internal controls

New Hampshire Town and City magazine spoke with Jason Levine, LGC's Senior Application Developer, about the Intranet. Here is his primer:

T&C: Most of us are familiar with the Internet, but what is an Intranet?

Many of us can remember the schoolyard bully who knocked books out of our hands and stole our lunch money. Thanks to RSA 193-F, Pupil Safety and Violence Protection, schools today have more tools to eliminate bullying. But what about bullies at work? What does their behavior look like? What are the implications for the employer? What triggers bullying behavior in the workplace? This article will examine bullying in the workplace, look at recent proposed legislation, and provide some guidance for employers wrestling with this issue.

In the past year the news has been inundated with stories of hacking attacks on some of the biggest corporations in the United States including LinkedIn, Yahoo, TJX, Sony PlayStation, and even the FBI. The easiest method hackers use to infiltrate an organization is through an employee. It is important to understand that usernames and passwords are an outdated notion akin to protecting a municipality with a wall. It is very typical for a hacker to track an employee and "phish" for information.

As the old adage goes, “an ounce of prevention is worth a pound of cure." This is obviously true in the case of healthcare, where regular exercise and healthy dietary choices may help to reduce the risk of developing serious maladies. Periodic battery replacement in home smoke detectors, a very simple preventive measure, can help save lives. And, routine oil changes can help avoid costly car repairs and keep a vehicle running for more than 200,000 miles. The same adage applies to establishing internal controls over municipal financial operations.

The American Institute of Certified Public Accountants (AICPA) issued Statement on Auditing Standards number 112, commonly referred to as SAS 112, in May 2006. SAS 112 will affect all auditees, including local governments—cities, towns, counties and school districts—and is effective for audit periods ending on or after December 15, 2006. SAS 112 defines how auditors will communicate matters related to your entity’s internal controls over financial reporting.

A crucial but often overlooked component of an effective internal control framework is the audit committee. Although management is primarily responsible for making sure that the necessary controls are in place to achieve organizational objectives, the governing body ultimately must ensure that management is fulfilling this responsibility. The most effective means of oversight is the audit committee, which helps the governing body oversee the audit of financial statements, ensure that the auditor is independent of management, and address control and compliance weaknesses.

The most important asset to a municipality, or any other type of entity, is its employees. Protection of employees using fraud detection and prevention techniques should be a topic that has great weight in a municipality’s day-to-day operations. The point is to keep honest employees honest, by deterring the opportunity to commit fraud by careful management of fraud risks. Analysis of potential risks among employees is probably the most difficult analysis of all, which will put management skill to the test. First, analyze employees using the fraud triangle.

The American Institute of Certified Public Accountants (AICPA) is the national professional organization for certified public accountants. One of the objectives of the AICPA is to adopt uniform standards for CPA’s to follow during the conduct of an audit. Effective in 2003, the AICPA issued Statement on Auditing Standard 99 (SAS 99) addressing the auditor’s responsibility to consider fraud in a financial statement audit.

One of the most important internal controls for any organization to establish is the segregation of incompatible duties. The purpose of segregating incompatible duties is to insure that no one individual is in a position that allows such an individual to both commit an irregularity and then conceal that irregularity. Certainly in a large community with multiple employees within a department, there is ample opportunity to segregate functions so that employees, performing their routine duties, serve as a check on one another.

As discussed in the October 2005 issue of New Hampshire Town and City, one of the primary factors contributing to fraud is an inadequate system of internal controls. Weak internal controls not only open the door of opportunity for fraud to occur, but actually promote that opportunity, as evidenced in one recent New Hampshire embezzlement case. When asked why she stole the money, the response from this particular municipal employee was: “Because I could … there was no accountability for the funds."