Embed Size (px)
Citation preview
Minnesota Adoption of the Green Book
April 16, 2015Jo KaneInternal Control & Accountability Specialist
History of Internal Control Legislation
• Included in the Governor’s 2010-2011 budget recommendations
• Passed by the Legislature in the 2009 session (Minn. Statute Section 16A.057)
• Originally budgeted for up to 6 staff
MS 16A.057 Responsibilities
• Adopt statewide internal control standards and policies
• Coordinate agency training and assistance• Share internal audit resources• Monitor Office of the Legislative Auditor
reports• Report biennially on the executive branch
system of internal controls and internal audit
Timeline - Internal Control Implementation
2010 2011 2012 2013 2014 2015 2016
Develop MN infrastructure using COSO framework
Training & Outreach
First annual certification required –
CE only
Risk assessment plans required for certification
Green Book exposure draft
released
Facilitate risk assessments (train-the-trainer)
Updated COSO exposure draft
released
Discussions with agency IA/IC reps; adopt Green
Book; begin revising documentation
CE self assessment:
required transition document
Monthly Internal Control Bulletin
NOTE: Compete bulletin can be accessed at: http://mn.gov/mmb/images/September%2520ICB%25202014.docx
Agency Head Responsibilities“The head of each executive agency must annually certify that the agency head has reviewed the agency’s internal control systems, and that these systems are in compliance with standards and policies established by the commissioner [of Minnesota Management and Budget].”
We began the certification process in 2012 by requiring each agency head to certify that he/she had assess the agency’s control environment using the control environment self-assessment tool.
Control Environment – Green Book Implications
• Revised (i.e. tweaked) our guidance to conform to the 5 Green Book CE principles1. Demonstrate Commitment to Integrity and
Ethical Values2. Exercise Oversight Responsibility3. Establish Structure, Responsibility and Authority4. Demonstrate Commitment to Competence5. Enforce Accountability
Control Environment Tool• Promotes high, agency level look at controls• Contains 20 goals/control objectives that
model exemplary control behaviors• Lists recommended controls that allow
agencies to demonstrate an effective control environment
• Contains references to related Minnesota statutes, laws, rules, and policies
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior Management
Frequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Actual tool can be accessed at: http://mn.gov/mmb/images/Control%2520Environment%2520Self-Assessment%2520Tool.xlsx
CE Self-Assessment ToolRibbon identifies the specific related Green Book control environment principle(s), such as “Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability”
Item #A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible
PartyI: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters
and encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
CE Self-Assessment Tool
Control Environment Self - Assessment ToolPurpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
Item #A: Goal
1 Agency management fosters and encourages an agency culture that emphasizes the importance of integrity and ethical values.
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
B: Control Objective C: Recommended Controls1
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
B. The agency head and other applicable senior staff have signed the code of conduct certification.
C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible
Party
CE Self-Assessment ToolControl Environment Self - Assessment Tool
Purpose: Agency-wide Control Environment Self-Assessment ToolTarget Audience: Agency Senior ManagementFrequency of Review/Completion: Annually
Item # A: Goal B: Control Objective C: Recommended Controls1
D: Assessment Rank 1-3
1 - Excellent, 2 - Adequate, 3 - Inadequate
E: Action Taken/Controls Implemented
F: Action Items/Areas Needing Improvement
G: Target Completion
date
H: Responsible Party I: References2
CONTROL ENVIRONMENT: Demonstrates Commitment to Integrity and Ethical Values and Enforces Accountability1 Agency management fosters and
encourages an agency culture that emphasizes the importance of integrity and ethical values.
Agency senior management has set the proper “tone at the top” by emphasizing the importance of ethical behavior through formal and informal communication, including implementation of the Code of Conduct Policy.
A. Management fosters and encourages ethical behavior through training and communication (e.g., ethics/code of conduct training).
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
Blank Blank Blank B. The agency head and other applicable senior staff have signed the code of conduct certification.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank C. Ethics-related communications and training materials are periodically re-evaluated and updated as necessary.*
2 The agency's positive culture promotes appropriate moral and ethical behavior in dealings with co-workers.Employees know what kind of behavior is acceptable.
Agency management has communicated appropriate ethical and moral behavioral standards, disciplinary actions for unacceptable behavior and a method for employees to comfortably report questionable behavior.
A. Applicable employees have current Code of Conduct certifications on file.
MMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank B. All employees are made aware of the Code of Ethics statute.
MS 43A.38, Code of Ethics
Blank Blank Blank C. The types of disciplinary actions that can be taken are widely communicated, including penalties for misappropriation or misuse of funds.
MS 13.09, Data Practices, PenaltiesMS 15.43, Acceptance of Advantage by State Employee, PenaltyMS 43A.39, Compliance with LawMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank D. The agency has established a communication mechanism for employees to raise ethical concerns or potential Code of Conduct violations without fear of retaliation. Employees are made aware of both internal and external (e.g., MMB Human Resources, OLA, etc.) resources for seeking advice on ethical/code of conduct issues.
MS 181. 932, Disclosure of Information by Employees (Whistleblower Protection Statute)MS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor RequiredMMB Statewide Operating Policy 0103-01, Code of Conduct
Blank Blank Blank E. The agency has a formal internal process for investigating and resolving alleged wrongdoings, conflicts of interest or code of conduct concerns from employees, recipients, customers, vendors and other outside parties.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank F. As necessary, management takes appropriate action in response to instances of wrongdoing, conflicts of interest, ethical and Code of Conduct violations.
MR 3900.9500, Reporting and Investigating Conflicts of InterestMS 609.456, Subd. 2, Reporting to State Auditor and Legislative Auditor Required
Blank Blank Blank G. Management has developed a formal risk assessment plan to ensure key objectives and the reputation of the agency are protected.
MS 16A.057, Internal Controls and Internal Auditing MMB Guide to Risk Assessment and Control Activities
I: References2
MS 43A.38, Code of EthicsMS 16C.04, Code of Ethics for Procurement
MMB Statewide Operating Policy 0103-01, Code of Conduct
Risk Assessment• Assessment plans required beginning in 2013• Agencies decide which processes need formal
risk assessments, but must consider:– Items material to the CAFR– Major single audit programs– Major sources and uses of funding (financial)– Areas critical to agency mission (operational)
• Risk assessments currently underway in most agencies
Risk Assessment – Green Book Implications
• As of April 2015, we revised the policy, procedures, and guidance to conform to the Green Book principles
– Four risk assessment principles
– Three control activities principles
Risk Assessment/Control Activities Potential Issues
• Biggest sticking point is Principle 11, due to Minnesota’s recent IT consolidation– Principle 11 – Management should design control
activities for the entity’s information system• Other principles being discussed
– Principle 6 – Management should define objectives clearly … and define risk tolerances
– Principle 8 – Management should consider the potential for fraud
Other Green Book Components
• Information and Communication– Embedded in all other components– Must make this component implicit in all guidance
• Monitoring– Still to be determined
Questions?Minnesota Management and Budget (MMB) Internal Control and Accountability Unit• [email protected]• http://mn.gov/mmb/internalcontrol/
