State Assessment of Internal Controls Final Report, May 2007
Download Guide in Word (1,622 KB) or PDF (676 3KB) format.
Appendix C. Suggested Assignments for Completing the Assessment Instrument
Each State must examine its organizational structure to determine how to make assignments for completing the Instrument. For example, some States are county administered, while others use contractors to administer some or all child care services within the State. Some pilot States included counties or contractors to participate on the State Project Team.
The following outline provides suggested assignments for completion of the Instrument based upon this pilot study. States need to include high-level management staff initially to obtain necessary buy-in and agency-wide administrative support. Each of the following assignments directly corresponds to the sections and elements in the Modified Self Internal Control Self-Assessment Instrument. States may choose to assign multiple sections to some team members and two or more team members may respond to different criteria within the same section.
Section I - Control Environment
Integrity and Ethical Values
1 - High/Middle Level Management, Human Resources, Finance & Audits
2 - High/Middle Level Management, Human Resources, Finance & Audits Commitment to Competence
1 - Human Resources & Training (if separate) & Field/Contractor/County Management
Management Philosophy and Operating Style
1 - High/Middle Management & Finance & Operations
2 - Human Resources
3 - High/Middle Management & Audits & Operations & Finance
Organizational Structure
1 - High/Middle Management & Field/Contractor/County Management
2 - High/Middle Management & Field/Contractor/County Management
3 - High/Middle Management & Field/Contractor/County Management
4 - High/Middle Management & Field/Contractor/County Management & Human Resources
Assignment of Authority and Responsibility
1 - High/Middle Management & Field/Contractor/County Management & Human Resources
Human Resource Policies and Practices
1 - Human Resources
Oversight Groups
1 - Audits
2 - High Management & Finance & Legislative Liaison
Section II - Risk Assessment
Establishment of Entity-Wide Objectives
1 - Finance & Operations & Programs
2 - High/Middle Management & Field/Contractor/ County Management
Establishment of Activity
1 - High/Middle Management & Finance & Field /Contractor/ County Management
2 - High/Middle Management & Finance & Field /Contractor/ County Management
Risk Identification
1 - Audits & Operations & Human Resources & Finance
2 - Audits & Operations & Human Resources & Finance
Risk Analysis
1 - Audits & Operations
Managing Risk During Change
1 - Audits & Finance & Operations
Section III - Control Activities
General Application
1 - Programs
2 - Program & Quality Assurance & Field /Contractor/ County Management
Common Categories of Control Activities
1 - Programs & Finance & Field /Contractor/ County Management
2 - Programs & Quality Control & Human Resources/Personnel & Field /Contractor/ County Management
3 - Programs & Information Technology, Quality Assurance, & Field/Contractor/County Management
4 - Programs & Information Technology, Quality Assurance, & Field/Contractor/County Management
5 - Programs & Information Technology, Quality Assurance, & Field/Contractor/County Management
6 - Programs & Information Technology, Quality Assurance, & Field/Contractor/County Management
7 - Programs & Information Technology, Quality Assurance, Finance, & Field/Contractor/County Management
8 - Programs & Information Technology, Quality Assurance, Finance, & Field/Contractor/County Management
9 - Programs & Information Technology, Quality Assurance, Finance, & Field/Contractor/County Management
Control Activities Specific for Information Systems - General Control
Entity-wide Security Management Program
1 - Information Technology
2 - Information Technology
3 - Information Technology
4 - Information Technology & Human Resources
5 - Information Technology
Access Control
1 - Information Technology
2 - Information Technology
3 - Information Technology
Application Software Development and Change Control
1 - Information Technology
2 - Information Technology
3 - Information Technology
System Software Control
1 - Information Technology
2 - Information Technology
Segregation of Duties
1 - Information Technology
3 - Information Technology & Programs & Field /Contractor/ County Management
Service Continuity
1 - Information Technology
2 - Information Technology
Control Activities Specific for Information Systems - Application Control
Authorization Control
1 - Information Technology
2 - Information Technology
3 - Information Technology
Completeness Control
1 - Field/Contractor/County Management
2 - Programs & Information Technology & Field /Contractor/ County Management
Accuracy Control
1 - Information Technology
Control Over Integrity of Processing and Data Files
1 - Information Technology
Section IV - Information and Communication
Information
1 - Middle Management & Programs
Communications
1 - High/Middle Management & Field/Contractor/ County Management
2 - High/Middle Management & Field/Contractor/ County Management
Forms and Means of Communication
1 - High/Middle Management & Field/Contractor/ County Management
2 - High/Middle Management & Field/Contractor/ County Management
Section V - Monitoring
Ongoing Monitoring
1 - High/Middle Management & Field/Contractor/ County Management & Programs & Quality Assurance
2 - Programs & Quality Assurance
3 - High/Middle Management & Field/Contractor/ County Management
4 - High/Middle Management & Field/Contractor/ County Management
5 - Audits
6 - High/Middle Management & Field/Contractor/ County Management
7 - High/Middle Management & Field/Contractor/ County Management & Programs & Audits
8 - High/Middle Management & Field/Contractor/ County Management
9 - Audits
10 -High/Middle Management & Field/Contractor/ County Management
Audit Resolution
1 - High/Middle Management & Field/Contractor/County Management & Audits
2 - High/Middle Management & Field/Contractor/ County Management