Division of Standards Examination of Annual Internal Control Questionnaire
June 23, 2015 · Read the full official report (PDF) ↗
source
“Some of the information that the Division of Standards (DOS) reported in its Internal Control Questionnaire (ICQ) to the Office of the State Comptroller (OSC) for fiscal year 2014 was inaccurate or not supported by documentation.”
Read the plain-English breakdown
This is a limited state audit checking whether the Division of Standards accurately answered parts of its yearly internal control questionnaire for fiscal year 2014.
“The objective of our audit was to determine whether certain responses that DOS provided to OSC in its fiscal year 2014 ICQ were accurate.”
The State Auditor reviewed selected questionnaire answers because state agencies use them to report whether their financial and management controls are working.
“The overall objective of our audit was to determine whether DOS accurately reported certain information about its overall internal control system to OSC in its 2014 ICQ.”
Bad or unsupported answers make it harder for the state to know whether public money, equipment, and records are being managed properly.
“In addition, inaccurate information in the ICQ prevents OSC from effectively assessing the adequacy of DOS’s internal control system for the purposes of financial reporting.”
The Division of Standards affects everyday consumers because it checks things like gas pumps, price scanners, weighing devices, and certain licenses.
“DOS is responsible for enforcing standards for weighing and measuring devices used in the sale of items such as food and fuels.”
The main problem was not that the audit found stolen money or property, but that DOS could not show it had followed required control, risk, inventory, and certification practices.
“DOS’s 2014 ICQ had inaccurate responses on the subjects of its internal control plan (ICP), risk assessment, and capital asset inventory.”
The auditor told DOS to fix the issues, follow Comptroller requirements, keep signed certification records, and ask the Comptroller for help if needed.
“DOS should take the measures necessary to address the issues we identified during our audit and should ensure that it adheres to all OSC’s requirements for developing an ICP and accurately reporting information about its ICP and capital-asset inventory.”
The finding is significant because the agency’s control plan was incomplete, risk assessment was not documented, asset inventory was not properly handled, and the questionnaire was not properly certified.
“Specifically, although DOS indicated that it was in compliance with OSC guidelines in all of the areas we reviewed, its internal control plan (ICP) was not based on guidelines issued by OSC; it could not document that it had conducted an organization-wide risk assessment that included fraud; it had not updated its ICP within the past year; it had not performed an annual physical inventory of its capital assets; and it did not have procedures encompassing all phases of the inventory process.”
An ICQ is the state’s yearly questionnaire where agencies report whether their internal controls are in place and working.
“Each year, OSC issues a memorandum (Fiscal Year Update) to internal control officers, single audit liaisons, and chief fiscal officers instructing departments to complete an Internal Control Questionnaire designed to provide an indication of the effectiveness of the Commonwealth’s internal controls.”
What the Auditor checked
- Did not comply In its 2014 ICQ, did DOS give accurate responses in the ICP area?
- Did not comply In its 2014 ICQ, did DOS give accurate responses in the capital-asset inventory area, for both generally accepted accounting principles and non-GAAP assets?
- Complied In its 2014 ICQ, did DOS give accurate responses in the personally identifiable information area?
- Complied In its 2014 ICQ, did DOS give accurate responses in the audits and findings area?
What the Auditor found
Why it matters: The inaccurate or unsupported information prevented effective assessment of internal controls, increased risk that DOS would not meet objectives in compliance with requirements, and weakened safeguards over capital assets.
Standard: OSC guidelines for internal control plans, OSC ICQ certification instructions, COSO enterprise risk management components, and OSC capital-asset inventory requirements. ( Chapter 11, Section 12, of the Massachusetts General Laws; OSC Internal Control Guide; OSC Fixed Assets Acquisition Policy (2006) )
2 recommendations
- DOS should take the measures necessary to address the issues identified during the audit, follow OSC requirements for developing an ICP and reporting ICP and capital-asset information, and retain a signed ICQ certification.agency: partially agreed
- DOS should request guidance from OSC if necessary.
Agency response & Auditor reply
Agency: "Contrary to the audit conclusions the information reported in the ICQ was accurate but some of the information was as stated in the “DRAFT” audit undocumented."
Auditor: "We believe that the measures DOS is taking, as indicated in its reply, are responsive to some of our concerns."