1.3 Internal controls Flashcards
Internal controls
Federal Managers Financial Integrity Act of 1982
Internal Controls mandated for each Agency and required annual reporting. 1. Obligations and costs are in compliance with applicable law 2. Funds property and other assets are safeguared against loss, unauthorized use 3. Revenues and expeditures applicable to agencies operations are properly recorded and accounted for.
Steps of Eterprise Risk Management
Establishing, assessing, correcting and reporting on internal controls. Involves a “portfolio view” meaning all areas HR, technolgoy, finance, reputation risk, etc.
DOD subdocument for implementing internal controls, and what gov docs did it referene
Federal Managers Financial Intergrity Act of 1982 came out and OMB published OMB Circular A-123 describing how to implement and DOD then created DOD 5010.40 to adress how to implement FIMFIA and OMB A-123
Annual assuarnce statements
Required by FMFIA; Annual Statement required by every federal agency on whether there is reasonable assurance that the agencies internal contols are achiving their intended objectives 2. Any material weaknesses in the agency’s controls
Internal Controls required over which processes
- Operations 2. Financial Reporting (accurate/reliable) 3. Financial Systems (compliant with law)
Primary purpose of a risk profile
provide a thoughtful analysis of the risks and Agency faces towards achieving its strategic objectivess and arising from its activities and operations
Enterprise Risk Management and development of “Risk Profiles” mandated by
OMB Circular A-123
FISCAM includes which controls
- General Controls 2. Business process application controls
Three Broad categories of internal controls which should provide reasonable assurance
Operations -efficiency of, reporting- reliable reporting, compliance - comply with law/regs
What does reasonable assurance mean for internal controls
Doesn’t mean you’ll never find waste or fraud but making best and logical effort
Internal control category of Financial Systems has two sub categories that are set by what manual
General (Security, configuration and access to entities information systems) and Business Process Application Controls (Individual Computerized applications generate complete, accurate, valid, confidential transactions); Federal Information System Controls Audit Manual (FISCAM)
Components in Green Book
- Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring
Control Environment in Internal Controls
The foundation of IC system. Discipline and structure to help an entity achieve objectives. Tone at the top, decipline, commitment to integrity, etc.
Risk Assessment in Internal Controls
Assesses the risks facing the entity as it seeks to achieve its objective. Basis for developing appropriate risk responses. Defined risk tolerances for reasonable assurance threshold.
Control Activites in Internal Controls
The actions management establishes throguh policies and procedures to achive objectives and respond to risks. Intstalling safes, segregation of duties, changing passwords, too much access, spot checks, etc…