(A) Principle 10: Management designs control activities to achieve objectives and respond to risks.
(1) The Finance Department will establish and maintain a system of internal controls that satisfies the city’s objectives in the following categories:
(a) Risks are identified and effectively managed;
(b) Safeguarding of city assets;
(c) Reliability and integrity of financial information;
(d) Compliance with city policy, plans, procedures, laws and regulations;
(e) Economical and efficient use of city resources; and
(f) Meeting established objectives and goals for city operations and programs.
(2) General internal control principles for departments are:
(a) Separation of duties.
1. Duties are separated so that one person’s work routinely serves as a check on another’s work.
2. No one person has complete control over more than one key function or activity (e.g., authorizing, approving, certifying, disbursing, receiving or reconciling).
(b) Authorization and approval.
1. Proposed transactions are authorized when proper and consistent with city policy and the department’s plans.
2. Transactions are approved by the person who has delegated approval authority, which is usually delegated on the basis of special competency or knowledge.
(c) Custodial and security arrangements.
1. Responsibility for physical security/custody of city assets is separated from record keeping/accounting for those assets.
2. Unauthorized access to city assets and institutional data is prevented.
(d) Timely and accurate review and reconciliation.
1. Departmental accounting records and documents are examined by employees who have sufficient understanding of the city accounting and financial systems to verify that recorded transactions actually took place and were made in accordance with city policies and procedures.
2. Departmental accounting records and documentation are compared with city accounting system reports and financial statements to verify their reasonableness, accuracy and completeness.
(e) The general internal control principles should be applied to all departmental operations, especially accounting records and reports, payroll, purchasing/receiving/disbursement approval, equipment and supply inventories, cash receipts, petty cash and change funds, billing and accounts receivable.
(3) All city systems, processes, operations, functions and activities are subject to evaluations of internal control systems. The results of these evaluations provide information regarding the city’s overall system of control.
(4) Information and communication: information must be timely and communicated in a manner that enables people to carry out their responsibilities.
(a) All covered employees must be trained on internal controls according to I.C. 5-11-1-27(g).
(b) All personnel must receive a clear message from the city’s administration that control responsibilities are to be taken seriously. Failure to comply with established practices will subject individuals to the terms of disciplinary action or dismissal.
(c) Employees must understand their own roles in the internal control system, as well as how individual activities relate to the work of others. To this end, whenever a new budgetary unit, financial activity and the like is set up, the Controller will provide notification to the appropriate parties of the responsibilities incumbent on them for good business practices and sound financial management, including reference to the principles within this policy.
(d) Employees must have a means of communicating significant information to the city’s administration.
(e) The city must communicate effectively with external parties, such as auditors, creditors, contractors, suppliers, regulators and other stakeholders.
(5) Internal control is meant to keep the city focused on achieving its mission while avoiding surprises. There is a balance between effective controls and mission accomplishment. Costs associated with internal controls should not exceed their benefit, nor should controls be allowed to stifle mission effectiveness and timely action. All levels of management must assess the costs, benefits and risks when designing controls to develop a positive control environment and compensate for the risks of non-compliance, loss of assets or unreliable reporting while accomplishing the city mission.
(6) The following specific internal control policies are adopted for use by city departments:
(a) Payroll activities.
1. Salaries and wage rates are verified by the Human Resources Department.
2. The responsibilities for hiring, terminating and approving promotions are segregated from those preparing payroll transactions or inputting data.
3. The responsibilities for approving time sheets are segregated from those for preparing payroll transactions or inputting data.
4. Payroll adjustment reports are approved by someone outside of the payroll process.
5. Employees’ time and attendance records are approved by their supervisors.
6. Corrections to recorded time and attendance records are approved by the employee and employee’s supervisor.
7. Procedures are in place to ensure that changes in employment status are promptly reported to the payroll processing unit.
8. Payroll disbursements are reviewed and approved by an authorized individual prior to payment.
9. Access to payroll applications is appropriately controlled by user logins and passwords.
10. Changes to a payroll disbursement are approved by an individual other than the ones authorized to process the changes.
