(A) Principle 10: Management designs control activities to achieve objectives and respond to risks.
(1) The Finance Department will establish and maintain a system of internal controls that satisfies the city’s objectives in the following categories:
(a) Risks are identified and effectively managed;
(b) Safeguarding of city assets;
(c) Reliability and integrity of financial information;
(d) Compliance with city policy, plans, procedures, laws, and regulations;
(e) Economical and efficient use of city resources; and
(f) Meeting established objectives and goals for city operations and programs.
(2) General internal control principles for departments are:
(a) Separation of duties.
1. Duties are separated so that one person’s work routinely serves as a check on another’s work.
2. No one person has complete control over more than one key function or activity (e.g., authorizing, approving, certifying, disbursing, receiving, or reconciling).
(b) Authorization and approval.
1. Proposed transactions are authorized when proper and consistent with city policy and the department’s plans.
2. Transactions are approved by the person who has delegated approval authority, which is usually delegated on the basis of special competency or knowledge.
(c) Custodial and security arrangements.
1. Responsibility for physical security/custody of city assets is separated from record keeping/accounting for those assets.
2. Unauthorized access to city assets and institutional data is prevented.
(d) Timely and accurate review and reconciliation.
1. Departmental accounting records and documents are examined by employees who have sufficient understanding of the city accounting and financial systems to verify that recorded transactions actually took place and were made in accordance with city policies and procedures.
2. Departmental accounting records and documentation are compared with city accounting system reports and financial statements to verify their reasonableness, accuracy, and completeness.
(e) Application. The general internal control principles should be applied to all departmental operations, especially accounting records and reports, payroll, purchasing/receiving/disbursement approval, equipment and supply inventories, cash receipts, petty cash and change funds, billing, and accounts receivable.
(3) All city systems, processes, operations, functions, and activities are subject to evaluations of internal control systems. The results of these evaluations provide information regarding the city’s overall system of control.
(4) Information must be timely and communicated in a manner that enables people to carry out their responsibilities.
(a) All covered employees must be trained on internal controls according to I.C. 5-11-1-27(g). All personnel must receive a clear message from the city’s administration that control responsibilities are to be taken seriously. Failure to comply with established practices will subject individuals to the terms of disciplinary action or dismissal.
(b) Employees must understand his or her own roles in the internal control system, as well as how individual activities relate to the work of others. To this end, whenever a new budgetary unit, financial activity, and the like is set up, the Clerk-Treasurer will provide notification to the appropriate parties of the responsibilities incumbent on them for good business practices and sound financial management, including reference to the principles within this policy.
(c) Employees must have a means of communicating significant information to the city’s administration.
(d) The city must communicate effectively with external parties, such as auditors, creditors, contractors, suppliers, regulators, and other stakeholders.
(5) Internal control is meant to keep the city focused on achieving its mission while avoiding surprises. There is a balance between effective controls and mission accomplishment. Costs associated with internal controls should not exceed their benefit, nor should controls be allowed to stifle mission effectiveness and timely action. All levels of management must assess the costs, benefits, and risks when designing controls to develop a positive control environment and compensate for the risks of noncompliance, loss of assets, or unreliable reporting while accomplishing the city mission.
(B) Internal control policies. The following specific internal control policies are adopted for use by city departments.
(1) Payroll activities.
(a) Salaries and wage rates are verified by the Clerk-Treasurer’s Office, approved by the Common Council, and approved by the Board of Public Works and Safety if a change in pay is required.
(b) The responsibilities for hiring, terminating, and approving promotions are with the Board, and the Clerk-Treasurer shall verify that adequate funds are available for preparing payroll transactions or inputting data.
(c) The responsibilities for approving time sheets are segregated from those for preparing payroll transactions or inputting data.
(d) Time sheets must accurately record time worked, vacation time, comp time, personal days, holidays, sick days, and overtime in figuring each employee’s pay.
(e) Payroll adjustment reports are submitted by someone outside of the payroll process.
(f) Employees’ time and attendance records are approved by his or her supervisors.
(g) Corrections to recorded time and attendance records are approved by the employee and the employee’s supervisor.
(h) Procedures are in place to ensure that changes in employment status are promptly reported to the payroll processing unit.
