In accordance with MMB Operating Policy and Procedure 0102-02, OLA Audit Report Monitoring, a May 31, 2013 email was sent to designated agency contacts throughout state government requesting an update on the status of OLA audit corrective action plans. If you received this email, you must complete the CAPSU form and return it to the Internal Control & Accountability Unit by Monday, June 17, 2013.
The Code of Conduct is one of management’s most important tools for establishing a strong internal control environment. The Code sets an appropriate "tone at the top" by outlining the standards and expectations regarding employee honesty, integrity, and ethical behavior, and by providing mechanisms for employees to report questionable or improper activities and behaviors.
MMB Statewide Operating Policy 0103-01, Code of Conduct (and related procedures), requires each agency head and employees with applicable job responsibilities to recertify their understanding of their responsibilities under the Code and their commitment to abide by the Code’s policy provisions once each fiscal year.
For the certification form and additional Code of Conduct information/requirements please see http://www.beta.mmb.state.mn.us/code-conduct
MMB Statewide Procedure 0102-01.2, Risk Assessment, has been published and made effective immediately. This procedure is associated with MMB Statewide Operating Policy 0102-01, Internal Control.
The procedure outlines executive agency risk assessment responsibilities and requirements, including development of a risk assessment plan for applicable agencies. The document can be accessed at http://www.beta.mmb.state.mn.us/doc/ic/ra-procedure-13.pdf. Applicable agencies must follow this procedure in order to comply with the FY2013 Internal Control Structure certification requirements, pursuant to MN Statute 16A.057, subdivision 8.
Internal Controls Bulletins are authored by the Internal Control & Accountability Unit and published monthly. The intent is to provide Minnesota state government leaders and other interested parties with a quick read about specific internal control topics. Each bulletin also provides readers with suggestions and action steps for strengthening the internal controls within their organization.
If you would like to receive the Internal Controls Bulletin each month, click here.
By Subject Matter
Internal Control Structure or General Concepts
Information & Communication
Information Technology Security
Separation of Duties
Ethics & Code of Conduct
Each year, all organizations that use the SWIFT and SEMA4 systems must evaluate the security roles assigned to each of their staff and certify those role assignments to be appropriate, pursuant to MMB Statewide Operating Policy 1101-07, Security and Access. This exercise provides each organization with an excellent opportunity to re-evaluate and improve internal controls.
Management must achieve two critical objectives when assigning security roles. First, employees must be granted the access to systems, programs, and data needed to perform their specific job functions. Failure to provide sufficient access could result in business disruption or inability to deliver critical services. Second, management must maintain adequate separation between incompatible duties. Providing incompatible access to employees increases financial risk, since these employees have the ability to create and conceal fraud, misstatements, or errors in the course of their normal job duties.
Ideal segregation of duties exists when agency management separates the following functional responsibilities between business units, or at least between different individuals within a unit:
The following links provide guidance and assistance for system managers to make appropriate security role decisions.
If you have not yet responded to the email invitation for the upcoming meeting(s), please do so immediately so that we may plan accordingly.
Finally, if you would like to review the minutes from any of the previous meetings, you can find them at http://www.beta.mmb.state.mn.us/ic-meeting-minutes.