Finding Text
Finding 2020-006 – Lack of County-Wide Controls Over Major Federal Programs – Disaster Grants – Public Assistance (Presidentially Declared Disasters) (Repeat Finding – 2017-013, 2018-004) PASS-THROUGH GRANTOR: Oklahoma Department of Emergency Management FEDERAL AGENCY: U.S. Department of Homeland Security ASSISTANCE LISTING: 97.036 FEDERAL PROGRAM NAME: Disaster Grants – Public Assistance (Presidentially Declared Disasters) FEDERAL AWARD NUMBER: DR-4438 and DR-4315 FEDERAL AWARD YEAR: 2019 CONTROL CATEGORY: Activities Allowed or Unallowed; Allowable Costs/Cost Principles; Period of Performance; Reporting; Special Tests and Provisions QUESTIONED COSTS: $-0- Condition: County-wide controls regarding Control Environment, Risk Assessment, Information and Communication, and Monitoring have not been designed. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with grant requirements. Effect of Condition: This condition could result in noncompliance with grant requirements. Recommendation: OSAI recommends that the County design and implement a system of internal controls to ensure compliance with grant requirements. Management Response: Chairman of the Board of County Commissioners: The County will include all federal grant discussion in our Officers’ meetings so that all Elected Officials are aware. We will discuss the Control Environment, Risk Assessment, Information and Communication, and Monitoring for all federal grants. Criteria: The GAO Standards – Section 1 – Fundamental Concepts of Internal Control – OV1.01 states in part: Definition of Internal Control Internal control is a process effected by an entity’s oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. Additionally, GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.04 states in part: Components, Principles, and Attributes Control Environment – The foundation for an internal control system. It provides the discipline and structure to help an entity achieve its objectives. Risk Assessment – Assesses the risks facing the entity as it seeks to achieve its objectives. This assessment provides the basis for developing appropriate risk responses. Information and Communication – The quality information management and personnel communicate and use to support the internal control system. Monitoring – Activities management establishes and operates to assess the quality of performance over time and promptly resolve the findings of audits and other reviews.