Internal Control Checklist for New Jersey Local Governments Using Coronavirus Local Fiscal Relief Funds

The American Rescue Plan Act of 2021 (ARPA) is a $1.9 trillion economic stimulus bill signed by President Biden on March 11, 2021 to provide funding for COVID-19 response and recovery. Within the ARPA, the Coronavirus Local Fiscal Recovery Fund (Local Fiscal Recovery Fund) allocates funding for all counties and municipalities in the State of New Jersey.

The Office of the State Comptroller is charged, by statute, with providing technical assistance and training to local governments regarding best practices, internal controls, and preventing the misuse of public funds. In conjunction with OSC’s Best Practices for New Jersey Local Governments Using Coronavirus Local Fiscal Recovery Funds, OSC developed this self-assessment checklist for local governments to use to assess their own internal control environments and determine where there may be potential weaknesses. The checklist serves as a template to evaluate internal controls; however, local governments should tailor the checklist to meet their specific needs.

All local governments that have received Local Fiscal Recovery Funds will be responsible for ensuring that they establish and maintain effective internal controls that provide reasonable assurance that they are managing the federal funds in compliance with all applicable federal statutes, regulations, and the terms and conditions of the federal award.

For more resources related to internal controls and other best practices, local governments can consult OSC’s website resources.

Important Terms

(as defined in the Green Book’s Glossary)

Internal control: a process effected by an entity’s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved (paragraph OV1.01)

Management: personnel who are directly responsible for all activities of an entity, including the design, implementation, and operating effectiveness of an entity’s internal control system (paragraph OV2.14)

Oversight body: those responsible for overseeing management’s design, implementation, and operation of an internal control system (paragraph OV2.14)

Risk: the possibility that an event will occur and adversely affect the achievement of objectives (paragraph 7.02)

Risk tolerance: the acceptable level of variation in performance relative to the achievement of objectives (paragraph 6.08)

The following checklist is not all-inclusive but can serve as a resource for ongoing evaluation of internal controls. After answering the questions below, local governments should review the answers. Questions that have been answered as a “Yes” indicate that an internal control is in place, whereas questions that have been answered as a “No” indicate that an internal control weakness exists. Local governments should address internal control weaknesses with additional scrutiny and remediate the issue, if necessary.

 

 

Yes No N/A Comments

Control Environment

General

1.

Does management demonstrate a commitment to integrity and ethical values?

       

2.

Does management consistently exhibit high ethical and professional standards in its conduct, setting the standard for the entire organization?

       

3.

Do policies and procedures exist, including ones that govern employee, management, and oversight body conduct and ethics?

       

4.

Are policies and procedures current, accurate, and accessible to all employees, management, and oversight body members?

       

5.

Have policies and procedures been evaluated and/or revised to adapt to COVID-19 impacts and changes to the workplace, new risks, and the entity’s objectives?

       

6.

Are employees, management, and the oversight body trained on policies and procedures on a regular basis?

       

7.

Does the entity have in place policies and procedures related to conflicts of interest?

       

8.

Are potential conflicts of interest communicated to appropriate individuals within the organization?

       

9.

Has the entity reviewed all applicable state and federal statutes, regulations and guidance to ensure proposed uses of COVID-19 recovery funds are eligible uses?

       

10.

Has the entity reviewed reporting requirements related to federal COVID-19 recovery funds?

       

11.

Have policies and procedures been reviewed and updated if necessary to ensure the entity’s compliance with applicable legal guidance related to COVID-19 recovery funding?

Does the entity have a plan in place to monitor any subrecipients of COVID-19 recovery funding in accordance with federal requirements?

       

Staffing

         

12.

Does the entity have an organizational chart?

       

13.

Are the responsibilities of employees, management, and the oversight body clearly defined?

       

14.

Are sufficient, qualified staff available to meet organizational objectives?

       

15.

Have staffing plans been reviewed to ensure adequate, qualified staff are available to manage COVID-19 funding?

       

16.

Has staff been cross-trained to minimize the disruption to control activities or business processes caused by the absence of another employee?

       

17.

Does management demonstrate a commitment to recruit, develop, and retain competent individuals?

       

18.

Is there appropriate supervision, training, and management of employees in remote or hybrid work settings?

       

19.

Have employees been provisioned with appropriate technology, remote access, equipment or other resources to complete their job functions and achieve the entity’s objectives?

       

20.

Does management evaluate employee job performance, including employees’ performance of internal control responsibilities?

       

21.

Does management hold employees accountable for any deficiencies in performing their internal control responsibilities?

       

Segregation of Duties

22.

Is the responsibility of accounting functions rotated amongst staff?

       

23.

Are different staff responsible for authorizing a transaction, recording the transaction in the accounting records, and maintaining custody of the assets resulting from the transaction?

       

24.

Is the person who does the bank reconciliation different from the person authorized sign to checks and make deposits?

       

25.

Is the person who handles cash (receipts, bank deposits, purchases) different from the person who keeps the financial books/accounting records?

       

26.

Are the functions of check preparation and check issuance performed by separate employees?

       

27.

Are the functions of purchasing goods, receipt of goods, and cash payment for goods performed by separate employees?

       

Risk Assessment

28.

Has management clearly defined its objectives in conducting a risk assessment in order to identify potential risks and define risk tolerances?

       

29.

Are risk assessments conducted on a regular basis?

       

30.

Has management considered the effects of COVID-19 on its risk assessments and risk tolerance?

       

31.

