Laws Authored by Auditor DeNucci
Chapter
647 of the Acts of 1989
Internal Control Legislation
Chapter 338 of the Acts of 2004
Chapter 647 of the Acts of 1989, a law authored by the OSA, requires the development and implementation of internal accounting and administrative control systems in state agencies, while also providing for periodic evaluation, corrective action, and immediate reporting of unaccounted-for-variances to the Office of the State Auditor.
Legislation was filed by the OSA in response to repeated audit findings of insufficient internal controls within state agencies. In addition, the OSA's "Report on Controlling and Monitoring on Non-Tax Revenue" recommended enactment of an internal control statute as part of a comprehensive effort to improve the fiscal management practices of the Commonwealth. This statute is an important aspect of the Commonwealth's efforts to strengthen integrity in financial management and to protect the state's assets.
The OSA worked closely with the Massachusetts State Comptroller, who developed the internal control guidelines that state agencies follow under this law. The full text follows.
Legislation
authored by A. Joseph DeNucci
Auditor of the Commonwealth
Chapter 647 The Commonwealth of Massachusetts
In the Year One Thousand Nine Hundred and Eighty-Nine
Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
Not withstanding any general or special law to the contrary, the following internal control standards shall define the minimum level of quality acceptable for internal control systems in operation throughout the various state agencies and departments and shall constitute the criteria against which such internal controls systems will be evaluated. Internal control systems for the various state agencies and departments of the Commonwealth shall be developed in accordance with internal control guidelines established by the office comptroller.
(A) Internal control systems of the agency are to be clearly documented and readily available for examination. Objectives for each of these standards are to be identified or developed for each agency activity and are to be logical; applicable and complete. Documentation of the agency's internal control systems should include (1) internal control procedures, (2) internal control accountability systems and (3), identification of the operating cycles. Documentation of the agency's internal control systems should appear in management directives, administrative policy, and accounting policies, procedures and manuals.
(B) All transactions and other significant events are to be promptly recorded, clearly documented and properly classified. Documentation of a transaction or event should include the entire process or life cycle of the transaction or event, including (1) the initiation or authorization of the transaction or event, (2) all aspects of the transaction while in process and (3), the final classification in summary records.
(C) Transactions and other significant events are to be authorized and executed only by persons acting within the scope of their authority. Authorizations should be clearly communicated to manages and employees and should include the specific conditions and terms under which authorizations are to be made.
(D) Key duties and responsibilities including (1) authorizing, approving, and recording transactions, (2) issuing and receiving assets, (3) making payments and (4), reviewing or auditing transactions, should be assigned systematically to a number of individuals to insure that effective checks and balances exist.
(E) Qualified and continuous supervision is to be provided to ensure that internal control objectives are achieved. The duties of the supervisor in carrying out this responsibility shall include (1) clearly communicating the duties, responsibilities and accountabilities assigned to each staff member, (2) systematically reviewing each member's work to the extent necessary and (3), approving work at critical points to ensure that work flows as intended.
(F) Access to resources and records is to be limited to authorized individuals as determined by the agency head. Restrictions on access to resources will be depend upon the vulnerability of the resource and the perceived risk of loss, both of which shall be periodically assessed. The agency head shall be responsible for maintaining accountability for the custody and use of resources and shall assign qualified individuals for that purpose. Periodic comparison shall be made between the resources and the recorded accountability of the resources to reduce the risk of unauthorized use or loss and protect against waste and wrongful acts. The vulnerability and value of the agency resources shall determine the frequency of this comparison.
Within each agency there shall be an official, equivalent in title or rank to an assistant or deputy to the department head, whose responsibility, in addition to his regularly assigned duties, shall be to ensure that the agency has written documentation of its internal accounting and administrative control system on file. Said official shall, annually, or more often as conditions warrant, evaluate the effectiveness of the agency's internal control system and establish and implement changes necessary to ensure that: (1) the documentation of all internal control systems is readily available for examination by the comptroller, the secretary of administration and finance and the state auditor, (2) the results of audits and recommendations to improve departmental internal controls are promptly evaluated by the agency management, (3) timely and appropriate corrective actions are effected by the agency management in response to an audit and (4), all actions determined by the agency management as necessary to correct or otherwise resolve matters will be addressed by the agency in their budgetary request to the general court.
All accounted for variances, losses, shortages or thefts of funds or property shall be immediately reported to the state auditor's office, who shall review the matter to determine the amount involved which shall be reported to appropriate management and law enforcement officials. Said auditor shall also determine the internal control weakness that contributed to or caused the condition. Said auditor shall then make recommendations to the agency official overseeing the internal control system and other appropriate management officials. The recommendations of said auditor shall address the correction of the conditions found and the necessary internal control policies and procedures that must be modified. The agency oversight official and the appropriate management officials shall immediately implement policies and procedures necessary to prevent a recurrence of the problems identified.
Chapter
65 of the Acts of 2002
This
law clarifies the language in the enabling statute of the OSA that is
meant to guarantee the State Auditor access to all records and documents
pertinent to an ongoing audit. Under the law's provisions, the OSA,
through action in Superior Court, can subpoena materials from and auditee
who refuses repeated oral and written request to open relevant records for
review. This limited subpoena authority is a valuable discretionary
tool for improving the effectiveness and timeliness of the audit process.
Section
7 of Chapter 46 of the Acts of 2003
This
provision effectively enacted the OSA legislative proposal, House Bill No.
5, An Act Relative to Certain Requests for Local Audits. House 5 had
been filed by Auditor DeNucci in response to an increasing number of
requests from municipalities for the State Auditor to conduct reviews of
municipal finances. Prior to passage of this provision, such
requests were turned down because the OSA audit authority did not extend
to the general review of local entities. Under the new law, the
governing body in a city, town, county, or regional school district can
vote to petition the OSA to conduct a review and must also appropriate
sufficient funds to pay for the audit services. The State Auditor
retains discretion relative to accepting any request and has the final
say on the nature and extent of the audit.
Chapter
338 of the Acts of 2004
This
new law, which makes certain technical corrections to BSI's enabling
statute, repeals statutory references that were rendered obsolete by BSI's
establishment as a division of the OSA and broadens access by BSI to
certain tax records necessary for the investigation of Medicaid fraud
cases. As such, the legislation enables BSI to more effectively
carry out its mandated investigative responsibilities.