Скачать презентацию Internal Control Process FY 2008 Program Managers Internal Скачать презентацию Internal Control Process FY 2008 Program Managers Internal

e8ecf36ac38c3d05b95c9abd4fde76cd.ppt

  • Количество слайдов: 55

Internal Control Process FY 2008 Program Managers’ Internal Control Program Internal Control Process FY 2008 Program Managers’ Internal Control Program

Agenda • • Background Roles and Responsibilities Internal Control Plan Internal Control Evaluations Financial Agenda • • Background Roles and Responsibilities Internal Control Plan Internal Control Evaluations Financial Reporting Annual Statement of Assurance Check It 2

Background • • • Statutory Authority Army Internal Policy Purpose of AR 11 -2 Background • • • Statutory Authority Army Internal Policy Purpose of AR 11 -2 Internal Control References and Training Sites 3

Background Statutory Authority • The Federal Managers’ Financial Integrity Act (Integrity Act) requires the Background Statutory Authority • The Federal Managers’ Financial Integrity Act (Integrity Act) requires the head of each executive agency to: – Establish internal controls to provide reasonable assurance that: obligations and cost are in compliance with applicable laws; funds, property, and other assets are safeguarded against waste, loss, or unauthorized use, or misappropriation; revenues and expenditures are properly recorded and accounted for; and programs are efficiently and effectively carried out according to applicable law and management policy. – Report annually to the President and Congress on whether these internal controls comply with requirements of the Integrity Act. 4

Background Army Internal Control Policy • All commanders and managers have an inherent responsibility Background Army Internal Control Policy • All commanders and managers have an inherent responsibility to establish and maintain effective internal controls, assess areas of risk, identify and correct weaknesses in those controls and keep their superiors informed. • Heads of reporting organizations and assessable unit managers will give high priority to the prompt correction of material weaknesses and to the effective implementation of internal controls that – – Are identified as key internal controls by HQDA functional proponents. – Pertain to DOD high risk areas. – Pertain to other high risk areas identified by DOD or Army leadership. – Pertain to identified areas of vulnerability. 5

Background AR 11 -2, Management Controls • Prescribes policies and responsibilities for the Army’s Background AR 11 -2, Management Controls • Prescribes policies and responsibilities for the Army’s internal control process. • Applies to all Army organizations and programs. • Reinforce the accountability of Army commanders and managers for establishing and maintaining effective internal controls. • Provide managers with greater flexibility in their evaluation of internal controls. 6

Background Internal Control References • Do. D Website: http: //www. defenselink. mil/comptroller/micp/index. html • Background Internal Control References • Do. D Website: http: //www. defenselink. mil/comptroller/micp/index. html • Federal Managers’ Financial Integrity Act of 1982 (PL 97 -255) • OMB Circular A-123, Management’s Responsibility for Internal Control, August 5, 2005 (Recently revised) • Do. D Instruction 5010. 40, Managers’ Internal Control Program Procedures, January 4, 2006 • Guidelines for Preparation of the Federal Managers’ Financial Integrity Act Annual Assurance Statement – http: //www. defenselink. mil/comptroller/micp/04_Guidance/ • GAO Standards for Internal Control in the Federal Government, November 1999. http: //www. gao. gov/special. pubs/ai 00021 p. pdf 7

Background References & Training Sites • Annual Statement of Assurance • http: //www. asafm. Background References & Training Sites • Annual Statement of Assurance • http: //www. asafm. army. mil/fo/fod/mc/mc. asp • Army Reserve Readiness Training Center – ARRTC Internal Control Training – Becoming a Internal Control Administrator - 9 Modules (certificates) https: //arrtc. mccoy. army. mil 8

Background Internal Controls • The rules, procedures, techniques and devices employed by managers to Background Internal Controls • The rules, procedures, techniques and devices employed by managers to ensure that what should occur in their daily operations does occur on a continuing basis. • Internal controls include such things as: – the organization structure itself (designating specific responsibilities and accountability), – formally designed procedures (e. g. required certifications and reconciliations), – checks and balances (e. g. separation of duties), – recurring reports and internal reviews, supervisory monitoring, – physical devices (e. g. locks and fences), – a broad array of measures used by managers to provide reasonable assurance that their subordinates are performing as intended. 9

