Prevention IC Guidebook

INTERNAL CONTROL
GUIDEBOOK
2010
OR OF ST
IT
AUD
AT
E
NO
A V 11 , 1 8 8 9
N
W
SH O
INGT
NATIONAL ASSOCIATION OF STATE COMPTROLLERS

MULTI-STATE CONSORTIUM ON INTERNAL CONTROL
(AS MODIFIED BY THE WASHINGTON STATE AUDITOR’S OFFICE)
ti t y tr lR l T
epor ent Capi or Pa l Con Financia v ironm Receivab Petty Cas mentsI
cial R vir o n m l e s 
V e n d n e ra l E n
and l t
t rol En R
ab
eceiv etty Cash t s  IT Ge e ceipt
s
 Cont
ro
i lling P ayrol g  Inves edit Card
C o n n d e n rd R a s h  B l s r t i n Cr
B i l ling a Payroll
P
I n v estm r e d it Ca s e t sC a y m ents l C ontro cial Repo onment ivables
g C s rP er a
nts rols Reportin ent pital
A
endo sIT Gen ptsFin
an l Env
ir
d Re
ce C
a l C o n t
i a l v i ro n m
l e s  C a
a s h  V
n t c e i C o n t ro
l l i n g a n
l l  Petty
ner c n b C tme Re  Bi yr o
t s  Finan Control E d Receiva llPetty I nves i t Card t s  Cash m e nts trolsPa p o rting
ece i p  a n yr o tin g  re d ss e Pa y on ial R e
Cash illing trolsPa epor ntC Capital A ndor eral C Financ vir
ta l A
e n
s s
d
e t
or Pa
s 
ym PREFACE
e n
I
t
T
s 
Gene
B
ral C
c
o
e
n
i p tsF
ina n c
C
i
o
a l R
ntrol
Env i
d
r o
R
n
e
m e
ceiva
bl e s
l

l 
Ca
Petty vestmen
s h  V e
ts I T
C
G
a
e
r
n
d Re
cei p
t
t
s
s
 C
C o
ash Billing an
n t rol En
d
V tmen The
ts Re
Card Control sh
CaGuidebook g andeveloped
llinwas Paythero
ing
In redit
CConsortium al A sseInternal men
ts tro
I n v e s
C r e d i tInternal
A s s e t s 
n t s  B i
o n t r o l s 
R e p NASC
o r t Multi-State
n m e n t 
 C a p i t on
o r P a y
e r a l Con
 tal e ral Cthe effectiveness ial viro es end well n
n men
t Control
 Capibaseddoon r Pthe aymprinciple G enethat F i nanc r o
of
l Eninternal c e ivabl depends
control
s hVon how t s  IT Ge i p tsF
in
i ro e s n I T ts  n t R e C a e n c e
nv abl employees Veperform ts control-related
entheir eceip Co
responsibilities.
sh
d
Because
ng an yrollPe
everyttyindividual
nves
tman orga-
in
Card
Re
Asse
ts
d R eceiv t y C a sh e s t m a r d R  C a B i l l i g  I e d i
r help Cap t i t a l
g an etnization hasInvsome role redit
inC effecting ts
einternal control,
nts one Pa of the
objective tin
Guidebook isCto
a y r o llP o r t i ng and temployees  C p i t a l Ass P a y methe o n t r olsof their i a l R epor n m ent to a bles y Cash
Ve
 P emanagers
p e n C a better understand
o r lelements
C n c jobs that
v i r o contribute c e i v the t
ls ial R nm s end ra
Geneperformance. tsF
ina n
trol E ing and R ayrollP
e et
vestm
e
 F i nanc rinternal
o l E nvirocontrol e c e i vable Cand
structure a s h toVimprove  I T their c e i p C o n l l P  I n
s  Bi
pts
h  Cont n g and R l l  Petty vestment t Card
Re
s  Cash e nts n trols

e porti
ng
e n tCr
a s i l l i r o I n d i e t y m l C o l R m
sC ents ntrols
B secondPatenet
The y of ithis
rt ng
Guidebook Cisretheabelief ss given
l Athat,
pitatheir dor P
thea properntools, ra state agency
Ge e tsFinan trol Envi
cia ron ec
a y m and o local government e p o personnel n m entcan conduct C  ownV e ninternal  I T
control review. Along with a nd R
r P l C ci a l R nv i r o e s  s h en t s e i p
C o n ill i n g
do
T Gene this
ra
Finan Con
Guidebook are troal EvarietyReof ivabl
cehands-on P tools
Ca
etty that can n vebe stmused right
C
Rec starting
ardnow, Cash today to
n tsB olsPay
ro
 I t s  d l l  I d i t t s m e nt r
nts ceip sh g an assessment. Payro eporting tCr
e sse ay
dor P eneral Co
l
C a r d Re conduct e t s  Caan internal
 B illincontrol t ro l s  l R m e n C a p i tal A V e n F i n ancia
edit Ass ts n cia on   TG s
C a pital The r P a ymen eneral Co sFinan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d o material I Tcontained
G in i p t
the Guidebook o n is comprehensive.
R e c l  P
However, it is snot
t m a textbook a r d and  C
bl Ve tsaddress Rece potential C ing and ayrol ve it C ets
y C ash itesdoes t m ennot i t C ardevery s  Cash control B i l l weakness l s or Pdeficiency r t i n gInmaynexist
that t Creinda gov- p i t a l Ass a y m ents
t red t ntr o o Ca rP
Pet Inv
ng ernment’s ntC internal itcontrol
se
al As system. y
ts
men Instead, rathel CoGuidebook c
ep
ial Rshould be
v nme
iroconsidered b leas work-in- endo
o r t i m e C a p P a e n e n a n l E n i v a h  V
Rep
l
on
Envir progress eswill beVeadded
ablthat ndor to and TG
tsImodified Fimonths
ipintsthe ntroyearsnahead.
Coand a
ce
d Re InPfact, e tty C
as
govern-
t r o c e i v s h  e n e c e s h  n g 
Con
g andments Re are
P y Ca
ettencouraged Invto
m
estadapt rd R
it Cainternal
the control
s
Ca
ets questionnaires
illi
tsB olsand yroll tools to fit their
Paother
l l i n l l n g  re d l A s ym e n 
Bi lsPaspecific yro rti
circumstances.
l Repo ronment
C
 Capi
ta
d or Pa ra l Con
tr
t r o c i a i l e s V e n n e
Con Finan ntrol Env ab  Ge
i p t s  o d R eceiv etty Cash e n t sIT
Rece C ga n P stm
t s Cash s  Billin P a yroll gInve
Asse n t ls  tin
o r P ayme al Contro i a l R epor
Vend ne r c
 IT Ge t s  Finan
t s ece i p
men ard R
i t C
Cred
Internal Control Guidebook - 2010 Page 2

ti t y tr lR l T
V e n d n e r a l E n
and l t
t rol En R eceiv etty Cash
ab
t s  IT Ge e ceipt
s
 Cont
ro
C o n n d e n r d R a s h  B l s r t i n Cr
P
g C s rP er a
nts rols Reportin ent pital
A
an l Env
ir
d Re
ce C
a l C o n t
i a l v i ro n m
l e s  C a
a s h  V
l l i n g a n
l l  Petty
s s e t s  t s  B n i a l R n m e  V e G e n t r ol En
ta l A
e n d Contents
or Pa
ym e n
I T Gene
ral C
c
o
e i p tsF
ina n c
C o ntrol
Env i
d
r o
R e ceiva
bl e s
l

l  Petty vestmen
Ca s h
ts I
it
T
C a r d Re
cei p
t
t
s
s
 C
C
ash Billing an
o n d
V ts Re sh an ro n e 
v e s tmen edit Card setsCa  B illing t ro l sPay portingI entCred apital Ass Payments al Contro
In CHAPTER Cr s ents on OFciINTERNAL al Re m C or er
n m ent C a pONE:
ital A THE r P a ym IMPORTANCE e n e ral C i n a n o l E n vironCONTROLS
e i v a bles ..........................4
s h  Vend sIT Gen ptsFin
nviro eivables hVend
o
t s IT G i p tsF C ontr n d Rec e t t y Ca s t m ent d R ecei ts
R ec A. Internal C a s Control. s t m e n
r d R e c e
C s h 
B i l l i ng a
r o l  P
..................................................................................................................................................
a l  I nv e
d i t C a r 4ital Asse
d ett y v e a ets  Pa y tin g Cr e ap
g an o llB.P What is i gIn Control
nInternal C rediovertC
a
Financial men
ts
r R epor
l Ass Reporting?.........................................................................................
ols ent vablesC 5CashVe
a y r o r t t  p i t P a y o n t i a l n m
lsP ep men Ca or lC nc iro cei Petty6 vestme
n a n al R
ciC. Why Do
n v ronNeed
iWe a
Internal
v b h  Vend T Genera ptsFina n t ro l Env
lesControls?.................................................................................................................. a n d Re o l l 
i r
F i
pts Contro g and Re
l E ce
e tty C
a s
e n tsI r d R ecei a s h  Co
s B illin g
o l s Pay r t i n gIn Cr
a s h D. Effecti l l i n of Information ro l l PTechnology I n v e m
st on Internal d i t a
CControl e t s  C
y m n t
l C o n t r
....................................................................................
e l R e p o 7ment
sC tsB Pay g Cre
pital
Ass Pa ra
ndor IT Gene tsFinan trol Envi 7 and Rec
cia ron
a y m enE. Limitations
o n t r olsof Internal e p o rtinControl n m ent a e
..........................................................................................................................
C V
dor P lC lR iro es h ts eip Con Billin
g
G e nera F i n ancia ntrol Env e c e ivabl P e t t y Cas v e s tmen Card Rec C a sh n t s   Payro
nts  I T CHAPTERceip t s  TWO:  C oTHE FIVE
an d R ELEMENTS yro l l OF ng INTERNAL
 I n e d i t CONTROL........................9
sse t s  ay m e nt ro l s
a r d Re t s  Cash B illing trolsPa R e porti e n tCr a p i tal A e n dor P eneral Co F i n ancia
l
edit
C Ass e ts  n cia l on m  C  V TG s
C a pitaA.l Control r P ymen eneral Co sFinan t r o Envir e i ables
aEnvironment..........................................................................................................................................
l v e t t y Cash e n tsI R e ceipt 9 ashCo
o t on c P m ar d C
bles hB.VeRisk n
TG
r d
ip
a s
Re
nd Assessment................................................................................................................................................
tsI Rece hC ling and P a yroll ngInve
st
r e dit C A ssets10 ments
a s m e it C a C Bi l  i  C t a l
Petty
C vest Activities. ts ols rt
Repo vironme
nt Capi Pay
n g C.InControl n t i t a l y m e nts ral Contr
Cred ..............................................................................................................................................
Asse c i a l b l e s e n dor12
rt i e p Pa ne nan En iva V
Repo EnD. onm
virInformation b l CaCommunication....................................................................................................................
esand V e ndor s IT Ge p t sFi C o ntrol d Rece t t y Cash

13
t ro l c ei v a s h  en t ec e i s h  n g a n  P e
C o n R e C a s t m rd R C a B i l l i r o l l
nd tty ve Ca ts ay
B i l y r o l lPe r t i n gIn Credit i t a l Asse a y m ents trolsP
ling aE. Monitoring......................................................................................................................................................... 13
 P a e p o e n t a p r P C o n
rols nanciaTHREE: lR onm C o al
Vend ..........................................................15
ener
ContCHAPTER F i l E n virCONTROL ce i v ablesACTIVITIES. a s h  I T G
ipts Contr
o e ty C ts
Rece A. C sh l i n g and RErrors l l v e s t men
PetFrauds......................................................................................................
Transaction
a Processing
i l Payr o and 15
s s e ts e n t sB o l s  r t i n gIn
A ym Methods ntrand Techniques....................................................................................................................
po
e n d
B.r Control
o Pa n e ral Co a n c ial Re 16
V IT G e F i n
CHAPTER s INFORMATION TECHNOLOGY ..............................................21
m ents d ReFOUR: ceipt
Car
ditPotential
CreA. Benefits of Using IT in the Financial Reporting Process ............................................................... 21
B. Potential Risks of Using IT in the Financial Reporting Process...................................................................... 21
C. General Controls and Application Controls.................................................................................................... 22
D. The Role of the IT Specialist ............................................................................................................................. 23
CHAPTER FIVE: TESTING CONTROLS................................................................25

A. Policy Review..................................................................................................................................................... 25
B. Surveys and Interviews..................................................................................................................................... 25
C. General Computer Controls............................................................................................................................. 25
D. Observation....................................................................................................................................................... 26
E. Re-performing Control Procedures................................................................................................................. 26
F. Reconciliations................................................................................................................................................... 27
G. Application Controls......................................................................................................................................... 27
H. Extent of Testing............................................................................................................................................... 28
I. Evaluating Control Deficiencies........................................................................................................................ 28
REFERENCES.......................................................................................................29

ti t y tr lR l T
and l t
ab
s
 Cont
ro
P
s a
nts Internal rols Control ting mentC Capital A
orGuidebook
rP
endo sIT Gen ptsFChapter
er inan One vir
l E-nInternal d Re
ce C
a l C o n t
i a l R e p
v i ro n l e s  a s h  V
l l i n g a nControls l l  Petty
CHAPTER ONE: THE IMPORTANCE OF INTERNAL CONTROLS ol En
s s e t s  t s  B n i a l R n m e  V e G e n t r
ta l A e n
ral C o ina n c
Env i ro bl e s  Ca s h I T cei p t s C o n
ym
tsF ceiva ts ash Billing an
d
e n d or Pa I T Gene c e i p C o ntrol d R e l l  Petty vestmen C a r d Re
t s  C
V ts Re sh an ro n it e 
e s tmen edit Card setsCa  B illing r o l s Pay portingI entCred apital Ass Payments al Contro
In v CA.r Internal As Control ts on t
cial R
e
viron
m
bles hVend
C or ner
m ent C a pital r P aymen eneral C i n a n o l E n e i v a s  I T Ge p tsF
in
i ro n e s  n d o I T G  F n t r R e c C a s e n t c e i
nv abl Management Ve istresponsible ts
for establishing and Comaintaining d internalPecontrols tty as an integral e
R eceiv part C a shthe s m ents rd Receip C a sh i l l i ng anusesyrto o l l   I vestm dit Card R tal Assets
noversee
g an d
l Pett y of
g 
policies,
Inv e
re
systems
d it C a and
A
procedures
s sets 
e
management B
nts trolsPa
operate
p o rtin and
g
n t Cr e the
s Capi Ve
P a yr o l
e p o r t
organization. i n
e n t  C
Essentially, C a p it
internal a l control r P y m
a is defined C o as
n a coordinated c i a R e
l set ofiropolicies n m e andeipro- v a b l e
y C a sh
ls ial R cedures nm  to ensure o
end that G a l ina n v e c Pet t e
i nanc E nvirousedecby e i ables
vmanagers s hV I T energovernments,
their i p tsF programs, o n
n
trol E or ifunctions g and R operate y r oll I n vestm
 F r o l C a  c e C l l n P a 
pts Cont efficiently R effectively Petty invconformance nts Re sh and nregulations, tsB
i  ng tCr
a s h  i l l i n g andand
r o l l  n e stme d i t Card applicable
with
e t s  Calaws
m e C o n trols thatlthe
and
R e porti m e n
sC B y I Cre Ass and dexecuted Pa y a l cia on
m entsrelated t r sPa portiare
oltransactions ng accurate,
m ent properly
a
recorded
pital V e n or ITinGaccordance ener  inan man-
Fwith o l Envir nd R
ec
r P a y l C o n
agement’s l R e
directives.
a i r o n e s  C s h  t s e i p t s o n t r i n g a
do ra ci nv bl Ca en ec C ill ro
I T Gene tsFinan Control E R e ceiva llPetty I n vestm dit Card R tsCash e n tsB olsPay
nts  ceip d  se ay m ont r
r d Re Throughout s 

Cash the Byear, an
illingmanagement l s  Payriso expected e
ng
porti to conduct e n
re
tCreviews, p i al As and eanalyses
ttests n dor P ofein- e ral C i n ancia
l
C a e t 
ts ensure t ro l R m C a V n F
edit Ass ymen to on cia on
Envir Government
 
Cash iseresponsible T G forceipts
C a pital ternal r P acontrols e n e ral C their
t s  Finan operation.
proper
t r o l c e i vables management e t t y n tsI d Re a sh
Co
e s  n d
the o extent ofI T G
the efficiency i p and o
effectiveness n of R e
internal controls,l  P as well as s t m
any deficiencies. a r  C
bl Ve nts Rece C ing and ayrol
e
Invfindings, it C ets
y C ash When s t m eweaknesses i t C ardare identified,
s  Cashincluding B i l l any internal l s  Por external r t i n gaudit n t  Creadplanpand i t a l Ass a y m ents
Pet t Inv e red sse t ts ntr o ep o e Ca rP
r t i ng schedule e ntCfor corrective a p ital A action P a y men benprepared.
should e ral Co nancial R E n v ironm ivables  V endo
Rep o on m  C or TG e Fi tro l ece as h
t r o l Envir c e i v ables shVend e n tsI e c e ipts shCon ng and R  P e tty C
Con Re purpose Ca tm rd R a
tsCthategovernments illi oll in performing
l i n g andThe
l l P etty of this g  Inves redisitto
Guidebook Caprovide
A s s
aetool
ntsB olsPayr
can use
l
Bi lsPainternal yro control n
rtievaluations. CThe Guidebook ta l is consistentym with thetr internal control model de-
o i a l Repo ronment e s Capi e n d or Pa e ra l Con
t r c
veloped by the Committee i of l
abSponsoring V
 Organizations n
Ge of the Treadway Commission (COSO).
Con
t s  Finan ntrol Env R eceiv etty Cash t sIT
i p C o n d e n
Rece CaTheshCOSO Bframework, illing
a
yrollis well
which
P
nves
Iaccepted
tm by accounting authorities and professionals,
t s t s   P a g 
Asse n ols tin
o r P ayme althree
identifies C ontrcategories i a l R epoforinternal control objectives:
Vend ene r c
 IT GEfficiency t s  Finan
t s • i p and effectiveness of operations
men a r d Rece
it C
Cred • Financial reporting
• Compliance with laws and regulations
Although a government’s internal control plan may address objectives in each of these cate-
gories, not all of the objectives and related controls are relevant to financial reporting. How-
ever, since some controls may achieve objectives in more than one category, all controls that
could materially affect financial reporting shall be considered for purposes of this Guidebook
as part of internal control over financial reporting.
Because governments vary in size, complexity, and degree of centralization, no single method
of internal controls is universally applicable. This Guidebook provides a general framework. It
is management’s responsibility to develop the detailed internal control policies, procedures,
and practices that best fit each government’s business needs.
Internal Control Guidebook Page 4

