Back to Main Page

DFA Internal Control Assessment

Section 1: Control Environment


  1. Does the agency's Code of Ethics demonstrate a commitment to integrity and ethical behavior?
  2. Does management clearly communicate and demonstrate the importance of integrity and ethical behavior within the workplace?
  3. Management's Philosophy

  4. Does the agency have a written mission statement containing the purpose, goals, and objectives?
  5. Has management provided staff with an understanding and awareness of the benefits of effective internal control?
  6. Does the agency have a current organizational chart?
  7. Organizational Structure

  8. Is the agency's organizational structure appropriate to carry out its mission and manage its operations effectively?
  9. Does the organizational structure in each division provide adequate supervisory and managerial oversight?
  10. Does management periodically evaluate the organizational structure in light of changes in the scope, nature, or extent of operations?
  11. Have access controls been established to enforce segregation of duties?
  12. Has the agency established an audit committee to review results of internal and external reviews (audits and monitoring reports) of the agency?
  13. Has the agency designated an internal control officer responsible for assessing controls and communicating results to management?

    Management's Commitment to Professional and Technical Competence

  1. Are employees properly trained and capable of performing all jobs within their division?
  2. Does the agency have a formal training and continuing education program that encourages employees to obtain certifications in their functional area?
  3. Human Resources Standards

  4. Does the agency have a new hire orientation policy?
  5. Does the agency ensure that new employees are made aware of their responsibilities and management's expectations?
  6. Does management personnel meet with employees to review job performance and discuss opportunities for improvement?
  7. Do performance appraisals adequately address internal control responsibilities and establish criteria for integrity and ethical behavior?
  8. Does the agency perform background checks on individuals hired for sensitive positions?


Section 2: Risk Assessment

    Risk Management

  1. Does the agency identify potential events that may adversely affect the achievement of agency-wide or division objectives?
  2. During an emergency event, has management implemented a contingency plan that will ensure the continuation of the agency's operation?
  3. Does management determine whether an implementation plan is needed?
  4. If an implementation plan is needed, does management establish the necessary controls to ensure the implementation is effective?
  5. Once a risk response is developed for inherent risk, does management consider residual risk?
  6. Does management consider the likelihood and/or impact of risk?
  7. What controls are being implemented to mitigate risk?
  8. Does management identify and analyze risks relating to change,for instance, new technology, new regulations, restructuring, and rapid growth?
  9. Does management consider the potential for fraud when identifying, analyzing, and responding to risks?
  10. Are final risk determinations and managerial approvals documented and kept on file?
  11. Is there a corrective action plan process to promptly resolve audit and monitoring findings from both internal and external sources?
  12. Does the department have a process to identify new (or changed) laws or statutory requirements that could affect the department's operations?


Section 3: Control Activities

    Control Activities Applicable to All Fiscal Processes

  1. Are there policies and procedures developed and implemented for each major fiscal process?
  2. Does management have a process for the development, approval, and implementation of policy updates?
  3. Are policies and procedures manuals updated in a timely manner and reflect current processes?
  4. Do the policies and procedures identify how processes are to be performed and monitored and who carries out those responsibilities?
  5. Does management periodically review and document the functionality and overall effectiveness of controls?
  6. Has management implemented effective procedures that verify the accuracy of data when it is entered, processed, generated, distributed, or transferred?
  7. Does management segregate key duties and responsibilities among employees to minimize the risk of misuse, mistakes, or fraud?
  8. Agency-wide Security Management Program

  9. Has the agency developed a plan that clearly describes the agency- wide security program?
  10. Are there policies and procedures that support the security program?
  11. Has management established a structure to implement and manage the security program throughout the agency?
  12. Are security responsibilities clearly defined?
  13. Has the agency implemented effective security-related personnel policies?
  14. Does management monitor and periodically assess the security program policies, procedures and compliance?
  15. If weaknesses in the security program are identified, does management take corrective action?
  16. Are the agency's information technology policies and procedures in accordance with ITS policies, standards and guidelines?
  17. Access Control

  18. Has the agency established physical and logical controls to prevent and detect unauthorized access?
  19. Are sensitive and confidential data files password protected at all times, including portable flash drives, thumb drives, laptops, etc.?
  20. Are passwords required for access on all computers?
  21. Are staff required to regularly change their passwords?
  22. Does the agency monitor information systems access, investigate apparent violations, and take appropriate disciplinary action?
  23. Does the agency have documented procedures for removing access to all systems when an employee leaves the agency?
  24. Application Software Development & Change Control

  25. Are the agency information system processing features and program modifications properly authorized?
  26. Is all new or revised software thoroughly tested and approved?
  27. Does the agency have established procedures to ensure control of its software libraries, including labeling, access restrictions, use of inventories and separate libraries?
  28. System Software Control

  29. Does the agency limit access to system software based on job responsibilities?
  30. Is the access authorization documented?
  31. Does the agency monitor access to and the uses of system software?
  32. Are there policies in place to protect system software from unauthorized changes?
  33. Are there policies in place to prevent unauthorized personal software on an agency server or employee's work station?
  34. Service Continuity

