The URL can be used to link to this page

Home My WebLink About2019 Management Letter TOWN OF COHASSET, MASSACHUSETTS MANAGEMENT LETTER JUNE 30, 2019 To the Honorable Board of Selectmen Town of Cohasset, Massachusetts In planning and performing our audit of the financial statements of the Town of Cohasset, Massachusetts (“the Town”), as of and for the year ended June 30, 2019, in accordance with auditing standards generally accepted in the United States of America, we considered the Town's internal control over financial reporting as a basis for designing our auditing procedures for the purpose of expressing our opinions on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Town’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Town’s internal control. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis. Our consideration of the internal control over financial reporting was for the limited purpose described in the first paragraph of this section and would not necessarily identify all deficiencies in internal control that might be deficiencies, significant deficiencies or material weaknesses. We did not identify any deficiencies in internal control over financial reporting that we consider to be material weaknesses, as defined above. However, during our audit we became aware of several matters that are opportunities for strengthening internal controls and operating efficiency. The memorandum that accompanies this letter summarizes our comments and suggestions concerning those matters. We will review the status of these comments during our next audit engagement. We have already discussed these comments and suggestions with various Town personnel and will be pleased to discuss them in further detail at your convenience, to perform any additional study of these matters, or to assist you in implementing the recommendations. The Town’s written response to the matters identified in our audit has not been subjected to the auditing procedures applied in the audit of the financial statements and, accordingly, we express no opinion on it. This communication is intended solely for the information and use of management of the Town of Cohasset, Massachusetts, and is not intended to be and should not be used by anyone other than these specified parties. December 20, 2019 TOWN OF COHASSET, MASSACHUSETTS MANAGEMENT LETTER JUNE 30, 2019 TABLE OF CONTENTS PAGE Comments .................................................................................................................................................... 1 Documentation of Internal Controls .......................................................................................................... 2 1 Comments 2 DOCUMENTATION OF INTERNAL CONTROLS Prior Comment Documentation of Internal Controls In December 2013, the U.S. Office of Management and Budget (OMB) issued Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) in an effort to (1) streamline guidance for federal awards while easing the administrative burden and (2) to strengthen oversight over the expenditure of federal funds and to reduce the risks of waste, fraud and abuse. The Uniform Guidance supersedes and streamlines requirements from eight different federal grant circulars (including OMB Circular A-133) into one set of guidance. Local governments are required to implement the new administrative requirements and cost principles for all new federal awards and to additional funding to existing awards made after December 26, 2014 (fiscal year 2016). In conformance with Uniform Guidance, the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ‘‘Standards for Internal Control in the Federal Government’’ issued by the Comptroller General of the United States (the Green Book) and the ‘‘Internal Control Integrated Framework’’, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The COSO internal control framework is generally accepted as a best practice within the industry including the best practices prescribed by the Government Finance Officers Association (GFOA). COSO is a joint initiative of 5 private sector organizations dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. The original COSO framework was published in 1992 and has been revised several times for changes in operations, technology, and audit risk. The most recent updates to the COSO Internal Control - Integrated Framework were issued in 2013 and are available at www.coso.org. Management is responsible for internal control and to see that the entity is doing what needs to be done to meet its objectives. Governments have limited resources and constraints on how much can be spent on designing, implementing, and conducting systems of internal control. The COSO Framework can help management consider alternative approaches and decide what action it needs to take to meet its objectives. Depending on circumstances, these approaches and decisions can contribute to efficiencies in the design, implementation, and conduct of internal control. With the COSO Framework, management can more successfully diagnose issues and assert effectiveness regarding their internal controls and, for external financial reporting, help avoid material weaknesses or significant deficiencies. The COSO internal control framework incorporates 5 major components of internal control, which are supported by 17 principles of internal control as follows: 1. CONTROL ENVIRONMENT 1) Demonstrates commitment to integrity and ethical values 2) Exercises oversight responsibility 3) Establishes structure, authority, and responsibility 4) Demonstrates commitment to competence 5) Enforces accountability 3 2. RISK ASSESSMENT 6) Specifies suitable objectives 7) Identifies and analyzes risk 8) Assesses fraud risk 9) Identifies and analyzes significant change 3. CONTROL ACTIVITIES 10) Selects and develops control activities 11) Selects and develops general controls over technology 12) Deploys through policies and procedures 4. INFORMATION & COMMUNICATION 13) Uses relevant information 14) Communicates internally 15) Communicates externally 5. MONITORING 16) Conducts ongoing and/or separate evaluations 17) Evaluates and communicates deficiencies Management should evaluate and assess the government’s internal control system to determine whether: each of the five essential elements of a comprehensive framework of internal control is present; whether each element addresses all of the associated principles; and whether all five elements effectively function together. Current Status Management has begun the process of evaluating and assessing its internal control system; however, formal documentation of this assessment has yet to occur. Continuing Recommendation We continue to recommend management follow the best practice for establishing and documenting their internal control system using the COSO Internal Control Framework.