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan One vir
l E-nInternal d Re
ce C
a l C o n t
i a l R e p
s s e t s 
n t s  B
o n c i a l R r o n m e
 h  V e
T G e n
t s n t rol En
ta l A ym B. What
e ralis Internal
C ina Control
n Enover
v i Financial bl e s Reporting? Ca s ts I cei p C o
ash Billing an
d
e n d or Pa I T Gene e i p tsF C o ntrol R e ceiva l l  Petty vestmen C a r d Re s  C
V ts c
Re of this document, sh d
an control ro financial Inreporting is t
didefined e t
asssfollows : ts
For purposes internal
Payover
1
v e s tmen edit Card setsCa  B illing t r o l s p o r t ing entCre a p i tal A P a y men a l Con
tro
I n C r A s n t s o n R e n m  C o r n e r
 t tal me al C ial iro ivabl
es end IT Ge tsF
in
i ro n men
e s  Capi d o r Pay I T G ener  F i nanc n t r o l Env
R e c e C a s hV e n t s  c e i p
n
enInternal Control over CoFinancial
nv abl Ve ts ts d Reporting tty tm Re ts
R eceiv C a sh s t m r d R eceip C a sh B i l l i ng an yrollPe  I nves d i t Card i t a l Asse
d y
ett Internal e a  g e
g an
r o llP t i
Inv
ng control C over C
redit financial t a ssets ym
l Areporting nts as
isedefined
t r Pa designed
oalsprocess R epor by,
tin orenundertCr thelesCap shVe
a y o r t  p i P a o n i a l n m ab a
lsP i a l Rep supervision n men of the s Ca principal
entity’s n dorexecutive e l C principal
raand i
c
nanfinancial E nviro nord persons
officers, R eceiv Petty C e
F i na n c
o l E nv
performing
i ro
c e i
similar
b l e
va functions, C a s
V e
h and seffected  I T e n
G by the
c e i p ts
entity’s
 F
governing
C o nt ro l
board, l i n g a
manage- a y r ol l
 I n vestm
pts  Cont
r dR e ent Re  Bi l P ng
s h  ment
i n g anand other l l Petty vesto
personnel, tmprovide i t Card
reasonable t s 
assuranceCash regarding e nts theCoreliability n

trols ofl Reporti e n tCr
a i l l ro I n d e y m l m
sC B
ents financial
Pay g Cre al As
s
ndor Ifor
Pa ener
a cia
Finan introl Envi
ron ec
a y m o n t r ols reporting e p o rtinand the
n m ent
preparation C a pitfinancial
of  V statements
e T Gexternal t s purposes
 a nd R
r P l C a l R i r o e s  s h en t s e i p o n i n g
do
Gene ts
ra accordance ci
Finan Cowith n l Env
trogenerally e caccepted
l
eivab accounting P etty
Ca principles
vestm and
ec
ard R tthose
includes hC ntsBill
Caspolicies  Payro
 I T d R l l  I n d i t C s  m e ro l s
nts ceip andCprocedures ash Billthat: n
ing a olsPayr Reportin
o g e sse ay nt
a r d Re t s  e n tCr a p i tal A e n dor P eneral Co F i n ancia
l
edit
C Ass e ts  t r ncia l n m C V s
pital ymen toenthe l Con
ramaintenance Finaof nviroin reasonable
Ethat

ables detail ash ntand
Caccurately
G
sITfairly Receipt Co
s  C a d o 1. r P aPertain
G e
i p t s  records
o n t r o l
e c e i v P e t t y
s t m e a r d C a sh
bl e Ve n I T ce C nd R l l  ve it C ets 
C ash estmereflect nts theCatransactions
t rd Re sCand ash dispositions
B i l l ing a of the l s assetsPayroof the r t i n gIn ntCred
entity;
i t a l Ass y m ents
t y i t o o p a
Pet
ng
Inv d
Cre reasonable sse
ital A rassurance
ts
men thatnetransactions ontr Rep
cialrecorded nme es Ca
endo
rP
o r t i m 2. e ntProvide C a p P a y e ral C i n a n are l E n vasironecessary i va b lto permit h  V
Rep
l Envir
on 
ables shofVefinancial ndo tsI
TG tsF
ipaccordance
ro
Cont generally a Rece
nd accepted e ty Ca
taccount-
s
t r o c e i vpreparation e n statements e c in
e s h  with n g  P
Con and R ling
e ty Ca Iand tm
nvesthat ereceipts rd R expenditures ets
Ca li
Bilentity roll made only
Paybeing
l l i n g l P etprinciples,
n g r d it Ca and l A s s e n ts
of the o l s  are
Bi lsPayro inl accordance rti C ta ym ntr
o i a Repo ronm ent
with authorizations
e s  Capi ofemanagement n d or Pa e rand
a l Codirectors of the entity; and
t r an c vi ab l V e n
Con F i n l E n ce i v a s h  I T G
ipts 3. ontro reasonable e C ts
Rece s h  CProvide
l i n g and R assurance
l l Petty regarding v e s t men prevention or timely detection of unauthor-
a i l ayr o In
tsC tsBacquisition,
nized lsP usepor ting
disposition of the entity’s assets that could have a material
Asse P a y m e
o n t r o
R e o r
or effect C
ral on the financial cia l statements.
Vend I T Gene tsFinan
ts ip
men a r d Rece
it C
Cred This definition reflects certain fundamental concepts:
• Internal control is a process. It is a means to an end, not an end in itself.

• People are what make internal control work. Internal control is not just the policies and
procedures contained in an accounting manual. Personnel play an important role in
making internal control happen.
• No matter how well designed and operated, internal control can provide only reasonable
(not absolute) assurance that all government objectives will be met.
When designing and implementing internal control activities, managers should consider the
following four basic principles:
• Internal control should benefit, rather than hinder, the organization. Internal control
policies and procedures are not intended to limit or interfere with an government’s duly
granted authority related to legislation, rule-making or other discretionary policy-making.
• Internal control should make sense within each government’s unique operating
environment.
1 This definition was adapted from the definition of internal control set forth in Public Company Accounting Oversight Board
(PCAOB) Auditing Standard No. 5: An Audit of Internal Control over Financial Reporting That is Integrated with an Audit of Financial
Statements, June 12, 2007.

ti t y tr lR l T
cial R viro n m l e s 
and l t
t rol En R
ab
s
 Cont
ro
C o n n d e n rd R a s h  B l s  r t i n Cr
P
s a
orGuidebook
rP
er inan One vir
l E-nInternal d Re
ce C
a l C o n t
i a l R e p
A s s e t s 
e • n t s  B
Internal o n
control is not n c
a i a
setl R
of i ro
stand-alone n m e
s
practices. Internal s h  V e
control is I T G
woven e n
into t
thes o n t rol En
l C ina v e Ca cei p
ta
or Pa
ym
G ener
al
tsF ntrof ol En e vabl
ceiand P etty t men
ts
rd Re C
C
ash Billing an
d
e n d I T day-to-day c e i p
responsibilities C o managers
d R their
ro l l  staff. v e s it C a t s 
V ts Re sh an n
Pay portingI entCred apital Ass Payments al Contro
e 
v e s tmen edit Card setsCa  B illing t ro l s
In C• r Internal As ts
men bencost on cial R
e
viron
m C
bles hVend
or ner
n m ent C a pital control o r P a yshould
G e e ral Ceffective.
F i n a n r o l E n c e i v a s t s  I T Ge i p tsF
in
i ro e s  n d I T  n t R e C a e n c e
nv abl Ve entsaseparate, ipts system. Co
sh Instead, nd
ngitashould etty asInavcontinuous estm it Card Re Asse
ts
d R eceiv Internal y C a shcontrol e s t is
m not
a r d R ecestatic
 C a B i l l i y r o lbe
l  Pviewed
g  e d i t a l
g an ett Inv and it C ets ts throughout Pa tin Cr ap
a y r o llP series o r t i nofg actions
t  C redactivities
p i t a l Ass are interwoven
that
P a y men o n t rols aiagovernment’s l R epor n m ent vabIn
operations. l esC CashVe
lsP n
ep
cial R a sense, nme control
irointernal
n
b
Ca
lesis management
or
Vend Tcontrol e
lC
nerabuilt into  Fthe
c
inanentity ro nviroof itsnd
asl Epart Rece
infrastruc- i
l  Petty vestme
n a n v i v a h  G t s n t a r o l
F i
pts Contrture
E
ol to help ce
Remanagers s
y Cathe entity
ttrun I achieve
tsand ectheir p
ei goalsh onCoan ongoing B
g
illinbasis. lsPay gIn
a s h l l i n g a n d
r o l l Pe
v e st m e n
d i t Ca rd R
t s  C a s
m e n t s
C o n t ro
l R e p o r t i n
e n tCr
sC B i Pay  I n Cre Ass e Pa y ra l cia ron m
a y m entsC. n Why t r olsDo We e p o rting Internal
Need n m ent Controls? C a pital V e ndor IT Gene tsFinan trol Envi a nd R
ec
r P l C o a l R i r o e s  s h  en t s e i p o n i n g
do ra
Gene Accountability
ci
Finan Control E d Receiva llPetty
nv bl Ca
vestm dit Card R tsCash
ec C ill
tsB olsPay
ro
 I T t s   I n m e n r
nts ceip Cash
 an Payro are ortin
g re
tCmanaging Asse Pay ont l
C a r d Re The e t s 
governing  bodyB illing and l
management
t ro s  l R e presponsible m e n for C a p i talthe resources
V e n dor entrusted e n e ral C F i n ancia
edit Ass nts l Con ncia iron s shresponsibility TG s
C a pital toothem r P aym toecarryenout e ragovernment s  Finaprograms. t r o l EAnvmajor
c e factor
i v ablein fulfilling
e t t y Cathis e n tsI is R e ceipt a sh
Co
e s  n d I T G i p t o n R e l  P s t m a r d  C
bl Ve  adequate ece C Adequate nd rol ve it C ets
y C ash ensuring s t m entsthat i t C ard R controls s  Cash exist.
B i l l ing a internal l s  Paycontrols r t i n gIn managers
allow
n t  Credto delegate p i t a l Ass a y m ents
Pet t e
Invresponsibilities red to subordinate sse t  contractors
stafftsand ontr witho ep o e Ca theyndor P
t i ng e ntC Capital A r Paymen eneral C n
reasonable
cial R n v onm
irassurance a b
that
leswhat Ve
o r m Fi n a ro l E ce i v sh
Rep v i ro n
expect willl e shappen,
 actually
e n d o does. IT G
ts t s  o n t d R e y C a
rol En Receivab V eip ash
C an ett
Cont n d t t y Cash v e s tmen Card Rec t s  C  B i lling ay r o llP
ing a The lPe ofrtiaccountability
concept In is iintrinsic
t to sthe se governing tsprocess.olsPublic P officials, legislators,
Bill lsPaand yroltaxpayers o ng t  Cred p i tal A government P a ymen funds o n tr handled properly and in
e p are entitled e n to know C a
whether o r l C are
ro
Cont sFcompliance cial R onm
virapplicable bles Vend T Genera
inan l E
with n ce i v alaws and a s h 
regulations. I They need to know whether government
c e ipt organizations, C ontro g and Re P e tty C t m e nts
R e ash  programs, roand 
ll services vare s
e achieving the objectives for which they were au-
tsCthorized t s Billin  PaAykey n ginInachieving these objectives and minimizing operational
s s e e n and funded. o l s t
factor
r i
A aym ntr po
e n d or Pproblems n e r alisCothe implementation
a n c ial Re of appropriate internal control.
V
t s  IT Ge i p t s  Fin
men Encourage ece
i t C ard R Sound Financial Management Practices
Cred Management’s role is to provide the leadership that an government needs to achieve its goals
and objectives. Part of that responsibility encompasses establishing internal control policies
and procedures designed to safeguard assets, check the accuracy and reliability of financial
data, promote operational efficiency, and encourage adherence to prescribed managerial
policies and compliance with applicable laws and regulations. The exact plan of internal
control will depend, in part, on management’s estimation and judgment of the benefits and
related costs of control procedures, as well as on available resources.
Effective internal control helps managers cope with shifting environments and evolving
demands and priorities. As programs change and as governments strive to improve opera-
tional processes and implement new technologies, management must continually evaluate
its internal control to ensure that the control activities being used are effective and updated
when necessary.
Facilitate Preparation for Audits

Each government may be periodically subject to an independent audit, such as a financial
statement audit, federal compliance audit or a performance audit. These audits are conduct-
ed to ensure the following:
• Public funds are administered and expended in compliance with applicable laws and
regulations.

ti t y tr lR l T
cial R viro n m l e s 
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan One vir
l E-nInternal d Re
ce C
a l C o n t
i a l R e p
A s s e t s 
e • n t s  B
Programs o n
are achieving n c i a l
the
R
i
objectives ro n m e
for which s  they were s h  V
authorized
e
I T
and G e n
funded. t s o n t rol En
ta l ym ral C ina Env bl e Ca ts cei p C d
n d or Pa I T Gene e i p tsF C o ntrol R e ceiva l  Petty vestmen C a r d Re  C ash Billing an
V e ts Re c  economically an d ayro l In dit sse t s ts
e s tmen • ediPrograms t Card sare t s  Cash
managed B illing o
and
l s Pefficiently. o r t ing entCre p i tal A a y men l Con
tro
I n v C r A s e n t s  o n t r R e p n m  C a o r P n e r a
 t tal statements me accurately al C ial iro les end IT Ge tsF
in
i ro n men
e Capi
• sFinancial d o r Pay I T G ener represent  F i nanc thenfinancial t r o l Env position
R e c e ivofabthe
C a hV
government.
s e n t s  c e i p
nv abl Ve n ts Co tty Re
ents rd Receip
d tm ts
d R eceiv y C a sh e s t m a  C a sh B i l l i ng an yrollPe g  I nves e d i t Card i t a l Asse
g an et• t Information Inv system redit
controls
C existetsand provide tsa reasonable Pa basis pfor trelying
in on system Cr ap
a y r o llP o r t i ng
results. t  C p i t a l Ass P a y men o n t r ols i a l R e or n m ent vablesC CashVe
lsP ep en Ca or lC anc iro cei Petty vestme
n a n cial R n v ironm ivables shVend IT Genera iptsFin n t ro l Env a n d Re o l l 
F i E
ol in rare ece o g y r gIn
pts ContrOnly a n d Rinstances Pe ty Ca audit
twhen m e ts
procedures
n rd R
are e
ecdeveloped
C a s h to Caccomplish
t s B illin very limited
r o l s Paobjec-
o r t i n tCr
a s h i l l i n g ro l l I n v e st d i t Ca e t s  y m e n
l C o n t l R e p m e n
sC B
tives
ents ntrols
will anPaaudit y notininclude
rt g
 Cre
an tassessment
pital
Assgovernment’s
of an Pa system of
ndor IT Gene tsFinan trol Envi
ra internal control. cia ron ec
a y m o e p o n m en  C a  V e a nd R
r P l C a l R nv i ro e s  s h en t s e i p
C o n ill i n g
do
Gene Fraud
ra nci trol E
bl
ceiva llPetty
Ca ec
tsB olsPay
ro
 I T t s  FinaPrevention C o n d R e  I n vestm dit Card R tsCash m e n r
nts ceipManagers 
Cashare accountable an yro g internal
rtinthe re sse Weakoor
d r Pinsuf-
ay ont l
C a r d Re e t s   B illing trfor o l s the
Paadequacy
l R e poof m e n tCcontrol
C a p isystems.
tal A V e n e n e ral C F i n ancia
edit s
Asficient internal nts controls n resultan
omay a
inciaudit findings on and, more importantly, 
Cash canenlead T Gtheft, ceipts
to
C a pital r P ayme e n e ral C s  Fin t r o l Envir e i v ables e t t y tsI Re a sh
Co
e s  n d o
shortages, I T G
operational i p t
inefficiency, or o an breakdown R e c
in the control
l  P structure. s t m a r d  C
bl Ve s ece C ing and l
Payro rtingIn
ve it C ets
y C ash estment i t C ard R s  Cash B i l l l s  n t  Cred p i t a l Ass a y m ents
t red t ntr o o e Ca rP
Pet
t i
Inv
ng D.mEffect e ntC ofCInformation p
sse
ital A r PaymTechnology ents eral Coon Internal
n
ep
cial R Control n v ironm 2
a b les V endo
o r a e n n a l E i v h 
Rep
l
on
Envir Theceuse v
s
abofleinformation 
do
Ventechnology TG
tsI (IT) R e sFi
iptthe 
ro
Cont manner a
ece
nd Rin which e tty C
as
t r o i s h e n affects
e c h
fundamental
s n g  P transactions
Con
g andare Re
P
Ca
etty recorded, estm
Invprocessed, ard
it Cand s
Ca
etsIn a manual tsBsystem,
illi yroll
Paentity
l l i n initiated,
l l n g  re d reported.
l A s e n o l s  an uses manual
Bi lsPaprocedures yro
R e pto orti
m e ntC in C
ta
aapipaper d o r Paym al Contr
l record transactions Ven format. Internal r controls are also manual and
Cont sFmay
ro
inaninclude
cia
l E n viron ceivables a s h  I T G ene
ro such procedures e C
as approvals 
andsreviews of activities, reconciliations and fol-
Rece
ipt
h  Cont n g and R l l Petty vestment
a s
low-up of l l i
reconciling
Bi items.
ayr o In
tsC nts lsP ting
Asse y m e n t r o p o r
a
or PAlternatively, l Co computerized l Re information systems use automated procedures to initiate, re-
Vend G e nera F i n ancia
IT process s
men
tscord,
R e ceipt and report transactions. As a result, records are stored in electronic formats
ard may replace paper documents. Controls for computerized systems generally consist of a
it Cthat
Cred combination of automated controls (e.g., controls embedded in the computer programs) and
manual controls. The manual controls may be independent of IT; they may use information
produced by IT; or they may be limited to monitoring the information systems and automated
controls and handling exceptions. The mix of manual and automated controls will vary with
the nature and complexity of an entity’s use of IT.
E. Limitations of Internal Control3

