2022 Certification of Internal Controls over the Payment Process
For the certification due by April 30, 2022, in addition to the annual Certification of Internal Controls over the Payment Process and voucher authorizer designation process, each agency is required to assess controls over the proper use of a purchase order.
A purchase order (PO) is used to authorize a vendor to provide goods or services at a dollar amount within the agency’s authority as set in law or by contract. It also communicates critical information to the vendor including the contract number, specific goods or services ordered, price and delivery date, thereby supporting agency and vendor collaboration.
Using a PO ensures purchasing staff follow a consistent process. For online agencies, the PO in SFS enables the State to (i) establish proper internal controls over the purchasing function, (ii) enhance procurement intelligence, and (iii) better manage planned cash spending.
As stated in Chapter XI-A, Section 3 - Purchase Orders of the OSC Guide to Financial Operations (GFO) agencies are required to use a PO for all single purchases of $10,000 or more, or where the use of a PO is otherwise required in the contract terms, from vendors classified as “procurement suppliers” in the NYS vendor file. In addition, all purchases from agency contracts require POs.
Agencies will be required to assess whether their controls ensure the proper use of purchase orders to effectively manage procurements. For example, agencies should consider the following as part of their testing:
Please refer to the following references in this Guide for additional information on these topics:
To help agencies assess internal controls over the proper use of purchase orders, we will provide an Internal Controls Assessment Program.
For the certification due by April 30, 2022, in addition to the annual Certification of Internal Controls over the Payment Process and voucher authorizer designation process, each agency is required to assess controls over the proper use of a purchase order.
A purchase order (PO) is used to authorize a vendor to provide goods or services at a dollar amount within the agency’s authority as set in law or by contract. It also communicates critical information to the vendor including the contract number, specific goods or services ordered, price and delivery date, thereby supporting agency and vendor collaboration.
Using a PO ensures purchasing staff follow a consistent process. For online agencies, the PO in SFS enables the State to (i) establish proper internal controls over the purchasing function, (ii) enhance procurement intelligence, and (iii) better manage planned cash spending.
As stated in Chapter XI-A, Section 3 - Purchase Orders of the OSC Guide to Financial Operations (GFO) agencies are required to use a PO for all single purchases of $10,000 or more, or where the use of a PO is otherwise required in the contract terms, from vendors classified as “procurement suppliers” in the NYS vendor file. In addition, all purchases from agency contracts require POs.
Agencies will be required to assess whether their controls ensure the proper use of purchase orders to effectively manage procurements. For example, agencies should consider the following as part of their testing:
- Did the agency issue POs where required?
- Did the agency include adequate details in the PO line(s) to describe the specific goods or services ordered as well as the related price(s)?
- Did the agency properly configure the PO for receiving?
- Did the agency ensure POs reference the appropriate payment and discount terms offered by the vendor?
- Did the agency process the PO appropriately when planning to pay for a purchase using a PCard?
Please refer to the following references in this Guide for additional information on these topics:
- Chapter XI-A, Section 3 - Purchase Orders
- Chapter XI-A, Section 9 – Receiving
- Chapter XII, Section 5.F.4 - Selecting the Appropriate Payment Terms
- Chapter XII, Section 8.B - Matching
To help agencies assess internal controls over the proper use of purchase orders, we will provide an Internal Controls Assessment Program.
Best Practices
- Provide OSC with one certification form for each Statewide Financial System (SFS) Business Unit (BU)
- Maintain audit documentation that includes, but is not limited to, the following:
- Methodology to support the sample size and testing.
- Summary of testing results
- Recommendations
- Corrective action plan
- Identifies control weaknesses
- Assesses risk and includes the related steps to address them
- Documents implementation and monitoring plan (e.g., dates, etc.)