Background Key Internal Controls • Absolutely essential controls which must be implemented and sustained Background Key Internal Controls • Absolutely essential controls which must be implemented and sustained in daily operations to ensure operational effectiveness and compliance with legal requirements. • Identified by HQDA functional proponents in their governing AR’s establish the baseline requirement for internal control evaluations. • Internally developed for functions not covered in ARs. 10

Roles and Responsibilities • • • Internal Control Organization Reporting Organizations Senior Responsible Official Roles and Responsibilities • • • Internal Control Organization Reporting Organizations Senior Responsible Official Assessable Unit Manager Internal Control Administrator (ICA) Army Audit Agency (AAA) 11

Roles and Responsibilities Internal Control Organization AAA w evie al R nnu rogram A Roles and Responsibilities Internal Control Organization AAA w evie al R nnu rogram A of P ASA(FM&C) e d ui G c an ICA ts en St ts i ud A ICA Reporting Organization SRO AUM Headquarters Principal Army Command Army Service Component Command Direct Reporting Unit m e at SRO AUM AUM 12

Roles and Responsibilities Reporting Organizations HQDA staff agencies, Army Commands, Army Service Component Commands, Roles and Responsibilities Reporting Organizations HQDA staff agencies, Army Commands, Army Service Component Commands, and Direct Reporting Units are the primary reporting organizations in the Army internal control process. The heads of these organizations are responsible for carrying out the Army internal control process within their organizations and will – – Provide leadership and support needed to ensure that internal controls are in place and operating effectively. – Submit an annual statement of assurance that accurately describes the status of internal controls within their own organizations, to include any material weaknesses and plans for corrective action. 13

Roles and Responsibilities Senior Responsible Officials Have overall responsibility for ensuring the implementation of Roles and Responsibilities Senior Responsible Officials Have overall responsibility for ensuring the implementation of an effective internal process within their organizations. They will: – Designate a internal control administrator to administer the internal control process within the reporting organization and to serve as a focal point for all internal control matters. – Oversee the preparation of an annual statement that accurately describes the status of internal controls in the reporting organization and fully disclose any material weaknesses in internal controls, along with plans for corrections. 14

Roles and Responsibilities Assessable Unit Manager • Designated by the head of the reporting Roles and Responsibilities Assessable Unit Manager • Designated by the head of the reporting organization. • Must be at least a Colonel, GM-15 or YC-03, with the exception of Army garrisons. • Provide leadership and support needed to ensure that internal controls are in place and operating effectively. • Maintain a internal control plan. • Conduct internal control evaluations. • Maintain required documentation. • Certify the results of evaluations. US US • Report material weaknesses. 15

Roles and Responsibilities Internal Control Administrators (ICA) Administer the Internal Control Process (ICP) within Roles and Responsibilities Internal Control Administrators (ICA) Administer the Internal Control Process (ICP) within the Reporting Organization. They: • Maintain ICP. • Identify the need for and conduct training. • Coordinate the preparation of the organizations Annual Assurance Statement. • Ensure Material Weakness are tracked. 16

Roles and Responsibilities Army Audit Agency (AAA) AAA’s role in ICP: • Review internal Roles and Responsibilities Army Audit Agency (AAA) AAA’s role in ICP: • Review internal controls in audits. • Recommend key controls. • Advise the Senior Level Steering Group. • Identify potential Army weaknesses. • Validate closure of every Army weakness. • Conduct annual review of ICP & statement. • Issue independent Auditor General assessment. 17

Internal Control Plan • Must be developed by management. • Need not be lengthy Internal Control Plan • Must be developed by management. • Need not be lengthy and any format may be used. • Must cover the key internal controls identified by HQDA functional proponents http: //www. asafm. army. mil/fo/fod/mc/mc. asp). • Must clearly indicate: – Which areas will be evaluated. – Who will conduct each evaluation. – When each evaluation will occur. • Must be kept current. It must be updated annually. • It is helpful to include the governing regulation relating to each evaluation area. 18

