2017-18 Internal Control Questionnaire and Assessment

Bureau of Financial Monitoring and Accountability

Florida Department of Economic Opportunity

September 30, 2017

107 East Madison Street

Caldwell Building
Tallahassee, Florida 32399
www.floridajobs.org
 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

TABLE OF CONTENTS
OVERVIEW .............................................................................................................................. 3
Control Environment ................................................................................................................. 7
Risk Assessment ........................................................................................................................ 9
Control Activities ..................................................................................................................... 11
Information and Communication ........................................................................................... 13
Monitoring Activities ............................................................................................................... 15
Attachment A ........................................................................................................................... 17

September 30, 2017 Page 2 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

OVERVIEW

Introduction and Purpose

The Internal Control Questionnaire and Assessment (ICQ) was developed by the Department of Economic
Opportunity (DEO), Bureau of Financial Monitoring and Accountability, as a self-assessment tool to help
evaluate whether a system of sound internal control exists within the Local Workforce Development Board
(LWDB). An effective system of internal control provides reasonable assurance that management’s goals
are being properly pursued. Each LWDB’s management team sets the tone and has ultimate responsibility
for a strong system of internal controls.

The self-assessment ratings and responses should reflect the controls in place or identify areas where
additional or compensating controls could be enhanced. When the questionnaire and the certification are
complete, submit them to DEO by uploading to SharePoint.

Definition and Objectives of Internal Controls

Internal control is a process, effected by an entity’s board of directors, management and other personnel,
designed to provide "reasonable assurance" regarding the achievement of objectives in the following
categories:

 Effectiveness and efficiency of operations

 Reliability of financial reporting
 Compliance with applicable laws and regulations

The concept of reasonable assurance implies the internal control system for any entity, will offer a
reasonable level of assurance that operating objectives can be achieved.

Need for Internal Controls

September 30, 2017 Page 3 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Internal controls help to ensure the direction, policies, procedures, and practices designed and approved by
management and the governing board are put in place and are functioning as designed/desired. Internal
controls should be designed to achieve the objectives and adequately safeguard assets from loss or
unauthorized use or disposition, and to provide assurance assets are used solely for authorized purposes in
compliance with Federal laws, regulations, and program compliance requirements. Additionally, Title 2, Part
200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, §
200.303 Internal controls, states:

The non-Federal entity must:

(a) Establish and maintain effective internal control over the Federal award that provides reasonable
assurance the non-Federal entity is managing the Federal award in compliance with Federal
statutes, regulations, and the terms and conditions of the Federal award. These internal controls
should be in compliance with guidance in “Standards for Internal Control in the Federal
Government” issued by the Comptroller General of the United States and the “Internal Control
Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
(b) Comply with Federal statutes, regulations, and the terms and conditions of the Federal awards.
(c) Evaluate and monitor the non-Federal entity's compliance with statute, regulations and the terms
and conditions of Federal awards.
(d) Take prompt action when instances of noncompliance are identified including noncompliance
identified in audit findings.
(e) Take reasonable measures to safeguard protected personally identifiable information and other
information the Federal awarding agency or pass-through entity designates as sensitive or the
non-Federal entity considers sensitive consistent with applicable Federal, state and local laws
regarding privacy and obligations of confidentiality.

What Internal Controls Cannot Do

As important as an internal control system is to an organization, an effective system will not guarantee an
organization’s success. Effective internal controls can keep the right people, such as management and the
governing board members, informed about the organization’s operations and progress toward goals and
objectives. However, these controls cannot protect against economic downturns or make an understaffed

September 30, 2017 Page 4 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

entity operate at full capacity. Internal controls can only provide reasonable, but not absolute, assurance the
entity’s objectives can be met. Due to limitations inherent to all internal controls systems, breakdowns in
the internal control system may be caused by a simple error or mistake, or by faulty judgments made at any
level of management. In addition, controls may be circumvented by collusion or by management override.
The design of the internal controls system is dependent upon the resources available, which means there
must be a cost-benefit analysis performed as part of designing the internal control system.

Five Components of Internal Control

 Control Environment – is the set of standards, processes, and structures that provide the basis for
carrying out internal control across the organization. The board of directors and senior
management establish the tone at the top regarding the importance of internal control and expected
standards of conduct.
 Risk Assessment – involves a dynamic and iterative process for identifying and analyzing risks to
achieving the entity’s objectives, forming a basis for determining how risks should be managed.
Management considers possible changes in the external environment and within its own business
model that may impede its ability to achieve objectives.

