新型冠状病毒肺炎大流行应对内部控制指南
Each department is required to have a system of internal controls summarized in an Internal Control Plan that outlines objectives and risks and identifies the control activities that mitigate risk.
Department internal control plans must be based on 风险评估 and updated annually, 或者发生重大变化时. 因为新型冠状病毒肺炎大流行已经影响到所有部门, 监理署, 在与州审计署协商后, 是否提供两种更新内部控制的选择.
- If the impact to your department is such that it can be reflected in your Internal Control Plan (ICP), then update the ICP as you would for any other mid-year changes.
- 受到重大影响的部门, and requiring the accumulation of substantial 文档ation (e.g. 业务流程的变更, 联邦和州特定legal或指导的要求, 新基金或新项目), can draft a separate 新型冠状病毒肺炎 Pandemic Response Plan Appendix to the ICP as an organized set (hard or soft copies) of emails, 文档, 风险评估, 政策, 和程序.
Following are examples of how departments might address the impact of the 新型冠状病毒肺炎 pandemic via internal controls:
Note: Departments will have different objectives/risks/controls depending on the level of impact they experience.
GOAL 1: PREPARE FOR THE CURRENT AND LONG-TERM IMPACTS OF THE 新型冠状病毒肺炎 PANDEMIC.
目标1: Perform a risk assessment of the impact of the 新型冠状病毒肺炎 pandemic on the operations of the department. Consultants are not required to perform a risk assessment; department internal auditors, 财政, 编程, and legal staff can evaluate current protocols and compliance requirements and identify the pandemic impacts.
风险: Not thoroughly exploring all facets of the impact can leave the department unnecessarily exposed to risks it could mitigate.
Control 1: Stay up to date on alerts from the Governor’s Office, MEMA和国家监管机构, 疾病控制中心, 世界卫生组织, 和其他人.
控制2:部门各级领导参与, 财政, 编程, 通信, legal, HR, and payroll); include all external parties (oversight Departments, 联邦拨款机构, 客户/顾客)在风险操作中.
目标2制定保护员工的安全规程, 游客, 客户, 病人, 客户, 和/或供应商.
风险1: Lack of preparedness can result in the contraction and spread of serious illness among employees and constituents, and significantly impact operational performance and compliance stability.
Control 1: Appoint a 新型冠状病毒肺炎 leadership team as subject matter experts that assure departmental compliance with all laws, 规定, 授权, 安全协议, 等., to coordinate and disseminate all related notices and 通信, 并回答bet356官网首页社区的问题.
目标3: Memorialize 业务流程的变更 and internal controls necessitated by the response to the pandemic. Leadership disseminates to all staff with directives of expectations for compliance through adherence to all internal controls.
风险1:新项目, 资金来源, and/or working remotely may require doing normal business in different ways. 缺少程序变更的文件, 以及导致这些结果的决定, 让部门暴露于审计结果之中, 以及其他操作和遵从性妥协
控制1:每个业务单元将识别, 文档, 对员工进行新协议培训, 改变他们通常的协议, 和解决方法.
Control 2: Decisions are vetted and 文档ed at the senior staff level.
目标4起草远程办公和重返工作计划
风险1:无法远程继续关键操作.
Control 1: Identify critical tasks throughout the department along with responsible parties and their backups, 部门内其他单位的关键依赖关系, 外部(其他部门)——e.g. eots).
Control 2: Identify, procure and distribute the necessary equipment for employees to work remotely.
风险2:部门网络曝光, 和联邦企业系统, to malware/intrusion from unprotected home networks and equipment.
控制1:只使用部门发放的设备(pc), 笔记本电脑, cell phones) that are set up with proper security protocols (Enterprise Security Standards).
Control 2: IT staff keeps up to date weekly on cyber alerts and needed patches from CISA, 美国联邦调查局, 以及其他全国性的资源. 确保有一个协议来更新所有远程设备.
国土安全部网络警报: http://www.us-cert.gov/ncas/alerts
Control 3: Ensure all equipment used for business purposes is inventoried, 按项目和人员分类, 包括安全设置, bet356英国在线, 操作系统, 等.
Control 4: Educate staff on the cybersecurity threats due to home networks/equipment (e.g. 坚持使用安全的互联网连接), and how cyber attackers are exploiting the 新型冠状病毒肺炎 crisis through the use of phishing and social engineering. http://v0kpew.frequentflyerfriend.com/cyber-center.
风险3: Lack of a Return to Work plan impedes the ability of the department to provide a safe workplace to which to return and staff exposed to 新型冠状病毒肺炎 creates increased operational and compliance risks if staff become ill due to exposure.
控制1:保持最新的可用指导. 一些例子:
质量.政府: Covid-19-updates-and-information
GOAL 2: PROPERLY ACCOUNT FOR 新型冠状病毒肺炎 RELATED AWARDS AND EXPENDITURE ACTIVITIES.
目标1: Track 新型冠状病毒肺炎 related awards and expenditures separately from other federal, 状态, 当地活动(不混杂).
风险1: Including 新型冠状病毒肺炎 Related Federal Funds fund activities in reports with activities of other federal funds could result in an audit finding that jeopardizes 新型冠状病毒肺炎 Related Federal funding.
Control 1: Numerous controls currently exist within MMARS to develop separate accounting and reporting for 新型冠状病毒肺炎 Related Federal Funds. Given the familiarity of XYZ Department personnel with MMARS, there is a reasonable expectation that 新型冠状病毒肺炎 fund accounting, 与MMARS集成, will be monitored closely and separation can be maintained in regard to 新型冠状病毒肺炎 Related Federal Funds.
Control 2: Follow the Comptroller’s guidelines on transaction coding for 新型冠状病毒肺炎 funds – 新型冠状病毒肺炎收入和拨款政策.
Control 3: The CFO and Internal Control Officer will work closely work with the Comptroller’s Office as accounting and reporting processes continue to evolve. 内部也将制定控制措施, 必要时, 根据主计长bet356英国在线的指示, OSD, 曾帮工, 以及其他监督和管理机构.