| List
of Program Effectiveness Standards |
 |
|
| Reference
Source |
Standards |
Component |
|
Check List
|
Comments |
|
|
1.
CONTROL ENVIRONMENT |
|
|
|
|
|
|
|
1.A
INTEGRITY AND ETHICAL VALUES |
1.1 |
The
organization has established and uses a formal code
or codes of conduct and other policies communicating
appropriate ethical and moral behavioral standards
and addressing acceptable operational practices and
conflicts of interest |
|
|
USAID
POLICIES AND PROCEDURES Functional
series 300 : Acquisition and assistance ADS
Chapter 303 : Grants and Cooperative Agreements to
NGOs |
|
|
1.2 |
An ethical tone has been established at the
top of the organization and has been communicated
throughout the organization. |
|
|
USAID
Regulations 22CFR226( 226.20-28) |
|
|
1.3 |
Dealings with the public, elected representative
employees, suppliers, auditors, and others are conducted
on a high ethical plane. |
|
|
Standards
for Internal Control in the Federal Government
|
|
|
1.4 |
Appropriate disciplinary action is taken in
response to departures from approved policies and
procedures or violations of the code of conduct.
|
|
|
|
|
|
1.5 |
Management appropriately addresses intervention
or overriding internal control. |
|
|
Internal
Control Management and Evaluation Tool |
|
|
1.6 |
Management removes temptation for unethical
behavior. |
|
|
Recipient Control Environment Assessment Checklist |
|
1.B
COMMITMENT TO COMPETENCE |
2.1 |
Management
has identified and defined the tasks required to accomplish
particular jobs and fill the various positions. |
|
|
|
|
|
2.2 |
The
organization has performed analyses of the knowledge,
skills, and abilities needed to perform jobs appropriately. |
|
|
|
|
|
2.3 |
The
organization provides training and counseling in order
to help employees maintain and improve their competence
for their jobs. |
|
|
|
|
|
2.4 |
Key
senior-level employees have a demonstrated ability
in general management and extensive practical experience
in operating governmental or business entities. |
|
|
|
|
1.C
MANAGEMENT’S PHILOSOPHY AND OPERATING STYLE |
3.1 |
Management
has an appropriate attitude toward risk-taking, and
proceeds with new ventures, missions, or operations
only after carefully analyzing the risks involved
and determining how they may be minimized or mitigated. |
|
|
|
|
|
3.2 |
Management
enthusiastically endorses the use of performance-based
management. |
|
|
|
|
|
3.3 |
There has not been excessive personnel turnover
in key functions, such as operations and program management,
accounting, or internal audit, that would indicate
a problem with the organization's emphasis on internal
control. |
|
|
|
|
|
3.4 |
Management
has a positive and supportive attitude toward the
functions of accounting, information management systems,
personnel operations, monitoring, and internal and
external audits and evaluations. |
|
|
|
|
|
3.5 |
Valuable assets and information are safeguarded
from unauthorized access or use. |
ALL
CAPITAL ASSETS
|
|
|
|
|
3.6 |
There is frequent interaction between senior
management and operating/program management, especially
when operating from geographically dispersed locations. |
|
|
|
|
1.D
ORGANIZATIONAL STRUCTURE |
4.1 |
The
organization’s organizational structure is appropriate
for its size and the nature of its operations.
|
|
|
|
|
|
4.2 |
Key
areas of authority and responsibility are defined
and communicated throughout the organization. |
To
be a part
of SOPs |
|
|
|
|
4.3 |
Appropriate
and clear internal reporting relationships have been
established. |
|
|
|
|
|
4.4 |
Management
periodically evaluates the organizational structure
and makes changes as necessary in response to changing
conditions. |
|
|
|
|
1.F
HR POLICIES AND PROCEDURES |
5.1 |
Policies
and procedures are in place for hiring, orienting,
training, evaluating, counseling, promoting, compensating,
disciplining, and terminating employees. |
|
|
|
|
|
5.2 |
Background checks are conducted on candidates
for employment. |
|
|
|
|
|
5.3 |
Employees
are provided supervision |
|
|
|
|
1.G
OVERSIGHT GROUPS |
6.1 |
Within
the organization, there are mechanisms in place to
monitor and review operations and programs. |
|
|
|
|
|
6.2 |
The organization has a board of independent and committed members meeting
at least three times annually. |
|
|
|
|
|
6.3 |
The board contributes in carrying out the :
- policy
formulation,
- financial
oversight and accountability,
- public
relations; and
- Resource
generation.
|
|
|
|
|
|
6.4 |
The organization should have a conflict
of interest policy for board members and staff. |
|
|
|
|
|
6.5 |
The
board maintains record of decisions is made available
to relevant stakeholders. |
|
|
|
|
|
6.6 |
Performance
appraisal mechanism is in
place for Board members |
|
|
|
2.