 Control Activities – are the actions established by policies and procedures to help ensure that
management directives mitigate risks to the achievement of objectives are carried out. Control
activities are performed at all levels of the entity and at various stages within business processes, and
over the technology environment.
 Information and Communication – are necessary for the entity to carry out internal control
responsibilities in support of achievement of its objectives. Communication occurs both internally
and externally and provides the organization with the information needed to carry out day-to-day
internal control activities. Communication enables personnel to understand internal control
responsibilities and their importance to the achievement of objectives.
 Monitoring – are ongoing evaluations, separate evaluations, or some combination of the two used
to ascertain whether the components of internal control, including controls to effect the principles
within each component, are present and functioning. Findings are evaluated and deficiencies are
communicated in a timely manner, with serious matters reported to senior management and to the
board of directors.

September 30, 2017 Page 5 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Makeup of the ICQ

Subsequent sections of this document emphasize the “17 Principles” of internal control developed by the
Committee of Sponsoring Organizations of the Treadway Commission (COSO) and presented in the
Internal Control – Integrated Framework (2013). The five components of internal control listed above are
fundamentally the same as the five standards of internal control and reflect the same concepts the
“Standards for Internal Control in the Federal Government” utilizes.

The principles are reflected in groupings of questions related to major areas of control focus within the
organization. Each question represents an element or characteristic of control that is or can be used to
promote the assurance that operations are executed as management intended.

It should be noted that entities may have adequate internal controls even though some or all of the listed
characteristics are not present. Entities could have other appropriate internal controls operating effectively
that are not included here. The entity will need to exercise judgment in determining the most appropriate
and cost effective internal control in a given environment or circumstance to provide reasonable assurance
for compliance with Federal program requirements.

Completing the Document

On a scale of 1 to 5, with “1” indicating the greatest need for improvements in internal controls and “5”
indicating that a strong system of internal controls already exists, select the number that best describes your
current operating environment. Please provide details in the comments/explanations column for each
statement with a score of 1 or 2. For those questions requiring a narrative, please provide in the
comments/explanations column.

Certification of Self-Assessment of Internal Controls

Attachment A, includes a certification which should be completed and signed by the Executive Director,
and uploaded to SharePoint.

September 30, 2017 Page 6 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Self-Assessment of Policies,
CONTROL ENVIRONMENT Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
Principle 1. The organization demonstrates a commitment to integrity and ethical values.
1. The LWDB’s management and board of directors’ commitment to
integrity and ethical behavior is consistently and effectively
communicated throughout the LWDB, both in words and deeds.
2. The LWDB has a code of conduct and/or ethics policy that has been
communicated to all staff, board members, and outsourced service
providers.
3. When the LWDB hires new management from outside of the
organization the person is trained or made aware of the importance
of high ethics and sound internal controls.

Principle 2. The board of directors demonstrates independence from management and exercises oversight
of the development and performance of internal control.
4. The board of directors define, maintain, and periodically evaluate the
skills and expertise needed among its members to enable them to
question and scrutinize management’s activities and present alternate
views.
5. The board of directors and/or audit committee maintains a direct line
of communication with the board’s external auditors and internal
monitors.
6. The independence of all board members is periodically reviewed for
affiliations and relationships that could result in a conflict of interest.

Principle 3. Management establishes, with board oversight, structures, reporting lines, and appropriate
authorities and responsibilities in the pursuit of objectives.
7. Management reviews and modifies the organizational structure of the
LWDB in light of anticipated changing conditions or revised
priorities.

September 30, 2017 Page 7 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

8. The contractual terms with outsourced service providers are clear and
concise with regard to the organization’s objectives and expectations
of conduct and performance.

9. The LWDB’s policies and procedures are adequate for authorizing

and approving transactions.

Principle 4. The organization demonstrates a commitment to attract, develop, and retain competent
individuals in alignment with objectives.
10. The LWDB continuously provides mentoring and training
opportunities needed to attract, develop, and retain sufficient and
competent personnel.

11. The LWDB policies include succession plans for senior management
and contingency plans for assignments of responsibilities important
for internal control.

12. For all positions, there are current written job descriptions, reference
manuals or other forms of communication to inform personnel of
their duties.

Principle 5. The organization holds individuals accountable for their internal control responsibilities in the
pursuit of objectives.
13. The LWDB has established performance measures and goals which
are periodically reviewed for relevance and adequacy in relation to
their potential risks.