  35. Does the agency have data and program backup procedures, including off-site storage of data, environmental controls, and staff training?
  36. Does the agency periodically test and restore the backup files to ensure access?
  37. Has management developed and documented a comprehensive contingency plan?
  38. Does the agency test the contingency plan and adjust it as appropriate?
  39. For agencies with an accounting system other than MAGIC

  40. For agencies not using MAGIC as its general ledger, is access to the general ledger restricted to those who are assigned general ledger responsibilities?
  41. Does the agency have sufficient system controls in place for general ledger?
  42. Are these controls documented and tested in a timely manner?
  43. Does the agency reconcile its accounting system daily to MAGIC?


Section 4: Information and Communication

    Information Questionnaire

  1. Does the agency have adequate provisions to provide information to staff that facilitates the operating, reporting, and compliance mandates?
  2. Are system generated reports adequate, sufficient, and effective for the user?
  3. Is management receptive to comments by internal and external auditors regarding deficiencies or suggestions for improvement?
  4. Does the agency respond with an appropriate action plan?
  5. Has the agency developed an information technology plan that is linked to achieving the agency's objectives?
  6. Are the information technology plans modified as needed to support new objectives?
  7. Communication Questionnaire

  8. Do communication channels exist for employees to effectively communicate up, down, and across the agency?
  9. Are detailed reports and data provided to appropriate staff on a timely basis?
  10. Does a clear communication channel exist to report suspected improprieties?
  11. Are realistic mechanisms in place for employees to provide recommendations for improvements to work environment?
  12. Are employees' suggestions acknowledged by providing incentives or other meaningful recognition?
  13. When an agency changes its objectives or strategies, is it communicated timely to all agency staff?

Section 5: Monitoring

    Monitoring Questionnaire

  1. Are the internal controls being monitored and reviewed by management to determine if they are operating as intended?
  2. Does management solicit input from staff on opportunities to improve the effectiveness of controls?
  3. Does the agency evaluate the internal control system when there are major strategy changes?
  4. Has management established performance measures for processes?
  5. Does management receive periodic reports on performance measures for evaluation?
  6. Are internal control deficiencies reported to the person directly responsible for the activity and to a person one level higher?
  7. Does the department have a process to ensure that prior-year audit findings have been corrected?
  8. For a control deficiency, does the agency reassess and modify the control to prevent compliance problems?
  9. Does the agency notify the IT department within 24 hours that an employee has been terminated?


Section 6: Procurement and Accounts Payable

    Purchasing Overview

  1. Are all state purchases made in accordance with state and federal laws and regulations, including directives of DFA, ITS, SPB, and PSCRB?
  2. Are purchasing officers knowledgeable in federal and state purchasing laws and regulations?
  3. Are the Executive Director and all purchasing officers aware of penalties associated with improper and fraudulent purchases?
  4. Are purchasing officers encouraged to participate in the MS Association of Government Purchasing and Property Agents training?
  5. Is procurement centralized within the agency, to the extent possible?
  6. Are all employees aware of the Ethics in Public Contracting section of the DFA Office of Purchasing and Travel Procurement Manual?
  7. Does the agency have procedures in place to prevent splitting of purchase orders to avoid solicitation of bids or advertising for bids?
  8. Is documentation maintained to support compliance with state procurement regulations?
  9. Are the duties of solicitations and evaluations of bids from contract awards segregated?
  10. Does sole source procurement documentation support the determination of sole source and the reasonableness of price?
  11. Does management approve all sole source procurements?
  12. Are vendors/sub recipients who are paid with federal funds cleared against the federal excluded parties list system (EPLS) to ensure against disbarment?
  13. Are procedures in place to limit review of information pertaining to any bid to the premises of the agency?
  14. Are procedures in place to ensure proper approvals from oversight agencies, including DFA, ITS, SPB, and PSCRB, are obtained prior to final intiation of contracts?
  15. Purchasing - Issuing Purchase Orders

  16. Are employees aware that if a purchase is made without a valid and approved purchase order (required by law or regulations), it is not an obligation of the state?
  17. Are procedures in place to periodically examine open purchase orders to determine if they should be adjusted or closed?
  18. Are procedures in place to electronically submit purchase orders to be paid out of funds appropriated for any fiscal year by June 30 or the date specified by DFA?
  19. Are procedures in place to ensure that all required fields on purchase order documents are populated with correct accounting codes?
  20. Are procedures in place to notify vendors before services begin that a purchase order cannot be issued to them unless they first have a vendor number in MAGIC?
  21. Are procedures in place to consolidate orders in order to take advantage of quantity discounts?
  22. Are procedures in place to insure budget authority and cash exists prior to solicitation for procurement?
  23. Are procedures in place to ensure that only authorized employees are requesting the purchasing department to order goods and services?
  24. Are these request for goods and services in written communication?
  25. Are procedures in place to ensure segregation of duties between purchasing, receiving, and payment for goods and services?
  26. Are procedures in place to ensure that MAGIC security profiles are consistent with segregation of duties?
  27. Purchasing - Emergency Purchases

