1.3 Internal controls Flashcards
Internal controls
Federal Managers Financial Integrity Act of 1982
Internal Controls mandated for each Agency and required annual reporting. 1. Obligations and costs are in compliance with applicable law 2. Funds property and other assets are safeguared against loss, unauthorized use 3. Revenues and expeditures applicable to agencies operations are properly recorded and accounted for.
Steps of Eterprise Risk Management
Establishing, assessing, correcting and reporting on internal controls. Involves a “portfolio view” meaning all areas HR, technolgoy, finance, reputation risk, etc.
DOD subdocument for implementing internal controls, and what gov docs did it referene
Federal Managers Financial Intergrity Act of 1982 came out and OMB published OMB Circular A-123 describing how to implement and DOD then created DOD 5010.40 to adress how to implement FIMFIA and OMB A-123
Annual assuarnce statements
Required by FMFIA; Annual Statement required by every federal agency on whether there is reasonable assurance that the agencies internal contols are achiving their intended objectives 2. Any material weaknesses in the agency’s controls
Internal Controls required over which processes
- Operations 2. Financial Reporting (accurate/reliable) 3. Financial Systems (compliant with law)
Primary purpose of a risk profile
provide a thoughtful analysis of the risks and Agency faces towards achieving its strategic objectivess and arising from its activities and operations
Enterprise Risk Management and development of “Risk Profiles” mandated by
OMB Circular A-123
FISCAM includes which controls
- General Controls 2. Business process application controls
Three Broad categories of internal controls which should provide reasonable assurance
Operations -efficiency of, reporting- reliable reporting, compliance - comply with law/regs
What does reasonable assurance mean for internal controls
Doesn’t mean you’ll never find waste or fraud but making best and logical effort
Internal control category of Financial Systems has two sub categories that are set by what manual
General (Security, configuration and access to entities information systems) and Business Process Application Controls (Individual Computerized applications generate complete, accurate, valid, confidential transactions); Federal Information System Controls Audit Manual (FISCAM)
Components in Green Book
- Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring
Control Environment in Internal Controls
The foundation of IC system. Discipline and structure to help an entity achieve objectives. Tone at the top, decipline, commitment to integrity, etc.
Risk Assessment in Internal Controls
Assesses the risks facing the entity as it seeks to achieve its objective. Basis for developing appropriate risk responses. Defined risk tolerances for reasonable assurance threshold.
Control Activites in Internal Controls
The actions management establishes throguh policies and procedures to achive objectives and respond to risks. Intstalling safes, segregation of duties, changing passwords, too much access, spot checks, etc…
Information and Communication in Internal Controls
The quality information management and personnel communicate and use to support the IC system. Timely accurate and validatable information. Reporitng, mid year reviews, etc.
Monitoring in internal controls
Activites management establishes and operates to assess the quality of performance over time and proptly resolve findings. Always looking for ways to improve and test controls. Testing, auditing, continuous review
OMB A-123 requires the following in annual statement of assurance
- Conduct Assessment of Internal Control 2. Identify Control Deficiencies 3. Conclude on Internal Control Principle Evaluation 4. Conclude on internal control component evaluation 5. Conclude on overall assessment of a system of internal controls
Internal Control Significant Deficiency
deficienct that is less severe than a material weakness. Reported internally in the organization, not external. Definiciency can be correted internally
Material Weakness
Significant deficiency and Agency head reports outside the agency. Non-achievement of a relevent internal control priciple. Weakness and summary of corrective actions reported to OMB and congress through AFR, PAR or other reports. Periodic progress of corrective action must also be reported
Corrective Action Plan required for and included in
Material weaknesses; reported in Agency Financial Report (AFR), Performance and Acountablity Report (PAR) or other mgmt report
Performance and Accountability Report (PAR)
Wrapped up all inclusive report that is submitted 45 days after FY.
Definicieny is deemed corrected when…
1.sufficient corrective action taken 2. Achieved desired results (corrective action must be VALIDATED)
Responsibility for IC for DOD and mandated by what
DOD 5010.40; Major responsibility USD (Comptroller), All other responsibilities to each DOD and OSC Component head
4 levels of DOD material weakness
- DOD Level - Big deal, exists in majority of DOD components 2. Component Level - Big deal throughout DOD component 3. Major Command or Field Activity Level - Throughout Major command or one or more installations 4. Installation or Activity Level - Requires attendtion of head of installation
DOD 5010.4 required USD Comptroller to
Establish Senior Management Council to advise on internal controls and Co-chair a Financial Improvement and Audit Remediation (FIAR) Governanace Board with the DOD Deputy Chief Management Officer (DCMO)
Most due dates regarding internal controls
November 15th, 45 days after end of FY
DOD Statement of assurance provides three levels of statement of assurance
- Unmodified Statement of Assurance - No material weaknesses 2. Modified - One or more material weaknesses 3. Statement of no assurance
Assessable Unit
Any unit that has its own internal controls that need to be addressed
Control Objective
Specific goal or level of control desired for an assessable unit (Unit meeting threshold to have own Internal Controls)
Annaul Statement of Assuranc required parts
- Statement of Reasonable assurance 2. Assurace regarding ICOFR (Financial Reporting) 3. Assurance regarding ICOFS (Financial Statements) 4. Unmodified/Modified/No assurance
Internal control definition
Internal Control comprises the plans, methods, policies and procedures used to fullfill the mission, strategic plan, goals and objectives of the entity. First line of defence safeguarding assets.