11. Payroll checks are accounted for in numerical order and reconciled to the payroll check register.
12. Payroll checks are mailed or distributed by someone outside the normal payroll distribution function.
13. Unclaimed payroll checks are returned to Finance Department via the department head.
14. Employees are cross-trained on the payroll process; those assigned to payroll take regular vacations.
(b) Disbursement activities.
1. The responsibility for approving claims is segregated from those preparing the claims.
2. Checks are written by an individual other than the one approving the claim.
3. Checks are signed by an individual other than the one preparing them.
4. Claims for payment are reviewed and approved by the management prior to payment and then by the governing body.
5. A reconcilement is completed between the claims for payment approved by the board and the actual disbursements posted to the ledger.
6. The responsibility for acknowledging the receipt of goods or services is segregated from those preparing claims and writing checks.
7. Vendor checks are accounted for in numerical order and reconciled to the disbursement ledger.
8. Invoices or other receipts are attached to each claim to support the disbursement.
9. A review is completed by an individual outside the disbursement process in which the claim amount is compared to the supporting documentation attached to the claim and the amount of the check.
10. Access to disbursement applications is appropriately controlled by user logins and passwords.
(c) Receipting activities.
1. The responsibility for collecting money and issuing receipts is segregated from those preparing the bank deposit.
2. The responsibility for making bank deposits is segregated from those preparing the monthly bank reconcilement.
3. Pre-numbered receipts are issued for all money collected and the receipt is retained with supporting documentation.
4. Posting of receipts to the ledger is completed by an individual other than the one who collects money and makes the deposit.
5. Receipts indicate the type of payment received (cash, check, credit card and the like) and this is reconciled to the make-up of the bank deposit.
6. Accounts receivable records are maintained by an individual other than the one(s) involved in the billing process.
7. The billing process is completed by an individual other than the one who collects cash payments from customers.
8. Adjustments to customer accounts above our managerial threshold are approved by the governing body only after review.
(d) Cash activities.
1. A reconcilement between the recorded cash balance and the bank balance is completed monthly by an individual separate from the receipting and disbursing processes.
2. A reconcilement between the receipts ledger and the credits to the bank account is completed periodically by an individual separate of the receipting process,
3. A reconcilement between the disbursement ledger and the debits to the bank account is completed periodically by an individual separate of the disbursement process.
4. The monthly reconcilement between the cash balance and the bank balance is thoroughly reviewed and approved by the governing body.
5. Disbursements from and reimbursements to petty cash funds are periodically reviewed by an individual other than the one responsible for maintaining the petty cash fund.
(e) Credit cards transactions.
1. A designated official or employee oversees the issuance and use of the credit cards.
2. An ordinance or resolution specifically states the purposes for which the credit card may be used.
3. A designated person separate from disbursement process reviews transactions listed on the credit card statements for sufficient documentation and inclusion in claim to the Board.
(B) Principle 11: Management designs the political subdivision’s information system and related control activities to achieve objectives and respond to risks.
(1) The Finance Department and department heads will work with the Information Technology Department to ensure that information technology is used as an integral part of the internal control system.
(2) This may include, but not be limited to:
(a) Setting permission such that only certain users may perform certain tasks;
(b) Using technology to accomplish segregation of duties by forcing duties to be completed by different users;
(c) Automating certain processes and calculations;
(d) Limiting the authority to access different components of various software to employees with duties specifically related to that component;
(e) Prohibiting user ID and password sharing among employees;
(f) Restricting the authority to correct or make adjustments to records to key employees; and/or
(g) Requiring the use of prescribed forms or the approval of alternative forms.
(C) Principle 12: Management implements control activities through policies. The city has an employee handbook that is regularly updated to communicate policies to employees. Additionally, the Finance Department regularly works with departments and employees who handle financial transactions to recommend and ensure best practices. All procedures are in writing and communicated frequently to all relevant employees. The Human Resources Director makes sure policies are available both electronically and in hard copy form.
(Ord. 27-2016, passed 6-20-2016)