RISK ASSESSMENT |
|
|
|
|
|
|
|
2.A
ESTABLISHMENT OF ENTITY WIDE OBJECTIVES |
7.1 |
The organization has established entity wide
objectives that provide sufficiently broad statements
and guidance about what the organization is supposed
to achieve, yet are specific enough to relate directly
to the organization. |
|
|
|
|
|
7.2 |
Entity wide objectives are clearly communicated
to all employees, and management obtains feedback
signifying that the communication has been effective. |
|
|
|
|
|
7.3 |
There
is a relationship and consistency between the organization's
operational strategies and the entity wide objectives.
|
|
|
|
|
|
7.4 |
The
organization has an integrated management strategy
and risk assessment plan that considers the entity
wide objectives and relevant sources of risk from
internal management factors and external sources and
establishes a control structure to address those risks. |
|
|
|
|
2.B ESTABLISHMENT OF ACTIVITY LEVEL OBJECTIVES |
8.1 |
Activity-level
(program or mission-level) objectives flow from and
are linked with the organization’s entity wide objectives
and strategic plans.
Activity-level
objectives include measurement criteria. |
|
|
|
|
|
8.2 |
Activity-level
objectives are complementary, reinforce each other,
and are not contradictory. |
|
|
|
|
|
8.3 |
The
activity-level objectives are relevant to all significant
organization processes. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2.C
RISK IDENTIFICATION |
9.1 |
Management
comprehensively identifies risk using various methodologies
as appropriate. |
To
be seen folded with 1.C |
|
|
|
|
9.2 |
Adequate
mechanisms exist to identify risks to the organization
arising from external factors. |
-do- |
|
|
|
|
9.3 |
Adequate
mechanisms exist to identify risks to the organization
arising from internal factors. |
-do- |
|
|
|
|
|
|
|
|
|
|
2.D
RISK ANALYSIS |
10.1 |
After
the risks to the organization have been identified,
management undertakes a thorough and complete analysis
of their possible effect. |
-do- |
|
|
|
|
10.2 |
Management
has developed an approach for risk management and
control based on how much risk can be prudently accepted. |
-do- |
|
|
|
2.E
MANAGING RISK DURING CHANGE |
11.1 |
The
organization has mechanisms in place to anticipate,
identify, and react to risks presented by changes
in governmental, economic, industry, regulatory, operating, or other conditions that can affect
the achievement of entity-wide or activity-level goals
and objectives. |
-do- |
|
|
|
|
11.2 |
The organization gives special attention to
risks presented by changes that can have a more dramatic
and pervasive effect on the entity and may demand
the attention of senior officials. |
-do- |
|
|
3.
CONTROL ACTIVITIES |
|
|
|
|
|
|
|
3.A GENERAL APPLICATION |
12.1 |
Appropriate
policies, procedures, techniques, and mechanisms exist
and are regularly evaluated with respect to each of
the organization's activities. |
|
|
|
|
|
12.2 |
The
control activities identified as necessary are in
place and being applied. |
|
|
|
|
|
12.3 |
Control
activities are regularly evaluated to ensure that
they are still appropriate and working as intended. |
|
|
|
|
3.B COMMON CATEGORIES OF CONTROL ACTIVITIES |
13.1 |
Top-Level
Reviews. Management tracks major organization achievements
in relation to its plans. |
It
includes Board level Reviews as well |
|
|
|
|
13.2 |
Segregation
of duties. Key duties and responsibilities are divided
or segregated among different people to reduce the
risk of error, waste, or fraud. |
|
|
|
|
INFORMATION SYSTEM GENERAL
CONTROL |
|
|
For
Manual, IT and hybrid systems |
|
|
|
3.C
ENTITY
WIDE SECURITY MANAGEMENT PROCESS |
14.1 |
The
organization periodically performs a comprehensive,
high-level assessment of risks to its information
systems. |
If
applicable |
|
|
|
|
14.2 |
Information
system security guidelines are available in organizations. |
|
|
|
|
3.
E APPLICATION SOFTWARE DEVELOPMENT AND CHANGE CONTROL |
15.1 |
Information
system processing features and program modifications
are properly authorized. |
|
|
|
|
|
15.2 |
All
new or revised software is thoroughly tested and approved. |
|
|
|
|
|
15.3 |
The
organization has established procedures to ensure
control of its software libraries, including labeling,
access restrictions, and use of inventories and separate
libraries. |
|
|
|
|
3.