14. The LWDB’s structure and tone at the top helps establish and
enforce individual accountability for performance of internal control
responsibilities and communicates and supports the accountability for
responsible conduct of its staff.

September 30, 2017 Page 8 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

15. The LWDB has policies, processes and controls in place to evaluate
and promote accountability of outsourced service providers (and
other business partners) and their internal control responsibilities.

Self-Assessment of Policies,
RISK ASSESSMENT Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
Principle 6. The organization specifies with sufficient clarity to enable the identification and assessment
of risks relating to objectives.
16. Management establishes a materiality threshold for the purpose of
identifying significant accounts and disclosures. This considers
risk at each location where the LWDB conducts activities.

17. Management uses operational objectives as a basis for allocating

the resources needed to achieve desired operational and financial
performance.

18. The LWDB sets entity-wide financial reporting controls and

assesses the risks that those controls will not prevent material
misstatements, errors, or omissions in the financial statements.

Principle 7. The organization identifies risks to the achievement of its objectives across the entity and
analyzes risks as a basis for determining how the risks should be managed.
19. Management ensures that risk identification considers internal
and external factors and the potential impact on the achievement
of objectives.

20. The LWDB adequately and effectively manages risks to the

organization and has designed internal controls that mitigate the
identified risks.

September 30, 2017 Page 9 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

21. The LWDB’s risk identification/assessment is broad and includes

all significant interactions, both internal to the LWDB and its
business partners and outsourced service providers.

Principle 8. The organization considers the potential for fraud in assessing risks to the achievement of
objectives.
22. The LWDB’s assessment of fraud risk considers the
opportunities for willful violations of laws, regulations or policy
that could have a direct or indirect effect and how the operations
could be impacted.

23. The LWDB follows established policies, procedures, and

processes to periodically reconcile physical assets (e.g., cash,
accounts receivable, prepaid program items and/or incentive card
inventories, fixed assets) with the accounting records.

24. The LWDB’s assessment of fraud risks considers opportunities

for unauthorized acquisition, use and disposal of assets, altering
the reporting records, or committing other inappropriate acts.

Principle 9. The organization identifies and assesses changes that could significantly impact the system
of internal control.
25. The LWDB has mechanisms in place to identify and react to
risks presented by changes in government, regulatory, economic,
operating, or other conditions that could affect the achievement
of the goals and objectives.

26. The most significant risks affecting the LWDB have been
identified and controls designed and implemented that mitigate
risks associated with each.

September 30, 2017 Page 10 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

27. The LWDB has a process to consider changes in management

and their respective attitudes and philosophies on the system of
internal control.

Self-Assessment of Policies,
CONTROL ACTIVITIES Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
Principle 10. The organization selects and develops control activities that contribute to the mitigation of
risks to the achievement of objectives to acceptable levels.
28. Management control activities consider all the relevant business
processes, information technology and locations where control
activities are needed, including outsourced service providers and
other partners.

29. Controls employed by the LWDB include authorizations,

approvals, comparisons, physical counts, reconciliations and
supervisory controls.

30. The LWDB periodically (e.g., quarterly, semiannually) reviews

system privileges and access controls to the different applications
and databases within the IT infrastructure to determine whether
system privileges and access controls are appropriate.

Principle 11. The organization selects and develops general control activities over technology to support
the achievement of objectives.
31. Management selects and develops control activities that are
designed and implemented to restrict technology access rights to
authorized users commensurate with their job responsibilities and
to protect the entity’s assets from external threats.

September 30, 2017 Page 11 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Self-Assessment of Policies,
CONTROL ACTIVITIES Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
32. Management has identified the appropriate technology controls
that address the risks of using applications hosted by third-parties.

33. The LWDB has considered the protection of personally

identifiable information (PII), as defined in 501.171(1)(g)1, F.S.,
of its employees, participants/clients and vendors, and have
designed and implemented policies that mitigate the associated
risks.

Principle 12. The organization deploys control activities through policies that establish what is expected
and procedures that put policies into action.
34. The LWDB has policies and procedures addressing proper
segregation of duties between the authorization, custody, and
recordkeeping for the following tasks, if applicable: Prepaid
Program Items (Participant Support Costs), Cash/Receivables,
Equipment, Payables/Disbursements, Procurement/Contracting,
and Payroll/Human Resources. For tasks lacking the appropriate
segregation of duties describe any compensating controls in place
in the comments/explanations section.