Internal controls, no matter how well designed and operated, can provide only reasonable
assurance to management regarding the achievement of an entity’s objectives, the reliability
of reports, and compliance with laws and regulations. Certain limitations are inherent in all
internal control systems.
Cost may prevent management from installing an ideal system and, for this reason, manage-
ment may choose to take certain risks because the cost of preventing such risks cannot be
justified. In addition, more is not necessarily better in the case of internal controls. Not only
does the cost of excessive or redundant controls exceed the benefits, but a negative percep-
2 This subsection on the effect of IT on internal control was adapted from AICPA Professional Standards, AU Section 319.17,
Consideration of Internal Control in a Financial Statement Audit.
3 The discussion on the limitations of IT controls was adapted from AICPA Professional Standards, AU Section 319.21, Consider-
ation of Internal Control in a Financial Statement Audit.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan One vir
l E-nInternal d Re
ce C
a l C o n t
i a l R e p
A s s e t s 
e n
tion t s  may
B
also o n
result. If c
employees
n i a l R
i r
consider o n m e
internal s  controls tos h be V e
“red tape, I T ”G e
this
n
viewpoint t s o n t rol En
l C Fina Env e a cei p
ta
or Pa can
ym ener
Gadversely
al
tstheir ntrolfor internal e vabl
ceicontrols tty C
Pegeneral. t men
ts
r d Re C
C
ash Billing an
d
e n d I T c e i p
affect C o
regard d R ro l l  in v e s it C a t s 
V ts Re sh an n
e 
v e s tmen edit Card setsCa  B illing t ro l s
In CA r secondalimitation As yto nts
meinternal control on
ral C isithe ial Re thatEnthe
creality nm
viroprocess les to
isbsubject C
Vend judg-
human or ner
n m ent C a pit l o r P a G e n e F n a n r o l c e i v a s h  t s  I T Ge i p tsF
in
i ro e s 
ment which n d
can be faulty. I T Breakdowns ts  can also occur
n t because R e of simple C
errorsa or mistakes.
e n c e
nv abl Ve nts eceip certain
o
hC and,illthus, d
ng andoesyrnot Petty vestm dit ap- Card
Re
Asse
ts
d R eceiv Management y C a sh e s
may t m efail to a r d
anticipateR  C a srisks B i o l l  design g 
and I nimplement e i t a l
g an ett Inv edit
C ssetsbe circumvented ts Pacollusion rtin ntC people
r ap
a y r o llP propriate o r t i ngcontrols. t  C rControls
p ican
t a l Aalso P a y men o n t rolsthe
by i a l R epoof two n mor emore v a b l esC CashVe
lsP ep en Ca or al Csystem. Finan
c iro cei Petty vestme
n a n cial R and/or n v onm
irby management’s v a b les improper h  Vendoverride G e noferthe t s  n t ro l Env a n d Re o l l 
i T r
F i
l E ce tty C
a s tsI ecei p  Co B illin g
 Pay gIn
a s h Thesel l i n limitations r o l l P
apply
e
to v e st
information
m e n
i t
technology
d Ca r d R
t
(IT) s asC a s h
well. Form e n t s
example, C o n
errors ro l s
t may occur l R e p o r t i n
e n tCr
sC B i Pay  I n Cre Ass e Pa y ra l cia on m
a y m entsin designing, n t r ols maintaining, e p o rting or n m ent
monitoring C a pital
automated V e ndor Ifan
controls. I T Gene tsFinITan
organization’s personnel t r o l Envir a nd R
ec
do
Gene do
ra not anci
Fincompletely l Env
trounderstand cehowivablan order Ca
ettyentry system vestmprocesses ardsalesRec transactions,Cash
C theytsBill Payro
 I T t s  C o n d R e l l P  I n d i t C t s m e n ro l s 
nts ceip Cash
 design an yro ng e
tCrthe wrong sse
dor PCon-
ay ont l
C a r d Re may e t s  erroneously
 B illing changes t r o l s  Pato the system
l R e porti thatmimpact e n C a p i tal Aproduct V e n
line.
e n e ral C F i n ancia
edit s
Asversely, these ntschanges on be correctly
may cia designed on   people TG s
C a pital r P ayme e n e ral C s  Finan t r o l Envir buteimisunderstood
v ables e t t y Cbyashthe
e n tsI
respon-
R e ceipt a sh
Co
e s  n sible
d o for translating
I T G the i p
design t into program
o n code. R e c
Errors also l  P
occur in the s t
usem of information a r d  C
bl Ve ece C ing and rol ve it C ets
C ash produced s t m ents by IT.
i t C ard R
Automated s  Cash may
controls B i l l be designed l s  Payreport
to r i n gIn nt
transactions
t over Cread specified p i t a l Ass y m ents
Pet t y Inv e d sse t ts ontr o ep o e Ca rP a
r t i ng dollar e Crefor management
ntlimit a p ital A r Pareview. y men However, n e ral C if individuals a n cial R responsible E n v ironm for the
i va b les donot
review V endo
Rep o on m C e i n ro l ce as h
o l Envir understand i v

ables thespurpose 
o
Vend of the n sIT they
treports,
G
c e tsFfail toreview
ipmay Cont them a d Reas a result,
nand, P e tty Cwill fail to
t r Re c e Ca h tm e dR e Ca s h illi n g oll 
Con andinvestigate P ettyunusual Inves redit Car
items. s ets tsB olsPayr
l l i n g l l n g  l A s e n
Bi lsPayro l Reporti C ta ym tr
o i a n m ent
e s Capi e n d or Pa e ra l Con
t r c i r o ab l V Ge n
Con
t s  Finan ntrol Env R eceiv etty Cash

t sIT
i p o n d e n
Rece Cash
C ga
yroll gInve
P stm
t s t s  Billin  P a
Asse n ls tin
Vend ne r c
t s ece i p
men ard R
i t C
Cred

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook endo s
rP GeneTwots-
r n
FinaElements l Eofnvir Rece C
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n d
Control l l  Petty
CHAPTER TWO: THE FIVE ELEMENTS OF INTERNAL CONTROL ol En
ta l A e n
ral C o ina n c
ym
d
t s  C
V ts e ash an Payro controls In it Asse will ybe ts
tmen Each ard R Cand lling ing and Cred control al plan men tro
I n v e s
C r e d i t C
government’s
A s s e t s 
n
each
t s  B i
business
o n
unit’s
t ro l s internal
R e p o r t
n m e n t 
internal
 C a p i t
o r P a e r a l Con
 ial set Eforth end n
n men
t unique; tal
Capi however, o r Pthe
e
ayminternal G eral C components
encontrol F i nanc r o
iro
l nv in this c e ables should
ivchapter s hV be incorpo- t s  IT Ge i p tsF
in
nv abl ratedsinto e
hVall systems entsof internal ipts
ececontrol. Using Co
sh theBCOSO
d
model,
ng an yrollPe
referred tty to in Chapter
nves
tm One, ard Re
Asse
ts
d R eceiv y C
t internal a e s t m a r d R  C a i l l i g  I e d i t C i t a l
g an etthe v
Incontrol processC can be ts
ebroken down ts into fivels Pa
interrelated tin
components Cr are
that ap
y r o llP o r t i ng t  C redit i t a l Ass a y men n t r o a l R epor n m ent vablesC CashVe
a ederived
p fromenand integrated p
Ca withen P
theormanagement o process. These c i five ncomponents,
iro which
ei
lsP n cial R are the onm
irnecessary b les V andeffective e eral C sFinan
ninternal ro l E v 1 and Rec l  Petty vestme
n a n v i v a foundation h for T G tcontrol system, n t include: r o l
F i
l E ce tty C
 Pay gIn
a s h l l i n r o l l  Pe
v e st m e n
d i t Ca rd R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC i
• B ControlPenvironment ay  I n Cre Ass e Pa y ra l cia ron m
a y m ents ntrols e p o rting n m ent C a pital V e ndor IT Gene tsFinan trol Envi a nd R
ec
do ra
Gene • tsRisk nci
Finaassessments trol E
nv bl
ceiva llPetty
Ca
ec C ill
tsB olsPay
ro
 I T C o n d R e  I n m e n r
nts ceip  an yro ng e sse ay nt
a r d Re • setsControl  Cash activities B illing trolsPa R e porti e n tCr a p i tal A e n dor P eneral Co F i n ancia
l
edit
C As nts  on cia l on m  C  V TG s
C a pital r P ayme e n e ral C s  Finan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d o I T G i p t o n R e c l  P s t m a r d  C
bl Ve • Information s ece
and Rcommunication C ing and l
Payro rtingIn
ve it C ets
y C ash estment i t C ard s  Cash B i l l l s  n t  Cred p i t a l Ass a y m ents
Pet t Inv red sse t ts ontr o ep o e Ca rP
r t i ng • mMonitoring e ntC Capital A r Paymen eneral C a n cial R E n v ironm ivables  V endo
Rep o on  o TG Fi n tro l ece as h
Con Re Control Ca tm dR Ca illi oll
l i n g andA.
l l P etty Environment g  Inves redit Car A s s ets e n tsB olsPayr
l
Bi lsPaThe yrocontrol orti n C the tone ta l ym tr
o i a l Repenvironment n m entsets
e s  Capi of the e n or Pa
organization
d e ra l Coninfluences the effectiveness
and
t r an c i ro ab l V n
Ge environment is an intangible factor.
Con s Fofininternal t ro l Env within
controls eceivthe government. Cash
 Thecontrol
s IT
i p t o n n d R e t t y e n t
Rece CaYet, sh itCis theBifoundation
lling
a
a rollall
yfor Pother Icomponents nves
tm of internal control, providing discipline and
s s e t s e n t s  l s  P
r t i n g 
A structure
aym andnencompassing
tr o po both technical competence and ethical commitment. Managers
e n d or Pmust e r al Co theainternal
evaluate
n n c ial Re control environment in their own business unit as the first step in
V
tsthe IT Ge iptsof Fin
m e n process
e c e analyzing internal controls. Many factors determine the control environment,
i t C ard R
including the following:
Cred
• Management’s attitude, actions, and values set the tone of an organization, influencing
the control consciousness of its people. Internal controls are likely to function well if
management believes that those controls are important and communicates that view to
employees at all levels through policy statements, codes of conduct and by behavioral
example.
Management demonstrates a positive attitude toward internal control by providing

appropriate training and including internal control in performance evaluations, discussing
internal controls at management and staff meetings, and by rewarding employees
for good internal control practices. Management supports good internal controls
by emphasizing the value of internal auditing and being responsive to information
developed through internal and external audits.
• Commitment to competence and human resources policies and practices.
Commitment to competence includes management’s consideration of the competence
levels for particular jobs and how those levels translate into requisite skills and knowledge.
Managers are required to comply with established personnel policies and practices for
hiring, training, evaluating, promoting, and compensating employees, and to provide
1 The information presented in this chapter is based on the principles set forth in Internal Control—Integrated Framework, Committee of
Sponsoring Organizations of the Treadway Commission (COSO), American Institute of Certified Public Accountants, USA, 1992.

ti t y tr lR l T
cial R vir o n m l e s
and l t
t rol En R
ab
s
 Cont
ro
P
s a
rP GeneTwots-
r n
FinaElements nvir
l Eof Rece C
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n d
ece i p  a n r o tin g  re d ss e r Pa y Con l R e
t s  Cash B illing the o l Pay al necessary
sresources R epor e ntC their a p ital A Hiring e ndoand n eraldecisions i n ancia rol Envir
s e s employees
 t r to
n m perform C duties.  V staffing
e  F
tal A
s
y
t
men include a lC on i nanc
i
E iro
nveducation b les C ash s IT G
e ipts Cont d
n d or P a
I T Ge n e r pertinent
e i p ts  F verification
C o nt ro l of
R e ce i v a and
l l
experience
 Pe t t y and,
e s t m n
once
e t on
C
the
a r d job,
R e c the
s  C a s h 
B i l l i ng an
V e ts Re c h necessary an d ro In v it sse t ts
tmen ediemployee Card seistsgiven Casthe illing formal and Payon-the-job ingtraining. Cred tal A men tro
I n v e s
C r t
A s

n t s  B
o n t ro l s
R e p o r t
n m e n t 
 C a p i
o r P a y
e r a l Con
 l C l s d n
n men
t
 C apita o ayme General
r Pshould F i nandancia trol Envir eceivable ashVen
o
t s  IT Ge i p tsF
in
i ro e s Management n d I Tprovide candid constructive
n counseling
R and Cperformance e n c e
nv abl Ve ents rdriven pts Co d tty tm Re ts
d R eceiv y C a sh
appraisals. e t m
Promotions
s a d R eceiby periodic
 C a shperformance B i l l i ng anappraisals y r o l l  Pedemonstrate
g  I nves e d i t Card i t a l Asse
g an ett Inv dit C ets ts Pa rtin Cr ap
a y r o llP o r i ng
commitment
t t  C
to rethe advancement
p i t a l Ass of P a y men personnel
qualified o n t r ols to higher i a l R epolevels nof
m ent vablesC CashVe
responsibility.
i E Co structure. g r gIn
F
pts Contr• o Assignment
l Rece ofPauthority tty C
a andnresponsibility;
ts eceorganizational  B illin ThislsPay
a s h l l i n g
factor a n d
includes
r o l l e
management’s v e m e
st responsibility d i t Ca rd R
for s 
defining
t C a s h
key m e
areas t s
n of authority C o n r o
t and l Rep o r t i n
e n tCr
sC B i Pay  I n Cre Ass e Pa y ra l cia on m
a y m ents nresponsibility t r ols e p o rting
and establishing
n m entappropriate C a pital lines of V e ndor ITManagement
reporting. Gene tsFshould inan
t r o l Envir a nd R
ec
r P l C o a l R i ro e s  s h  en t s e i p o n i n g
do ra
Gene tsprovide
ci
Finan policies n troland Envdirectcecommunications
e ivabl P
Ca
etty so that vesall tmpersonnel Rec
ardunderstand Casthe hC ntsBill  Payro
 I T C o d R l l  I n d i t C t s m e r o l s
nts ceip government’s  an knowyrhow o theirrtindividual ng Cre interrelate sse ay nt l
a r d Re t s  Cash B
objectives,
illing trolsPa R e po i e n tactions a p i tal A and e n dor P enetoral Co
contribute
i n ancia
C e
Ass those nts  l
cia and nfor m
on they C V F
edit pital ayme
objectives, and
ral C
onrecognize
Finan
how
E vir
what
ables
will be held sh
Caaccountable. tsI
TG ceipt
s Co
s  C a d o r P G e n e
i p t s  o n t r o l
e c e i v P e t t y
s t m e n
a r d R e C a sh
bl e Ve n I T ce C ing and R l l  Inve C ets 
C ash estm In nts to
eaddition C rd Re sCash
aorganizational hierarchies, i l l a proper s  Payro rtinof
segregation g duties ist a redit
Cnecessary i t a l Ass m ents
t y red i t t B ntr o l o e n a p rP a y
Pet Inv condition sse ts ial Re
p
ironmensure sC
o r t i ng m e ntC to a p ital Acontrol
make P a y men
procedures n e al Co naManagement
effective.
r n c l E n should
v i v a b leadequate  V endo
C e h
Rep
l Envir
on separation
ables of
 theVefollowing ndor sIT
G
tresponsibilities: ipts
Fi
authorization ro
Cont of transactions, a nd R
ece recording
e tty C of
as
t r o c e i v s h  e n e c e s h  n g  P
Con e
and R transactions, etty
Ca custody tm
Invesof assets, ard Rperiodic ets
Ca illi
tsB of existing roll to recorded
Payassets
l l i n g l l P n g  r e d it Cand l A s s reconciliation
e n o l s 
Bi lsPayroamounts. rti C ta ym tr
o i a l Repo ronment e s  Capi e n d or Pa e ra l Con
t r n c vi ab l V Ge n
Con s F• inaGoverning t rol Enbody eceiv etty CaThe sh sIT of those charged with governance
i p t o n n d Rparticipation. involvement
e n t
Rece C
Cash in a sreview ga llP Inveaudit stm
t s t  Billinof internal  P a yrocontrols g  and activities can be a positive influence on the
Asse y m e n
n t r o ls p o r tin
or Pa government’s l Co control l Reenvironment.
Vend G e nera F i n ancia
T pts
tsI ceiAssessment
men B. rd RiskR e
it Ca
Cred Organizations exist to achieve some purpose or goal. Goals, because they tend to be broad,
are usually divided into specific targets known as objectives. A risk is anything that endangers
the achievement of an objective.
Risk assessment, the second internal control component, is the process used to identify, ana-
lyze, and manage potential risks. Over the course of time, situations can occur which prevent
a business unit or a government from fulfilling its responsibilities and meeting its goals and
objectives. Because of this possibility, successful managers continually identify and analyze
potential risks to their organizations.
• What circumstances might endanger future funding of government programs?
• What practices are being questioned by auditors and other oversight agencies?
• What information is critical to the government’s operations and how vulnerable is it?
• What activities are regulated by the federal government?
• Which areas are most susceptible to fraud?
• Are assets (cash, inventory, fixed assets) adequately protected?
When beginning a risk assessment, managers should start by analyzing the two circumstanc-
es most likely to create problems: change and inherent risk.
ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
rP GeneTwots-
r n
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n d
A s s e t s 
n t s  B
o n c i a l R r o n m e
s  h  V e
T G e n
t s n t rol En
ta l e Periods of
ral C Change ina n
l Env
i abl e Ca s I i p C o
d or Pa The
ym
Griskenethat i p tsF will o ntrobe R e ceivincreases  etty
Pdramatically s t ents ard Rece
mduring C ash Billing an
d
e n I T cobjectives
e C not achieved
d l l v e ita C time of change.
t s 
V tmen Some
ts ard R
e
Cash
 an
llingthat expose Payro rtingIn Cred riskpare Asse
allisted men
ts tro
I n v e s
C r e d i t Cexamples
A s s e t s 
of circumstances
n t s  B i
o n t ro l s a government
R e p o n
to m e t
increased
n 
 C a i t
o r below:
P a y
e r a l Con
 end n
n men
t
Capi
tal
o r Pay
me
G eral C Financial rol Enviro ceivables
enresponsibilities s hV t s  IT Ge i p tsF
in
i ro e • s  Changes n d
in management I T ts  n t R e C a e n c e
nv abl Ve ents rd Receip sh
Co d
ng an yrollPe
tty
nves
tm
Card
Re
Asse
ts
d R eceiv y C a sh e s t m a  C a B i l l i g  I e d i t i t a l
g an ett Inv of information redit
C ets ts sPaor revamped tin Cr ap
a y r o llP • orDisruption t i ng t  C p i t a l Ass processing
systems
P a y men due o n t to
rolnew i a l R epor systems n m ent vablesC CashVe
lsP ep men Ca or lC nc iro cei Petty vestme
n a n cial R • Rapid n v irongrowth v a b les new
and/or h  Vend T Genera ptsFina
technology n t ro l Env a n d Re o l l 
i r
F i
l E ce tty C
a s tsI ecei  Co B illin g
 Pay gIn
a s h l l i n ro l l P e
v e st m e n
d i t Ca rd R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC i
• B New programs Pay or services
 I n Cre Ass e Pa y ra l cia ron m
ec
do ra
Gene • tsRe-engineering
ci
Finan Controoperating l Env l
eivab Petty C
cprocesses
a
ec C ill
tsB olsPay
ro
 I T d R e l l  I n m e n r
a r d Re • setsDownsizing  Cash B illing trolsPa
operations R e porti e n tCr a p i tal A e n dor P eneral Co F i n ancia
l
edit
C As nts  on cia l on m  C  V TG s
Co
bl Ve • Earlysretirements  ece reduce
that C ingand
workforce andknowledge base
l
Payro rtingIn
ve it C ets
Pet t Inv red sse t ts ntr o ep o e Ca rP
r t i ng Inherent e ntC Risks a p ital A r Paymen eneral Co nancial R E n v ironm ivables  V endo
o m C Fi l h
Rep
l
on
Envir Thecesecond

ables riskscategory
o
Vend involves IT G
tsactivities, pts due
iwhich ontronature,
toCtheir a Recea greater
ndhave e tty Cpo-
as
t r o i v h  e n e c e s h  n g  P
Con andtential Re for ty Cafromfraud,
etloss
tm
Inves waste, Card
R Caor misappropriation. illi
tsB olsPayCash roll handling, for
l l i n g l l P n g re d itunauthorized l A s s etsuse, e n
Bi lsPaexample, yro ti C ita for theft ym ontr activities do.
o i a l epoar much
Rhas n m ent inherent
higher
s  Caprisk e n d or Pathan data e ra l Centry
t r c vi r o ab l e V Ge n
Con s inan
FOther t rol En of activities eceiv where ash risk
Cinherent t s IThigh
i p t C examples
o n n d R e t t y e n is include the following:
Rece a s h 
Bi l l i n g a
r o l l P v e s t m
tsC • Situations nts Pay pthat gIn great complexity increase the risk that a program or
tininvolve
Asse y m e n and
t r o lssystems
e o r
or Pa activity l Co
nera willFnot cial R properly or comply fully with applicable regulations.
Vend T G e i n anoperate
tsI ipts
men • ardThird Rece party beneficiaries are more likely to fraudulently attempt to obtain benefits when
it C
Cred those benefits are similar to cash.
• Decentralization increases the likelihood that problems will occur. However, a problem
in a centralized system may be more serious than a problem in a decentralized system
because, if a problem does exist, it could affect the entire government.
• A prior record of control weaknesses often indicates a higher level of risk because bad
situations tend to repeat themselves.
• A lack of corrective actions in response to control weaknesses identified in prior audits
often indicates that future problems are likely to occur.
Evaluate Identified Risks

Once potential risks are identified, they should be analyzed for their possible effect.
• How important is this risk?
• How likely is it that this risk will occur?
• How large is the dollar amount involved?
• To what extent does the risk potential of one activity affect other activities?