Internal Control Plan 19 Internal Control Plan 19

Internal Control Plan • Goal is to provide reasonable assurance that Army programs are Internal Control Plan • Goal is to provide reasonable assurance that Army programs are being executed efficiently and effectively. • Should be tied to a risk assessment process; controls for high-risk areas should be evaluated more often than controls for less risky areas. • May be developed at either the reporting organization or assessable unit level. • Is a written plan for conducting internal control evaluations within the assessable unit over a five-year period. • Permitted to supplement ICP with additional evaluations that address the unique needs of the assessable unit. 20

Internal Control Plan Risk Assessment What is Risk? The probable or potential adverse effects Internal Control Plan Risk Assessment What is Risk? The probable or potential adverse effects from inadequate internal controls that may result in the loss of Government resources through fraud, error or mismanagement. 21

Internal Control Plan Risk Assessment • Assessment made by management – Identify mission objectives Internal Control Plan Risk Assessment • Assessment made by management – Identify mission objectives – Identify risks (qualitative and quantitative) • Risk = Unauthorized access – Control = Electronic lock on the door – Control Deficiency = unauthorized entry occurs Was entry due to a design or operation deficiency? – Design Deficiency = Weak Design of lock – Operation Deficiency = Lock Design good but not used 22

Internal Control Evaluations • Must be conducted in accordance with the ICP. • Choose Internal Control Evaluations • Must be conducted in accordance with the ICP. • Choose an evaluation method: – Checklists prescribed by the governing AR. – Alternative methods using existing management review processes (audits, reviews, inspections, etc. ). • Determine the scope of the evaluation (number of records, timeframe, etc. ). • Determine the testing method: – – Observation. Interview. Documentation review. Simulation. 23

Internal Control Evaluations • Must be documented on DA Form 11 -2 -R. • Internal Control Evaluations • Must be documented on DA Form 11 -2 -R. • Must include, at a minimum, the following: – – Which functional proponent conducted the evaluation. Which methods were used to conduct the evaluation. What internal control deficiencies were detected. Which corrective actions will be taken. • Must be certified by the Assessable Unit Manager. 24

Internal Control Evaluations 25 Internal Control Evaluations 25

Financial Reporting Focus Areas Financial Statement Segment Target Organizations Federal Employees Compensation Act G-1, Financial Reporting Focus Areas Financial Statement Segment Target Organizations Federal Employees Compensation Act G-1, ACOM, ASCC, DRU Accounts Receivable HQDA, ACOM, ASCC, DRU Military Equipment ACOM, ASCC, DRU General Equipment HQDA, ACOM, ASCC, DRU Real Property IMCOM, ARNG, AMC Inventory AMC Operating Materials & Supplies ACOM, ASCC, DRU Appropriations Received OASA(FM&C) Environmental Liabilities ACOM, ASCC, DRU Account Payable HQDA, ACOM, ASCC, DRU Medicare-Eligible Retiree Health Care MEDCOM 26

Financial Reporting Focus Areas • Transactions completed at your level that effect the focus Financial Reporting Focus Areas • Transactions completed at your level that effect the focus areas. • MUST Perform Risk Assessment • MUST Document Internal Controls • MUST Report Results • CANNOT provide assurance without testing. • Provide a level of assurance – Unqualified – Qualified – No assurance 27

Statement of Assurance • Is a requirement of Federal Managers’ Financial Integrity (FMFIA) Act Statement of Assurance • Is a requirement of Federal Managers’ Financial Integrity (FMFIA) Act of 1982. • Provides an objective assessment of internal controls. • Is supported by annual feeder statements received from Commanders of Army Commands, Army Service Component Commands, Direct Reporting Units and HQDA Principals. • Supports the Secretary of Defense’s statement to the President and Congress. • These annual statements are personal certifications of the commander/principal deputy on the effectiveness of internal controls within their respective organizations. 28

Statement of Assurance Important Dates May 16 Statements from Army Commands, Army Service Component Statement of Assurance Important Dates May 16 Statements from Army Commands, Army Service Component Commands and Direct Reporting Units due to OASA (FM&C). May 30 Statements from Headquarters Principals due to OASA (FM&C). August 29 Final signed Army statement delivered to the Secretary of Defense. 29

Statement of Assurance Statement consists of: • Cover memo. • Tab A – how Statement of Assurance Statement consists of: • Cover memo. • Tab A – how the assessment was conducted. • Tab B – the material weaknesses being reported. The Army’s statement is supported by: • Feeder statements from Army Commands, Army Service Component Commands and Direct Reporting Units. 30

Statement of Assurance Cover Memorandum • Types of Assurance – Unqualified (reasonable assurance) – Statement of Assurance Cover Memorandum • Types of Assurance – Unqualified (reasonable assurance) – Qualified (reasonable assurance except for) – No reasonable assurance • Format of Cover Letter – Assurance – Overall Program (FMFIA) – Basis for Assurance (reference TAB A) – Assurance - Financial Reporting (OMB Circular A-123, Appendix A) – Signed by Commander or principal deputy. 31

Statement of Assurance Unqualified I am able to provide an unqualified statement of reasonable Statement of Assurance Unqualified I am able to provide an unqualified statement of reasonable assurance (no material weaknesses being reported) that the (name of Activity) internal controls meet the objectives of FMFIA overall programs, administrative, and operations. This statement must be included. TAB A provides additional information on how the (name of Activity) conducted the assessment of internal controls for the FMFIA overall process, which was conducted according to OMB Circular A-123, Management’s Responsibility for Internal Controls. In addition, TAB A provides a summary of the significant accomplishments and actions taken to improve Activity internal controls during the past year. 32

Statement of Assurance Qualified I am able to provide a qualified statement of reasonable Statement of Assurance Qualified I am able to provide a qualified statement of reasonable assurance (one or more material weaknesses being reported) that internal controls meet the objective of FMFIA overall programs, administrative and operations with exception of (number) material weakness(es) described in TAB B. These material weaknesses were found in the internal controls over the effectiveness and efficiency of operations and compliance with applicable laws and regulations as of the date of this memorandum. Other than the material weaknesses noted in TAB B the internal controls were operating effectively and no other material weaknesses were found in the design or operation of the internal controls. 33

Statement of Assurance Qualified (con’t. ) This statement must be included. TAB A provides Statement of Assurance Qualified (con’t. ) This statement must be included. TAB A provides additional information on how the (name of Activity) conducted the assessment of internal controls for the FMFIA overall process, which was conducted according to OMB Circular A-123, Management’s Responsibility for Internal Controls. In addition, TAB A provides a summary of the significant accomplishments and actions taken to improve Activity internal controls during the past year. 34

Statement of Assurance Qualified (con’t. ) Activity’s statement will include the following paragraph if Statement of Assurance Qualified (con’t. ) Activity’s statement will include the following paragraph if the Activity identified material weaknesses, either in the current fiscal year or past fiscal years: The (Activity) FMFIA overall evaluation did identify material weaknesses. TAB B-1 is a list of weaknesses that still require corrective action and those corrected during the period. TAB B-2 is an individual narrative for each uncorrected material weakness listed in TAB B-1. (Include the previous two sentences if your Activity has uncorrected material weaknesses. ) TAB B-3 is an individual narrative for each material weakness corrected during the period. (Include the previous sentence if your Activity corrected any material weaknesses during the past fiscal year. ) 35

Statement of Assurance No Reasonable Assurance I can provide no assurance (no processes in Statement of Assurance No Reasonable Assurance I can provide no assurance (no processes in place to assess the internal controls or pervasive material weaknesses that cannot be assessed) that the (name of Activity) internal controls meet the objectives of FMFIA overall programs, administrative, and operations. 36

Statement of Assurance Tab A • Objective of assessment; how assessment of internal controls Statement of Assurance Tab A • Objective of assessment; how assessment of internal controls was conducted. • Reasonable Assurance-internal judgment that recognizes there acceptable levels – Tab A 1 - Basis for Reasonable Assurance – Tab A 2 - Other Information – Tab A 3 - Internal Control Program and Related Accomplishments 37

Statement of Assurance Tab A-1 Basis of Reasonable Assurance • Establishment of sound policies Statement of Assurance Tab A-1 Basis of Reasonable Assurance • Establishment of sound policies and specific required actions in regulations and other directives. • Prevention and detection measures, such as internal or external audits, inspections, investigations and quality control reviews. • General knowledge of command operations derived from weekly staff meetings, status reports, periodic review and analysis sessions and other forms of command oversight. 38

