Not withstanding any conflict with the “Security and Privacy of Data Policy” or with the Master Services Agreement with the merchant card vendor, the enclosed requirements are to be adhered to.
To leverage the established state enterprise agreement between Division of Purchase & Contract (P&C) and a commercial card vendor bank, state agencies requiring procurement card services and/or payment card services shall acquire either or both services through P&C.
All participants in any of the Master Services Agreements (i.e., Merchant Card Services and Electronic Funds Transfer Financial Services), as well as State agencies engaging in separate arrangements, are to adhere to the appropriate security and privacy requirements that may govern the entity. Not withstanding any conflict with policies of The Office of Information Technology Services (ITS), the enclosed requirements are to be adhered to.
The reporting and withholding of taxes associated with payments made to non-U.S. citizens by universities, community colleges, and other agencies of the State of North Carolina are in accordance with the laws and regulations of the U.S. Citizenship and Immigration Services (USCIS) and the Internal Revenue Service (IRS). The U.S. Citizenship and Immigration Services define what payments may be made to aliens who perform services in the United States. The Internal Revenue Service defines which payments made to aliens are reported and subject to taxes, as well as establishes the tax rates for those payments.
All State entities either through the Office of the State Controller or University must prescribe, develop, operate, and maintain a uniform payroll system.
All State entities must prescribe, develop, operate, and maintain a uniform payroll system, in accordance with the General Statute 143B-426.40G for all State agencies
All State entities whose payroll expense requirements are provided by a payroll system administered by the Office of the State Controller (OSC), shall ensure that sufficient funds are available and remitted to the OSC payroll disbursing account; prior to the date payments are scheduled to be made to employees and vendors receiving withholdings.
All responses to requests for payroll information must comply with the provisions of G.S. 132 (Confidential Communications), and the Internal Revenue Code.
It is the policy of the State of North Carolina to comply with all applicable federal and state regulations regarding payment of deceased employees’ earnings.
All State entities shall comply with established regulations and procedures when separating employees. Separation actions should be timely to minimize payroll overpayments and errors.
All State employees must have completed and signed a Form NC-4 or NC-4 EZ upon hire. The employer must withhold tax as if the employee’s status is single with zero withholding allowances, if the form is not completed.
It is the policy of the Office of the State Controller (OSC) to comply with all applicable security standards issued by the State CIO under the authority of G. S. §143B-1376. In accordance with the requirements of Security Standard SCIO-SEC-301-00, Access Control Policy, Section AC-2, Account Management, requirement “v".
It is the policy of the Office of the State Controller (OSC) to ensure that every person accessing the North Carolina Financial System (NCFS), have the proper training and be authorized by their Agency Security Administrator.
State agencies will adopt the Internal Control – Integrated Framework (the COSO Framework) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), guidance titled Internal Control over Financial Reporting – Guidance for Smaller Public Companies, issued by COSO, and Control Objectives for Information and related Technology (COBIT) issued by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). All state agencies will use the COSO Framework, COSO guidance, and COBIT in its annual assessment and evaluation of internal control as interpreted and applied in guidance issued by the State Controller.
Agency management may not delegate its responsibility for establishing and maintaining a proper system of internal control. Agency management must establish and reinforce a strong control environment through practice and action which embodies the enclosed principles.
State agencies must make satisfactory progress in resolving deficiencies in internal control determined by the Office of the State Auditor, an agency internal auditor, a federal audit agency, or other external auditor. The State Controller may periodically request that state agencies provide copies of audit reports issued, as well as reports on actions planned and taken to resolve any reported deficiencies. If determined by the State Controller that satisfactory progress in resolving any deficiencies has not been made within a reasonable period from the date the audit report was received by the State agency, the State Controller shall consult with the State Auditor and may recommend that disciplinary action, as authorized by North Carolina General Statute §143D-12, be pursued.
Internal control evaluations will be conducted annually using guidance, forms, and other assessment tools issued by the State Controller for this purpose. Agency management will direct and lead internal control evaluations and ensure that adequate, knowledgeable resources are available to complete evaluations on a timely basis. Internal control officers, financial officers, internal auditors, process owners and others may participate in required evaluations. When necessary, agency management will seek assistance from the Office of the State Controller and will consult with the Office of the State Auditor.
The State agency Principal Executive Officer and Principal Fiscal Officer will certify, in writing, upon completion of the annual assessment of internal control and as further prescribed by the State Controller, that the signing officers are responsible for establishing and maintaining internal controls.
The State agency Principal Executive Officer and Principal Fiscal Officer will submit accurate and complete financial information to the State Controller in accordance with prescribed policies, guidelines and time schedules issued by the Office of the State Controller. The State agency Principal Executive Officer and Principal Fiscal Officer will also certify as prescribed by the State Controller to the accuracy and completeness of the information being submitted.
Agencies must maintain current documentation of business processes and procedures and other elements of internal control. In addition, documentation of annual internal control evaluations will be maintained by agencies and in a manner consistent with requirements and guidance issued by the State Controller. Documentation should meet agency needs, such as consistency in desired practices, and also be commensurate with circumstances, such as size and complexity. The extent of documentation is a matter of judgment and should be done with cost-effectiveness in mind. Agency management will follow guidance and use tools and templates issued by the State Controller to document its annual evaluation of internal control.