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
rP r
GeneTwots- n
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n d
A s s e t s 
e • n t s 
Are
B
existing o n controls n c i a
(policiesl R
and i ro n m
procedures)
e
s 
sufficient tos h 
manage
V e
this I T G e
risk?
n
t s o n t rol En
V e ts c  d ayro l dit t s ts
tmen • ediTo Cawhatrd Redegree ashsecondary
Care an
llingcontrols inPplace? In
ing entCre al As
se
men tro
I n v e s
C r t
A s s e t s 
n t s  B i
o n t ro l s 
R e p o r t
n m  C a p i t
o r P a y
e r a l Con
 al C l les nd n
n men
t
Both pital
Caquantitative o r Paand ymequalitative
G ener ranking F i ancia trshould
nactivities o
iro
l Env be used c e ivto abevaluate s h the Veseverity
t s  ofIT
Ge
i p tsF
in
i ro e s  n d I T 
ptstheir occurrence. n R e C a e n c e
nv abl Ve andenthe tslikelihood eceiof sh
Co and ty is likely
Petthat tm
nves to occur Card
Re
Asse
ts
d R eceiv identified y C a sh risks e s t m a r d R  C a B i l l i nAgmoderate y r o l l loss
 g  I e d i t i t a l
g an ett Inv C
edit asitaal more ts
Asse serious nts lsP
a to occur. tin Cr ap
a y r o llP may o r t i ngas much
pose
t  C rdanger
p P a y meloss that tisroless
o n
likely
i a l R epor n m ent vablesC CashVe
n a n cial R RisknvResponse ironm ivables shVend IT Genera iptsFin n t ro l Env a n d Re o l l 
i E Co g r gIn
F
pts ContrMany ol Rece ty Ca tments ece  B illin  Pay
risks areracceptedo l l P e t ornavoided
v e s by implementing
d i t Ca rd R
t s C
effective
 a s h
control
m e t s 
n activities C o n ro l s
tahead ofl Rtime. e p o r t i n
e n tCr
sC i I e e y l m
entsOther
B
lsPbeyond
orisks,
ay ing
rtour control tCar severe
en(e.g. al As
pitweather
s Pa
ndor or power
event nera that
Geoutage ancia l Environ
Finprevents ec
P a y m C o n t r
l R e p o
i r o n m s  C a
h  V e
t s  I T i p t s  o n t ro n g a nd R
do r l
ra access to financial ci a nv should l e Ca s en must be e
ecready to respond C tosBill i
I T Gene tsFinan Control E
systems)
R e
balso
ceiva llPetty
be identified.
I n
Managers
vestm dit Card R tsCash e n t l s  Payro
nts  d  m nt ro
ceipthese with Cash
aset of activities an (e.g. disaster
illing trolsPa
yro recovery
porti
ng plan).tCre
tal A
sse ay
dor P eneral Co ancia
l
C a r d Re e t s   B l R e m e n C a p i V e n F i n
edit Ass nts on cia on   TG s
C a pital C.oControl r P ayme Activities e n e ral C s Finan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d I T G i p t o n R e c l  P s t m C a r d  C
bl Ve nts ece C ing and yrol Inve redit ets ents
y C ash Once s t m emanagers i t C ard R and
identify t s  Cash risks,
assess B i l l
the next step
o l s  Pato
is develop r t i n g methods n t to Cminimize p i t a l Ass
the a y m
Pet t Inv e ed sse ts ntr ep o e Ca rP
r t i ng risks. e tCr methods
nThese a p ital Aare referred P a y mento collectively n e ral Co as ncontrol a n c ial Ractivities, E n v onm
irthe third i va b les
component  V endo
Rep o on m s C dor TG e Fi ro l ece as h
r o l Envir of internal e i v ablecontrol. h  Vencontrol
By e n tsI
activities, we
e c e ipts theshpolicies,
mean  Cont procedures, g a nd R techniques, P e tty C and
Con t Re c Ca s tm rd R directives. Ca Billi n ll 
l i n g andmechanisms l P etty thatgenforce  Inves management’s re d it Ca A s s ets Control e n tsactivities l s  Payro at all levels and
occur
l
Bi lsPafunctions. l n l Paym such o
yro
l ReTheyporti include m enat
C
wide range  Capof itadiverseoractivities
n d ra
tr
l Conas approvals, authorizations,
t r o c i a r o n l e s V e n e
Con inan nvi ab
eceiv performance

Cash reviews,
Ge
i p t s  Fverifications,
o n t rol Ereconciliations,
n d R e t t y e n t sITsecurity measures, and the creation and
Rece C a P tm In short, these activities represent basic man-
sh
Camaintenance Billin
ofgappropriate
a yrolldocumentation. Inves
t s t s   P g 
tin below.
Asse P
agement
ayme al Contro
n practices. ls See example
R epor
o r r c i a l
Vend IT Ge
ne
s  Finan
t s  i p t
men ece
i t C ard R Accounts Payable Unit
Cred
OBJECTIVE NO. 1: Compliance with statewide bill paying policies.
a. RISK NO. 1: A/P staff does not have required knowledge, skills and ability.
i. MITIGATING CONTROL NO. 1: All A/P employees receive training within 2
weeks of hire.
ii. MITIGATING CONTROL NO. 2: The A/P accounting manager designates
staff for cross-training.
b. RISK NO. 2: Payments are made too late to take vendor discounts.
i. MITIGATING CONTROL NO. 1: All invoices are date-stamped upon receipt
in the Financial Services office.
ii. MITIGATING CONTROL NO. 2: Monthly reports are generated that help
A/P identify and investigate reasons for late payments.
Managers should be careful to avoid excessive control, recognizing that absolute assurance
is generally not achievable and would be prohibitively expensive and impede productivity.

ti t y tr lR l T
cial R viro n m l e s
and l t
ab
s
 Cont
ro
P
s a
rP GeneTwots-
r n
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n dControl l l  Petty
A s s e t s 
e n
When t s  B
a problem o n arises, c
before
n i a l R
implementingi r o n m e
a new s  policy or s h 
procedure,
V e
I T G
managers e n
should t s o n t rol En
ta l l C na Env l e a i p C
d or Pa make
ym
Gesure nera i p sFi
trelevant o ntroldoesdnot R e eivab exist
calready  Pethat tty C s t mneedsentsto be a r Rece
denforced. C ash Billing an
d
V e n ts I T Rethatc e a
sh
policy
C an ro l l simply
n v e it C e t s  
v e s tmen edit Card setsCa  B illing t r o l s Pay portingI entCred apital Ass Payments al Contro
In r
CChapter al As presents ts Con Re control nm les
C or er
m ent C a pitThree r P a ymena detailed e n e ral discussion i n a n ial the
cof
o l E n viromethods
e i v a band techniques
h  Vendcom-sIT Gen ptsFin
n s used domanagers G mitigate F ontr Rec y Ca s ent ecei
nviro eivablemonly V enby t s ITto i p ts risks. C n d e t t s t m d R ts
d R ec y C a sh 
e s t m e n
r d R e c e
 C a s h 
B i l l i ng a
y r o l l  P
g  I nv e
e d i t C a r
i t a l Asse
g an ett Inv a ets ts Pa tin Cr ap
o llP D.oInformation i ng C dit C
reand l Ass men rols epor ent vablesC CashVe
a y r
ep r t
en t  Ca Communication
p i t a P a y o n t
nc i a l R
iro n m
cei
lsP n cial R i ronm ivables
or
Vend T Genera ptsFina
lC
ro l Env n d Re l  Petty vestme
n a n v h  n t a r o l
F i
E
A lgovernment’s ce control tty C
a s
structure must I
tsprovide for
ecethe i identification,  Co capture
B
g
illin and exchange  Pay gIn
a s h of l information
l i n roboth
l l Pe
within the
v e m e n
stgovernment d i t rd
Caand with
R
t s  C
external a s h
parties.
m e t s
n For example, C o n t ro l s
manage- l R e p o r t i n
e n tCr
sC B i ay I n re Ass e Pa y ra l cia ron m
y m entsment n t r lsPon the
orelies p o ting mesystem,
rinformation ntC including C a pital the Vaccounting e ndor system, I T Gene for treporting s Finan ontrol Envi nd R
ec
r P a l C o a l R e i ro n e s  s h  t s e i p o n i n g a
do ra ci nv bl Ca en agencies, ecand federal C
grantors. ill ro
I T Gene government t s  Finan or C o
program
n trol E activities R e ceiva to the l P
Legislature,
etty I n
oversight
vestm dit Card R tsCash e n tsB olsPay
nts  ceipAccurate 
information an d
communicated l
yro in a timely 
ngmannert re
is,Ctherefore, thessefocus ofothe m
ayfourth nt r l
a r d Re component t s  Cash B illing trolsPa R e porti e n a p i tal A e n d r P eneral Co i n ancia
C Ass e 
ts internal
nof ocontrol. cia l on m C V F
edit pital ayme ral C
n
Finan Envir ables
 Cash

tsI
TG ceipt
s Co
i p t s  o n t r o l
e c e i v P e t t y
s t m e n
a r d R e C a sh
bl e n
Ve Within the I T ececommunication C must R
d up, as awell l l  ve it C ts 
C ash estment
sorganization,
t C ard R s  Cash B i l l ing a
nbe
l s  P yro as rdown. t i n gInSupervisors t  Credmustpital Asse ayments
Pet t y Invcommunicate i
ed dutiesl A and t
sseresponsibilities ts to ltheir r o
ntstaff. Staff eand o
p middle e n
management a
Cmust rP
r t i ng e n tCr a p ita P a y men n e r a Co nancial R E n v ironm ivables  V endo
Rep o obe m
n able tolealert C
 upperenmanagement dor IT to e
G potential Fi
problems. l
Administrative
ro eceand program h
s staff
r o l Envir must e i v ab s shVrequirements e n tsand c e ipts to h  Cont g a nd R P e ty Ca
tinternal
t Re c communicate a tm rd R e
expectations Ca s each other.
Billi n Well-designed ll 
Con andcontrols P tty C
eoutline Inves authority it Ca andl Aresponsibility s ets ts Payro
l l i n g l l ntheg  specific re d s e n of individual o l s  employees in carrying
Bi lsPaout yro
R e porti e ntC They C pita
aalso d o r Paym al Contr
ro their
cia l day-to-day mactivities.
viron ceivables
 serve
Ven as a point ene r
of reference for employees seeking
Cont sFguidance inan ro l E n e situations C a s h 
s I T G
Rece
ipt
h  Contwhen n g
unusual
and R l l
arise.
Petty vestment
a s Bi l l i ayr o In
tsC Sending nts lsPelectronically tingallows management to immediately distribute new pro-
Asse a y m e information
n t r o
Re p o r
or Pcedures nerand al Cootherainformation ncial to a large staff. Governments should consider conducting
Vend I T G e
s  F i n
tsin-house pt
itraining sessions upon releasing new or revised internal control policies and proce-
men a r d Rece
it Cdures. Internal control concepts should be emphasized as a part of the orientation for new
Cred employees. Managers should reinforce policies and procedures through their own actions
and words.
Effective communication also encourages employee involvement. Governments should
consider establishing a process that supports recommendations from employees for quality
improvement and acknowledges good suggestions with meaningful recognition. Employees
should also feel they can report suspected improprieties without fear of reprisal and that their
anonymity and confidentiality will be respected.
E. Monitoring
After risks have been identified, policies and procedures put into place and information on
control activities communicated, managers must implement the fifth component of internal
control, monitoring. Monitoring assesses the quality of internal controls over time, making
adjustments as necessary. Like the other four components, monitoring is a basic manage-
ment practice that involves activities such as performance evaluations; ongoing supervisory
activities, reviews and analyses; and independent evaluations of internal controls performed
by management or other parties outside of the process. Proper monitoring ensures that con-
trols continue to be adequate and to function properly.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
rP GeneTwots-
r n
FinaElements l Eof nvir Rece C
a l C o n t
i a l R e p
n t I T
Chapter
c e i p Five
C o n t ro Internal
l l i n g a n d
A s s e t s 
e n t s
Monitoring  B
o n
allows a manager n c i a l R
to identify i ro n m e
whether s 
controls are s h 
being
V e
followed I T G e n
before prob-t s o n t rol En
ta l l C ina Env l e Ca cei p C
or Pa lems
ym nera
Geoccur. tsF ntrol unit’s e eivab lcontrol
cinternal Petty planvemay t nts
meidentify r d Re C ash Billing an
d
e n d I T For
c e i p example, a
C obusiness d R l  s C a
situations t 
where
s
V ts Re 
Cash If the g an yro
Panot In dit
Creensure sse ts tro
v e s tmen cross-training d i t Card seistsrequired.   B i llinmanager t ro l s
does pmonitor
o r t ingthe eplan n t  to a p i tal Across-Paymen
that a l Con
I n C r e A s n t s o n R e n m  C o r n e r
 t training tal me lC
nera he orFshe cial discover iro es
ivablthe back-up end will IT Ge tsF
in
i ro n men
e s  Capi occurs d o r Paay regular
on
I T G ebasis,  i nanmay n t ro l Envtoo late
R e c e that
C a s hV staff e n t s  c e i p
nv abl not be n ts Re
eceiv C a Ve to handle
shable t m entsthe  operations
R eceip when C a Co lling anchange.
shcircumstances
d
l l  Petty I nves
tm
i t Card a l Asse
ts
d R y e s a r d  B i y r o g  e d i t
g an ett Inv C
redit should
s
ssetinclude nts trolsPa ortin tCr that ap
a y r o llP The o r t i ng
monitoring t  C
process p i t a l Aalso P a y mepolicies o nand procedures i a l R epdesigned n m toenensure v a b l esC CashVe
lsP ep en CaotherVreviews endo are
r lC c
Finan Managers iro Rece
i
Petty vestme
n a n cial R the findings n v ironm of audits v a b lesand h  G e nera
promptly tresolved.
s  n t ro l Env should a n ddetermine o l l 
i T r
F i
pts Contrthe
E
ol proper ece
Rremedies Ca
ttyresponse
s sI findings
taudit ecandei p  Co B illin g
 Pay gIn
r o l l Pe in
v e st m to
e n
d i t Ca rd R
t s  C a s
complete,h
m
within
e n t s established
C o n t ro l s time
l R e p o r t i n
e n tCr
sC B i
frames, all P ay
actions needed I n
 to correct e
Cridentified Ass e
deficiencies. Pa y ra l cia ron m
ec
do ra
Gene tsFinan Control E
ci nv bl
ceiva llPetty
Ca
ec C ill
tsB olsPay
ro
 I T d R e  I n m e n r
l
edit
C Ass e nts  on cia l on m  C  V TG s
Co
Payro rtingIn
ve it C ets
r t i ng e ntC Capital A r Paymen eneral C a n cial R E n v ironm ivables  V endo
Rep o on m  o TG Fi n tro l ece as h
Con and R lPetty
e Ca tm dR Ca illi oll
l i n g l g  Inves redit Car A s s ets e n tsB olsPayr
l
Bi lsPayro l Reporti n C ta l ym tr
o i a n m ent
e s  Capi e n d or Pa e ra l Con
Con

t sIT
i p o n d e n
Rece Cash
C ga
yroll gInve
P stm
t s t s Billin  P a
Asse n ls tin
Vend ne r c
t s ece i p
men ard R
i t C
Cred

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
endo sIT Gen pts
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
Activities l l  Petty
CHAPTER THREE: CONTROL ACTIVITIES ol En
ta l A e n
ral C o ina n c
ym
d
t s  C
V ts
tmen Control d Re
Caractivities
h
Casensure an
llingmanagement
o
Payrdirectives ing
In reditTheyitainclude
Cout. l Ass (1)
e
men
ts tro
I n v e s
C re d i t
A s s e t s help
n t s  B i
that
o n t r o l s
R e p o r t are
n m
carried
e n t 
 C a p o r P a y
e r a l Con
 al Vend sIT Ge n
n men
t performance
Capi
tal reviews,
o r Pay such
me
G
as
enan
lC
eraanalysis F i nandancifollow-up r o l Enof
o
virbudget
c e ables
ivvariances; s
(2)
htransaction t i p tsF
in
i ro e s  n d I T s  n t R e C a e n c e
nv abl processing Ve
sh controls, ts
enincluding ceipt
eapprovals, Co
verifications
sh
d
and reconciliations;
ng an yrollPe
tty (3) physical
nves
tm con- ard Re
Asse
ts
d R eceiv t y C a e s t m a r d R  C a B i l l i g  I e d i t C i t a l
g an ettrols designed Inv to ensure Csafeguarding ets and security ts of assets a records;
Pand n (4) segregation
tiand Cr ap
y r o llP o r t i ng t  C redit i t a l Ass a y men n t r ols a l R epor n m ent vablesC CashVe
a eofp duties ndesigned to reduce p
Ca opportunities P for raaperson o to be in i
c position irtoo perpetrate cei and Petty
lsP cial R conceal men les when endo
r
ne
lC Finan l Env d Re e
F i n a n
o l E n v iroerrors
c eandi v a bfrauds C a s h  Vperforming
 I T G e normal c e i p t
duties.s  C o n t ro
l i n g a n
a y r oll  I n vestm
pts  Cont
r e s Re  Bi l P ng
s h  i n g and R l l Petty vestment i t Card t s  Cash e nts o n trols

