Finding Text
Criteria: 2 CFR 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards §202.303, Internal Controls, requires the recipients of federal funds maintain financial management systems that provide effective controls over accountability for all funds, property, and other assets. These controls should be in compliance with the internal control integrated framework. In addition, as noted above, the preparation of the consolidated financial statements is the responsibility of management, including management’s assertions that the consolidated financial statements are complete and accurate; that the rights and obligations recorded in the consolidated financial statements exist, belong to the entity, and are properly valued; and that the information presented in the consolidated financial statements is presented in accordance with generally accepted accounting principles. Furthermore, these standards require the entity to take prompt action to address findings identified and to protect personal identifiable information and other deemed sensitive information.
Condition: During testing of journal entries, BDO identified instances where journal entries were created
and reviewed/approved by the same individual, which did not comply with the Agency’s documented
policies and procedures and identified control requiring a separate reviewer/approver from the creator
of the journal entry. BDO noted that the information technology system allows an individual to post an
entry without a separate level of review. Individuals that are able to post journal entries without a
separate review included: Chief Financial Officer, Controller, and Accounting Manager.
Cause: The Agency’s internal controls, as documented above, were not operating as designed causing
some journal entries to be posted that were created and approved by the same individual. It was also
noted that the information technology system does not require the reviewer/approver of a journal entry
to be separate from the creator.
Effect or Potential Effect: Potential misstatement due to lack of segregation of duties within the
financial statement close process.
Recommendation: The Agency should enhance manual controls in place to eliminate or reduce the
instances where the creator and reviewer/approver of journal entries are performed by the same
individual.
Views of Responsible Officials: While it is the Agency’s policy that no individual who created a journal
entry should review and/or post their own entry in the accounting system, the accounting system lacks
a technology control to prevent such an occurrence from happening. As a result, a small percentage of
entries were inadvertently approved by the same staff member who created the entries during the fiscal
year ended June 30, 2023. Those entries were subsequently reviewed by management and the auditors
and found to be appropriate. Also, in management’s view, the Agency has very strong mitigating controls
in place in its financial review process that would have detected any material misstatements that could
have resulted from these occurrences. That said, management agrees that additional measures are
needed to ensure no further occurrences.