  28. Are the Executive Director and purchasing officer(s) aware of the legal definition of an emergency as set forth in Section 31-7-1(f) of the Mississippi Code?
  29. Does the agency determine that the emergency which necessitates the purchase meets the legal definition before an emergency purchase is initiated?
  30. Does the agency have documentation that includes a description of the item purchased, the purchase price, and the nature of the emergency for each emergency purchase?
  31. Has the agency developed an emergency purchasing plan which may be put to immediate use should a disaster occur?
  32. Has the agency followed all applicable rules and regulations pertaining to emergency purchases?


Section 7: Cash Disbursements

    Cash Disbursements - Procurement Cards

  1. Has the agency identified and approved the number of cardholders and personnel to be assigned procurement cards?
  2. Has the agency developed and documented internal controls for the Procurement Card activities that comply with the Office of Purchasing and Travel Procurement Manual?
  3. Has the agency developed and documented internal control procedures that are in compliance with Procurement Card contract provisions?
  4. Are all payments to the Procurement Card Vendor made by the corresponding due date?
  5. Are purchase logs and cardholder statements obtained and reconciled to the corresponding Procurement Card vendor statement in a timely manner?
  6. Are reconciled statements reviewed, approved, and signed off on by the cardholder's supervisor?
  7. Are unacceptable materials and incomplete services documented and appropriate corrective action taken?
  8. Are original payment processing documents maintained by the agency for auditing purposes?
  9. Cash Disbursements - Expenditures

  10. Are the responsibilities of initiating a purchase separate from approving payments?
  11. Are invoice processing and accounts payable functions adequately segregated from the general ledger functions?
  12. Does the agency have documented policies that ensure compliance with the State's prompt payment law?
  13. Are payment processing documents retained on file at the agency for the required retention period?
  14. Does the agency have policies and procedures in place to ensure that disbursements are only for authorized purposes?
  15. Does the agency follow the laws, rules, and regulations that govern the disbursements?
  16. Are the responsibilities for disbursement procedures clearly documented and assigned to specific personnel?
  17. Are controls established to assure that all payments are made on a timely basis and in accordance with all PO's and contracts?
  18. Are proper invoice numbers reported on the payment document to ensure that duplicate payments are not made?
  19. Are vendor invoices received in a central location?
  20. Are responsibilities for receiving goods and services adequately segregated from approving payments?
  21. Are MAGIC security profiles established for the cash disbursement function in agreement with adequate segregation of duties?
  22. Has the agency established procedures for adequate pre-audit of agency expenditures for compliance with all state and federal regulations?
  23. Are procedures in place to assure that adequate, sufficient documentation is collected as support for each payment?
  24. Are procedures in place to ensure proper account code fields are used to clearly distinguish program expenditures?
  25. Are procedures in place requiring an additional approval for any disbursements exceeding a set threshold?
  26. Are procedures in place requiring management to periodically examine expenditure reports to monitor agency purchases and to identify unusual or questionable activity?
  27. Are controls in place to ensure sufficient cash or federal grant receivables (if applicable) is available prior to the agency approval of payment documents?
  28. Are procedures in place to ensure that expenditures are recorded in the appropriate fiscal/budget/federal accounting period and are eligible costs for that period?
  29. Are procedures in place to ensure that payment of prior year claims are in accordance with Miss Code Ann. 27.104.25 (1972)?
  30. Cash Disbursements - Receiving Reports

  31. Does the agency verify the goods receipt against the purchase order prior to approval for payment?
  32. Are procedures in place for prompt filing of claims for goods damaged in shipment?
  33. Cash Disbursements - Petty Cash

  34. Is the petty cash account assigned to only one person?
  35. Does someone other than the cashier (or authorizing official) reconcile the monthly petty cash bank statement?
  36. Is the petty cash account in the agencies name?
  37. Are all checks sequentially pre-numbered and imprinted with "Petty Cash Fund"?
  38. Are the pre-numbered checks imprinted with the agency name?
  39. Are checks signed after reviewing supporting documentation?
  40. Does the check register list every check issued, date of issuance, check number, name of payee, the amount disbursed and the account to be charged?
  41. Are the monthly bank statements reconciled to the check register?
  42. Are cancelled checks or copies of checks if not returned by the bank and bank statements maintained for audit?
  43. Are spoiled checks marked "VOID" and the signature line obliterated or mutilated?
  44. Are voided checks filed in numerical sequence with cancelled checks?
  45. Does receipts for all disbursements accompany the request for reimbursement?
  46. Does the agency conduct surprise reconciliations of cash box, if applicable?
  47. Are petty cash blank checks secured and locked with access limited to the responsible employee or supervisor?
  48. Are procedures in place to ensure that petty cash funds are not used for cashing checks or otherwise advancing funds to any officer or employee? (Miss. Code Ann. 7-7-59)