R e porti e n tCr
a i l l r o I n d e y m l C l m
sC B
entsA. nTransaction ols
Pay ting ment
rProcessing
Cre
Errors
ss
ital AFrauds
pand
Pa
ra cia ron ec
P a y m C o t r
l R e p o
i r o n s  C a
h  V e
t s i p o n n g a nd R
do r ra l nci a v bl e a s n c e C ill i ro
I T Gene Control  Finaactivities o n rol Encomputerized
t(both R e ceiva lland P tty C
emanual) are
I n stme
veimposed onC arthe d Reaccounting  Cash system e n tsB olsPay
for
 t s C d   d i t t s m r
nts ceip purpose 
Cash of preventing an Payro eerrors ng re might sse y
or Pathrough ont l
C a r d Re the e t s   B illing trand o l s  detecting
l R porti andmfrauds e n tCthat
C a p i tal Aenter Vand e n dflow e n e ral C F i n ancia
edit Ass ts on cia on   TG s
C a pital toothe r P ymen estatements.
afinancial n e ral C s  Finan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d I T G i p t o n R e c l  P s t m a r d  C
Payro rtingIn
ve it C ets
y C ash estment i t C ard R s  Cash B i l l l s  n t Cred p i t a l Ass a y m ents
Pet t Inv red sse
Seven t ts
Categories ro
ontErrors
of and o
ep Frauds e Ca rP
Rep o on m  o T G Fictitious Fi n ntro l ece as h
r o l Envir 1. e i v ables transactions
Invalid
h  Vend areenrecorded: tsI e c e ipts revenue s h  Cotransactions g a nd Rare recorded P e tty Cand
Con t e c Ca s tm rd R Ca illi n oll 
l i n g and R lcharged P etty tognonexistent  Inves recustomers. d it Ca A s s ets e ntsB olsPayr
l
Bi lsPayro l Reporti l n tC pita l ym tr
r o 2. iValid
a transactions o n m enare omitted
e s  Cafrom thee n d or Pa
accounts: e ra l Con
Shipments of merchandise to cus-
t c nvi r l V n
Con s Finan tomers t r o l Eare not e ceivab y Cash
recorded.
R t s IT Ge
ip t Con nd ett en
Rece C a sh B i l l ing a y r o llP I n v estm
ts ts a
P portingare  executed and recorded: A customer’s order is not ap-
Asse P a y m3. enUnauthorized
o n trols transactions R e
or ral C l
cia yet the goods are shipped and/or the service is provided and billed
Vend I T
proved
Gene tsFinan
for credit,
ts to theip customer without requiring payment or an advance deposit.
men a r d Rece
it C
Cred 4. Transaction amounts are inaccurate: A customer is billed and the sale is recorded
in the wrong amount because the quantity shipped and quantity billed are not the
same and the unit price is for a different product.
5. Transactions are classified in the wrong accounts: Expenditures for capital acquisi-
tions are coded and charged to an operating supplies object.
6. Transaction accounting and posting are incorrect: Sales are posted in total to the ac-
counts receivable GL control account, but not all of them are posted to the individual
customer account records in the subsidiary ledger.
7. Transactions are recorded in the wrong period: Purchases made in one fiscal year
(June) are recorded as expenditures in the next fiscal year when the invoice is re-
ceived (July). Revenues attributable to July are recorded as transactions occurring in
June.
Management’s task is to design control activities that prevent, detect and correct these and
other potential errors and other frauds. Front-end, or preventive, controls are performed
before an action takes place. For example, a supervisor or manager must approve an invoice

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
A s s e t s 
e n t
before s  B
it is o
processed n for n c i a
payment. l R
i r o
Back-end, n m e
or s 
detective, controls
s h  V e
examine I T G e n
transactions t s o n t rol En
ta l l C ina l Env l e Ca cei p C
d
ym
or Pa after Getheynera i p tsFprocessed o ntroto R e eivabare appropriate.
cthey  Petty vesAn t ents awould
mexample r d Re be the C ash Billing an
d
e n I T have c e been C ensured l l it C t s 
V ts
tmen month-end
Re
Card reconciliation

Cash ofBcash an
llingaccount Payro tortthe ing
In Cred to pensure se
al As thatPall men
ts tro
I n v e s
C r e d i t
A s s e t s 
n t s  i
o n t ro l s 
balances
R e p o bank
n m e n t 
statement
 C a i t
o r a y
e r a l Con
 t payments tal e al C ial iro es Venalso d serveT Ge n in
ro n men s  Capi have d o Paymrecorded.
rbeen G enerSometimes, F i nancthe existence t r o l Env of detective e c e ivabl controls a s h can
n t s  I
e i p tsF
nv i e
abl to prevent n I T 
ts tempted Co n R C e Re c
eceiv a
Ve
sh irregularities. t m ents An R eceip
individual
C a sh to Buse l l i g and ollfunds
ngovernment Petty inappropriately
I nves
tm
i t Card l Asse
ts
d R t y C e s a r d  i y r g  e d ap i t a
g an etmay begdeterred Inv byrethedit Cknowledge ts the ebank
ethat tsaccount a
isPregularly tin
reconciled. Cr
a y r o llP o r t i n  t  C p i t a l Ass P a y m n o n t r ols i a l R epor n m ent vablesC CashVe
n a n cial R n v ironm ivables shVend IT Genera iptsFin n t r o l Env a n d Re o l l 
F i
B.l Control cMethods
E e
tty C
and
a Techniques
ts ece  Co B illin g
 Pay r gIn
a s h l l i n r o l l Pe
v e st m e n
d i t Ca rd R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC i I n re manual, e y l cia at nviron m
Control
B
entsvarious Pay pocan
activities
olsorganizational
beautomated
rtingand nfunctional
Cor
ent levels.
have
al As
pitGenerally,
s variousr Pobjectives
do
a andra are performed
Genethattspertain Finanto finan- nd R
ec
r P a y m
l C o n t r
a l R e i r o m
e s  C a
s h  V e ncontrol
t s I T
activities
 e i p  o n t rol E i n g a
do ra ci nv ivabthe l Ca en ec C ill ro
I T Gene cial t s  Finan Ccan
reporting o n trbe ol Egrouped R e ceinto lfollowing
P etty categories. I n vestm dit Card R tsCash e n tsB olsPay
nts  ceip  an d yro l ng  e sse ay m nt r
l
edit
C s e
AsSegregation 
nts of Duties on cia l on m  C  V TG s
C a pital Segregation r P ayme of eduties n e ral C s  F inan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d o I T G is one
i p t of the most o n important R e c
features of l  anP internal s t m
control plan. The
a r d  C
bl Ve ents premise ece
ard R of segregated Cash duties
C ing and Payro ror
l
gIngroup
ve dit C l Ass
ets ents
t y C ash fundamental e s t m i t C t s  B i l l is thatran o l s individual
 o t i n small n t  ofCreindividu- p i t a a y m
Pet
i
Inv
ng alsmshould ntC notCbe
red
p
sse
talaAposition
iin y nts approve,
toeinitiate,
m r
nt
al Co undertake n c
p
ial Re andEnreview v
e
ironmtheivsame b Ca Vendor P
lesaction.
o r t e a P a e n e n a l a 
Rep E n
n
viroThese are
a b l s incompatible
ecalled V e ndor duties
t s  IT Gwhen performed i p t sFi by C o
thentrsameo Rece Examples
individual.
n d t t y Cash of
l i v  en e  a e
Cont
ro Rece
dincompatible ty Cduties ash include vestm situations ard where Rec the
ssame Cash individual g
Billin (or small ayrogroupllP of people) is
g a n P e t  I n d i t C s s e t n t s  P
in yroll epfor: g re lA me ls
Bill lsParesponsible l R ortin
m e ntC Capita ndor Pay r a l C ontro
ro ia on les Ve ne
Cont sFinanc trol Envir e ceivab yofCaand shrecordkeeping s IT Ge for the same activity.
ip t • Managing
Con both ndtheR operation ett en t
ts • Managing ts a
P activities g
Asse P a y men o n trols
custodial
R e p ortin and recordkeeping for the same assets.
or al C ia l
Vend I
• T ener
GAuthorizing  F nanc
itransactions and managing the custody or disposal of the related assets or
s
men
ts
R e ceipt
rdrecords.
it Ca
Cred
Stated differently, there are four kinds of functional responsibilities that should be performed
by different work units, or at a minimum, by different persons within the same unit:
• Authorization to execute transactions: This duty belongs to persons with authority and
responsibility to initiate and execute transactions.
• Recording transactions: This duty refers to the accounting or recordkeeping function,
which in most organizations, is accomplished by entering data into a computer system.
• Custody of assets involved in the transactions: This duty refers to the actual physical
possession or effective physical control/safekeeping of property.
• Periodic reviews and reconciliation of existing assets to recorded amounts: This duty
refers to making comparisons at regular intervals and taking appropriate action to resolve
differences.
The advantage derived from an appropriate segregation of duties is twofold:
• Fraud is more difficult to perpetrate because it would require collusion of two or more
persons, and most people hesitate to seek the help of others to conduct wrongful acts.
• By handling different aspects of the transaction, innocent errors are more likely to be
found and flagged for correction.
ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
A s s e t s 
e At n t as  B
minimum, o n a government’s n c i a l R
plan i
of ro n m
internal
e
s 
control should s h 
ensure
V e
that I T
the G e n
following t s activi- o n t rol En
ta l ym ral C na Env bl e Ca ts cei p C d
n d or Pa ties I T eneproperly
Gare e i p sFi
tsegregated: C o ntrol R e ceiva l l  Petty vestmen C a r d Re s  C ash Billing an
V e ts Re c sh an d ro n it e t 
v e s tmen edit Card setsCa  B illing t ro l s Pay portingI entCred apital Ass Payments al Contro
In Cr As andym ents on cial R
e
viron
m
bles hVend
C or ner
n m ent 1. Personnel C a pital o r P a Payroll
G e n
Activities
e ral C
F i n a n r o l E n c e i v a s t s  I T Ge i p tsF
in
nv abl • Individuals Ve responsible ents rd Receip
for hiring, ts terminating Co and approving
g and ollPett
promotions y should not be
vestm dit Card R tal Assets
e
R eceiv C a sh involved
directly s t m in preparing payroll C a
or shpersonnel i l l i ntransactions r or inputting  I ndata.
g an d
l Pett y
g  Inv e
re d it C a
A s sets 
e
B
nts trolsPa
y
p o rtin g
n t Cr e
s Capi Ve
P a yr o l
e p o r t i n
e n t  C
C a p it a l
r P a y m
C o n c i a l R e
i r o n m e
e i v a b l e
y C a sh
ls ial R • Managers nm should sreview  nd
and approve o payroll l
era deductions n
inaand time n v
sheets beforeedata c et t e
F i nanc l E nviro eceivable CashVe IT Gen e i p tsF C o n trol E ing and R ayrollP I n vestm
 r o entry, but shouldenot be involveds in entering c
RepayrollCtransactions. ash entsBi
l l P 
pts
h  Cont n g and R l l P tty vestment t Card s  n trols

e porti
ng
e n tCr
a s i l l i r o I n d i e t y m l C o l R m
sC B
ents• nIndividuals
Pay involved 
rting in payroll
Cre entryitshould
p al
Ass not have Pa
ndor payroll ener
a cia
Finan trol Envi
ron ec
a y m o t r ols e p o n m ent data C a  V e  I T Gapproval t s authority.
a nd R
do r P ra l C a l R
ci who arenvpart ofethe i r o l e s  a s h t s
en changes e i p
ec to their own o n
Cdata tsBill i n g
Individuals
R e
bpayroll
c iva llPetty
staffCshould
I n
not enter
vestm dit Card R tsCash e n l s  Payro
nts  d  m nt ro
ceip files. Cash
 an
illing trolsPa
yro
porti
ng tCr
e
tal A
sse ay
dor P eneral Co ancia
l
edit Ass ts on cia n s  verify TG ts
a pital • orAn P men
ayindividual n who
e ral Cis notsinvolved Finan in tthe r o l nviro process
Epayroll i v ableshould t t y Cash
periodically e n tsI all d Receip sh
Co
s  C n d T G e i p t o n R e c e l  P e s t m a r  C a
bl e Ve I ce wagesrates. C ing and l ve it C ets
C ash estment
personnel s salaries
t C ard R
eand
s  Ca h B i l l l s  Payro rtingIn t  Cred i t a l Ass y m ents
t y red i t ro o e n Ca p rP a
Pet
t i
Inv
ng • mUnless e ntC otherwise p ital A
sse
approved, a y ents
mdual update e r Cont tonthe
al access c Rep payroll
ial central n v ironmprocessing a b lessystem V endo
o r C a or P e n Fi n a l E i v h 
Rep on and bthe  Vend T G database ontrbe o ece as
t r o l Envir c e i v a leshuman s h  resources e n tsI
personnel
e c e ipts should s h  Cnot
n
permitted.
g a nd R  P e tty C
Con e Ca tm dR Ca illi ll
l i n g and R lPetty g  Inves redit Car A s s ets e n sB
treviewed l s Payro
l
Bi lsPayro l Reporti • l
Gross pay n
adjustment reports should lbe received m and o by an individual outside of
m e ntC Capita ndor Pay ra l C ontr
ro theiapayroll function. on les Ve ne
Cont sFinanc trol Envir e ceivab y Cash s IT Ge
t R t
Rece
ip
C a2. shOtherCon Expenditure i l l ing a
nd
y r o llP
Activities
ett
I n v estm
en
ts B a ngdisbursement functions should be segregated from those
ents ntresponsible
P
Asse P • aymIndividuals o rols Repfor orticash
or al C cia l
Vend I T ener
Gresponsible  F inancash receipts.
for
ts ipt s
men • ardIndividuals Rece responsible for data entry of encumbrances and payment vouchers should not
it C
Cred be responsible for approving these documents, nor batch release.
• A department should not delegate expenditure transaction approval to the immediate
supervisor of data entry staff or to data entry personnel.
• Delegated expenditure authority must be in writing and approved by the appointing
authority.
• Individuals responsible for acknowledging the receipt of goods or services should not also
be responsible for purchasing or accounts payable activities.
3. Inventories
• Individuals responsible for monitoring inventories should not have the authority to
authorize withdrawals of items maintained in inventory.
• Individuals performing physical inventory counts should not be involved in maintaining
inventory records.
4. Check-Writing Activities
• Individuals who prepare/record checks should not sign the checks.
• Individuals who prepare/record checks should not reconcile the checking account.

ti t y tr lR l T
and l t
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
A s s e t s 
n t s  B
o n c i a l R ro n m e
s  h  V e
T G e n
t s n t rol En
ta l ym e 5. Revenue al C Activities ina n v i
vabl e Ca s ts I cei p C o nd
d or Pa • IT G ener i p tsF o ntrcashol En e ceifunctions etty be
Pshould s t men a r d RethosesCash Billing a
e n ts Individuals c e responsible C for receipts
d R ro l l  v e segregated it C from t
V tmen ediresponsible t Card setfor
Re
 C ash illing
an
l s
n
e 
v e s s cash  B
disbursements. t ro
In Cr As ts
ymen eneral C
on cial R
e
viron
m
bles hVend
C or ner
n m ent C a pital o r P a G F i n a n r o l E n c e i v a s t s  I T Ge i p tsF
in
i ro e s
•  Individuals n d who receiveI T cash into ts the office n
shouldt not be R e
involved in C a
preparing bank e n c e
nv abl Ve ents rd Receip sh
Co d
ng an yrollPe
tty
nves
tm
Card
Re
Asse
ts
d R eceiv y C a sh
deposits. e s t m a  C a B i l l i g  I e d i t i t a l
g an ett Inv redit
C ets ts Pa tin Cr ap
a y r o llP o r t i ng t  C p i t a l Ass P a y men o n t rols i a l R epor n m ent vablesC CashVe
lsP ep en a or lC c iro cei Petty vestme
a n cial R • Individuals n v ironm who v a b esC cash
lreceive  VeorndmakeT deposits G e nera should t s  inanbe involved
Fnot t ro l Env in reconciling
a n d Re the o l l 
n i h n r
F i
pts Contro bank
l E Rece
accounts. tty C
 Pay gIn
r o l l  Pe
v e st m e n
d i t Ca rd R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC i Pay responsible I n Cre e y l cia m
B
ents• nIndividuals ols rting
 for issuing
ent billings l Ass not
pitashould ndbe
a
or Pinvolved Gein
ra
neestimating, Finan trol Envi
ron ec
P a y m C o t r
l R e p o
i r o n m s  C a
h  V e
t s I T i p t s  o n n g a nd R
do r ra l ci a nv or processing bl e Ca s en not beecdirectly involved e C intsBill i
budgeting, collecting
R e ceiva llPetty
cash receipts
I n
and should
vestm dit Card R tsCash e n l s  Payro
 d  m ro
nts ceip maintaining Cash
 accounts an receivable.
illing trolsPa
yro
porti
ng tCr
e
tal A
sse ay
dor P eneral Co
nt
ancia
l
edit Ass nts responsible on for maintaining cia on receivable  h not G s
C a pital • orIndividuals P ayme e n e ral C s  Finan t r o l Envir
accounts
e i v ables records e t t y Casshould e n tsbe IT directly
R e ceipt a sh
Co
e s  n d I T G i p t o n R e c l  P s t m a r d  C
bl Ve involved s in the ece process
billing orCcash receipting.
 nd l
Payro rtingIn
ve it C ets
y C ash estment i t C ard R s  Cash B i l l ing a l s  n t  Cred p i t a l Ass a y m ents
t red t ontr o o a rP
Pet
ng If m
Inv governments
ntC Cado itnot
se
al AshavePsufficient y
ts
men staff ral Caccomplish
to c iaan
p
l Reoptimum v nme of
irodivision b esC man-
lduties, endo
o r t i e p a e n e n a n l E n i va h  V
Rep on esneed to or
ndmore TG Fi tro ece as
t r o l Envir agement c e i v ablwill s h  Vebe e n tsI involved
actively
e c e ipts in reviewing
s h  Conreports
n g a nd Rreconciliations
and
 P e tty C and
Con Re a m
vestadequately rd R Ca illi ll
g andensuring P tty C
etransactions  Inare d it Ca documented s s ets andeproperly n tsB authorized. s  Payro
l l i n l l n g re l A ym o l
Bi lsPayro l Reporti m ent
C
 Capi
ta
d or Pa r a l Con
tr
t r o Access c i a Controls i ro n l e s V e n n e
Con s Finan ntrol Env ab
eceiv refers Cathesh T Ge
sIsecurity
i p t Control C o over physical n d R
access e t t y to physical
e n t of assets. Physical safeguards
Rece C a sh secured B i l l a
ingfacilities; y r o llP I n v estm
include a limited access to assets and important records, documents and
Asse
ts
y m e nts
n t r o lsP p o r ting
or Pblanka forms; oand periodic Rephysical counts that are compared with amounts shown on control
Vend G e n eral C Financial
records.
T Inventories
pts of items held for sale and stocks of materials and supplies should not be
tsI ceito
men available rd R e persons who have no need to handle them. Likewise, access to accounts receiv-
r e d it Ca
C able records and payroll data should be denied to people who do not have a recordkeeping
responsibility for them.
Access control over information systems means that access to program documentation, data
files, programs and computer hardware is limited to the extent required by individual job du-
ties. Access controls should include the use of multilevel security, user identifications coupled
with regularly changed passwords, limited access rooms, call backs and dial-up systems, use
of file attributes and firewalls, and encryption of confidential information.
Periodic Reconciliations
Managers should provide for periodic comparison of recorded amounts with independent
evidence of existence and valuation. Internal auditors and/or other members of the account-
ing staff can perform such comparisons on a regular basis. These individuals, however, should
not also have responsibility for authorization of the related transactions, accounting or re-
cordkeeping, or custodial responsibility for the assets.
Periodic comparisons may include reconciliation of bank statements, inventory counting, con-
firmation of accounts receivable and accounts payable. The more frequent the comparisons,
the greater the opportunity to detect errors. The results of nightly processing in the central
accounting system for example, should be compared the next morning to the detail sum-
mary records. Cash account balances per the central accounting system should be reconciled