Statement of Assurance Tab A-1 Basis for Reasonable Assurance • Various functional internal reviews, Statement of Assurance Tab A-1 Basis for Reasonable Assurance • Various functional internal reviews, such as: program evaluations (e. g. computer security reviews) and system reviews (e. g. financial system reviews). • Actions taken to mitigate or eliminate risk as part of a command risk internal program. • Annual performance plans and reports. • Internal control evaluations conducted in accordance with the organizations Internal Control Plan. 39

Statement of Assurance Tab A-1 Basis for Reasonable Assurance Be Specific; Provide • Name Statement of Assurance Tab A-1 Basis for Reasonable Assurance Be Specific; Provide • Name – Policies, Procedures Reviews and/or Inspections. • Dates – Date review completed; period of review, and frequency – monthly, quarterly or semi-annually. • Scope – total number of ICAs, AUMs; number trained; and reviews required and/or completed. • Results – Describe what happened, conclusions reached and corrective actions needed as result of the review. 40

Statement of Assurance Tab A-2 Other Information Required Leadership Emphasis. Summarizes leadership efforts made Statement of Assurance Tab A-2 Other Information Required Leadership Emphasis. Summarizes leadership efforts made in support of your internal control process. – Staff meetings – Grade level of attendees, frequency of meetings, brief description of discussion related to internal controls, taskers issued and followup actions that resulted. – Guidance - Memoranda (Purpose, date and attachments) and/or video presentations (preparation date, individual presented and brief description of presentation). – Senior Leadership Involvement – Attend command inspection outbriefs for all brigade, battallion, and separate companies. (Describe an outbrief and include number of inspections). 41

Statement of Assurance Tab A-2 Other Information Required Training. Summarizes internal control training conducted. Statement of Assurance Tab A-2 Other Information Required Training. Summarizes internal control training conducted. – Source – in-house by whom (ICA) or video conferences, contractor provided or attend schools. – Scope – total number of ICAs and (Assessable Unit Managers) AUM; total number trained – ICAs and AUMs 42

Statement of Assurance Tab A-2 Other Information Required • Execution. Summarizes the most significant Statement of Assurance Tab A-2 Other Information Required • Execution. Summarizes the most significant internal control accomplishments within your organization. – Dissemination of information – methods used – email, fax, phone. – Type of information disseminated and to whom. – Internal Control Awareness Program – disseminate “Check-it” posters and public service announcements to the widest audience possible to include functional areas. 43

Statement of Assurance Tab A-3 ICP & Related Accomplishments • Highlights the most significant Statement of Assurance Tab A-3 ICP & Related Accomplishments • Highlights the most significant internal control and related accomplishments. • Issues. Briefly describe the problem or challenge involved. • Accomplishment. Indicate the control put in place. Describe the internal control accomplishment in a brief concise statement. 44

Statement of Assurance Tab A-3 ICP & Related Accomplishments • Description of the Issue: Statement of Assurance Tab A-3 ICP & Related Accomplishments • Description of the Issue: - Satellite Mapping Systems. • Background (optional): Problems existed for both deployed units and commanders trying to reach vehicles and drivers with information on mission, force protection, and incidents/accidents. • Internal Control: In March 2006, the U. S. Army Accessions Command acquired a satellite mapping system, QUALCOMM, to improve communications with Soldiers and equipment deployed across the 48 contiguous states. The Accessions Command expanded their use of QUALCOMM to include the Mission Support Battalion and the Army Marksmanship Unit encompassing 26 vehicles and 4 trailers that carry either million dollar exhibits or weapons/ammunition. • Benefit Derived: QUALCOMM provides commanders with real time visibility of their assets through satellite mapping and the ability to communicate with the vehicles/ equipment through text messaging technology, and affords the operators immediate contact for emergency situations with a “panic button. ” 45

Statement of Assurance Tab B • Tab B-1, List of material weaknesses which provides Statement of Assurance Tab B • Tab B-1, List of material weaknesses which provides separate listings for uncorrected and corrected material weaknesses. • Tab B-2, Uncorrected material weaknesses includes separate descriptions of each uncorrected material weaknesses. • Tab B-3, Corrected material weaknesses includes separate description of each corrected material weaknesses. 46