Section 8: Accounts Receivable

    Accounts Receivable

  1. Are the agency's accounts receivable policies and procedures clearly stated through manuals, handbooks, or other media?
  2. Are all receivable transactions properly and accurately recorded, aged, and accounted for in MAGIC?
  3. Are billings timely and accurately recorded and documented on the date the revenue transaction was completed, or the nearest normal billing cycle date?
  4. Are all collections on accounts receivable deposited and the source and date of payment recorded in a timely manner?
  5. Are the responsibilities for billing services and fees segregated from collection and accounting?
  6. Are the responsibilities for maintaining detailed accounts receivable records segregated from collection, deposit, and general ledger postings?
  7. Are all adjustments, write-offs, and discharges properly authorized, documented, and made in accordance with establish policies, procedures and legal requirements?
  8. Are uncollected accounts periodically reviewed and collection actions taken in accordance with established policies, procedures, and legal requirements?
  9. Are account balances aged periodically and reviewed by an official not involved in cash receipts and disbursements?
  10. Are recorded balances of receipts, accounts receivable and related transaction activity periodically substantiated and evaluated?
  11. Are receivables recorded promptly after collection?
  12. Are records of receivables easily accessible?
  13. Are receivable amounts periodically reviewed for credit balances?
  14. Are the quantities, prices and clerical accuracy of billing invoices independently verified by another person other than the preparer?
  15. Are billing statements promptly sent to all customers on a regular basis?
  16. Are adequate files maintained by the agency on all accounts that have been written off to avoid violation of the statute which prohibits the forgiveness of debts owed to the State?
  17. Are voided billings retained on file?
  18. Cash Receipts - Deposits

  19. Has the agency developed an internal processing system capable of separating payments received from related accounting departments?
  20. Are all deposits properly and accurately recorded and accounted for in MAGIC?
  21. Are checks endorsed "For Deposit Only" immediately upon their receipt?
  22. Are the responsibilities for collection and deposit preparation segregated from the recording of cash receipts and general ledger entries?
  23. Are the responsibilities for cash receipts segregated from those for cash disbursements?
  24. Are personnel who physically handle daily receipts periodically rotated?
  25. Do procedures exist for follow up and collection of "non-sufficient funds" checks?
  26. Are "non-sufficient funds" checks handled by someone independent of processing and recording of cash receipts?
  27. If payments are made in person, are receipts controlled by cash register, pre-numbered receipts, or other equivalent?
  28. Are receipts accounted for and balanced to collections on a daily basis?
  29. Does the agency have a secure fireproof area, restricted to authorized personnel, for protecting and storing un-deposited cash receipts?
  30. Are remittances by mail listed at the time mail is received and opened?
  31. Does the agency forward a copy of the listing to personnel in cash receipts?
  32. Does the agency keep an original copy of the remittance by mail listing?
  33. Is the remittance by mail list daily compared with the deposit by a third person?
  34. Is cash receiving function centralized?
  35. Are cashiers prohibited from cashing personal checks or notes of personal indebtedness?
  36. Are bank balances in excess of $250,000, the F.D.I.C. limit, adequately secured?
  37. Are deposits into agency clearing funds in accordance with approval by the DFA and State Treasury?
  38. Are cash drawers balanced on a daily basis?
  39. Does the supervisor verify that the cash is in balance and sign off?
  40. Are surprise cash drawer audits being conducted by supervisors periodically?
  41. Are MAGIC security profiles consistent with the segregation of duties over receipt functions?
  42. Are procedures in place to document when receipt of funds should be recorded as refunds of expenditures or prior year revenue?


Section 9: Travel


  1. Are procedures in place to ensure that all travel is done in accordance with the State Travel Policy Rules and Regulations manual published by DFA-OPTFM?
  2. Does the agency provide all employees subject to travel status with a copy of the Travel Manual?
  3. Does the agency offer training classes to review the Travel Manual with employees?
  4. Are procedures in place to require a travel waiver form be sent to DFA-OPTFM prior to making any reservations that deviate from standard travel procedures?
  5. Are procedures in place whereby the agency utilizes the appropriate state contract vendor for cars rented inside or outside the state?
  6. Does the agency have a department travel coordinator who handles the monitoring and compliance of State Travel Rules and Regulations and other travel related assistance?
  7. Are procedures in place to ensure travel reimbursement requests are submitted immediately upon the employee's return and any travel settled at the time?
  8. Are procedures in place to cancel credit cards immediately upon employee termination?
  9. Are procedures in place to review all credit card statements sent to the agency?
  10. Are procedures in place to handle the misuse of a credit card by an employee?
  11. Are procedures in place to ensure that travel reimbursement requests are verified, checked for compliance and approved before submitted to DFA?
  12. Are procedures in place to govern the use of state-owned vehicles and Fuelman cards in accordance with Miss. Code Ann (1972) 25-1- 79 and 25-9-153?
  13. Does management understand that they are responsible for ensuring the compliance with Section 25-3-41, Miss Code (1972) by providing internal controls over employee travel?