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
i p  n o g  e d e y R e
ece Cash ng a
illito sbankPayr epor (and
tin Cr apital Ass endor Pa neral Con Financial
ntthe vir
A s s e t s
e
monthly
n t s  B monthly
o n t r o l
n c i a R
statements
l i ro n m eto government’s
s  C s h  V
internal subsystem
I T G e if one t s  is
o n t rol En
ta l C
ral other ina Env bl e a p
cei against C
ym
or Pa involved). Gene For tsFrecords, trolfrequency
nthe e ceof ivaperiodic tty C
Pecomparisons t memust nts be balanced r d Re C ash Billing an
d
e n d I T c e i p C o d R l l  v e s it C a t s 
V tmen the
ts costs Re
Cardandsbenefits. Cash

lling
an Payro rtingIn Cred tal A
sse men
ts tro
I n v e s
C re d i t
A s e t s 
n t s  B i
o n t r o l s 
R e p o n m e n t 
 C a p i
o r P a y
e r a l Con
 cial important. les d n
n men
t Subsequent
Capi
tal action
o
me
r Payto correct G eral C Finisanalso
endifferences r o
iro
l Env Together, c e ivabperiodic s Ven ntsIT Ge ceiptsFin
hcomparisons
i ro s  d I T  n t R e C a
nv
c e
e
ivabl and aactions s h  n
Ve to correct e n ts errors lower
R e c eipthe ts
risk a s that
h  o
Cmaterial
i n g and
misstatements l  P ty the financial
etin I n v e stmestate- Card
Re
Asse
ts
d R e y C e s t m a r d  C B i l l y r o l g  e d i t i t a l
g an ett nv
gIoccur. redit
a y r o llP ments o r t i nwill t  C p i t a l Ass P a y men o n t r ols i a l R epor n m ent vablesC CashVe
lsP ep en Ca or lC nc iro cei Petty vestme
n a n cial R Periodic n v ironm Performance v a b les Comparisons h  Vend T Genera ptsFina n t ro l Env a n d Re o l l 
i r
F i
pts ContrThis ol E Rece s
ty Ca tments
I ecei  Co B illin g
 Pay gIn
a s h l l i n g a
categoryn d of
ro l controls
l Pe t includes
v e s periodic d i t a r
Creviewsd R
oftsactual
 C a s h
performance
m e n t s versus
C o n ro l s
t budgets, l R e p o r t i n
e n tCr
sC B i Payprior period  I n Cre Operating e
Ass (activity-based) Pa y l
racompared cia on m
a y m entsforecasts n t r ols and
e p o rting performance. n m ent C a pital V e ndor IT G eneis
data
t s  Finan to finan- t r o l Envir a nd R
ec
r P l C o a l R i ro e s  s h  t s
en the differences e i p o n i n g
do ra cial data. The
ci relationship nv of the bl data setsCisa analyzed,
two
ceiva llPetty
with
ec C
investigated ill
tsB olsPay
ro
nts ceipand corrective Cash
 action taken
illing that
an if necessary. Payro eporting
This type of control
tCr
eactivity isl Ausually sse performed ay by
dor P eneral Co
nt
ancia
l
C a r d Re management e t s   B
employees t r o l s have no l R
recordkeeping m e n
or custodial C a p i ta
responsibilities. V e n F i n
Co
bl Ve Authority s ece C ing and l
Payro rtingIn
ve it C ets
Pet t InvEvidence ed be maintained
must sse t ts
toedemonstrate that o
ntr only persons o
ep acting e the scope
within Ca of ndor P
r t i ng their e tCr
nauthority a p i tal A a y m n e ral Co nancial R n v ironm ivables Ve
Rep o
v i ro n m
l e s  C are allowed n d P
or to authorize I T e n
G and execute t s  Fi transactions. o n t l E
ro Governments R e ce need
y C a sh
to
e ts d t
rol En document eceiv
ab which
Cash persons
V men expenditure
thave
ip
Rece authority ashand C the extent lling ofathat
an Pet
llauthority. The
Cont a n d R
P e t t y I n v e s
i t C a rd
s e t s C
t s B i P y r o
g  d s n 
s readily available for
yroll eporting
in signature of authorized personnel re is a matter l A of record eand should lbe
Bill lsPacomparison l R when them e ntC documents
underlying C apita ndare o r Paym al Contro
audited. r Periodically, the government’s
Cont sFchief
ro cia
inan fiscaltroofficer l
on
Enviror delegate c e i v ables a s h  Ve
I T Gene
e should C perform reviews s to ensure compliance.
Rece
ipt
s h  Con
i n g and R l l Petty vestment
a Bi l l ayr o In
tsCTransfer nts lsPand adjusting tingentries, particularly year-end financial statement entries,
Asse y m e transactions
n t r o p o r
or Pa o
ral C control l Re
Vend require G e nespecial F i n anciato avoid errors and possible misstatement. Management oversight is
IT 
men
tscritical.
R e eiptssupporting documentation should provide clear evidence that these transactions
cThe
it Chave ard been properly reviewed and authorized before they are entered into the accounting
Cred system.
Documentation Control
Internal control systems, all transactions and other significant events should be clearly docu-
mented, and the documentation should be readily available for internal review or audit pur-
poses.
• Detailed written evidence of the internal control system, its objectives and activities,
is essential. This documentation is valuable to managers in controlling their operations
and is useful to auditors or others involved in analyzing and reviewing operations.
Written documentation facilitates job training by communicating specific responsibilities.
The documentation should appear in management directives, administrative policy,
and accounting procedure manuals. Many documentation tools are available such as
checklists, flow charts, narratives, and software packages. These tools may be particularly
helpful in documenting complex information systems and the related control activities.
• Internal control reviews and risk analyses should be documented. Supporting
documentation for conclusions should be kept on file for use by the government and for
audit purposes.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er Finan Three vir
l E- nControl d Re
ce C
a l C o n t
i a l R e p
n t c e i Chapter
C o n t ro
l l i n g a n
A s s e t s 
e • n t s  B
Documentation o n of c i a
transactions
n l R
i
andro n m
other
e
s 
significant events s h  V e
should be I T G e
timely,
n
complete t s o n t rol En
ta l ral C na nv bl e Ca cei p C
d or Pa
ym
G eneaccurate i p sFishould
tand o trol E tracing
nallow R e eivatransaction
cthe  Pettyor event s t mfroments a r d Re C ash Billing an
d
e n I T and c e C d l l v e the C source t s 
V ts
tmen edidocuments,
Re
Card setwhile

Casith is in process, an
illing through Pto ayro In
ing reports. redit
CIt sse
tal A thatPaymen
ts tro
I n v e s
C r t
A s s 
n t s  B
o n t ro l s the
R e p o r t
financial
n m e n t  is

important
C a p i
o r e r a l Con
 end n
n men
t tal
Capi stepdin
each
o rthe
me
Paytransaction G
al C
enerprocess F is
i ncial rol Enand
nadocumented virothe appropriate
c e ivabl
es
hV accounts,
control
s t s  IT Ge i p tsF
in
i ro e s  n I T ts  n t R e C a e n c e
nv abl ledgers
sh and
Ve files tsupdated.
enare eceip sh
Co d
ng an yrollPe
tty
nves
tm
Card
Re
Asse
ts
d R eceiv y C a e s t m a r d R  C a B i l l i g  I e d i t i t a l
g an ett Inv C
redit theitsupporting ets ts Pa indicate tin Cr ap
Regardless tof
 Cformat, p a l Ass P a y men
documentation o n t r olsshould i a l R epor thenpurpose m ent orvablesC CashVe
lsP ep en Ca dor the transaction lC anc iro cei Petty vestme
n a n cial R reason
n v ironm for the v a les
transaction
b h  andVenthat G e nera t s was
 Finproperly
n t ro l Env
authorized. a n d Retransac-
The o l l 
i T r
F i
pts Contro tion
l E Rece should ttybe
s
Caclearlyeevident tsI orreasily i p
eceverified  Co B
g
illin In addition,  Pay gIn
amount
r o l l  P e
v e st m n
d i t Ca d R
t s  C a s hupon
m
recalculation.
e n t s
C o n t r o l s
l R e p o r t i n
e n tCr
sC i
B the documentation Pay  I n
should fully re
Csupport ss e
theAinformation a y
Pentered l
intorathe following ciadata: ron m
ec
r P l C o fund numbera l R and/or i r o
project identifier,
e s  general s h 
ledger account,
en t s comptroller e i p object; and
o n i n g
do ra
Gene tsvendor
ci
Finan name/number, trol E
nv bl
ceiva llPetty
Ca
ec C ill
tsB olsPay
ro
 I T C o n d if
R eapplicable.  I n m e n r
l
edit
C e
Ass Adjusting 
ntsentries, ia l m
on error C V s
pital ayme ral C
on include
which
Finan
creclassifications,
Envir ables

corrections ashyear-end
Cand tsI
TG
financial
ceipt Co
s  C a d o r P
statement G e n e
adjustments i p t s
must be fully
o n t r o l
documented. e c e i v
In cases P e
where t t y
estimates
s t m e n
are used, a r d R e
the C a sh
bl e Ve n I T Rece C ing and R l l  Inve dit C ets 
C ash estm ents imust
estimates t C ardbe reasonable,
s  Cash based B i l l
on relevant l s  Payro rtin
information andgsufficiently t  Credocument- i t a l Ass y m ents
Pet t y Inv d sse t ts tr o p o me n a p rP a
ng ed. nt ForCresystem-generated ital A r Paytransactions, men l Con ancial Rethat clearly
radocumentation v irondescribes b lethesCmethod- endo
o r t i m e C a p e n e i n l E n i va h  V
Rep on s o T G theipapplicable tsF ro ce Cas be
r o l Envir ology,
e i v ableformulas h  endcalculations,
and
V e n tsI and e c e h  Cont links
system g a d Reprocesses
nand P e ttyshould
Con t e c Ca s tm dR Ca s illi n oll 
l i n g and R maintained. l P etty g  Inves redit Car A s s ets e ntsB olsPayr
l
Bi lsPayro l Reporti l n C ta l ym tr
o i a n m ent
t r Finally,
c transaction i r o documentation l should V be retained n in accordance with applicable laws
Con s Finan ntrol Env R e c eivab y Cash t s IT Ge
ip t orCpolicies.
o nd ett en
ts ts a
P porting
Asse men
Supervision
y n trols
or P a
nera
l C o ial Re
aofncany
Vend The IT G effectiveness
e F i n system of internal control depends on continuous, qualified supervi-
ntssion c e ts
ipstaff.
m e of e all It is management’s primary means of monitoring and maintaining a system of
i t C ard R
Cred internal control. In fulfilling their responsibilities, managers and supervisors should:
• Assign tasks and establish written procedures for completing assignments.
• Systematically review each staff member’s work.
• Approve work at critical points to ensure quality and accuracy.
• Provide guidance and training when necessary.
• Provide documentation of supervision and review (e.g., initialing examined work).
Adequate and timely supervision is especially important in small departments, where limited
personnel make it difficult to establish a complete segregation of duties. Accounting and
payroll reports are vital tools that managers can use in carrying out their supervisory respon-
sibilities. The reports provide managers with timely information for transaction verification,
analysis and forecasting, and reference purposes.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
endo sIT Gen Chapter
er inan - Information ir
l Env Technology d Re
ce C
a l C o n t
i a l R e p
n t c e i p t s  FFour
C o n t ro
l l i n g a n
l l  Petty
CHAPTER FOUR: INFORMATION TECHNOLOGY ol En
s s e t s t s  B n i a l R n m e  V e G e n t r
ta l A e n
ral C o ina n c
ym
d
t s  C
V ts Re Casand h an o
Payrreporting In
ingis to aenlarge edit
Crextent al As
se ts tro
v e s tmen Because e d i t Cardthe accuracy s e t s  s  B i
timelinesslling oftrfinancial o l s p o r t t  C a p t
dependent
i r P on
a y men
r a l Con
I n C r A s n t o n R e n m  o n e
 t a well-controlled tal ayme environment, al C ial attention iro les endrole of IT Ge tsF
in
i ro n men
e s  Capi d o r Psystems I T G ener  F i nanc
increasing
n t r o l Env is ebeing
R c e ivabfocused
C a s honVthe
e n t s  c e i p
nv abl information n ts tm the ard Re
eceiv C a
Ve
sh technology t m ents(IT) inethe
R ceipfinancial C a Co lliprocess.
shreporting
d For mostttgovernments,
ng an yrollPe
y
I nves i t C a l Asse
ts
d R y
t of information e s a r d  B i g  e d ap i t
g an etrole Inv redit
C
technology ets to achieving
is critical ts a ogovernment’s lsP
a tin
financial objectives. Cr
a y r o llP o r t i ng t  C p i t a l Ass P a y men o n t r i a l R epor n m ent vablesC CashVe
lsP eWhether
p transactions
en areCaprocessed directly
r in central
l C accounting c system, iroro transmitted cei to Petty
a n cial R the central n v ironmaccounting v a b lessystem 
o
Vendindependent G e nera subsystems, t s  Finan t ro l Env a n d Re inrothe ll vestm
e
 F i n r o l E e c e i C a s h from  I T c e i p IT
C o n
systems are
l l i n embedded
g P a y  I n
pts  Cont initiation, g
R
andrecording,  tty
Peprocessing stmand entsreporting Re
Card of financial 
h
Castransactions. nts
Bi
n trols
 porti
ng
n tCr
a s h i l l i n ro l l I n v e d i t e t s y m e l C o l R e m e
B Pay
rting
 Cre
pital
Ass Pa
ra cia ron ec
a y m o e p o n m ent C a  V e a nd R
do r P ra l C ci a l R i ro
nv of eUsing e s
bl IT in  Ca s h t s
en Reporting ec e i p
C o n ill i n g
Gene A. Potential
Finan ConBenefits ettythe Financial Process ro
I T t s  trol E R e c iva ll P I n vestm dit Card R tsCash e n tsB olsPay
nts  ceip  an d ro g  re sse y m t r
a r d Re ITseprovides t s  Cash the following B illing potential l s  Payinternal
R e ortin benefits
pcontrol e n tCbecause p i taitl Aenables e n or Pa neral Con inancial
adgovernment
C  t r o l m C a V e F
edit p i t a l Asto: ayments e ra l Con F i n a ncia
l E n viron vables y C a sh t s  IT G
e ce i pts hCo
Ca or P n s ro cei et t e n dR as
bles hVen• d Consistently t s  IT Ge R e ceipt h  Cont a n d Re y r o llP I n vestm redit Car s s e tsC nts
e n Capply
ar d predefined a s
C business g
illin rules tand Pa
perform complex 
g calculations C in A e
Cas vestm edit largelvolumes sets of transactions sB rols Reportin ent sCapita dor Paym
l
Petty  I n processing
 C r A s e n t C
oro n
data. cia l r o n m n
rting ent apita ym ral vi ble Ve
Repo Environm ablesC e n d or Pa I T Gene tsFinan ontrol En d Receiva y C a sh
rol eiv V availability ts eceip ofCainformation. sh
C an ett
Cont n d
• RecEnhance
t t y Cash
timeliness,
v e s tmen Cand a rd Raccuracy
t s  B i lling ay r o llP
ing a llP
e
rting
In it
Credof information. tal A
sse ts
ymen Controls
P
Bill lsPa• yroFacilitate e p o additional e t 
analysis
n C a p i o r P a l
ro ial R onm ables Vend T Genera
Cont sFinanc trol Envir c e i v a s h  I
e C ts of the government’s activities and its
Rece
ipt • 
s h Con the
Enhance
l i n g and R to monitor
ability
l l Petty thevperformance
e s t men
a l
Biand procedures. ayr o In
tsC policies
nts lsP ting
Asse y m e n t r o e p o r
or Pa al Co riskanthat cial Rcontrol will be circumvented.
Vend • IT GReduce ener the F i n
ts ipts
men • ardEnhance Rece the ability to achieve effective segregation of duties by implementing security
it C
Cred controls in applications, databases, and operating systems.
B. Potential Risks of Using IT in the Financial Reporting Process

IT also poses specific risks to a government’s internal control, such as:
• Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
• Unauthorized access to data that may result in destruction of data or improper changes
to data, including the recording of unauthorized or nonexistent transactions or inaccurate
recording of transactions.
• Unauthorized changes to data in master files.
• Unauthorized changes to systems or programs.
• Failure to make necessary changes to systems or programs.
• Inappropriate manual intervention.
• Potential loss or compromise of data.

