Internal Control Standards

Overview

Internal controls are the protocols, procedures, and activities that protect Gail Borden Public Library District (GBPLD) from financial, operational, and strategic risk. The purpose of this policy is to prevent risk and to ensure that the objectives of compliance are established.

2 CFR 200.303 (Internal Controls) requires that non-Federal entities receiving Federal awards establish and maintain internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. This policy is guided by the Code of Federal Regulations, Standards for Internal Control in the Federal Government (Green Book), and the COSO Integrated Framework (Committee of Sponsoring Organizations of the Treadway Commission). These publications establish the compliance structure, and the three objectives, five components, and seventeen elements of robust internal controls.

Three Objectives of Internal Control

  1. Reporting – reliability
  2. Operations – effective and efficient
  3. Compliance – compliant with applicable laws, regulations, contracts, grants, and cooperative agreements

Five Components and Seventeen Elements of Internal Control

  1. Control Environment
    1. Demonstrates commitment to integrity and ethical values.
    2. Exercises oversight responsibility.
    3. Establishes structure, authority, and responsibility.
    4. Demonstrates commitment to competence.
    5. Enforces accountability.
  2. Risk Assessment
    1. Specifies suitable objectives.
    2. Identifies and analyzes risk.
    3. Assesses fraud risks.
    4. Identifies and analyzes significant change.
  3. Control Activities
    1. Selects and develops control activities.
    2. Selects and develops general controls over technology.
    3. Deploys through policies and procedures.
  4. Information and Communication
    1. Use relevant, quality information.
    2. Communicates internally.
    3. Communicates externally.
  5. Monitoring Activities
    1. Conducts ongoing and/or separate evaluations.
    2. Evaluates and communicates deficiencies.

Five Components of Internal Control

Control Environment

Overview

The control environment is the foundation for all other components of internal control, providing discipline and structure. Moreover, management establishes the tone at the top regarding the importance of internal control and expected standards of conduct and reinforces expectations at various levels. Control environment factors include the integrity, ethical values, and competence of GBPLD personnel; the way management assigns authority and responsibility and organizes and develops its personnel; and the attention and direction provided by the GBPLD Board of Trustees.

Objectives

The Board of Trustees and management should:

  1. Conduct business with integrity and ethical behavior.
  2. Provide direction and oversight for the internal control system.
  3. Hire qualified and competent management.
  4. Establish structure, authority, and responsibility, and hold individuals accountable for internal control responsibilities.

Policies

  1. The Board of Trustees through management has adopted the GBPLD Personnel Handbook that details policies, expectations, and other employment-related topics.
  2. Each employee receives a copy of the Personnel Handbook, which includes a policy on business ethics and conduct, and signs an acknowledgment of receipt.
  3. Management has developed job descriptions for each position and reviews employee compliance on an annual basis through performance evaluations.
  4. The Board of Trustees uses the budget process as a means of oversight with executive staff.
  5. Organizational charts are reviewed for needed changes in authority and responsibility.

Procedures

  • The Chief Executive Officer and senior management review the Personnel Handbook annually to determine needed revisions to comply with federal and state laws, as well as policies of GBPLD.
  • The Chief Executive Officer reviews suggested revisions, if any, by senior management and presents the finalized manual to the Board of Trustees for approval.
  • Detailed job descriptions with minimum job requirements are maintained for each position within the organization.
  • The Chief Executive Officer and senior management review employee job descriptions annually to ensure compliance.
  • The Chief Executive Officer and senior management document employee performance through annual employee evaluations.
  • The annual budget is prepared by the senior management and the Director of Finance prior to the start of a new fiscal year. It is then submitted to the Chief Executive Officer for review. The Chief Executive Officer recommends it for approval to the Board of Trustees.
  • The GBPLD Organizational Chart is reviewed and revised at least annually for accuracy.

Organizational Chart

Organizational Chart of the Gail Borden Public Library

Job Descriptions

Current job descriptions are found in the Administration Office.

Risk Assessment

Overview

GBPLD assesses risk of operations continually. GBPLD has chosen to transfer the most common types of risk through the purchase of appropriate insurance, such as:

  1. Property and Casualty
  2. Liability
  3. Errors and Omissions
  4. Worker Compensation

GBPLD has assessed the risks related to financial matters and compliance issues and has developed appropriate internal controls through the development of policies and procedures contained in the Accounts Receivable, Allowable Costs, Anti-Fraud, Budget Monitoring and Activity Tracking, Cash Management, Expenditure Control, Personnel Handbook, Procurement, and Policies and Procedures Manual. These control activities will not eliminate all risks but will assist with risk reduction and will allow the Board of Trustees to determine that there is reasonable assurance that accurate financial reporting responsibilities and compliance objectives are being met.

Objectives

  1. Collections are complete, timely, and accurate.
  2. Disbursements are for valid expenses and are accurately recorded.
  3. Assets are properly safeguarded.
  4. GBPLD complies with local, state, and federal laws, and terms and conditions of award agreements and contracts.