Statement of Assurance Tab B – Material Weakness • Commanders and managers are responsible Statement of Assurance Tab B – Material Weakness • Commanders and managers are responsible for: – identifying and correcting internal control deficiencies. – determining whether or not deficiencies should be reported as material weaknesses. – correcting deficiencies identified as material weaknesses. • A Material Weakness Must: – Identify a problem with internal controls: • Controls are not in place • Controls are in place, but not used • Controls are in place and used, but not adequate 47

Statement of Assurance Tab B – Material Weakness (con’t. ) – Warrant attention by Statement of Assurance Tab B – Material Weakness (con’t. ) – Warrant attention by the next level of command: • For their action • For their awareness Sources for Material Weaknesses. – Audits or inspection findings, criminal investigation results, internal control evaluations, functional management review processes, and management's general knowledge of operational problems. – Audit and inspection reports may recommend reporting specific problems as material weaknesses, but the determination to report a material weakness is ultimately a management judgment. 48

Statement of Assurance • Material Weakness Format (con’t. ) Each material weaknesses should not Statement of Assurance • Material Weakness Format (con’t. ) Each material weaknesses should not exceed three pages in length. – Local ID #: Indicate your local identification number for the material weakness. – Title and Description of Material Weakness: Title should be short and concise; description should be written in nontechnical terms for understandability by the public at large. – Functional Category: Cite one of the broad Do. D functional categories: Listed in the Guidelines for Preparation of the FY 2007 Annual Statement of Assurance, dated November 14, 2006. – Senior Official in Charge: Identify the name and title of the senior official in charge of ensuring this weakness is resolved according to targeted milestone projections. 49

Statement of Assurance Material Weakness Format (con’t. ) – Pace of Corrective Action: • Statement of Assurance Material Weakness Format (con’t. ) – Pace of Corrective Action: • Year Identified: The FY the weakness was first reported. • Original Target Date: The FY for correction when first reported. • Target Date in Last Year's Report: The FY for correction in last year's report. If this is a new weakness, enter “N / A. ” • Current Target Date: The current FY for correction. New weakness, enter "N / A. “ • Validation Process: AAA must validate the effectiveness of corrective actions before a material weakness is closed. 50

Statement of Assurance Material Weakness Format (con’t. ) • Each material weaknesses should not Statement of Assurance Material Weakness Format (con’t. ) • Each material weaknesses should not exceed three pages in length. – Results Indicator: Describe key results to be achieved from the corrective action and the overall impact of the correction on operations. – Source(s) Identifying Weakness: List the primary source(s) that identified the material weakness. • For audit/inspection reports, cite the report title, report number, and date. 51

Statement of Assurance Material Weakness Format (Con’t. ) – Major Milestones to Include Progress Statement of Assurance Material Weakness Format (Con’t. ) – Major Milestones to Include Progress to Date: Indicate major milestones – primary corrective actions – taken or planned to correct the material weakness. Separate milestones into three categories: • Completed Milestones. • Planned Milestones for the next Fiscal Year (this year: for FY 2008). • Planned Milestones Beyond the next Fiscal Year (2009). – List only major milestones in chronological order by milestone completion date with the terminal milestone listed last. Provide the quarter and fiscal year that each major milestone is projected to be accomplished. 52

53 53

Phase Two -- Check It Campaign Phase Two recognizes “best” process improvements as a Phase Two -- Check It Campaign Phase Two recognizes “best” process improvements as a result of “check-ing it” – those internal management controls!! “Improved internal management control is process improvement. ” 54

 • • Best equals greatest documented improvements to a process To qualify for • • Best equals greatest documented improvements to a process To qualify for competition: – A deficiency, reportable condition, or material weakness must have been identified in internal management control(s) • Should provide proof of reporting material weakness(es) (only) in Statement of Assurance (SOA) – Discovery of the problem (deficiency, reportable condition, or material weakness) in internal management controls can be through any means: • Internal or external • Self-assessment or external audit • Lean 6 Sigma • Media • Any other method – Process must already be improved with documented / validated proof – Documented validation of the improvement is required, some examples: • Independent review • Lean 6 Sigma results • Metrics met 55