Section 10: Grant Administration

    Indirect Cost Recovery

  1. Are policies and procedures in place to prevent unallowable costs being charged to federal awards either directly or indirectly?
  2. Has the agency's organizational structure been reviewed to determine the appropriate indirect cost or cost allocation plan proposal methodology?
  3. Has the indirect cost rate proposal or cost allocation plan been prepared according to requirements set forth by 2 CFR Part 200, Uniform Administrative Requirements?
  4. Has a completed indirect cost rate proposal or cost allocation plan been submitted, negotiated and approved by the cognizant agency in a timely manner?
  5. Has an approved indirect cost rate or amount been applied against appropriate grant awards?
  6. Has the agency identified events that may affect the cost rate proposal or cost allocation plan to ensure that updates are performed in a timely manner?
  7. Federal Grant Compliance

  8. Does the agency have controls in place to ensure that all purchases made with federal funds are in accordance with 2 CFR Part 200?
  9. Does the agency take responsibility for administering federal funds in a manner consistent with all agreements, objectives, and terms and conditions of the Federal award?
  10. Does the agency have procedures in place to ensure that an employee has security access to the grantors' draw down system?
  11. Are employees trained and knowledgeable of federal program requirements?
  12. Are procedures in place for determining reasonableness and allowability of expenditures when charging to specific federal programs?
  13. Does the agency have a tracking mechanism to monitor actual expenditures against federal grant award amounts?
  14. Are methods in place to detect potential unallowable activities?
  15. Has the agency implemented procedures to verify/confirm participant eligibility for applicable federal programs operated?
  16. Does the agency have procedures in place to ensure that uniform policies, procedures and regulations exist regardless of the funding source of funds?
  17. Does the agency have procedures to ensure that matching/level of effort requirements are met and documented by the agency and its sub-recipients?
  18. Does the agency have procedures in place to ensure accurate and timely reporting to federal grantor agencies?
  19. When reporting to federal grantor agencies, does the agency have adequate supporting documentation?
  20. Does the agency have procedures in place to ensure that the draw down of federal funds are in accordance with award draw down schedule?
  21. Are procedures in place to ensure compliance with the Cash Management Improvement Act (CMIA)?
  22. Are procedures in place to ensure that grant funds in MAGIC do not remain with a negative cash balance?
  23. Are grant funds periodically reviewed for negative cash balances?
  24. Is interest earned on federal funds identified and reported to the federal funding agency?
  25. Do policies exist to account for program income from federal program activities?
  26. Are procedures in place to ensure that no alcoholic beverages are purchased with federal funds?
  27. Are contracts and sub-recipient award/grant documents reviewed to ensure inclusion of all applicable federal requirements?
  28. Are procedures in place to ensure that compensation for employees engaged in work on federal awards is consistent with that paid for similar activities of the government?
  29. For employees working on a single federal award or cost objective, are charges for salary and wages supported by periodic certifications?
  30. Are periodic certifications verified against payroll records for accuracy?
  31. Are personnel activity reports or equivalent documentation maintained when an employee works on multiple grants or activities?
  32. Does the agency have procedures in place to adequately train appropriate staff on federal grant requirements?
  33. Are procedures in place to ensure compliance with each federal agency's codification of the grants management common rule for which they are awarded funds?
  34. Are policies in place to ensure compliance with appropriate requirements for each grant pursuant to grant award documents and to 2 CFR Part 200?
  35. Does the agency maintain a written annual monitoring plan that identifies current year subrecipients, monitoring activities, schedule of activities, and reporting results?


Section 11: Fixed Assets


  1. Are actual expenditures compared to planned expenditures by project?
  2. Are capital outlay plans updated to reflect approved change orders affecting the original budget?
  3. Are procedures in place to ensure that procurement regulations are met and documented, including the approval from the Public Procurement Review Board?
  4. Are procedures in place to ensure that construction-in-progress and completed projects are properly recorded?
  5. Are procedures in place to ensure that budgeted items at all levels do not exceed the amount fixed for projects?
  6. Does the agency comply with the guidelines set forth for projects by DFA-OPTFM?
  7. Fixed Assets: Overview