35. Management has performed a review of all policies and

procedures to determine their continued relevance, consistency,
compliance with 2 CFR Part 200 (Uniform Guidance) or other
guidance or directives.

36. The LWDB maintains policies and procedures to facilitate the

recording and accounting of transactions in compliance with laws,
regulations, and provisions of contracts and grant agreements.

September 30, 2017 Page 12 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Self-Assessment of Policies,
INFORMATION AND COMMUNICATION Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
Principle 13. The organization obtains or generates and uses relevant, quality information to support the
functioning of internal control.
37. Federal, state, or grant program rules or regulations are reviewed
with one or more of the following: governing board, audit, finance or
other committee.

38. The LWDB considers both internal and external sources of data
when identifying relevant information to use in the operation of
internal control.

39. The LWDB’s accounting system provides for separate identification

of federal grant transactions and non-federal transactions and
allocations of transactions that benefit both.

Principle 14. The organization internally communicates information, including objectives and responsibilities
for internal control, necessary to support the functioning of internal control.
40. Communication exists between management and the board of
directors so that both have information needed to fulfill their roles
with respect to the LWDB’s objectives.

41. There is a process to quickly disseminate critical information

throughout the LWDB when necessary.

42. Management has a communication process for reinforcing to all

employees their roles in internal control responsibility.

September 30, 2017 Page 13 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Self-Assessment of Policies,
INFORMATION AND COMMUNICATION Procedures, and Processes
Weak Strong
1 2 3 4 5 Comments/Explanations
Principle 15. The organization communicates with external parties regarding matters affecting the
functioning of internal control.
43. The LWDB has a process that allows for employees, partners,
clients/participants, vendors and subrecipients to report suspected
improprieties, while allowing for anonymity of the person; and the
process is communicated to everyone.

44. The LWDB has processes in place to communicate relevant and

timely information to external parties.

45. The LWDB has processes in place to communicate the results of

reports provided by the following external parties: Independent
Auditor, DEO Bureau of Financial Monitoring and Accountability
(FMA), DEO Bureau of One-Stop and Program Support, DEO
Office of Inspector General, Florida Auditor General, and Federal
Awarding Agencies (USDOL, USDHHS, and USDA) to the Board
of Directors.

September 30, 2017 Page 14 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Self-Assessment of Policies,
Procedures, and Processes
Weak Strong
MONITORING ACTIVITIES 1 2 3 4 5 Comments/Explanations
Principle 16. The organization selects, develops, and performs ongoing and/or separate evaluations to
ascertain whether the components of internal control are present and functioning.
46. The LWDB periodically evaluates its business processes such as cash
management, comparison of budget to actual results, repayment or
reprogramming of interest earnings, draw down of funds,
procurement, and contracting activities.

47. The LWDB considers the level of staffing, training and skills of
people performing the monitoring given the environment and
monitoring activities which include observations, inquiries and
inspection of source documents.

48. LWDB management periodically visits Career Center locations and

other decentralized locations (including subrecipients) to determine
whether policies and procedures are being followed and functioning
as intended.

Principle 17. The organization evaluates and communicates internal control deficiencies in a timely manner to
those parties responsible for taking corrective action, including senior management and the board of directors,
as appropriate.
49. The LWDB management takes adequate and timely actions to
correct deficiencies reported by the external auditors, financial and
programmatic monitoring, or internal reviews.

50. The LWDB monitors subrecipients to ensure that federal funds

provided are expended only for allowable activities, goods, and
services and communicates the monitoring results to the LWDB’s
board of directors.

September 30, 2017 Page 15 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

Page intentionally blank

September 30, 2017 Page 16 of 17

 Florida Department of Economic Opportunity
2017-18 Internal Control Questionnaire and Assessment

ATTACHMENT A

Department of Economic Opportunity

Certification of Self-Assessment of Internal Controls

Regional Workforce Board:

To be completed by the Executive Director

A self-assessment of internal controls has been conducted for the fiscal period beginning July 1, 2017 (fiscal
period 2017/18). As part of this self-assessment, the Internal Control Questionnaire developed by the
Department of Economic Opportunity has been completed and is available for review.

Signature: ____________________________

Printed Name:

Title:

Date:

Please scan and upload to SharePoint an executed copy of this certification on or before October 15, 2017.

September 30, 2017 Page 17 of 17