ti t y tr lR l T
and l t
ab
s
 Cont
ro
P
s a
orGuidebook
rP
ce C
a l C o n t
i a l R e p
C o n t ro
l l i n g a n
l l  Petty
A s s e t s 
e n
The t s use
B
of o n
computer systemsn c i a l R
to process i ro n m e
financial s 
transactions, s h 
store
V e
data, I T
and G e n
perform t s
sta- o n t rol En
l C a v e a cei p
ta
d
ym
or Pa tistical Genand eral
p Fin does
tsanalysis ntrnot ol En e cethe ivabl tty C
Pecontrol t men
ts
a r d Rediscussed. C
C
ash Billing an
d
e n I T other
c e i C o change
d R internal
l l  v e s
objectives already
it C t s 
V ts Re ash an ayro ing
In Cred used Asse con- ts tro
v e s tmen However, e d i t Card extensive s e t s  Cuse of s computer
B i lling systems t ro l s  Pmay change
p o r t the techniques
e n t  C a p i t
toal meet
r P a y men
r a l Con
 t trol objectives. tal me lC
nera IT isFused ial iro system, es
ivabl segregation end IT Ge tsF
in
i ro n men
e s  Capi d o Payexample,
rFor I T G ewhen  i nancin anntinformation r o l Env
R e c e C a s hV of eduties n t s  c e i p
nv abl may be n pts Co Re
eceiv a sh
Ve
achieved
t m
or ts
enenhanced R ebyceiimplementing C a sh access l l i and controls.
ngsecurity l l  Petty I nves
tm
i t Card l Asse
ts
d R y C e s a r d  B i y r o g  e d i t a
g an ett Inv redit
a y r o llP o r t i ng t  C p i t a l Ass P a y men o n t r ols i a l R epor n m ent vablesC CashVe
lsP eC.p General enControlsCaand Application or Controls
lC anc iro cei Petty vestme
i E Cocontrols: g r gIn
F
pts ContrIn ol an automated Rece environment tty C
a there  two broad
tsare ececategories  of B in
illgeneral Pay
controls

r o l l  Pe
v e st m e n
d i t Ca r d R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC andi
B application Pay controls.  I n Cre Ass e Pa y ra l cia ron m
ec
do
Gene General
ra ci
Finan Controls trol E
nv bl
ceiva llPetty
Ca
ec C ill
tsB olsPay
ro
 I T t s  C o n d R e  I n m e n r
nts ceipGeneral sh n all information yro ng e e end-user
ssand ayen- nt
a r d Re t s  Cacontrols B
apply ato
illing trolsPa R e
systems—mainframe,
porti e n tCr network, a p i tal A e n dor P eneral Co F i n ancia
l
edit
C s e
Asvironments; entthey 
s impact onthe entire data l
cia processing m
on environment, C
 including V
application TG s
C a pital systems. r P aymGeneral e n e ral C s  F inan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
e s  n d o I T G controls i p t
address data o n center and R e c
network operations;
l  P system
s t m software a r d  C
bl Ve ece C nd l
Payro protection,
ve it C ets
C ash acquisition s t m entsand i t C ard R
maintenance; s  ash security,
Cphysical B i l l ing a environmental l s  r t i n gIn disaster t  Credrecovery, p i t a l Ass y m ents
Pet t y Inv e red t
sse computer tsoperations. ntr o o e n Ca rP a
ng hardware ntCmaintenance ital A and men ral Co nOther c Rep
ialexamples v ironm program
include b leschange endo
o r t i m e C a p P a y e n e a n l E n i va h  V
Rep on
Envir controls; es dor access TG Fi ontro over ece as
t r o l c e i v ablcontrols s h thatVenrestrict e n tsI toRprograms e c e ipts or data; s h  Ccontrols
n g a nd Rimplementation
 P e tty C of
ty Ca orIndevelopment Ca illi l
Con
g
Re
andpackaged P etsoftware vestm dit Caof rd new software
s s ets applications; n tsB oand  ayrol over system
Pcontrols
l l i n l l n g re l A e l s
Bi lsPasoftware yro ti
epormonitors tuse C of system ta
Capi utilities aymcouldl Cchange ontr financial data without
t r o c i a l Rthat ro n m en the
l e s V e n d or Pthat
n e ra
i Ge
Con
t s inan antroaudit
Fleaving n l Env trail. Receivab ty Cash t sIT
i p C o n d e t e n
Rece sh
CaApplication ga
BillinControls yroll gInve
P stm
t s t s   P a
Asse n
ntrol on
s rtin
o r P ayme al Cocontrols,
Application i a l R epoother
the hand, are more specific to individual application systems.
Vend e e r
ninclude n n c
acomputerized
They
T G bothF i and manual controls and are designed to help ensure the
e n tsI e c e ipts
m ard R
completeness, accuracy, and validity of all information processed. Application controls
r e d it Cshould be installed at an application’s interfaces with other systems to ensure that all inputs
C
are received and are valid and outputs are correct and properly distributed.
• Input control activities: Input controls are designed to provide reasonable assurance that
data received for computer processing have been properly authorized and converted
into machine-sensible form, and that the data have not been lost, suppressed, added,
duplicated, or improperly changed. Computerized input controls include validation
procedures such as check digits, record counts, hash totals and batch financial totals.
Computerized edit routines include valid character tests, missing data tests, sequence
tests and limit or reasonableness tests – all designed to detect data conversion errors.
• Processing control activities: Processing controls are designed to provide reasonable
assurance that data processing has been performed as intended without any omission or
double-counting. Many processing controls are the same as the input controls, but they
are used during the actual processing phases. These controls include run-to-run totals,
control total reports, file and operator controls, such as external and internal labels, system
logs of computer operations, and limit or reasonableness tests.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
ce C
a l C o n t
i a l R e p
C o n t ro
l l i n g a n
l l  Petty
A s s e t s 
e n
• t s 
Output
B
o
control n activities:
n c i a l R
Output i ro n
controls m e
are s 
designed to s h 
provide
V e
I T
reasonable G e n
assurance t s o n t rol En
l C Fina v e a i p
ta
or Pa
ym
G
ral
eneprocessing tsresults rol En Rand
ntaccurate e vabl
ceidistributed Peto tty C t nts
mepersonnel r Rece
donly. C
C
ash Billing an
d
e n d I T that c e i p C o
are d l l  authorize
v e s C a Control
t s 
V ts Re 
ashoutput an o
Payrshould In
gcompared Crandedit se
al As to Pinput ts tro
v e s tmen editotals t Card produced s e t s  Cas
s  B i lling processing
during t ro l s p o r t inbe e n t  C a p i
reconciledt
r a y men
r a l Con
 t tal yme totals al C cial processing. iro Computer-generated
ivabl
es end IT Ge tsF
in
i ro n men
e s  Capirun-to-run
and
d o r Pacontrol I T G ener produced  F i nanduring n t r o l Env
R e c e C a s hV change e n t s  c e i p
nv abl n ts Co Re
eceiv
reports
a
Ve
sh foresmaster t m
 should
entsfiles R eceipbe compared C a sh to Boriginal l l i ng ansource
d
l l  Petty
documents for
I stm
nveassurance i t Card l Asse
ts
d R y C a r d  i y r o g  e d i t a
g an ett thatgdata Invare correct. redit
a y r o llP o r t i n  t  C p i t a l Ass P a y men o n t r ols i a l R epor n m ent vablesC CashVe
lsP ep n
nmeapplication Ca ndorcomputer lC nc iro Rece
i
Petty vestme
n a n cial R General n v iroand v a b les controls h  Veover G e nerasystems t s  Finainterrelated.
are n t ro l Env General a n d control o l l 
i E i s T p g r
Pay and rtingIn
F
pts Contrsupports ol ce
Refunctioning a
tty Cof application tsIcontrol, cei both are
eand  Co B illin complete 
a s h l l i n g a n dthe
r o l l  Pe
v e st m e n
d i t Ca rd R
t s  C a s h needed
m e n t sto ensure
C o n t ro l s
l R e po e n tCr
sC B i
accurate Pay
information  I n
processing. re
If Cgeneral controls e
Ass are inadequate, Pa y ra l
the application cia
controls ron m
ec
r P l are
C o unlikely a tol R function i r o
properly and e s 
could be 
overridden.
s h en t s e i p o n i n g
do ra
ci nv bl
ceiva llPetty
Ca
ec C ill
tsB olsPay
ro
nts ceip checklists 
Cash developed an conjunction Payro with ing Guidebook e
tCr contain Asse y
or Parelate ont l
C a r d Re The e t s   B illing tin ro l s  l R e portthis m e n C a p i tal questions V e n dthat e n e
to
ral C F i n ancia
edit AsITs general nts application
and on control cia
objectives virona financial  ash ntsLarge IT G gov-ceipts
C a pital r P ayme e n e ral C s  Finan t r o l Enfrom e i v ables
systemsCperspective.
e t t y e Re a sh
Co
e s  n d o
ernments with
I T G internal audit
i p t functions o n may have e
already
R c addressed
l  P most of
s t m
these questions,
C a r d  C
bl Ve ce hC ling and l Inve redit ets
C ash particularly s t m ents those t C d Re
argovernments s  Casthat operate
B i l in highly l s  Payro rdata
complex t i n g processing t  Cenvironments i t a l Ass y m ents
t y e i t o o n p a
Pet Inv red sse 
ntsgovernments, ontr however, ep
cial R willlfind
e
ronmanswering Ca
lestheseVendo
rP
o r t i ng and m e ntClargeCaITporganizations.
have ital A r PaymeAll e n e ral C n a n E n v ithat i va b h
Rep on s o IT G Fi tro ece as
r o l Envir questions e i v ableprovides h  Vendfollowing
the e n tsbenefits: e c e ipts shCon ng and R P e tty C
Con t e c Ca s tm dR Ca illi oll 
l i n g and R lPetty g  Inves redit Car A s s ets e n tsB olsPayr
l
Bi lsPa• yroAssurance l n
ti the government’s
rthat C l
ITtoperations
a ym investment
and tr strategies, as they relate to
o i a l Repo n m ent
t r financial
c systems, i ro are well planned,
l properly
V staffed n and executed in accordance with the
Con s Finan ntrol Env R e c eivab y Cash t s IT Ge
ip t government’s
Co IT
ndstrategies ett security
and en control policies.
and
ts • Documentation ts P thea 
Asse y men n trols that e p rting
ogovernment has conducted a review of IT general and
or P a al C o l R
ia over financial systems, which can be incorporated into the
e n d e r
applications
n a n
controls c
V T Ge Fin
ipts internal control plan.
e n tsI government’s e c e
m rd R
r e d it Ca
C • A tool that governments, who are contemplating replacement of existing financial
systems or who are currently in the implementation phase, can use to monitor and control
the acquisition/development software project.
D. The Role of the IT Specialist1

When evaluating controls over computer processing, the presence of one or more of the fol-
lowing conditions may require the expertise of IT specialist:
• Technology is an integral part of the government’s business processes, involving both
its primary, customer-oriented activities and its support activities, such as general
management, planning, finance and accounting.
• The government has recently implemented a new IT financial system or made significant
modifications to an existing financial system.
• The government is engaged in significant e-commerce activity.
• Data is shared extensively between computer applications.
1 This subsection was adapted from the example on project team organization presented by Mr. Michael Ramos in his book
entitled, How to Comply with Sarbanes-Oxley Section 404 – Assessing the Effectiveness of Internal Control, John Wiley & Sons, Inc., Hobo-
ken, NJ, 2004.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
ce C
a l C o n t
i a l R e p
C o n t ro
l l i n g a n
l l  Petty
t s  Finan Control E d Receiva llPetty I nves i t Card t s Cash m e nts trolsPa p o rting
A s s e t s 
e n
An t sIT B
specialist o n can help c i
identify
n a l R
risks i ro n
related m e
to the s  IT system, s h 
document
V e
I
and T G e n
test controls, t s o n t rol En
l C Fina Env e y Ca i p
ta
d or Pa design
ym
Genand eral
p tsinimplementing ntrol missing e ivabl
cecontrols, Pettmonitor t
ts
mencontinued a r Rece
d effectiveness C
C
ash Billing an
d
e n I T assist
c e i C o d R ro l l  and v e s the it C t s 
V ts Re h an n
e 
v e s tmen ofedITit controls. Card setsCas  B illing t ro l s
In Cr As ts
ymen eneral C
on cial R
e
viron
m
bles hVend
C or ner
n m ent C a pital o r P a G F i n a n r o l E n c e i v a s t s  I T Ge i p tsF
in
i ro e s
The successful n d completion I T of the IT 
component ofn t
the evaluation R e project C
will a largely n
depend
e c e
nv
R eceiv on
abl
C a shhowVe tments d Receipts CashCo illing and ollPetty I nves
tm
i t Card
Re
a l Asse
ts
d ett y (1) well
Inv e s the risks inherent
a r in IT
ts  systems are understood,
B y rand (2) IT n g 
management’s Cr e d ap i t
g an
r o llP understanding r t i ng of Cthe
it C
redfinancial i t a Asse
lreporting y men and
process
ts
t r
its sPa l Resystems.
olsupporting porti ent senior
Ideally,
m b l eITsC CashVe
a y ep o en t  a p P a o n nc i a iro n cei v a
lsP n cial R management ironm should b lesbe Cwell-informed or
Vend concerning e
lC
nera thetstypes  Finaof IT l Env needed
controls
ro n d Rtoe support l  Petty vestme
n a n v i v a h  T G n t a r o l
F i
pts Contrreliable ol E Rece information a s
tty C processing. tsI ecei p  Co B illin g
 Pay gIn
financial
r o l l Pe
v e st m e n
d i t Ca r d R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
ec
do ra
ci nv bl
ceiva llPetty
Ca
ec C tsB olsPay
ill ro
l
edit
C Ass e nts  on cia l on m  C  V TG s
C a pital r P ayme e n e ral C s  Finan t r o l Envir e i vables e t t y Cash e n tsI R e ceipt a sh
Co
Payro rtingIn
ve it C ets
Rep o on m  o TG Fi n tro l ece as h
Con and R lPetty
e Ca tm dR Ca illi oll
l i n g l g  Inves redit Car A s s ets e ntsB olsPayr
l
Bi lsPayro l Reporti n C ta l ym tr
o i a n m ent
Con

t sIT
i p o n d e n
Rece Cash
C ga
yroll gInve
P stm
t s t s  Billin  P a
Asse n ls tin
Vend ne r c
t s ece i p
men ard R
i t C
Cred

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan ir
l En- vTestinganControls d Re
ce C
a l C o n t
i a l R e p
Five
l l i n g l l  Petty
CHAPTER FIVE: TESTING CONTROLS ol En
ta l A e n
ral C o ina n c
ym
d
t s  C
V ts Re h an Payrodivides In controls it sse ts
tmen The Card framework Cas(described lling inginternal Cred intopitwo al Adifferent men tro
I n v e s
C r e d i tCOSO
A s s e t s 
n t s  B i in Chapter
o n t ro l s Two)
R e p o r t
n m e n t 
 C a t
o r P a y
e r a l Con
 tal me al C andnathe al bles approach end n
n men
t levels:apthe
C i general, o r Paygovernment G enerwide F i ncispecific, r o nviro ceivaThe
l Eactivity-level. s hV presented t s  IT Ge i p tsF
in
i ro e s  n d I T s n t R e C a e n c e
nv abl in thisshGuidebook Ve tmeisnto ts ceipt
test theeeffectiveness sh
o
ofCgovernment dwide controls
ng an yrollPe
tty first. By
nves
tm
under- Card
Re
Asse
ts
d R eceiv t y C a e s a r d R  C a B i l l i g  I e d i t i t a l
g an etstanding Inv
government C controls,
wide etsthe government ts should Pabe better tin to develop
able Cr tests ap
y r o llP o r t i ng t  C redit i t a l Ass a y men n t r ols a l R epor n m ent vablesC CashVe
a eatp the activity-level. en Ca p P o anc i iro cei
lsP n cial R ironm ivables shVend IT Genera iptsFin
or lC
r o l Env n d Re l  Petty vestme
n a n v n t a r o l
F i
l E ce tty C
a ts ece  Co B illin g
 Pay gIn
a s h TESTSl l i n OF GOVERNMENT
r o l l Pe
v e m e n
st WIDEdCONTROLS i t Ca rd R
t s  C a s h
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC i I n Cre e y l m
B
entsBecause ols
Pay g
rtinwide ent are indirect
Ass
pital and not dor P
a
ener
a
Finareancia l Environ ec
P a y m C o n t r government
l R e p o
i r o n m
controls s  C a
h  V e ntransaction
t s  I T Goriented,
i p t s
they not
o n t ro n g a nd R
r l a e s e i
do
T Gene easily
ra
Fiverified
i
nanc through n
nv
trol E observation e
bl
ceiva orllby P etty
Ca
re-performing tmen Carrelated
vestransaction
c
d Re tests. Cash
C
Asa result, n
ill
tsB olsPay
ro
 I t s  C o d R   I n d i t t s m e r
nts
r d Re other
ceip
 Cash
techniques 
ito g an evidence
llingather s  Payrowill ebe rting to
poneeded n tCr the
support e
i al As
se
tevaluation n r Pay eral Cont
ofdogovernment ancia
l
C a e t s  B t ro l l R m e C a p V e e n F i n
C a pital wide r P ayme
controls.
e n e ral C s  Finan t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
bl Ve ce C d l
Payro rtingIn
ve it C ets
C ash A. t m ents it Card Re sCash Billing an s   Cred t a l Ass m ents
Pet t y Inv e s Policy red Review sse t ts ontr o l ep o e n t Ca p i rP a y
Rep o n
oMost m governments  documento theirIThumanG resource n
Fi policies tand l
ro communicate ece them h
as their
to
t r o l Envir c e i v ables shVend e n t s e c e ipts shCon ng and R  P e tty C
Con employees
e inCthe a formvof esatmpersonnel R
rdhandbook. Ca internal
The lli
icontrol evaluation ll should focus
l i n g and R lPetty g  Indemonstrate re d it Cathe government’s A s s ets e n tsB olsto  Payro
l
Bi lsPayro l Reporti on l
those policies n that l m commitment competence and ad-
m e ntC Capita ndor Pay ra l C ontr
ro ia
dress expectations onregarding les
integrity andVeethical behavior. ne
Cont sFinanc trol Envir e ceivab y Cash s IT Ge
ip t Con nd R ett en t
Rece C The
a shgovernment’s B i l l ing a accounting y r o llPmanual I n v estm include important information relating to the
should
ts procedures ts used P a 
Asse y men n troto lscapture
e p rtingprocess accounting information, the documents required
oand
or P a al C o l R
Vend and nerrelated cia
I T Gethe s  F inan procedures. This information is typically most useful in documenting
control
ts ipt controls. However, the accounting manual may also provide important docu-
men activity-levela r d Rece
it Cmentation that is relevant for government wide controls, such as those related to the annual
Cred
financial closing process.
B. Surveys and Interviews

Reviewing policies, by themselves, will most likely not be sufficient to determine whether
government wide controls are operating effectively. One way to gather additional informa-
tion is to survey or interview employees or management, which should provide sufficient
information to form a conclusion on the reliability of government wide controls.
C. General Computer Controls

Computer controls consist of both general and application-specific controls. General controls
apply to many if not all application systems and help ensure their continued, proper opera-
tion; while application controls ensure the proper processing of various types of transactions
and include both computerized steps within the application software and manual follow-up
procedures.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan ir
ce C
a l C o n t
i a l R e p
Five
A s s e t s 
e n t
Before s  B
beginning o n a detailed n c i a l R
assessment i ro n m
of
e
computer s  general s h 
controls,
V e
the I T
IT G e n
specialist t s
should o n t rol En
n d or Pa consider I T Gene the cfollowing e i p tsF questions: C o ntrol R e ceiva l  Petty vestmen C a r d Re  C ash Billing an
V e ts Re sh an d ro l n it e t s 
v e s tmen edit Card setsCa  B illing t ro l sPay portingI entCred apital Ass Payments al Contro
In C• r Have l As been s
entsignificant on Re government’s m IT systems C or er
m ent C a pitathere r P a ymany
e n e ral Cchanges i n a n ialthe
cto l E n viron
e i v a bles (changes h  Vend in sIT Gen ptsFin
n o IT G F o
tr risksddo c changes s nt ecei
nviro eivableshardware, V endsoftware, t s processes i ortspersonnel)?
p C onWhat n Rethe e t t y Cacreate? s t mIfethere d R ts
d R ec y C a
have

sh beenesno t m e n
significant r d R e c e
changes, whatC a h 
s previously B i l l i g a
nidentified y r o l l
risks P
remain? g  I nv e
e d i t C a r
i t a l Asse
g an ett Inv C a ets ts Pa tin Cr ap
y r o llP o r t i ng t  C redit i t a l Ass a y men n t rols a l R epor n m ent vablesC CashVe
a ep n Ca p P o c i iro cei
lsP n cial R • How nme different
iromany b lescomputing
or
Vendplatforms e neor
lC
raenvironments  Finan exist ro l Env theagovernment?
within
n d Re l  Petty vestme
n a n v i v a h  T G t s n t r o l
F i
pts Contro Do
l E the ece systems
various
R a s
tty C interface I eachd Rother?
tswith ecei How p isthe Co data exchanged B illin g and ay is ingIn
Phow
a s h l l i n
the g a n d
exchange ro l l Pe
controlled? v e st m e n
d i t Ca r
t s  C a s h
m e n t s 
C o n t ro l s
l R e port e n tCr
ec
r P l C o a l R i ro e s  s h  n t s e i p o n i n g
do ra • What might
ci impairnthe v reliability bl of the government’s
ceiva llPetty
Ca ITesystems
ec
or otherwise C
negatively ill
tsB olsPay
ro
 I T affect the ability to d
capture, R e process and store 
data?I n m e n r
l
edit
C Ass e ents  on cia l on m  C  V TG s
C a pital TESTS r P aym OF ACTIVITY-LEVEL
e n e ral C s  Finan CONTROLS t r o l Envir e i v ables e t t y Cash e n tsI R e ceipt a sh
Co
bl Ve ece C nd Payro rting
l Inve it C ets
C ash Transaction s t m ents processing i t C ard R begins s  sh
Cawith the B i l l ing a of oraw
capture l s  transactional data and t endsCredwithppost- i t a l Ass y m ents
t y e t o n a
Pet
ng ing
Inv
ntthe
red
Cgeneral itledger.
se
al As Along y methents ral Contr c l Rep nvinto
iaconverted ironm
e
b
Ca
lesinforma- endo
rP
o r t i m to
e C a p P a way,
e n e the raw datan a n is l E accounting
i va h  V
Rep on or G tsF
i ro Rece new Cas
r o l Envir tion. e iIt
v bles
amay be scombinedh  Vend with e n sIT data
tother c or
e ipotherwise h  Cont
manipulated g a ntod create P e ttyinforma-
t c
Re Throughout Ca thisnprocess, tm e
rd R needed Ca s illi n ll 
Con andtion. P etty I ves recontrols it Ca are s ets to ensure tsBthatothe Payro
information retains its
l l i n g l l n g  d l A s e n l s 
Bi lsPaintegrity. yro p o rti n t  C a p i ta r P a ym C o n tr
ial R e e C o l
ro
Cont sFinanc trol Envir
onm
i v ables h  Vend T Genera
ce a s I
ipt Within Cothe and R
n information-processing e C
Petty stream, entscan be introduced at various points.
merrors
Rece a s h  l l i n g o l l v e s t
tsC Bi olsPayr rtingIn
ntspoint
Asse • y m e
The nintr the system o
pwhere events or transactions are initially identified, authorized
e n d or Pa and n e r al Co
captured. a n c ial Re
V T Ge ipts
Fin
e n tsI e c e
m rd R
r e d it C• a The point where updating and maintenance is performed for databases, master files, or
C other electronic storage systems.
• The processing points in the stream where information is manipulated (matched to or
combined with other data; used as part of a calculation) or processed, such as posted to
the general ledger, subsidiary ledger, or other accounting records.
The goal is to identify these points in the information processing stream and to test and evalu-
ate the effectiveness of the related control measures. Several different types of tests may
be used, including individual or group inquiries, direct observation methods, and re-perfor-
mance of control procedures and reconciliations.
D. Observation
Some controls may be observed, such as computer edit checks or physical inventory accounts.
If the physical count is performed only occasionally, it may be possible to observe the control
each time it is performed.
E. Re-performing Control Procedures