Does management respond to risks identified in risk assessments?

       

32.

Has management considered the potential for fraud, waste, and/or abuse when identifying, analyzing, and responding to risks?

       

33.

Has management identified, analyzed, and responded to significant changes that could impact the internal control system?

       

Control Activities

General

34.

Has management designed control activities that respond to identified risks?

       

35.

Has management designed the entity’s information system to achieve objectives and respond to identified risks?

       

Record Maintenance

36.

Is electronic data backed up regularly?

       

37.

Is a copy of electronic data stored off-site for additional backup?

       

38.

Does the entity have a record maintenance, retention and destruction policy?

       

39.

Have record maintenance policies been updated to reflect changes that may have been necessary due to remote or hybrid work environments?

       

40.

Are source documents retained?

       

41.

Are records properly guarded from fire, theft, cyber-intrusions, improper access, and manipulation?

       

42.

Are all financial recording documents, such as receipts and purchase orders, appropriately documented and retained?

       

43.

Are records maintained in accordance with applicable legal requirements, including those related to COVID-19 recovery funds?

       

Cash Management

44.

Are detailed cash receipts journals maintained?

       

45.

Are detailed cash disbursement journals maintained?

       

46.

Are authorized users and signatories on accounts updated regularly?

       

47.

Are bank reconciliation policies and procedures accurately documented?

       

48.

Are bank statements reconciled monthly?

       

49.

Do the preparer and reviewer of bank reconciliations initial and date the completed reconciliations?

       

50.

Are bank reconciliations reviewed by management?

       

51.

Are monies received by one employee, documented, and then deposited by another employee?

       

52.

Are deposits made with sufficient frequency to reduce the risk of theft?

       

53.

Are safeguards in place to secure cash on hand and petty cash?

       

Receipts, Purchases, and Expenditures

54.

Are safeguards in place to prevent officials or employees from cashing checks payable to the city/county?

       

55.

Are pre-numbered receipts issued?

       

56.

Are accounts receivable reconciled to the detailed invoices monthly?

       

57.

Is the accounts payable subsidiary ledger reconciled to actual invoices monthly?

       

58.

Are checks written to “Cash,” other than to establish or replenish a petty cash fund?

       

59.

Are checks pre-numbered?

       

60.

Are unused checks controlled and safely stored?

       

61.

If signature stamps are used to sign checks, are the stamps safely stored?

       

62.

Is management approval required to make purchases?

       

63.

Are COVID-19 recovery fund expenditures made in accordance with all applicable state and federal statutes, regulations, and guidance?

       

Payroll and Employee Benefits

64.

Are detailed attendance records maintained for each employee?

       

65.

Are overtime hours and/or other premium pay tracked and approved by a supervisor?

       

66.

If an employee’s salary is posted to multiple funds, programs, or functions, is the allocation of that employee’s salary supported by timesheets or periodic time studies?

       

67.

Are appropriate records maintained to document whether an employee’s salary and/or benefits are eligible to be reimbursed with COVID-19 recovery funds?

       

68.

Are appropriate records maintained to document whether an employee is eligible for hazard or other premium pay using COVID-19 recovery funds?

       

69.

Are payroll withholdings reconciled to the payroll reports monthly?

       

70.

Are health insurance bills reviewed by management to ensure only eligible individuals and dependents are being covered?

       

Reporting

71.

Are the general ledger and its subsidiary ledgers kept up to date and reconciled monthly?

       

72.

Is a chart of accounts utilized?

       

73.

If multiple records are kept for the same purpose, are they reconciled with one another?

       

74.

Are federal funds received specifically for COVID-19 response and recovery accounted for separately from other local funds?

       

75.

Are deadlines and procedures followed to ensure the entity’s compliance with reporting requirements related to federal COVID-19 funds?

       

Information Systems

76.

Are information system permissions reviewed and updated periodically for changes to staff, the internal control environment, or the entity?

       

77.

Has management considered how information systems can best be used to enhance controls and achieve entity objectives?

       

78.

Has management taken into account enhanced cyber risks, information security, and privacy concerns?

       

79.

Is an accounting system in place that allows management to record financial transactions, view data, and create timely reports to maintain accountability?

       

Fixed Assets and Debt

80.

Are schedules of fixed assets maintained?

       

81.

Are periodic inventories taken and compared with the schedules of fixed assets?

       

82.

Are physical safeguards in place to protect fixed assets from theft or misuse?

       

83.

Are mileage logs or other controls in place to avoid the misuse of government vehicles?

       

84.

Are materials and supplies inspected and inventoried when received?

       

85.

Are invoices maintained to support the purchase or lease of equipment?

       

86.

Are schedules maintained of all borrowing, leasing, and investing activities?

       

Information and Communication

87.

Does management use quality information to achieve the entity’s objectives?

       

88.

Does management communicate the necessary quality information internally?

       

89.

Does management communicate the necessary quality information externally?

       

Monitoring

90.

Has management established and operated monitoring activities to monitor the internal controls system?

       

91.

Does management remediate potential internal control deficiencies on a timely basis?

       

92.

Does management spot-check transactions to gain reasonable assurance that controls are functioning as intended?

       

93.

Does management perform internal audits?

       

94.

Does management evaluate the results of the monitoring activities in place?

       

96.

Are subrecipient transactions monitored to ensure compliance with applicable requirements?

       
Report
Waste or Abuse

Report Fraud
Waste or Abuse
Government Waste and Mismanagement Hotline: 1-855-OSC-TIPS (672-8477)