  8. Are fixed assets only acquired for use in furthering the agency's programs and missions?
  9. Is access to the fixed asset system limited to employees who need access to perform their job responsibilities?
  10. Are all assets within the required capitalization or control limits being recorded in the Fixed Asset System in a timely manner?
  11. Are proper stewardship and control over assets being enforced? (i.e. periodic inventory)
  12. Do financial records and reports properly reflect the fixed asset balances?
  13. Are fixed assets protected from theft?
  14. Does the agency have procedures for reporting theft of a fixed asset?
  15. Are segregation of duties maintained between the recording of fixed assets in the Fixed Asset System and the purchase and disposal of fixed assets?
  16. Does the agency adequately and timely prepare reports required by the State Property Office?
  17. Does the agency abide by all policy and regulations issued by the State Property Office?
  18. Are fixed asset purchases in accordance with MS Code, Section 31- 7-13, Bid Requirements?
  19. Does the agency properly record excluded assets that are not required to be reported by the State Property Office?
  20. Are excluded assets safeguarded against damages or theft?
  21. Have employees been informed of State Property Office regulations and internal procedures?
  22. Are internal procedures documented in writing?
  23. Are procedures in place to ensure proper recording of donated assets?
  24. Does the agency follow the proper procedures for recording an asset without a purchaser order?
  25. Are DFA-OFR instructions for GAAP reporting followed and appropriate schedules submitted in a timely manner?
  26. Are source documents from audit trails provided for all fixed asset transactions?
  27. Does the agency review proper recordings of assets in the fixed asset system?
  28. Fixed Assets: Betterments and Upgrades

  29. Are all transactions involving betterments or upgrades evaluated on a case-by-case basis?
  30. Does the agency determine whether cost should or should not be entered in the fixed asset management system?
  31. Are costs entered into the fixed asset management system properly referenced against the underlying original asset?
  32. Does the agency assign realistic useful life to all depreciable assets when reporting additions (betterments) to the State Property Office?
  33. Are asset acquisition cost, acquisition date and useful life properly recorded so that accurate depreciation is calculated?
  34. Fixed Asset: Disposal and Transfers

  35. When an asset is disposed, does the asset show a deactivation date?
  36. Does the agency have a policy for handling surplus property?
  37. Are all surplus items reported timely to the State Property Office?
  38. Does the agency have a policy for handling obsolete and/or broken assets?
  39. Are asset transfers properly documented indicating the receiving party?
  40. Does segregation of duties exist between physical control and disposal of assets?
  41. Is stolen property reported to security immediately and removed from inventory?
  42. Fixed Assets: Federal Fixed Asset Accounting Requirements

  43. Does the agency ensure that assets purchased with federal grant funds conform to state and federal rules and regulations?
  44. Are cost principles and administrative requirements pertaining to federally funded assets followed?
  45. Does the fixed assets management system reflect property as purchased with federal funds and the specific federal program?
  46. Are grantors notified (if required) when capitalized assets acquired with grant funds are no longer used in the grant program?
  47. Fixed Assets: Maintenance of Assets

  48. Are maintenance costs of assets (owned or rented) periodically reviewed and analyzed?
  49. Are maintenance contracts current and cover only assets approved by management?
  50. Are procedures in place to ensure that maintenance costs are not incurred for assets covered under warranties?
  51. Are warranty expirations reviewed periodically?
  52. Does the agency terminate maintenance contracts when cost is determined to be excessive in relation to cost to replace the asset?
  53. Capital Leases

  54. Are lease policies and procedures in accordance with the State requirements?
  55. Are all lease transactions properly and accurately recorded and accounted for within MAGIC and agency-based accounting system (if applicable)?
  56. Are all lease/notes payable information properly reported to DFA- OFR in the agency GAAP packet process?
  57. In preparing the agency budget request, are amounts needed to pay principal and interest properly budgeted?
  58. Are all leases properly classified as either operating or capital?
  59. Are active leases maintained at the agency?


Section 12: SPARHS

    SPAHRS Introduction

  1. Does the agency ensure that management and staff are properly trained in the use of SPAHRS?
  2. Are payroll-processing tasks segregated so that one person does not have control of a transaction from beginning to end?
  3. Does the agency have policies in place to ensure that only authorized persons have access to essential data and are able to make changes to employee pay records?
  4. Does documentation and authorization exist for all employee record changes and payroll transactions?
  5. Is documentation for employee record changes and payroll transactions retained for audit purposes?
  6. Does the agency ensure that paychecks are not distributed prior to payday?
  7. Does the agency run a preliminary payroll report, review the preliminary report, and correct any errors in a timely manner?
  8. Does the agency have policies and procedures in place for completing the final payroll run before the cut-off time established by DFA-OFM?
  9. Does the agency regularly finalize payroll after the cut-off time established by DFA-OFM?
  10. Are all reports generated from the use of mass transactions and automated interface processes reviewed to verify accuracy?
  11. 1099 Reporting

  12. Does the agency ensure that all quarterly 1099 reports have been reviewed?
  13. Are all appropriate adjustments made prior to the certification of the final year-to-date totals?
  14. SPAHRS Data Entry

  15. Are proper paperwork and authorization in place prior to entering payroll data?
  16. Has the agency developed policy and procedures concerning the data entry and review process?
  17. Do the payroll and fiscal officers review data entry prior to certification of payroll?
  18. Are forms and/or applications used to establish an employee record or make a change to current information maintained by the agency for audit purposes?
  19. Does the agency approve all funding information in MAGIC prior to entry of payroll transactions into SPAHRS?
  20. SPAHRS Employee Profiles - Hires/Rehires