Risks

  1. Collections could be lost or misappropriated.
  2. Collections could be recorded improperly.
  3. Collections may not be deposited in the bank and recorded in a timely manner.
  4. Disbursements could be unauthorized.
  5. Disbursements could be for personal items.
  6. Disbursements could be made for items never received.
  7. Bank balances may be inaccurate due to failure to reconcile bank accounts.
  8. Grant funds could be spent on unallowable items.
  9. Terms and conditions of grant and cooperative agreements may not be followed, resulting in having to return funds to the grantor.
  10. Federal and pass-through reporting requirements may not be met.

Control Activities

Overview

Control activities are policies and procedures established by management to ensure the risks identified during the risk assessment process are mitigated or reduced to an acceptable level. The significant areas of risk are identified above, and policies and procedures designed as control activities are documented in the Accounts Receivable, Allowable Costs, Anti-Fraud, Budget Monitoring and Activity Tracking, Cash Management, Expenditure Control, Personnel Handbook, Procurement, and Policies and Procedures Manual. These control activities are designed to mitigate the identified risks.

Information and Communication

Overview

Management has the responsibility to adequately communicate information to both internal and external parties. It is important that employees know the objectives, policies, and procedures management has established and what the expectations are for internal controls. External stakeholders may also seek information regarding objectives and reliable financial information.

Objectives

  1. Necessary information for achieving GBPLD’s objectives is available and used.
  2. Necessary information for achieving GBPLD’s objectives is internally communicated by management.
  3. Necessary information for achieving GBPLD’s objectives is externally communicated by management.

Policies

  1. Information maintained in a format should be communicated in that same format. For example, if the general ledger is maintained on a computer, the monthly budget to actual reports should be provided through a computer-generated report from that software package.
  2. Reliable and accurate information from GBPLD must be communicated to the internal and external people who need it in a timely and useful format.
  3. Because the credibility of GBPLD, its Board of Trustees, and its employees is at stake whenever information is released to outside parties, management should be confident the information being released is accurate and in compliance with policies and procedures.
  4. The Board of Trustees communicates the types of information required to achieve their objectives and mitigate risk.

Procedures

  • The staff of GBPLD are required to submit quality information that allows the Board of Trustees to make informed decisions and evaluate whether the organization is achieving its objectives.
  • GBPLD clearly defines lines of communication through the policy manual and organizational chart.
  • GBPLD has a written organizational chart for employees to show clear lines of authority (who manages whom) and written job descriptions for all employees and open positions.
  • GBPLD’s manuals are available to all staff via the public website and the internal shared drive.
  • GBPLD abides by Illinois’s laws for communicating with external parties, which includes the redaction of sensitive information.
  • System-generated reports pulled from various software programs are available in both electronic and printed formats.
  • Information presented to the Board of Trustees is provided monthly and is also available upon request.

Monitoring

Overview

The internal control system changes as technology, staff, objectives, and policies change. Senior management is charged with continually monitoring the internal control system to determine if it is operating as it was designed to do and to ensure the controls are being followed.

Objectives

  • Practice activities to monitor the internal control system and evaluate results.
  • Address deficiencies noted in the internal control system in a timely manner.

Policies

  • An annual risk assessment will be conducted to ensure that the internal controls continue to work as designed over time.
  • GBPLD will use information from the risk assessment to establish more efficient and effective operations over time.
  • Accurate and reliable information will be used in decision making.

Procedures

  • The Chief Executive Officer and senior management annually evaluate the state of the internal control system and determine any deviations from the designed criteria and the current condition of the system.
  • Management decides whether to change the design of the internal control system or implement corrective actions to improve the effectiveness of the existing system. Significant changes will be approved by the Board of Trustees.
  • Management will periodically review the procedures outlined in all GBPLD policies and manuals to ensure that policies are being implemented and objectives are being met.
  • Financial reports will be generated monthly and reviewed by the Chief Executive Officer.

The GBPLD is committed to the highest possible standards of openness, transparency, and accountability in all its affairs. We wish to promote a culture of honesty and opposition to fraud in all its forms. The purpose of this policy is to provide:

  • A clear definition of what we mean by “fraud”.
  • A definitive statement to staff forbidding fraudulent activity in all its forms.
  • A summary to staff of their responsibilities for identifying exposures to fraudulent activities and for establishing controls and procedures for preventing such fraudulent activity and/or detecting such fraudulent activity when it occurs.
  • Guidance to employees as to actions which should be taken where they suspect any fraudulent activity.
  • Clear guidance as to responsibilities for conducting investigations into fraud related activities. Protection to employees in circumstances where they may be victimized as a consequence of reporting, or being a witness to, fraudulent activities.

References

Referenced GBPLD policies include:

  • GBPLD Personnel Handbook
  • Accounts Receivable Policy
  • Allowable Costs Policy
  • Anti-Fraud Policy
  • Budget Monitoring and Activity Tracking Policy
  • Cash Management Policy
  • Expenditure Control Policy
  • Procurement Policy
  • GBPLD Policies and Procedures Manual

Approved by the Board 4/9/2024