You are here: XII. Expenditures > 4. Payment Certification Requirements > D. Certification of Internal Controls over the Payment Process

XII.4.D
Certification of Internal Controls over the Payment Process

 

 

SECTION OVERVIEW AND POLICIES

 

Title 2, Chapter I, Part 6.6 of the New York Codes, Rules and Regulations requires each agency to maintain adequate internal controls over the payment process to support the validity of the agency claim certification for processing payments. For more information, please refer to Section XII.4.B - Certification of Vouchers of this Chapter. The agency should establish sufficient internal controls over claims processing to ensure claims are appropriate to pay. These controls must include, but are not limited to, the following:

  1. To the extent feasible, separation of duties relating to vendor registration, ordering, receiving and payment functions;

  2. To the extent feasible, separation of on-line data entry of claims from claim certification functions; and

  3. Security over authorized access to agency controlled systems in the form of operator identification and passwords.

 

In addition, Part 6.6 requires the head of the agency (e.g., Commissioner, Chancellor, Executive Director) to submit an internal controls certification form to the Comptroller certifying that their agency has established such a system of internal control over the payment process. The agency head is required to complete this certification annually or upon change of the agency head.

 

Process and Document Preparation:

 

The head of the agency may use a variety of resources, tools and techniques to obtain evidence to support the certification of internal controls over the payment process. This may include internal audit programs, checklists or other tools.

 

The Comptroller’s office will provide a series of programs concerning controls related to specific segments of the payment process or particular payment types. Agency heads may consider using these programs to help assess internal controls over the agency’s payments.

 

Internal Control Assessment Programs:

 

 

In addition to requiring agency heads to submit the annual certification form, the Comptroller will require agency heads to assess the internal controls for one or more particular areas each year.

 

The agency head must complete and retain documentation to support its assessment of internal controls over the payment process and all additional segments required by the Comptroller. The agency head must also email a completed and signed certification form to BSEInternalControlCert@osc.state.ny.us on or before April 30 for each year. A separate certification form should be submitted for each Business Unit.

 

2018 Certification

 

For the certification due on April 30, 2018, in addition to the annual certification of internal controls over the payment process, each agency (including customers of the Business Service Center or another agency) should assess controls over: (i) the agency’s process to obtain evidence to support claims for payment are just, true and correct, and therefore appropriate to pay; and (ii) the record retention of documentation supporting payment claims.

 

According to Title 2, Chapter I, Part 6.5 of the New York Codes, Rules and Regulations, when certifying a claim to the Comptroller, the agency certifier should satisfy himself or herself that acceptable evidence of receipt and/or inspection is on file. Title 2, Chapter I, Part 6.7 of the New York Codes, Rules and Regulations requires that any claim for payment be supported by sufficient original source documentation.

 

The original source documentation, along with other supporting records, must be retained in accordance with records disposition schedules approved by the State Archives and Records Administration. Agencies must maintain effective audit trails to such records, and upon request, provide the records promptly to the State Comptroller via electronic transmission or hard copy.

 

Confirming the existence of source documentation and other audit evidence, and verifying its appropriateness and sufficiency, are fundamental steps to determine whether a claim is appropriate to pay. We will provide an Internal Control Assessment Program to help agencies assess internal controls processes over evidence and record retention.

 

To help agencies assess internal controls over this process, we have provided an Internal Control Assessment Program for Evidence and Record Retention.

 

Please note: Agencies that are customers of the Business Service Center (BSC) or are hosted by another agency are required to certify any controls over the portion of the payment processes that take place at the agency.

 

The agency head should email the completed and signed annual certification form to BSEInternalControlCert@osc.state.ny.us on or before April 30, 2018. A separate form should be submitted for each Business Unit.

 

Please refer to the following sections for additional guidance on this topic:

Chapter XII.3 - Record Retention - Accounts Payable Vouchers and Land Claims

Chapter XIII.3 - Record Retention – Travel and Expense

Chapter XIV.9 - Statewide Financial System Imaging and Attachment Guidance


2019 Certification

 

For the certification due on April 30, 2019, in addition to the annual certification of internal controls over the payment process, each agency (including customers of the Business Service Center or another agency) should assess controls over: (i) the Procurement Card purchase process and (ii) contracts requiring electronic payments.

 

Please note: Agencies that are customers of the Business Service Center (BSC) or are hosted by another agency are required to certify any controls over the portion of the payment processes that take place at the agency.

 

Procurement Card Purchases

The State’s Procurement Card (PCard) is a procurement and payment method designed to expedite purchases, obtain rebates, and issue payments. When properly used, the PCard is an efficient and cost-effective alternative to a variety of traditional labor-intensive procurement and payment tools.

 

While the PCard is an alternate procurement and purchase method, agencies are still required to assess whether controls over PCard use are working as intended. For example, agencies should consider the following as part of their testing:

 

 

Please refer to the following references for additional guidance on these topics:

OGS Procurement Guidelines

GFO: Chapter XI-A.4 – Procurement Card Purchases

Chapter XII.6.Q.1 – Paying and Reconciling Procurement Card Charges

Chapter XV.4A. – Reconciling Prior Fiscal Year Credit Card Charges

SFSSecure – Job Aids – Procurement Card Module

Clarification to Travel and Procurement Card Program Memo For State Agencies

 

To help agencies assess internal controls over this procurement and purchase method, we will provide an Internal Control Assessment Program for Procurement Card Purchases.

 

Contracts Requiring Electronic Payments

 

All centralized contracts dated June 2014 or later contain Appendix B, which requires electronic Payments (ePayments) unless payment by paper check is expressly authorized by the Commissioner of the Office of General Services due to extenuating circumstances. In addition, agency-specific contracts, property leases, and contracts originating in the Grants Gateway may also require vendors to accept ePayments.

 

Agencies will be required to assess whether their controls that ensure compliance with contract payment terms are working as intended. For example, agencies should consider the following as part of their testing:

 

 

To help agencies assess internal controls over this payment type requirement, we will provide an Internal Control Assessment Program for Contracts Requiring Electronic Payments.

 

Please refer to the Frequently Asked Questions for further guidance regarding the certification of internal controls over the payment process. For any additional questions, please contact BSEInternalControlCert@osc.state.ny.us.

 

 

 

 

Guide to Financial Operations
REV. 12/15/2017