(i) Payroll disbursements are reviewed and approved by an authorized individual prior to payment.
(j) Access to payroll applications is appropriately controlled by user logins and passwords.
(k) Changes to a payroll disbursement are approved by an individual other than the ones authorized to process the changes.
(l) Access to the signature stamp used to sign payroll checks is adequately controlled.
(m) Employees will soon be cross-trained on the payroll process so that those assigned to process payroll will be able to take regular vacations.
(2) Disbursement activities.
(a) The responsibility for approving claims is segregated from those preparing the claims.
(b) Checks are written by an individual other than the one approving the claim.
(c) Checks are signed by an individual other than the one creating them.
(d) Claims for payment are reviewed and approved by Board prior to payment, with the exception of manual claims.
(e) The responsibility for acknowledging the receipt of goods or services is segregated from those preparing claims and writing checks.
(f) Vendor checks are accounted for in numerical order and reconciled to the disbursement ledger.
(g) Invoices or other receipts are attached to each claim to support the disbursement.
(h) A review is completed by another individual outside of the disbursement process or the Clerk-Treasurer, in which the claim amount is compared to the supporting documentation attached to the claim and the amount of the check.
(i) Access to disbursement applications is appropriately controlled by user logins and passwords.
(3) Receipting activities (provided enough employees, including the Clerk-Treasurer, are available to comply).
(a) The responsibility for collecting money and issuing receipts is segregated from those making the bank deposit.
(b) The responsibility for making bank deposits is segregated from those preparing the monthly bank reconcilement.
(c) Pre-numbered receipts are issued for all money collected, and the receipt is retained with supporting documentation.
(d) Receipts are reconciled to the cash receipts ledger by an individual other than the one collecting money and issuing receipts.
(e) Posting of receipts to the ledger is completed by an individual other than the one who collects money and makes the deposit.
(f) Receipts indicate the type of payment received (cash, check, and the like) and this is reconciled to the make-up of the bank deposit.
(4) Cash activities.
(a) A reconcilement between the receipts ledger and the credits to the bank account is completed monthly during the bank reconciliation process.
(b) A reconcilement between the disbursement ledger and the debits to the bank account is completed monthly during the bank reconciliation process.
(c) The monthly reconcilement between the cash balance and the bank balance will be thoroughly reviewed and approved by the Clerk-Treasurer.
(d) Disbursements from and reimbursements to petty cash funds are periodically reviewed by an individual other than the one responsible for maintaining the petty cash fund.
(e) Petty cash funds shall be audited by the Clerk-Treasurer as often as he or she deems necessary, and whenever a department head is replaced.
(5) Credit card transactions.
(a) The office of the Clerk-Treasurer oversees the issuance and use of the credit cards.
(b) Section 30.10 specifically states the purposes for which the credit card may be used.
(c) A designated person separate from disbursement process reviews transactions listed on the credit card statements for sufficient documentation and inclusion in claims to the Board.
(C) Principle 11: Management designs the political subdivision’s information system and related control activities to achieve objectives and respond to risks. The Finance Department and department heads will work with the Information Technology Department to ensure that information technology is used as an integral part of the internal control system. This may include, but not be limited to:
(1) Setting permission such that only certain users may perform certain tasks;
(2) Using technology to accomplish segregation of duties by forcing duties to be completed by different users;
(3) Automating certain processes and calculations;
(4) Limiting the authority to access different components of various software to employees with duties specifically related to that component;
(5) Prohibiting user ID and password sharing among employees;
(6) Restricting the authority to correct or make adjustments to records to key employees;
(7) Restricting access to the payroll files (which include Excel spreadsheets, payroll and PERF reports, and any other files contained in the payroll file) on the computer to only those approved by the Clerk-Treasurer; and
(8) Requiring the use of prescribed forms or the approval of alternative forms.
(D) Principle 12: Management implements control activities through policies. The city has an employee handbook that is updated to communicate policies to employees. Additionally, the Finance Department regularly works with departments and employees who handle financial transactions to recommend and ensure best practices. All procedures are in writing and communicated frequently to all relevant employees. Policies are available.
(Res. 2016-15, passed 12-14-2016)