  21. Does the agency have documentation supporting the hiring and/or rehiring of employees completed and authorized before processing?
  22. Prior to SPAHRS submission, does the agency review all information pertaining to the new hires to ensure the correctness of the data entry?
  23. Does the agency ensure that all employees complete both federal and state withholding forms?
  24. Does the agency input into SPAHRS the allowances claimed by the employee on Form W-4 and any additional amount requested on both the federal and state withholding forms?
  25. Does the agency ensure that all reciprocal tax agreements with other states are honored and taxes are withheld and reported to those states?
  26. Does the agency require eligible employees to complete a new W- 5, Earned Income Credit Form, by certification of the first pay period of the new calendar year?
  27. SPAHRS Employee Profiles - Terminations

  28. Does the agency verify that SPAHRS information concerning terminated employees is complete, properly authorized, and entered accurately into SPAHRS?
  29. Does the agency fiscal officer ensure that any outstanding advances or agency property have been recovered prior to the final payment issued to the employee?
  30. Does the agency ensure that all benefit deductions are adjusted as required prior to final payment to the employee?
  31. Does the agency ensure that all debt set off amounts have been recovered and processed?
  32. SPHARS Leave Accounting

  33. Does the agency use SPAHRS reports?
  34. Does the agency verify leave entries to determine ending leave balances are correct and inform Human Resources/Payroll of discrepancies?
  35. Has the agency established appropriate processes governing leave form preparation, authorization, submission, data entry, and reconciliation?
  36. Does the agency retain documentation supporting entries establishing leave balances?
  37. Does the agency ensure that leave transactions are authorized and entered on a timely basis?
  38. Does the agency ensure that employee leave documents are stored in a secure location to maintain the confidentiality of the data?
  39. Does the agency separate tasks related to leave activity to ensure that no one person has control of a transaction from beginning to end?
  40. SPAHRS - Unpaid Leaves of Absence and Overpayments

  41. Is accurate and complete timekeeping performed to ensure that all periods of LWOP are reported and salary payments docked accordingly?
  42. Has the agency implemented policies and procedures concerning LWOP and overpayments?
  43. Are all reductions in an employee's salary properly authorized and entered into SPAHRS correctly and timely?
  44. Does the agency retain supporting payroll documents for audit purposes?
  45. Does the agency have in place procedures to ensure that benefits are adjusted appropriately as a result of LWOP or other reductions?
  46. SPAHRS - Time and Attendance

  47. Does the agency verify that source documents such as timecards or timesheetes have been properly completed, authorized, and entered accurately into SPAHRS?
  48. Does the agency ensure that employees comply with work schedules?
  49. Does the agency ensure that overtime is properly authorized?
  50. Does the agency have procedures for allocating time when less than 100% is worked on an activity?
  51. Does the agency have procedures for when funding is from multiple sources to ensure allocation of expenditures are made to correct programs or projects?
  52. Does the agency management periodically review allocation of salaries to funding sources?
  53. Are SPAHRS payroll duties segregated between the person who collects and processes the source documents and the fiscal manager who oversees the payroll operations?
  54. Is proper source documentation maintained and accessible for review?
  55. SPAHRS - Deductions

  56. Does proper documentation exist prior to initiating any changes to an employee's record related to any payroll deductions?
  57. Does the agency verify that the employee's Treasury Direct account information is complete?
  58. Is the Treasury Direct account information properly authorized and entered accurately into SPAHRS and all appropriate files/documentation submitted?
  59. Does the agency ensure that all employee and agency health insurance premiums due to DFA/Office of Insurance are paid?
  60. Does the agency perform monthly reconciliation of the health care premiums collected?
  61. Does the agency ensure that applicable forms affecting all payroll deductions are maintained for audit?
  62. Does the agency ensure that retirement information is recorded correctly on an employee?
  63. Is the monthly reconciliation of retirement plan contributions performed?
  64. Does the agency ensure that insurance plan deductions are established properly in SPAHRS?
  65. Does the agency perform monthly reconciliation of the insurance contributions?
  66. SPAHRS - Direct Deposit

  67. Are direct deposit payments made to the correct employee bank account?
  68. Does the agency maintain copies of employee direct deposit enrollment applications?
  69. Does the agency have procedures in place to remove employees from direct deposit when leave balance falls below agency established minimum balance?
  70. SPAHRS Payroll Certification

  71. Does the agency have policies and procedures governing the payroll certification process?
  72. Are the duties for data entry for payroll segregated from the duties for final approval of payroll?
  73. Is there an assigned primary certifier and a backup certifier for times when the primary certifier is not available.
  74. Are there procedures in place to ensure that unauthorized personnel do not breach the certification security?
  75. SPAHRS Automated Changes

  76. Are all reports generated from the use of mass transactions and automated interface processes reviewed to verify accuracy?
  77. SPAHRS Exception Pay

  78. Does the agency use Expection and Issue Pay?
  79. Does the agency, before entering an exception in SPAHRS pay, ensure that proper documentation has been received and approved by appropriate parties?
  80. Does the agency verify exception pay results to ensure the entries are processed as expected?
  81. SPAHRS Void Employee Payments

