INTERNAL CONTROLS
(CT:DOH-42; 03-13-2025)
(Office of Origin: CGFS/FPRA/FP)
4 FAH-2 H-221 INTRODUCTION
(CT:DOH-29; 07-19-2013)
a. The internal controls built into the financial system and those imposed by the Bureau of the Comptroller and Global Financial Services (CGFS) policy must be effective and reasonable in regard to the volume of business. The U.S. disbursing officer (USDO) is held responsible for adherence to internal controls as described in this subchapter and elsewhere in 4 FAH-2 but may delegate some duties. When the USDO delegates the duties to subordinates, the USDO must formulate a procedure to ensure that the delegated tasks are being performed as required. If the presence of key individuals is a critical element in the process, the USDO must ensure that the proper individuals, or their alternates, are available for the operation.
b. Failure to observe the internal controls can result in disciplinary action up to and including dismissal. The USDO should continually search for ways to improve internal controls within the office.
4 FAH-2 H-222 INTERNAL CONTROLS AFFECTING PAYMENTS
(CT:DOH-42; 03-13-2025)
a. Entry of financial transactions into the financial system is restricted to documents that are certified or approved.
b. The USDO should ensure that there is separation of duties and effective checks and balances for the creation and transmission of electronic funds transfer (EFT) payments consistent with the EFT software constraints or capabilities. Employees are authorized access to the systems to send EFT transfers in accordance with the various security policies.
c. The EFT payments must be documented and reviewed by the USDO. The documentation must include the requirement that generated the EFT, the creation of the EFT, evidence of the transmission, and a confirmation that the EFT was processed by the financial institution.
d. Payments greater than U.S. $1 million or equivalent must be approved by the USDO.
e. Non-electronic certifying system (ECS) vouchers or schedules must be examined for certification or USDO approval.
f. For ECS vouchers, the USDO must verify that the names of the disbursing file authorizers are on file at the CGFS Center and with CGFS/DO prior to accepting and decrypting batches.
g. The USDO must approve emergency payments.
h. The USDOs at CGFS Charleston and Bangkok must initially review their respective reports from Treasury and system-produced reports reflecting the USDO accountability by the 3rd workday of the month.
i. The check stock custodian should exercise controls over U.S. Treasury checks while in the process of preparation. The controls must be designed to protect against loss or theft, to prevent the release of imperfect checks, and to promptly disclose any discrepancy. The check stock custodian and the alternate will be the only two employees who have access to the check stock inventory records.
j. The USDOs perform and document check stock reconciliations and report the results to the Director of Global Disbursing Operations on a quarterly basis.
k. Only the check stock custodian and his/her alternate shall have the combination to the check stock vault.
l. Two or more persons must participate in the daily payment cycle.
m. An employee will be appointed to oversee the payment cycle. The appointed employee will not have access to all the functions required to perform the payment cycle, including printing checks and creation of funds transfers.
n. If ECS is not being used, the USDO must use a valid, Government Accountability Office (GAO)-approved electronic sampling methodology to check the accuracy and certification of all payments and to ensure the integrity of the disbursing operations.
4 FAH-2 H-223 INTERNAL CONTROLS AFFECTING SYSTEMS
(CT:DOH-42; 03-13-2025)
a. A proper separation of duties must exist and be reflected in the systems access profiles for all CGFS personnel. Access levels and passwords and/or IDs for all systems will be under the control of the information systems security officer (ISSO). The ISSO is responsible for establishing a unique password for each employee. Employees will not share passwords and/or IDs for information systems or software. Sharing of password and/or ID is a serious offense subject to possible disciplinary action. (Sharing is the use of an employee’s password and/or ID by another employee or an employee letting another employee use his/her password and/or ID.) Proprietary bank software programs used to transfer EFTs that include common passwords that are used by all authorized users are excluded from this requirement not to share passwords.
b. Systems access within the disbursing module should be limited. Accounting employees should have access to only the accounting portion of the financial system.
c. All stand-alone computers used to perform transfers of funds will be kept in a controlled environment accessible only to those employees authorized to use the computers.
d. No employee will be authorized to perform the entire funds transfer process. Programs used to transfer funds are governed by strict separation of duties. The ISSO will not change access to information systems or software used to transfer funds without the written approval of the USDO. A written, signed request will be required and maintained by the ISSO to document changes.
e. On an annual basis, the USDO, accounting chief, payroll chief, ISSO, and other officials at the CGFS Center will review the internal controls for all systems and verify that systems accesses for all CGFS personnel support the proper separation of duties. The review must be documented and sent to the Comptroller and Assistant Secretary for CGFS.
4 FAH-2 H-224 INTERNAL CONTROLS AFFECTING ELECTRONIC FUNDS TRANSFER (EFT)
(CT:DOH-42; 03-13-2025)
a. The USDO is responsible for establishing and maintaining the controls specified in the Fedline Security Policy. The ISSO at each CGFS Center is the local security administrator for Fedline operations at the CGFS Center.
b. Following a written request from the USDO, the ISSO will control and assign local user ID and will coordinate the action required to obtain a host user code and password for each user from the Federal Reserve Bank.
c. The Fedline system will be configured so that data can only be imported into the system. Such input must be from the official financial system or other duly certified request.
d. No Fedline transactions will be made without supporting documentation.
e. Each CGFS Center will establish procedures to document Fedline payments made through the ACH using the ACDP 23 for Operating System. The Fedline payment confirmation (which is usually received two hours after the payment is sent) will become a supporting document for the Fedline payment. An individual who is not involved in either entering or approving the file will review the Fedline transactions on a daily basis. All related documents should be maintained as supporting documentation for the payment.
f. The person performing the Fedline procedure may not process a payment to his/her personal account.
g. The USDO will, in cooperation with the ISSO, ensure that two employees are required to complete the process of importing files into Fedline and sending the files to the appropriate bank. One employee and an alternate should be responsible for importing the files into Fedline, and the USDO and an assistant USDO (as the USDO alternate) should be responsible for sending the files to the Federal Reserve Bank (FRB).
h. Each USDO will establish written procedures to protect transmissions via the Society for Worldwide Interbank Financial Telecommunications (SWIFT), remote check printing, and other forms of EFT.
4 FAH-2 H-225 INTERNAL CONTROLS AFFECTING OPERATIONS
(TL:DOH-1; 06-13-2001)
The combinations to the check stock vaults and all safes in the disbursing office must be changed when staff leaves, or once a year.
4 FAH-2 H-226 THROUGH H-229 UNASSIGNED