication network is established that provides the most current and accurate information available for managing operations and assessing and managing risk.

♦ Communication networks incorporate all necessary control activities to ensure the integrity of information.

♦ A method is in place for identifying and communicating confi dential and sensitive information.

♦ The networks, mediums and formats selected for communicating information are appropriate to the content of the information and the audience to whom the information is being communicated.

9. Assessing and Managing Risk: Operations (Effective, Effi cient, Orderly, High Quality)

♦ All relevant objectives (as outlined in plans) are identifi ed.♦ Risk tolerance levels are determined.♦ All relevant risks that threaten achievement of objectives are identifi ed.♦ Risks and risk tolerance levels are understood by appropriate staff.♦ The impact and likelihood of the risks occurring are determined.♦ Determinations are made regarding whether to avoid, accept or reduce

each identifi ed risk.♦ Mechanisms to identify and address changes in risk exposure are put

in place.♦ As changes in risk occur, determinations are made regarding whether

there is a need to add or delete control activities.♦ Appropriate approvals are obtained for risks that are accepted.


10. Assessing and Managing Risk: Safeguard Assets (Human, Data, Equipment, Property)

♦ Data, equipment and property assets are inventoried and valuated.♦ The risk of loss of key personnel is assessed and addressed.♦ Risks that threaten assets are identifi ed and assessed. ♦ Plans to manage (i.e. avoid, accept or reduce) risks that threaten

assets are developed.♦ A mechanism is in place to identify and address changes in risks as

changes in assets occur.♦ Determinations are made regarding the need to add or delete control

activities that safeguard assets as changes in assets cause changes in risk exposure.

♦ Appropriate approvals are obtained for accepting risks that threaten assets.

11. Assessing and Managing Risk: Compliance (Laws, Regulations, Contracts, Policies and Procedures)

♦ The risk of noncompliance with laws, regulations, contracts, policies and procedures is assessed.

♦ Plans are developed that manage risk and help ensure compliance with laws, regulations, contracts, policies and procedures.

♦ A process is established to identify changes in laws, regulations, contracts, policies and procedures.

♦ A mechanism is in place that helps ensure reassessment of risks that change as a result of changes in laws, regulations, contracts, policies and procedures.

♦ Changes in risk resulting from changes in laws, regulations, contracts, policies and procedures are adequately managed.

♦ Policies and procedures are modifi ed to address new risks or changes in risk.

12. Assessing and Managing Risk: Information (Reliable, Accurate, Timely)

♦ Risk assessment and management are based on the most current and reliable information.

♦ A process is established for capturing information needed to effectively assess and manage risk.

♦ A formal process is established for communicating new risks or changes in existing risk and risk tolerance levels.


13. Control Activities: Operations (Effective, Effi cient, Orderly, High Quality)

♦ Control activities provide a reasonable assurance the objectives of the operation will be accomplished.

♦ Cost of the control activity is less than the cost of not accomplishing the objective.

♦ A control activity portfolio effi ciently reduces risk to an acceptable level.♦ Control activities are considered, designed and implemented during

system/procedure development.♦ Each control activity corresponds to a risk(s) that is being minimized.♦ As systems/procedures change, the control portfolio is adjusted to

adequately manage any changes in risk and those control activities which become obsolete are discontinued.

♦ Control activities are implemented that help ensure the production of quality products and services.

♦ Industry practices are monitored regarding methods for ensuring the quality of products and services. Applicable practices are instituted as needed.

14. Control Activities: Safeguard Assets (Human, Data, Equipment, Property)

♦ Control activities reduce the risk to assets to an acceptable level.♦ Cost of the control activity does not exceed the cost of losing the asset.♦ Policies and procedures are established to address the safety and well-being of employees.♦ Devices are installed and functioning properly to help ensure the safety

and well-being of employees.♦ Guidelines are established for identifying and monitoring confi dential

and sensitive information.♦ Appropriate procedures are established for the disposal of confi dential

and sensitive information, subject to applicable legal requirements.♦ Confi dential and sensitive information on hard drives and other

magnetic mediums is erased or otherwise made unreadable prior to disposal, subject to applicable legal requirements.

♦ The need to produce hard copy documents containing confi dential and sensitive information is assessed.

♦ Procedures and processes are established for the distribution of hard copy documents containing confi dential and sensitive information.

♦ Policies are established regarding to whom confi dential and sensitive information can be revealed.

♦ Access rights to confi dential and sensitive information are assigned.

(continued on following page)


♦ Safety devices on equipment are functioning and are being used properly by employees.

♦ Employees follow procedures to safeguard assets such as using and protecting passwords, and locking fi le cabinets, offi ces and other areas where data, equipment or property could be misused, damaged or stolen.

