§ 37.04 COMPONENT TWO: RISK ASSESSMENT.
   (A)   Principle 6: Management defines objectives clearly to enable the identification of risks and risk tolerances.
      (1)   Through the creation of standard operating procedures and accurate organizational reporting charts, management conveys and identifies objectives, missions, policies, and risk tolerances to employees.
      (2)   The Finance and/or Human Resources Departments will lead a risk analysis of three major areas:
         (a)   The effectiveness and efficiency of operations;
         (b)   The reliability of reporting for internal and external use; and
         (c)   Compliance with applicable laws and regulations.
      (3)   For each category, the Finance and/or Human Resources Department will define objectives in specific measurable terms in order to enable the design of internal control for related risk, to increase understanding at all levels, to assess performance, to identify what is to be achieved, who is to achieve it, how it will be achieved, when it will be achieved, and to incorporate external requirements.
   (B)   Principle 7: Management identifies, analyzes, and responds to risks related to achieving the defined objectives.
      (1)   The Finance Department will identify, analyze, and respond to the risks identified in Principle 6 by determining the following.
         (a)   How likely is the risk to occur?
         (b)   How will it impact the objective?
         (c)   Is the risk based on complex or unusual transactions?
         (d)   Is the risk based on fraud?
      (2)   Once each risk has been identified and analyzed, the Finance Department or the Human Resources Department will work with department heads to determine how to respond to each risk with a specific solution and action.
   (C)   Principle 8: Management considers the potential for fraud when identifying, analyzing, and responding to risks. Management is committed to fraud prevention by utilizing a “trust but verify” approach. The potential for fraud, misappropriation, and outright theft are contemplated as controls are designed for various city divisions. Fraud responses will include statutorily required responses to fraud, including, but not limited to, I.C. 5-11-1-27(l), relating to the report of misappropriation of funds to State Board of Accounts, and prosecuting attorney, and I.C. 5-11-l-27(j), relating to the report of material variances, losses, shortages, or thefts to the State Board of Accounts. The city shall utilize a materiality threshold as outlined in §§ 37.20 et seq.
   (D)   Principle 9: Management identifies, analyzes, and responds to significant changes that could impact the internal control system. The Finance Department, in coordination with department heads, will regularly evaluate and adjust internal control policies in order to accommodate for the impact of future changes, including, but not limited to, personnel changes, newly elected or appointed officers, new programs, new technology, new laws and regulations, and financial fluctuations.
(Res. 2016-15, passed 12-14-2016)