Although these risks are ever changing, Texas Legislature passed some key bills in 2019 that will likely require districts to adopt new policies, procedures and internal controls.
Did the legislative session change your district’s risks?
No matter what changes come, the principles behind good internal controls remain constant — such as the need for formal, risk-based policies, procedures, processes and controls. The question to keep asking is, “Do our current controls match the emerging risks?”
Emerging threats and risks
To stay on top of new risks, take a “windshield” or horizon view to anticipate what’s coming and evaluate national trends that will impact your district.
How can you identify new threats?
In every district, it can be difficult to ensure appropriate funding, teachers and resources to keep up with current enrollment and state requirements. In addition, new legislation and national trends can require immediate changes using a coordinated effort and response to create appropriate controls.
To effectively identify new and emerging threats, districts should take a “windshield” or horizon view approach to assessing risks and identifying what controls need to be implemented or assessed for effectiveness and compliance. Districts should engage their internal audit teams and leverage the risk assessment process to identify emerging risks. The risk assessment approach should be a collaborative effort between key stakeholders in academic, administrative and operational positions to help identify and assess new risks associated with those emerging trends.
Following the identification of those risks, internal audit should be engaged to perform audits or consulting services to evaluate the existing controls, policies, procedures and processes to determine if they sufficiently address the risks.
What are the emerging risks?
Although these risks are ever changing, Texas Legislature passed some key bills in 2019 that will likely require districts to adopt new policies, procedures and internal controls. When considering these bills ask yourself:
- Do the internal controls, policies, procedures and processes I currently have in place sufficiently cover this new requirement and the risk that it presents?
- Who will we need to collaborate with to ensure ownership in implementing any new changes?
- What will be the impact of this bill and what processes will need to change or what funds will be required to implement its requirements?
- HB 1387 removes the limit on the number of school marshals that can be appointed on each campus.
- SB 11 requires rapid notification of parents when there’s a bomb or terroristic threat, among other requirements.
- HB 2195 requires districts to implement an active shooter emergency policy.
- SB 820 requires districts to adopt a cybersecurity policy and report breaches to parents and Texas Education Agency.
- HB 3, which changes funding formulas, requires teacher raises and funds all-day pre-kindergarten programs, will require significant accounting department changes.
Top tips for controlling risks
- Coordinate with district staff, internal audit and other key stakeholders to monitor legislative, national and cultural trends and stay ahead of emerging risks.
- Use internal audit and the risk assessment process as tools to identify and assess emerging risks.
- Risks are not stagnant, and internal controls can’t be set and forgotten.
- The most important tool for ensuring strong adherence with internal controls is “tone at the top.”