15. Control Activities: Compliance (Laws, Regulations, Contracts, Policies and Procedures)

♦ Control activities reduce the risk of noncompliance.♦ Cost of the control activity does not exceed the cost of the risk of noncompliance.♦ Processes are in place to monitor the sources of legislation,

regulations, rulings, etc., that impact operations.♦ Employees’ compliance with all applicable legislation, regulations, etc.,

is monitored.♦ Policies and procedures are consistent in identifying and incorporating

control activities that respond to new legislation, regulations, contracts, etc.

♦ Policies and procedures are established for communicating to employees the results of noncompliance.

16. Control Activities: Information (Reliable, Accurate, Timely)

♦ Processes are in place to help ensure information is received on time to be of value to decision making and accomplishment of responsibilities.

♦ Processes are in place to help ensure accurate information is provided and/or developed.

♦ Employees are encouraged to provide complete information regarding their activities whenever information is requested of them.

♦ Distribution of sensitive and confi dential information is limited to those who need to know.

♦ Only necessary information is developed and disseminated.


17. Monitoring: Operations (Effective, Effi cient, Orderly, High Quality)

♦ Goals are monitored and reported upon to ensure they are being attained and an acceptable degree of progress is being made towards accomplishment of objectives and the mission.

♦ Costs and the use of resources are monitored and reported upon to ensure products and services are being produced effi ciently.

♦ Monitoring and reporting systems are established to ensure quality products and services are provided.

♦ Processes are in place that effectively monitor changes in risk and identify opportunities for improvement.

♦ Appropriate levels of supervision are established for ongoing monitoring of daily activities.

♦ Upper level management periodically reviews and evaluates the effectiveness and effi ciency of supervisory activities.

♦ Control activities are monitored to help ensure they are effective and continue to function as designed.

♦ Implementation of improvements is monitored to help ensure improvements are completed in a timely fashion.

18. Monitoring: Safeguard Assets (Human, Data, Equipment, Property)

♦ Processes are in place to monitor and respond to environmental conditions that may threaten the safety of employees.

♦ Access and handling of confi dential and sensitive information is monitored to help protect its integrity and to prevent any loss or misuse of the information.

♦ The acquisition, deployment, use and disposal of all equipment and property is monitored to prevent it from being lost or misused.

♦ Services are provided that monitor the well-being of employees.♦ Security systems are in place to monitor the safety of employees, data,

equipment and property.♦ Appropriate measures such as passwords, fi rewalls, and encryption are used

to help ensure the integrity of data.♦ Equipment is tagged and periodically inventoried.


19. Monitoring: Compliance (Laws, Regulations, Contracts, Policies and Procedures)

♦ Procedures are established to monitor laws, regulations, contracts, policies and procedures to ensure notifi cation and communication of any changes.

♦ The documentation of new policies and procedures is reviewed by appropriate levels of management to ensure the policies and procedures refl ect all of the legal and contractual requirements of a process. Periodically, policies and procedures are reviewed to ensure they remain current.

♦ Resolution of noncompliance with legal, contractual or procedural requirements identifi ed through self-evaluations or independent assessments is monitored to help ensure timely and suffi cient correction.

♦ Where appropriate, checklists are established that list the steps that need to be followed to ensure all the legal and procedural requirements of a transaction have been fulfi lled.

20. Monitoring: Information (Reliable, Accurate, Timely)

♦ Monitoring is done to help ensure employees continually have suffi cient and necessary information needed to fulfi ll their responsibilities.

♦ Suffi cient and appropriate reporting relationships exist throughout the organization.

♦ Information regarding the achievement of goals and objectives is communicated promptly to enable any necessary adjustments or reactions to plans.

♦ New or signifi cantly changed external circumstances impacting operations are monitored to help ensure communication to those within the organization who may need to address them.

♦ Issues potentially affecting employee morale are identifi ed and monitored and are addressed as necessary.


OFFICE OF THE STATE COMPTROLLERDIVISION OF LOCAL GOVERNMENT SERVICES

AND SCHOOL ACCOUNTABILITYSteven J. Hancox, Deputy Comptroller (518) 474-4037

Cole H. Hickland, Director - Direct Services (518) 474-5480Jack Dougherty, Director - Direct Services (518) 474-5480

NEED HELP?TECHNICAL ASSISTANCE IS AVAILABLE AT THE FOLLOWING

REGIONAL OFFICES

BUFFALO REGIONAL OFFICERobert Meller, Chief ExaminerOffi ce of the State Comptroller295 Main Street, Room 1050Buffalo, New York 14203-2510(716) 847-3647 Fax (716) 847-3643Email: [email protected]

Serving: Allegany, Cattaraugus, Chautauqua, Erie,Genesee, Niagara, Orleans, Wyoming counties

ROCHESTER REGIONAL OFFICEEdward V. Grant, Jr., Chief ExaminerOffi ce of the State ComptrollerThe Powers Building16 West Main Street – Suite 522Rochester, New York 14614-1608(585) 454-2460 Fax (585) 454-3545Email: [email protected]

Serving: Cayuga, Chemung, Livingston, Monroe,Ontario, Schuyler, Seneca, Steuben, Wayne, Yatescounties

SYRACUSE REGIONAL OFFICEEugene A. Camp, Chief ExaminerOffi ce of the State ComptrollerState Offi ce Building, Room 409333 E. Washington StreetSyracuse, New York 13202-1428(315) 428-4192 Fax (315) 426-2119Email: [email protected]

Serving: Herkimer, Jefferson, Lewis, Madison,Oneida, Onondaga, Oswego, St. Lawrence counties

BINGHAMTON REGIONAL OFFICEPatrick Carbone, Chief ExaminerOffi ce of the State ComptrollerState Offi ce Building, Room 170244 Hawley StreetBinghamton, New York 13901-4417(607) 721-8306 Fax (607) 721-8313Email: [email protected]

Serving: Broome, Chenango, Cortland, Delaware,Otsego, Schoharie, Sullivan, Tioga, Tompkinscounties

GLENS FALLS REGIONAL OFFICEKarl Smoczynski, Chief ExaminerOffi ce of the State ComptrollerOne Broad Street PlazaGlens Falls, New York 12801-4396(518) 793-0057 Fax (518) 793-5797Email: [email protected]

Serving: Clinton, Essex, Franklin, Fulton, Hamilton,Montgomery, Rensselaer, Saratoga, Warren, Washingtoncounties

ALBANY REGIONAL OFFICEKenneth Madej, Chief ExaminerOffi ce of the State Comptroller22 Computer Drive WestAlbany, New York 12205-1695(518) 438-0093 Fax (518) 438-0367Email: [email protected]

Serving: Albany, Columbia, Dutchess, Greene, Schenectady, Ulster counties

HAUPPAUGE REGIONAL OFFICEJeffrey P. Leonard, Chief ExaminerOffi ce of the State ComptrollerNYS Offi ce Building, Room 3A10Veterans Memorial HighwayHauppauge, New York 11788-5533(631) 952-6534 Fax (631) 952-6530Email: [email protected]

Serving: Nassau, Suffolk counties

NEWBURGH REGIONAL OFFICEChristopher Ellis, Chief ExaminerOffi ce of the State Comptroller33 Airport Center Drive, Suite 103New Windsor, New York 12553-4725(845) 567-0858 Fax (845) 567-0080Email: [email protected]

Serving: Orange, Putnam, Rockland, Westchestercounties


CENTRAL OFFICE LISTINGDivision of Local Government

and School Accountability

Area code for the following is 518 unless otherwise specifi ed

Executive .......................................................................................................................................474-4037 Steven J. Hancox, Deputy Comptroller John C Traylor, Assistant Comptroller Audits and Local Services 474-5404(Audits, Technical Assistance)

Electronic FilingQuestions Regarding Electronic Filing of Annual Financial Reports ............................................... 474-4014Questions Regarding Electronic Filing of Justice Court Reports ..................................................... 486-3166

Financial Reporting ...................................................................................................................... 474-4014(Annual Financial Reports, Constitutional Limits,Real Property Tax Levies, Local Government Approvals)

Information Services ..................................................................................................................... 474-6975(Request for Publications or Government Data)

Justice Court Fund ....................................................................................................................... 473-6438

Professional Standards ............................................................................................................... 474-5404(Auditing and Accounting)

Research 473-0617

Statewide and Regional Projects .........................................................................................607-721-8306

Training .......................................................................................................................................... 473-0005(Local Offi cial Training, Teleconferences, DVDs)

New York State Retirement System Retirement Information Services Inquiries on Employee Benefi ts and Programs ........................................................... 474-7736

Bureau of Member Services..............................................................................................474-1101 Monthly Reporting Inquiries ......................................................................................... 474-1080 Audits and Plan Changes ............................................................................................ 474-0167 All Other Employer Inquiries ........................................................................................ 474-6535

Division of Legal Services Municipal Law Section ....................................................................................................... 474-5586

Other OSC Offi ces Bureau of State Expenditures .......................................................................................... 486-3017 Bureau of State Contracts ................................................................................................ 474-4622

New York StateOffi ce of the State Comptroller

Division of Local Government and School Accountability

110 State Street, 12th Floor • Albany, New York 12236

Documents

Internal Controls Nc