In some cases, the effectiveness of control procedures may be tested by selecting a random
sample of transactions and re-performing the procedures.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan ir
ce C
a l C o n t
i a l R e p
Five
A s s e t s 
e Forn t s  B
example, o n
the process n c
fori a l R
paying i r
vendoro n m e
invoices s  might require:
s h  V e
I T G e n
t s o n t rol En
V e ts Re c  an d l
yro the ninvoice In dit sse t s ts
e s tmen • ediPhysically t Card smatching t s  Cash a receiving B illing document o l sPawith o r t i g entCre p i tal A a y men l Con
tro
I n v C r A s e n t s  o n t r R e p n m  C a o r P n e r a

men
t apita
l ayme bids ral Ca formal cial o
Envir eceivabwas les end IT Ge tsF
in
i ro n e
• sC Determining
n d o r Pwhether I T G eneand  F i nanpurchase n t r o lorder/contract
R C a s hV
necessary. e n t s  c e i p
nv abl Ve ts Co tty Re
ents rd Receip
d tm ts
d R eceiv y C a sh e s t m a  C a sh B i l l i ng an yrollPe g  I nves e d i t Card i t a l Asse
g an et• t Determining Inv thatdthe
re it
C invoice swas etsproperly approved
ts for Ppayment,
a astievidenced
n Cran
by ap
authorized t  C
signature. p i t a lA s P a y men o n t r ols i a l R epor n m ent vablesC CashVe
i E ceeffect. shCo g r gIn
F
pts Contr• o Determining
l Rece whether a
tty Ca price ts ein B illin  Pay
ro l l Pe
v e st m agreement
e n
d i t Ca rwas
d R
t s  C a
m e n t s
C o n t ro l s
l R e p o r t i n
e n tCr
sC B i Pay I n re Ass e y l cia ron m
entsTo continue ols theepexample, rting tonm

entthe Ceffectiveness pital of V or Pa over
ndcontrols Gen era Finan trol Envi ec
P a y m C o n t r
l R o
i r o
test
s  C a
h  the e
t s I T payment
i p t s processing,
o n n g a nd R
r l ci a nv e s en e C ill i
do
Gene the
ra
Finan Codocumentation
underlying
n trol E e ceimayvabl be examined P etty
Ca to determine:
ec
n tsB olsPay
ro
 I T t s  d R l l  I n m e r
nts ceip sh g an Payro toepaoreceiving rting e sse ay nt
a r d Re • setsThe  Cainvoice B
was illinphysically o l s matched R e n tCr
document. a p i tal A e n dor P eneral Co F i n ancia
l
edit
C As nts  on t r cia l on m  C  V TG s
Co
e s  n • d o Bids were I T Gobtained andi p t attached; oa n copy of theR e c
signed 
purchase
l P order s
ist m
attached ora r d
the  C
bl Ve ece hC ling and l
Payro rtingIn
ve it C ets
C ash estm ents it contract
underlying C ard R number s  Casis noted, B i l if applicable. l s  t  Cred p i t a l Ass y m ents
Pet t y Inv red sse t ts ontr o ep o e n Ca rP a
Rep o on m dothe POs T G receiving Fi n ro l ece as h
l Envir • cThe i v ab les 
receiving copy
Venof t orI other e ipts document  Cont is signed/initialed a nd R e tty Cdated.
and
t r o e s h e n e c s h n g  P
Con and• R Approval
e Ca estm ard R Ca illi oll
l l i n g l l P etty signature
n g  Invis noted re d it Cinvoice.
on l A s s ets e ntsB olsPayr
Bi lsPayro l Reporti C ta ym tr
o i a n m ent
e s  Capi e n d or Pa e ra l Con
t r c vi r o l V Ge n
Con
t s  F• inaThe n purchase
t rol En order R eivab bids
ecand/or y C(if h receiving
asany), t sIT document and invoice are for the same
i p C o n n d e t t e n
Rece Cash
 transaction.
Billin
ga
yroll gInve
P stm
t s t s   P a
Asse en s
ntrolagreement tin
o r P • aymWhere l a oprice
C i a l R eporapplies, the appropriate vendor was used.
r a c
Vend IT Ge
ne
s  Finan
t s  i p t
men • ardSigners Rece approving payment of the invoice have the appropriate authority.
i t C
Cred
F. Reconciliations
Reconciliations are a common control procedure, such as bank reconciliations or the reconcili-
ation of a subsidiary ledger balance to the general ledger account balance.
The effectiveness of reconciliation procedures can be tested through observation and re-per-
formance as follows:
• Review the documentation to determine that the reconciliation was performed on a
timely basis throughout the year.
• Re-perform the reconciliation to confirm that all reconciling items were identified.
• Investigate the resolution of significant reconciling items.
G. Application Controls
The IT specialist may decide to test the processing controls related to individual application
systems. One method is to prepare a file of test transactions and run them through the sys-
tem to determine that all pre-defined errors are identified.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er inan ir
ce C
a l C o n t
i a l R e p
Five
A s s e t s 
e n
When t s  B
reviewing o n IT controlsn c i a l R
over i
financial ro n m e
applications, s  it is h
important
s  V e
that I T
the G eIT
n
specialist t s o n t rol En
l C ina nv e p
ta ym
or Pa understand Gene the
ral
tsF ntand rol Ethen e
bl
ceiva thell ty Ca
Petprocess t men and
ts
r ecei
d Rrelevant C
C
ash Billing an
d
e n d I T c e i p business risks
C o d R identify ro key v e s
controls it C athe t s  au-
V ts Re CasIn h n
ling a rolthe PITayspecialist In findta“user” Cred control sse ts tro
v e s tmen tomated e d i t Cardprocedures. s e t s  some
s  B i lsituations, t s  p o r t ingmay e n C a p i t al A procedure r P a y men
r a l Con
 t that management tal yme on to eral C Fiand ial viro theifailure s
vable of aash end IT Ge tsF
in
i ro n men
e s  Capi d o r Parelies I T G enpromptly  nanceffectively n t ro l En detect
R e c e C
keyVautomated
e n t s  c e i p
nv abl procedure. Ve n  IT specialist ts Co ettyautomated Re
R eceiv C a sh Although s t m entsthe d R eceip should C a sh examine
i l l i g and othat
nevidence l l  Pthe
 I
tm
nves control d i t Cisard t a l Asse
ts
d t y Inv e a r 
etsthe specialist B Pa y r g
tinbe testing e
Cr reli- ap i
g an o llP
etoperating
i ng
appropriately,
C
C
redit theitfocus a l Ass
of
men
ts in this
r ols
situation
R
would
epor
the
ent vablesC CashVe
a y r o r t t  p P a y o n t i a l n m
lsP p
eability n
of theedetective Ca
control. or lC anc iro cei Petty vestme
F i l E ce a ece Co illin g Pay r gIn
pts Contro g and Re tty C ts  B 
a s h SUMMARY
l l i n r o l l Pe
v e st m e n
d i t Ca r d R
t s  C a s h
m e n t s 
C o n t ro l s
l R e p o r t i n
e n tCr
ec
r P C o l R i r o s  h  t s i p o n n g
do ra H. Extent
l ci of Testing
a nv bl e Ca s en ec e C ill i ro
I T Gene tsFinan Control E R e ceiva llPetty I n vestm dit Card R tsCash e n tsB olsPay
nts  ceipThe extent d  se government’s ay m nt r
r d Re s 

Cashof testing B
an
illingto betrperformedl s  Payro is aematter ng
porti ofmjudgment e n
e
tCr based p i talon Asthe
e n dor P eneral Co i n ancia
l
C a e t  o l R C a V F
edit s
Asoverall controlnts environment, on riskinassessment cia andothe n significance  of the h
Cascontrols being T Gtested.ceipts
C a pital r P ayme e n e ral C s F an t r o l Envir e i v ables e t t y e n tsI Re a sh
Co
e s  n The
d o goal is to
I T G
draw a conclusion
i p t about o nthe effectiveness R e c of internal
l  P control s t
asm a whole, not
a r d  C
bl Ve Rece C ing and l
Payro rtingIn
ve it C ets
C ash individual s t m entscontrols i t C ardstanding s  Cash
alone. B i l l l s  t  Cred p i t a l Ass y m ents
Pet t y Inv e red sse t ts ontr o ep o e n Ca rP a
Rep o n m n
Fican provide l
tromanagement ece withttonly h
l Envir
oFinally,
i v
 be reiterated
it should
ables shVend
o
n
that
tsI
TG
internal
c e
control
ipts shCon ng and R P e y Casrea-
t r o e c e Ca e
tmgovernment’s e
d R goalstsand Caobjectives li be achieved. ll 
Con sonable
and R lPetty
assurance thatvthe
In es redit Car s e 
ilwill
tsB should Payro
Within the
l l i n g context l of this n g 
Guidebook, the effectiveness l A s of internal m e n
controls o l s  be evaluated on the
Bi lsPayro l Reporti m e ntC Capita ndor Pay ra l C ontr
ro basis of ia the financial on statements les and whether Ve any errors nethat internal controls fail to detect or
Cont sFinanc trol Envir e ceivab y Cash s  IT Ge
ip t prevent Conmightnbe R
material.
nd ett en t
Rece C a sh B i l l i ga y r o llP I n v estm
ts a g
ents ntrols
P
Asse P I.
a y m
Evaluating o Control R e p ortin
Deficiencies
or ral C cia l
Vend I T Gene tsFinan
tsThe purpose ip of the risk assessment is to evaluate the design and operation of controls. To the
men a r d Rece
it Cextent deficiencies are identified, it is important that timely corrective action is taken. De-
Cred pending on the severity of the weakness, a corrective action plan should include a timeline for
completion and follow-up to verify proper implementation.

ti t y tr lR l T
and l t
t rol En R
ab
s
 Cont
ro
P
s a
orGuidebook
rP
er an l Env
ir
d Re
ce C
a l C o n t
i a l R e p
l l i n g n
References
a l l  Petty
REFERENCES ol En
ta l A e n
ral C o ina n c
Env i r o bl e s  Ca s h I T cei p t s C o n
ym
d
t s  C
V ts Re h n Payro rtinIllinois, it se ts
tmen COBIT, CaITrdGovernance CasInstitute ing a Rolling gIn USA, Cred al As men tro
I n v e s
C re d i t
A s s e t s 
n t s  B i ll(ITGI),
o n t ro l s  Meadows,
R e p o n m e n t  http://www.isaca.org
 C a p i t
o r P a y
e r a l Con
 t tal me al C cial iro es Vend sIT Ge n in
ro n men s 
Committee Capi of d o r Pay
Sponsoring G ener
Organizations F i nofanthe t
Treadwayr o l EnvCommission e c e ivabl(COSO), a s h n t e i p tsF
nv i abl e Ve n I T ts  Co n R tty C http://www. e Re c
ents rd Receip
d tm ts
d R eceiv coso.org y C a sh e s t m a  C a sh B i l l i ng an yrollPe g  I nves e d i t Card i t a l Asse
g an ett Inv redit
a y r o llP o r t i ng t  C p i t a l Ass P a y men o n t rols i a l R epor n m ent vablesC CashVe
lsP ep en Management—Integrated Ca or l C Committee anc of Sponsoring iro Rece
i
Petty vestme
n a n cial R Enterprise n v
Risk
ironm ivables shVend IT Genera iptsFin
Framework,
n t ro l Env a n dOrganiza- o l l 
F i E
ol of the ece CoCertified g Pay r gIn
pts Contrtions a n d RTreadway Pe ty Ca tmen(COSO),
tCommission ts American
rd R ece Institute
C a s h  of
t s B lin
ilPublic
r
Accountants,
o l s o r t i n tCr
a s h USA,
i l l i n g2004 ro l l I n v e s d i t Ca e t s  y m e n
l C o n t l R e p m e n
B Pay
rting
 Cre
pital
Ass Pa
ra cia ron ec
a y m o e p o n m ent C a  V e a nd R
r P l C
ra Internal a l R
Control—Integrated
ci nv i r o Framework, e s  Committee s h en
of Sponsoring t s e i
Organizations p o n
Cthe tsBill
of i n g
do
T Gene Treadway Finan Commission n trol E (COSO), e ivabl
ceAmerican P etty
Ca
n vestm dPublic C
Rec
ardAccountants, CashUSA,m1992 n s  Payro
 I t s  C o d R l l Institute  of I Certified i t t s e nt ro l
nts ceip Cash
 an yro ng tCr
e sse ay
dor P eneral Co
l
C a r d Re e t s   B illing trolsPa l R e porti m e n C a p i tal A V e n F i n ancia
edit Ass
pital Internal aym ents Guide,
Control on
ral C Vols.s1and Fina2,
ia
ncCommonwealth Envir
on of Massachusetts,
ables
 h of the
CasOffice tsIComp-
TG ceipt
s Co
i p t o n t r o l
e c e i v P e t t y
s t m e n
a r d R e C a sh
bl e n I T ece
Ve troller, http://www.mass.gov/osc/Homeview/CONTROL/CONTENTS.HTM C ing and R l l  ve it C ets 
C ash estment
s
t C ard R s  Cash B i l l l s  Payro rtingIn t Cred i t a l Ass y m ents
t y i t ntr o o n Ca p a
Pet
ng ISO
Inv IECt
n 17799, Cred Code italof
se
AsPractice mfor
s
entInformation ral CoSecurity c al Re
p
iManagement, v
me
ironInternational b lesOrganiza- endo
rP
o r t i m e C a p P a y e n e n a n l E n i v a h  V
Rep on or Switzerland, TG Fi ro ece as
r o l Envir tioncefor i v bles hVend(ISO),
aStandardization e n tsI c e2000,
h  Cont
iptshttp://www.iso.org/iso/en/prods-services/pop- g a nd R P e tty C
t Re Ca s tm dR e Ca s illi n oll 
Con P etty
andstds/informationsecurity.html Inves redit Car s ets tsB olsPayr
l l i n g l l n g  l A s e n
Bi lsPayro l Reporti tC ta ym tr
o IT Control i a Objectives n m enSarbanes-Oxley,
for e s Capi Information e n d or Pa Systems e ra l Con Audit and Control Association
t r c vi r o l V n
Con s inan and
F(ISACA) t r o lIT EnGovernance e c ab
eivInstitute C a sh Rolling
(ITGI), s T Ge
IMeadows, IL, 2004,
t Con R Pett y t http://www.isaca.org
Rece
ip
s h  l i n g and
o l l v e s t men
a Bi oHowl ayr In Sarbanes-Oxley Section 404 – Assessing the Effective-
tsCRamos, ntsMichael, lsPto Comply tingwith
Asse y m e n t r p o r
or Pa ral C
o l Re
Vend ness G e ofneInternal F i n ancia John Wiley & Sons, Inc., Hoboken, NJ, 2004
Control,
T ipts
tsI ce[Name],
men State rd R e
of [State Accounting Manual], [Policy XXXX – Title], [Link]
r e d it Ca
C
Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5: An Audit of
Internal Control over Financial Reporting That is Integrated with an Audit of Financial State-
ments, June 12, 2007, http://www.pcaobus.org/Rules/Rules_of_the_Board/Auditing_Standard_5.
pdf
The Standard of Good Practice for Information Security, Information Security Forum (ISF),
2004, http://www.isfsecuritystandard.com

Prevention IC Guidebook

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Prevention IC Guidebook

Uploaded by

Copyright:

Available Formats

INTERNAL CONTROL

NATIONAL ASSOCIATION OF STATE COMPTROLLERS

Internal Control Guidebook - 2010 Page 2

CHAPTER FIVE: TESTING CONTROLS................................................................25

Internal Control Guidebook - 2010 Page 3

Internal Control Guidebook Page 4

• Internal control is a process. It is a means to an end, not an end in itself.

Internal Control Guidebook Page 5

Facilitate Preparation for Audits

Internal Control Guidebook Page 6

E. Limitations of Internal Control3

Internal Control Guidebook Page 7

Internal Control Guidebook Page 8

Management demonstrates a positive attitude toward internal control by providing

Internal Control Guidebook Page 9

Evaluate Identified Risks

Internal Control Guidebook Page 11

Internal Control Guidebook Page 12

Internal Control Guidebook Page 13

Internal Control Guidebook Page 14

Internal Control Guidebook Page 15

Internal Control Guidebook Page 17

Internal Control Guidebook Page 18

Internal Control Guidebook Page 19

Internal Control Guidebook Page 20

B. Potential Risks of Using IT in the Financial Reporting Process

Internal Control Guidebook Page 21

Internal Control Guidebook Page 22

D. The Role of the IT Specialist1

Internal Control Guidebook Page 23

Internal Control Guidebook Page 24

B. Surveys and Interviews

C. General Computer Controls

Internal Control Guidebook Page 25

E. Re-performing Control Procedures

Internal Control Guidebook Page 26

Internal Control Guidebook Page 27

Internal Control Guidebook Page 28

Internal Control Guidebook - 2010 Page 29

You might also like