  82. Are all voids submitted to DFA/BFC for processing properly prepared by the agency payroll department and reviewed by the fiscal manager to ensure validity?
  83. Does the fiscal manager document evidence of the review by providing a signature and date of the review?
  84. Does the agency have procedures in place to ensure that void checks are processed immediately upon notification of need and in accordance with DFA procedures?
  85. SPAHRS Security

  86. Has the agency implemented procedures governing the levels of security requested and assigned appropriate employee access to SPAHRS?
  87. Is access to SPAHRS limited to individuals who need the access to perform their job responsibilities?
  88. Has the agency assigned a SPAHRS Security Contact?
  89. Is the SPAHRS Security contact responsible for the comprehensive system of internal control over SPAHRS access?
  90. Does the SPAHRS Security contact verify the appropriateness of security actions prior to the submission of the SPAHRS Security User Profile Maintenance form?
  91. Does the agency require in a timely manner the submission of request to delete access for terminated/transferred employees in order to safeguard the assets of the State?
  92. Are all copies of the SPAHRS Security User Profile/Maintenance form and agency Security reports maintained by the agency for audit purposes?
  93. Does the agency respond timely to the quarterly distribution security verification report, noting required changes or acceptance of existing security?
  94. Does the agency have policies in place to ensure that individuals with salary and time attendance access do not have access to these functions in SPAHRS?


Section 13: Davis-Bacon Act

    Davis-Bacon Act

  1. Does management understand the requirements to pay wages in accordance with the Davis-Bacon Act?
  2. Does management properly communicate the requirements of the Davis-Bacon Act to staff, contractors, and subcontractors?
  3. Does management understand its responsibility for monitoring compliance with the Davis-Bacon Act?
  4. Does the agency identify contractors or subcontractors who are at a high risk of not paying the prevailing wage rates?
  5. Does management identify how compliance with the Davis-Bacon Act will be monitored and the related risk of failure to monitor for compliance?
  6. Does the agency obtain, review, and maintain the prevailing wages rates from the Federal Register or Department of Labor?
  7. Are prevailing wage rates and provisions of the Davis-Bacon Act posted at job sites?
  8. Are contractors informed in the procurement process of the requirements for paying prevailing wage rates?
  9. Does the agency require contractors and subcontractors to submit certifications and copies of payroll?
  10. Does the agency compare the prevailing wage rates with the rates paid by contractors or subcontractors based on payroll information submitted?
  11. Do reports provide sufficient information to determine if the requirements of the Davis-Bacon Act are being met?
  12. Are channels of communication established for staff, contractors, and workers to report misclassification or failure to pay prevailing wages?
  13. Does the agency periodically interview contractors' or subcontractors' workers to verify the wage rates being paid and compare these to the prevailing wage rates?
  14. Does an agency employee or an outside consultant monitor contractors for compliance with the contract terms, including Davis-Bacon provision?
  15. Are on-site visits periodically performed to monitor classifications, wage rates, and other requirements of the Davis-Bacon Act?
  16. Are monitoring reports from contractors and consultants independently compared to employer submitted reports?
  17. Are requests periodically made to the Department of Labor for findings regarding the existence of any discriminatory practices by either contractors or subcontractors?
  18. Does management conduct reviews to ensure that certified payrolls are properly received, maintained, and monitored?


Section 14: MAGIC Security

    MAGIC Security

  1. Has the agency assigned appropriate employee access to MAGIC?
  2. Is access in MAGIC limited to individuals who need the access to perform their job responsibilities?
  3. Has the agency assigned a MAGIC Security Contact?
  4. Is the MAGIC Security Contact responsible for the comprehensive system of internal control over MAGIC access?


Section 15: Fraud, Waste & Abuse

    Fraud, Waste & Abuse

  1. Are controls in place to identify improper reporting of receivables (cash) to conceal misappropriation of receivable payments?
  2. Are controls in place to identify unauthorized P-card transactions, fictitious vendors, and inflated invoices from vendors?
  3. Are controls in place to identify unauthorized payroll adjustments?
  4. Does management conduct regular capital asset inventory reviews to account for all departmental assets and identify potential theft by employees?
  5. Does management periodically review work flow processes to identify transactions and positions that have a high risk of being subject to fraud?
  6. Has management established appropriate segregation of duties, proper review and approval levels of authority, and proactive fraud review procedures?
  7. Has the agency developed and documented a related party transactions policy and approval process?
  8. Are potential conflicts of interest for related party transactions disclosed on a periodic basis and applicable information made available to procurement staff?
  9. Does the agency conduct periodic reviews to evaluate whether the current controls are effective to ensure fraud risk is addressed?
  10. Has the agency published a method for public and employee reporting of suspected fraud, waste and abuse?
  11. Does the agency have procedures for investigating suspected instances of fraud, waste, and abuse?
  12. Does senior management ensure that the necessary follow-up actions are taken in response to reported control deficiencies?
  13. Are current audit and compliance reporting procedures timely and effective?