1 / 39

Office of the Secretary of Defense - Comptroller’s Manager’s Internal Control Program 3 April 2014 Unclassified OSD - C

Office of the Secretary of Defense - Comptroller’s Manager’s Internal Control Program 3 April 2014 Unclassified OSD - Comptroller Financial Improvement and Audit Readiness. Building a “Culture Focused on Accountability”. Purpose of Briefing.

aira
Download Presentation

Office of the Secretary of Defense - Comptroller’s Manager’s Internal Control Program 3 April 2014 Unclassified OSD - C

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Office of the Secretary of Defense - Comptroller’s Manager’s Internal Control Program 3 April 2014 Unclassified OSD - Comptroller Financial Improvement and Audit Readiness Building a “Culture Focused on Accountability”

  2. Purpose of Briefing • DoD’s Priority – Achieving Auditable Financial Statements • MICP - Why and How? • MICP in Afghanistan • Appendix 1.

  3. DoD’sPriority – Achieving Auditable Financial Statements 2.

  4. Audit Readiness Goals Incremental Milestones and Significant Challenges 1. Audit Readiness for Budget Statements by 30 September 2014 • “Audit Readiness” – • The Department has strengthened internal controls and improved financial practices, processes and systems • Reasonable confidence that the information can withstand an audit by an independent auditor. Budgetary Turmoil Capacity of the DoDIG Availability of Independent Auditors Challenges 2. Full Audit Readiness By 30 September 2017 • Full financial statement validation • To date, $235 billion or 19 percent of total budgetary resources have an opinion or are under audit and $453 billion or 53 percent of DoD assets are either under examination, have been validated as audit ready or have been asserted as audit ready for existence and completeness of critical assets . Size and Complexity of the Department Hundreds of Legacy Systems Human Capital - Right Number and Skill Set 3. 4

  5. Audit Readiness Progress Audit Opinions on Financial Statements Audit Readiness Examinations Audit Readiness Assertions • Six DoD organizations received unqualified audit opinions on their FY13 financial statements. • U.S. Army Corp of Engineers – Civil Works • Defense Commissary Agency • Defense Contract Audit Agency • Defense Finance and Accounting Service • Defense Health Agency – Contract Resource Management • Military Retirement Fund • Three DoD organizations received qualified opinions. • Defense Information Systems Agency – Working Capital Fund and General Fund • Office of the Inspector General • Medicare – Eligible Retiree Care Fund. • Audit readiness validated by examinations • DFAS – Civilian Pay, Military Pay, and Standard Disbursing Services • DCPAS – Civilian Pay • DISA – Enterprise Computing Services • Examinations underway • Army – All General Fund activities • Navy – Fund Balance with Treasury • Air Force – Civilian Pay (General Fund and Working Capital Fund) and Funds Distribution to Base. • DFAS – Contract Pay • DLA – Civilian Pay, Contract Pay, Defense Agencies Initiatives (DAI), Defense Automatic Addressing System • Service Medical Activity (Navy) – Consumables • Chemical Biological Defense Program – Contract Pay, Other Budgetary Activity, Reimbursable Work Orders-Acceptor, Reimbursable Work Orders-Grantor, and Fund Balance with Treasury • Assertion of Assessable Units • Navy – Operating Materials and Supplies • Defense Contract Management Agency – Fund Balance with Treasury, Contract/Vendor Pay, Reimbursement Work Orders-Acceptor and Reimbursement Work Orders-Grantors • Defense Logistics Agency – Real Property and General Equipment-Capital Assets. • Service Medical Activity-Navy • Chemical Biological Defense Program – Contract Pay, Fund Balance Treasury Audit Readiness Progress 4.

  6. Audit Readiness Strategy and Timeline Currently In Wave 2 Wave 1 FY 2013 Wave 2 FY 2014 Wave 3 FY 2016 Wave 4 FY 2017 Appropriations Received Audit Readiness SBR Audit Readiness Mission Critical Assets Existence & Completeness Audit Readiness Full Financial Statements Audit Readiness FY 2018 Full Financial Statements Audits Wave 1. Completed when Appropriations Received was validated as audit ready. Focused on the processes and controls associated with the receipt and distribution (through apportionments, allotments and sub-allotments) of congressionally appropriated funds. Wave 2. Focuses on processes, internal controls, systems, and supporting documentation that must be audit ready for the General Fund SBR can be audited. It is dependent on achieving an auditable FBWT balance. Wave 3. Focused on the Existence and Completeness assertions to include all assets recorded in the Accountable Property System of Record, all existing assets are recorded in the APSR, reporting entity has the rights to report on assets, and assets are consistently categorized, summarized, and reported from period to period (Presentation and Disclosure? Wave 4. Includes all other financial statements to include for example, General Fund Balance, Statement of Net Cost, etc. 5.

  7. MICP – Why and How? 6.

  8. Turning Theory Into Reality • How do we minimize risk to the Command? – Risk is defined as “the potential that a chosen action or activity will lead to a loss” -- • Loss: Life, funds, reputation (embarrassment), timeliness, accuracy, security, • privacy and completeness • So What? • Limited Scope • Emphasis on • