GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR...
-
Upload
francis-stanley -
Category
Documents
-
view
212 -
download
0
Transcript of GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR...
![Page 1: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/1.jpg)
GAO’s New Green Book: A Revised Internal Control Framework for Government
A NASACT WEBINAR
February 11, 2015
![Page 2: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/2.jpg)
Opening Remarks
MODERATORR. Kinney PoynterExecutive Director,
NASACT
SPEAKERKristen Kociolek
Assistant Director, Financial Management and
Assurance Team, Government Accountability Office
SPEAKERCecile M. Ferkul
Deputy Legislative Auditor (MN)
SPEAKERJeanine Kuwik
Director, Internal Control and Accountability, Office of Management
and Budget (MN)
![Page 3: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/3.jpg)
THIS PAGE INTENTIONALLY LEFT BLANK
![Page 4: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/4.jpg)
Going Green
Standards for Internal Control in the Federal Government
4
![Page 5: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/5.jpg)
Session Objective
• To discuss GAO’s Standards for Internal Control in the Federal Government (Green Book)
5
![Page 6: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/6.jpg)
Green Book Through the Years
1983 Present
6
![Page 7: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/7.jpg)
What’s in Green Book for the Federal Government?
• Reflects federal internal control standards required per Federal Managers’ Financial Integrity Act (FMFIA)
• Serves as a base for OMB Circular A-123
• Written for government• Leverages the COSO Framework• Uses government terms
7
![Page 8: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/8.jpg)
What’s in Green Book for State and Local Governments?
• May be an acceptable framework for internal control on the state and local government level under proposed OMB Uniform Guidance for Federal Awards
• Written for government• Leverages the COSO Framework• Uses government terms
8
![Page 9: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/9.jpg)
What’s in Green Book for Management and Auditors?
• Provides standards for management
• Provides criteria for auditors
• Can be used in conjunction with other standards, e.g. Yellow Book
9
![Page 10: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/10.jpg)
Updated COSO Framework
ReleasedMay 14, 2013
10
![Page 11: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/11.jpg)
The COSO Framework
• Relationship of Objectives and Components• Direct relationship between objectives (which are what an entity
strives to achieve) and the components (which represent what is needed to achieve the objectives)
• COSO depicts the relationshipin the form of a cube:
• The three objectives are represented by the columns
• The five components are represented by the rows
• The entity’s organization structure isrepresented by the third dimension
11
Source: COSO
![Page 12: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/12.jpg)
From COSO to Green Book: Harmonization
COSO Green Book
12
![Page 13: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/13.jpg)
Revised Green Book: Standards for Internal Control
in the Federal Government
13
Overview
Standards
![Page 14: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/14.jpg)
•Consists of two sections:• Overview• Standards
•Establishes:• Definition of internal control • Categories of objectives• Components and principles of
internal control• Requirements for effectiveness
Revised Green Book: Standards for Internal Control
in the Federal Government
14
![Page 15: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/15.jpg)
Revised Green Book: Overview
• Explains fundamental concepts of internal control
• Addresses how components, principles, and attributes relate to an entity’s objectives
• Discusses management evaluation of internal control
15
Overview
Standards
![Page 16: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/16.jpg)
Fundamental Concepts
• What is internal control in Green Book?• OV1.01: Internal control is a process effected by an entity’s
management that provides reasonable assurance that the objectives of an entity will be achieved.
• What is an internal control system in Green Book?• OV1.04: An internal control system is a continuous built-in
component of operations, effected by people, that provides reasonable assurance, not absolute assurance, that an organization’s objectives will be achieved.
16
![Page 17: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/17.jpg)
Overview: Components, Principles, and Attributes
Achieve Objectives
Components
Principles
Attributes
17
Overview
Standards
![Page 18: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/18.jpg)
Revised Green Book: Principles
18
![Page 19: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/19.jpg)
Components and Principles
19
![Page 20: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/20.jpg)
Component, Principle, Attribute
20
![Page 21: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/21.jpg)
Overview: Principles and Attributes
21
Overview
Standards
• In general, all components and principles are required for an effective internal
control system
• Principles and Attributes• Entity should implement relevant principles• If a principle is not relevant, document the rationale of how,
in the absence of that principle, the associated component could be designed, implemented, and operated effectively
• Attributes are considerations that can contribute to the design, implementation, and operating effectiveness of principles
![Page 22: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/22.jpg)
Overview: Principles and Attributes (cont)
• OV2.05: The 17 principles support the effective design, implementation, and operation of the associated components and represent requirements necessary to establish an effective internal control system.
• OV2.07 excerpt: The Green Book contains additional information in the form of attributes. . . Attributes provide further explanation of the principle and documentation requirements and may explain more precisely what a requirement means and what it is intended to cover, or include examples of procedures that may be appropriate for an entity.
22
![Page 23: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/23.jpg)
Overview: Management Evaluation
An effective internal control system requires that each of the five components are:• Effectively designed, implemented, and operating• Operating together in an integrated manner
Management evaluates the effect of deficiencies on the internal control system
A component is not effective if related principles are not effective
23
Overview
Standards
Overview
Standards
![Page 24: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/24.jpg)
Overview: Additional Considerations
The impact of service organizations on an entity’s internal control system
Discussion of documentation requirements in the Green Book
Applicability to state, local, and quasi-governmental entities as well as not-for-profits
Cost/Benefit and Large/Small Entity Considerations
24
Overview
Standards
Overview
Standards
![Page 25: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/25.jpg)
Revised Green Book: Standards
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
25
Overview
Standards
![Page 26: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/26.jpg)
Revised Green Book: Standards
• Explains principles for each component
• Includes further discussion of considerations for principles in the form of attributes
26
Overview
Standards
![Page 27: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/27.jpg)
Control Environment
27
![Page 28: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/28.jpg)
Risk Assessment
28
![Page 29: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/29.jpg)
Control Activities
29
![Page 30: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/30.jpg)
Information & Communication
30
![Page 31: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/31.jpg)
Monitoring
31
![Page 32: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/32.jpg)
Controls Across Components
32
![Page 33: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/33.jpg)
Other Key Considerations
• Standards vs. Framework
• Documentation Requirements• Overview lists in OV4.08 the documentation requirements
found in the principles which represent the minimum level of documentation necessary for an effective internal control system.
33
![Page 34: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/34.jpg)
Documentation Requirements
• Excerpt from OV2.06: If management determines a principle is not relevant, management supports that determination with documentation that includes the rationale of how, in the absence of that principle, the associated component could be designed, implemented, and operated effectively.
34
![Page 35: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/35.jpg)
Documentation Requirements (cont.)
• Control Environment• 3.09: Management develops and maintains
documentation of its internal control system.
• Control Activities• 12.02: Management documents in policies
the internal control responsibilities of the organization.
35
![Page 36: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/36.jpg)
Documentation Requirements (cont.)
• Monitoring• 16.09: Management evaluates and documents the
results of ongoing monitoring and separate evaluations to identify internal control issues.
• 17.05: Management evaluates and documents internal control issues and determines appropriate corrective actions for internal control deficiencies on a timely basis.
• 17.06: Management completes and documents corrective actions to remediate internal control deficiencies on a timely basis.
36
![Page 37: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/37.jpg)
Accessibility of Green Book
• Comments raised during exposure identified new need -
• How do we make the Green Book more accessible to our user community?
37
![Page 38: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/38.jpg)
The Green Book layout
• Changed the layout of the Green Book itself to make it more user friendly:
• Introduced a highlights page
• Facsimile page
• Graphics throughout the overview and standards
38
![Page 39: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/39.jpg)
Highlights Page
39
![Page 40: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/40.jpg)
Facsimile Page
40
![Page 41: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/41.jpg)
Cube as Navigation Aid
41
![Page 42: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/42.jpg)
The Green Book in Action
• Relationship between the Green Book and Yellow Book
42
![Page 43: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/43.jpg)
Green Book and Yellow Book
• Can be used by management to understand requirements
• Can be used by auditors to understand criteria
43
![Page 44: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/44.jpg)
The Yellow Book: Framework for Audits
• Findings are composed of • Condition (What is)
• Criteria (What should be)
• Cause
• Effect (Result)
• Recommendation (as applicable)
44
![Page 45: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/45.jpg)
Linkage Between Criteria (Yellow Book) and Internal Control (Green Book)
• Green Book provides criteria for the design, implementation, and operating effectiveness of an effective internal control system
45
![Page 46: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/46.jpg)
The Yellow Book: Framework for Audits
• Findings are composed of • Condition (What is)
• Criteria (What should be)
• Cause
• Effect (Result)
• Recommendation (as applicable)
46
![Page 47: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/47.jpg)
Linkage Between Findings (Yellow Book) and Internal Control (Green Book)
• Findings may have causes that relate to internal control deficiencies
47
![Page 48: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/48.jpg)
Effective Date
• Green Book effective beginning fiscal year 2016 and for the FMFIA reports covering that year.
• Management, at its discretion, may elect early adoption of the Green Book.
48
![Page 49: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/49.jpg)
Where to Find the Green Book
• The Green Book is on GAO’s website at: www.gao.gov/greenbook
• For technical assistance, contact us at: [email protected]
49
![Page 50: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/50.jpg)
THIS PAGE INTENTIONALLY LEFT BLANK
![Page 51: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/51.jpg)
O L A
Adopting the Green Book in Minnesota…moving on from COSO
Cecile Ferkul, Deputy Legislative Auditor
Jeanine Kuwik, Director of Internal Controls and Accountability
![Page 52: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/52.jpg)
O L A
Not a Major Change for Minnesota
•No Framework
•COSO
•Green Book
![Page 53: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/53.jpg)
O L A
Before 2007 COSO used by auditors But, auditors did not expect much
management involvement in internal controls
“Entity management has not conducted a formal assessment of the risk factors that could impact their ability to produce the financial statements. Management is aware of the implications of misrepresenting the financial statements and takes precautions to prevent that.”
![Page 54: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/54.jpg)
O L A
Before 2007
The auditors assessed risks identified the control activities
![Page 55: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/55.jpg)
O L A
Auditing Standards Change
Prompted by Crisis SOX AICPA Super Suite Federal Single Audit
Illustration by J. T. Morrow
![Page 56: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/56.jpg)
O L A
Starting in 2007
1) Financial Reporting2) Federal Compliance3) Financial operations
We took a firm stand:
Agency management needed to ensure they understood and assessed the risks and show us they had appropriate and sufficient internal controls They needed to have all
elements of COSO, including risk assessment
![Page 57: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/57.jpg)
O L A
Maturity Model
2
Ad H
oc
Repeatable
Defi
ned
Man
aged
Optim
ized
5
4
3
1
Most agencies were below 3
![Page 58: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/58.jpg)
O L A
Infamous Finding One
Management had not adequately assessed risks related to Financial reporting Federal compliance Financial operations
![Page 59: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/59.jpg)
O L A
Reactions
Shock Resistance Delay
![Page 60: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/60.jpg)
O L A
A Significant Audit
Minneapolis
Veterans
Home
![Page 61: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/61.jpg)
O L A
A Significant Audit
Legislative hearings focused on management’s responsibility to have effective internal controls
![Page 62: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/62.jpg)
O L A
The Result?
New legislation in 2009
“The head of each executive agency is responsible for designing, implementing, and maintaining an effective internal control system”
![Page 63: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/63.jpg)
O L A
The Result?
The creation of the Internal Control & Accountability Unit in Minnesota Management and Budget
![Page 64: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/64.jpg)
THIS PAGE INTENTIONALLY LEFT BLANK
![Page 65: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/65.jpg)
Minnesota Adoption of the Green Book
February 11, 2015
Click icon to add picture
Jeanine KuwikInternal Control & Accountability Director
![Page 66: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/66.jpg)
History of Internal Control Legislation
• Included in the Governor’s 2010-2011 budget recommendations
• Passed by the Legislature in the 2009 session (Minn. Statute Section 16A.057)
• Originally budgeted for up to 6 staff
![Page 67: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/67.jpg)
MS 16A.057 Responsibilities
• Adopt statewide internal control standards and policies
• Coordinate agency training and assistance• Share internal audit resources• Monitor Office of the Legislative Auditor
reports• Report biennially on the executive branch
system of internal controls and internal audit
![Page 68: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/68.jpg)
Monthly Internal Control Bulletin
Going green: MN adopts updated internal control standards
Volume 6, Issue 9 – September 29, 2014
Highlights
The state is switching from the COSO Framework to the federal standards for internal control, known as the Green Book, as its internal control framework.
Several important components of the Green Book are the same as the COSO Framework.
The statewide internal control policy and related procedures will conform to the Green Book for the 2015 internal control certification.
When it comes to a standard for internal controls, the State of Minnesota is making the switch and “going green.” The state is switching from the COSO Internal Control Integrated Framework as its standard model for internal controls to the U.S. Government Accountability Office (GAO), Standards for Internal Control in the Federal Government, also known as the Green Book. The Green Book provides a standard model for organizing, documenting, and discussing internal controls. The MMB Internal Control & Accountability Unit made the decision to switch to the Green Book, because of its government focus, use of government terminology, and its similarities to the COSO Framework.
Fundamentally, there are few differences between the COSO Framework and the Green Book. In fact, several important components are the same, including the:
Core definition of internal control Three categories of control objectives
(operations, reporting, and compliance) Five components of internal control (control
environment, risk assessment, control activities, information and communication, and monitoring)
Requirement that all five components of internal control be present and functioning for an effective internal control system
Role of judgment in designing, implementing, and assessing internal control effectiveness
One significant change is the codification of seventeen principles that support the five internal control components. The seventeen principles of effective internal control for agencies to implement are as follows:
Control Environment 1. Demonstrate commitment to integrity and
ethical values 2. Exercise oversight responsibility
3. Establish structure, responsibility, and authority
4. Demonstrate commitment to competence 5. Enforce accountability Risk Assessment 6. Define objectives and risk tolerances 7. Identify, analyze, and respond to risk 8. Assess fraud risk 9. Analyze and respond to change Control Activities 10. Design control activities 11. Design activities for the information system 12. Implement control activities Information & Communication 13. Use quality information 14. Communicate internally 15. Communicate externally Monitoring 16. Perform monitoring activities 17. Remediate deficiencies
For effective internal controls, the updated Green Book requires that each of the five components and the seventeen relevant principles be present and functioning; and that the five components operate together in an integrated manner.
In the coming months, the MMB Internal Control & Accountability Unit will update Statewide Operating Policy 0102-01, Internal Controls to conform to the Green Book. All policy, procedures, and related guidance updates will be complete for the 2015 internal control certification.
Suggested action steps: Read and become familiar with the revised Green Book (www.gao.gov/greenbook/overview). Watch for updated internal control materials that incorporate Green Book components and principles.
If you have any questions, please contact Heidi Henry at [email protected] or 651-201-8078.
NOTE: Actual bulletin can be accessed at: http://mn.gov/mmb/images/September%2520ICB%25202014.docx
![Page 69: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/69.jpg)
Agency Head Responsibilities“The head of each executive agency must annually certify that the agency head has reviewed the agency’s internal control systems, and that these systems are in compliance with standards and policies established by the commissioner [of Minnesota Management and Budget].”
We began the certification process in 2012 by requiring each agency head to certify that he/she had assess the agency’s control environment using the control environment self-assessment tool.
![Page 70: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/70.jpg)
Control Environment – Green Book Implications
• Revised (i.e. tweaked) our guidance to conform to the 5 Green Book CE principles1. Demonstrate Commitment to Integrity and
Ethical Values2. Exercise Oversight Responsibility3. Establish Structure, Responsibility and Authority4. Demonstrate Commitment to Competence5. Enforce Accountability
![Page 71: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/71.jpg)
Control Environment Tool• Promotes high, agency level look at controls• Contains 20 goals/control objectives that
model exemplary control behaviors• Lists recommended controls that allow
agencies to demonstrate an effective control environment
• Contains references to related Minnesota statues, laws, rules, and policies
![Page 72: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/72.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Actual tool can be accessed at: http://mn.gov/mmb/images/Control%2520Environment%2520Self-Assessment%2520Tool.xlsx
![Page 73: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/73.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Ribbon identifies the specific related Green Book control
environment principle(s), such as “Demonstrates Commitment to Integrity and Ethical Values”
![Page 74: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/74.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Goal indicates the desired behavior, such as “Goal 1: Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values”
![Page 75: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/75.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Recommended Controls or specific actions needed, such as “A. Management fosters and encourages ethical behavior through training and communication” and “B. The agency head and other applicable senior staff have
signed the code of conduct certification”
![Page 76: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/76.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Agencies are asked to rank their status using a scale of 1 to 3
![Page 77: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/77.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Plenty of room for agencies to insert what actions they have already taken,
and comment on any areas still needing improvement.
![Page 78: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/78.jpg)
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Final column provides references to related state
laws, rules, and policies (i.e. we didn’t just make this stuff up!)
![Page 79: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/79.jpg)
Risk Assessment• Assessment plans required beginning in 2013• Agencies decide which processes need formal
risk assessments, but must consider:– Items material to the CAFR– Major single audit programs– Major sources and uses of funding (financial)– Areas critical to agency mission (operational)
• Risk assessments currently underway in most agencies
![Page 80: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/80.jpg)
Risk Assessment – Green Book Implications
• Currently revising policy, procedures, and guidance to conform to the Green Book principles– Four risk assessment principles– Three control activities principles
![Page 81: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/81.jpg)
Risk Assessment/Control Activities Potential Issues
• Biggest sticking point is Principle 11, due to Minnesota’s recent IT consolidation– Principle 11 – Management should design control
activities for the entity’s information system• Other principles being discussed
– Principle 6 – Management should define objectives clearly … and define risk tolerances
– Principle 8 – Management should consider the potential for fraud
![Page 82: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/82.jpg)
Other Green Book Components
• Information and Communication– Embedded in all other components– Must make this component implicit in all guidance
• Monitoring– Still to be determined
![Page 83: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/83.jpg)
Questions?Minnesota Management and Budget (MMB) Internal Control and Accountability Unit• [email protected]• http://mn.gov/mmb/internalcontrol/
![Page 84: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/84.jpg)
Question & Answer Session
MODERATORR. Kinney PoynterExecutive Director,
NASACT
SPEAKERKristen Kociolek
Assistant Director, Financial Management and
Assurance Team, Government Accountability Office
SPEAKERCecile M. Ferkul
Deputy Legislative Auditor (MN)
SPEAKERJeanine Kuwik
Director, Internal Control and Accountability, Office of Management
and Budget (MN)
![Page 85: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/85.jpg)
THIS PAGE INTENTIONALLY LEFT BLANK
![Page 86: GAO’s New Green Book: A Revised Internal Control Framework for Government A NASACT WEBINAR February 11, 2015.](https://reader036.fdocuments.in/reader036/viewer/2022070411/56649f515503460f94c754bd/html5/thumbnails/86.jpg)
GAO’s New Green Book: A Revised Internal Control Framework for Government
THANK YOU FOR ATTENDING