F SYSTEM SOFTWARE CONTROL |
16.1 |
The organization limits access to system software
based on job responsibilities, and access authorization
is documented. |
|
|
|
|
|
16.2 |
Access
to and use of system software is controlled and monitored. |
|
|
|
|
|
16.3 |
The
organization controls changes made to the system software. |
|
|
|
|
3.H
SERVICE CONTINUITY |
17.1 |
The
criticality and sensitivity of computerized operations
have been assessed and prioritized, and supporting
resources have been identified. |
If
applicable |
|
|
|
|
17.2 |
The
organization has taken steps to prevent and minimize
potential damage and interruption through the use
of data and program backup procedures including off-site
storage of backup data as well as environmental controls,
staff training, and hardware maintenance and management. |
-do- |
|
|
|
|
17.3 |
Management
has developed and documented a comprehensive contingency
plan. |
-do- |
|
|
|
|
17.4 |
The organization periodically tests the contingency
plan and adjusts it as appropriate. |
|
|
|
|
INFORMATION SYSTEM APPLICATION
CONTROL |
|
|
|
|
|
|
3.I AUTHORIZATION CONTROL |
18.1 |
Source
documents are controlled and require authorization.
|
|
|
|
|
|
18.2 |
Data
entry terminals have restricted access. |
|
|
|
|
|
18.3 |
Master
files and exception reporting are used to ensure that
all data processed are authorized. |
|
|
|
|
3.J COMPLETENESS CONTROL. |
19.1 |
All
authorized transactions are entered into and processed
by the computer. |
Not
applicable to all |
|
|
|
|
19.2 |
Reconciliations are performed to verify data
completeness. |
|
|
|
|
3.
K ACCURACY
CONTROL |
20.1 |
The
organization's data entry design features contribute
to data accuracy. |
|
|
|
|
|
20.2 |
Data
validation and editing are performed to identify erroneous
data. |
|
|
|
|
|
20.3 |
Erroneous data are captured, reported, investigated,
and promptly corrected. |
|
|
|
|
|
20.4 |
Output reports are reviewed to help maintain
data accuracy and validity. |
|
|
|
|
|
|
|
|
|
|
|
3.
L CONTROL
OVER INTEGRITY OF PROCESSING AND DATA FILES |
21.1 |
Procedures
ensure that the current versions of production programs
and data files are used during processing. |
|
|
|
|
|
21.2 |
Programs include routines to verify that the
proper version of the computer file is used during
processing. |
|
|
|
|
|
21.3 |
Programs
include routines for checking internal file header
labels before processing. |
|
|
|
|
|
21.4 |
The application protects against concurrent
file updates. |
|
|
|
4.
INFORMATION AND COMMUNICATIONS |
|
|
|
|
|
|
|
4.
A INFORMATION |
22.1 |
Information
from internal and external sources is obtained and
provided to management as a part of the organization's
reporting on operational performance relative to established
objectives. |
|
|
|
|
4.B COMMUNICATIONS |
23.1 |
Management
ensures that effective internal communications occur.
|
Although
it was agreed to delete 23.1 and 23.2 but yet there
is a value in retaining these |
|
|
|
|
23.2 |
Management
ensures that effective external communications occur
with groups that can have a serious impact on programs,
projects, operations, and other activities, including
budgeting and financing. |
|
|
|
|
4.C FORMS AND MEANS OF COMMUNICATION |
24.1 |
The
organization employs many and various forms and means
of communicating important information with employees
and others. |
|
|
|
|
|
24.2 |
The
organization manages, develops, and revises its information
systems in an effort to continually improve the usefulness
and reliability of its communication of information.
|
|
|
|
5.
MONITORING |
|
|
|
|
|
|
|
5.A MONITORING AND EVALUATION |
25.1 |
Management
has a strategy to ensure that ongoing monitoring is
effective and will trigger separate evaluations where
problems are identified or systems are critical and
testing is periodically desirable. |
|
|
|
|
|
25.2 |
M&E
system exist that defines and tracks indicators of
success and allows for program modifications during
implementation. |
Adding
a few points to this section |
|
|
|
|
25.3 |
Baseline
data measurements are monitored and regularly analyzed. |
|
|
|
|
|
25.4 |
Evaluation
assessments are used to adjust programs as required |
|
|
|
|
|
25.5 |
Appropriate
organizational structure and supervision help provide
oversight of internal control functions. |
|
|
|
|
|
25.6 |
All
functional areas/departments monitor, and evaluate
their performance annually on the basis of agreed
criteria. The evaluations are reviewed with in the
context of the whole organizations |
|
|
|
|
|
25.7 |
There
is timely production of quality reports in accordance
with donors, supporters and other key stakeholder’s
requirements. Organizations provide regular information
on its work and success to these recipients |
|
|
|
|
5.
C
AUDIT RESOLUTION |
26.1 |
The
organization has a mechanism to ensure the prompt
resolution of findings from audits and other reviews. |
|
|
|
|
|
26.2 |
Organization management is responsive to the
findings and recommendations of audits and other reviews
aimed at strengthening internal control. |
|
|
|
|
|
26.3 |
The
organization takes appropriate follow-up actions with
regard to findings and recommendations of audits and
other reviews. |
|
| |
|
|
|
|
|
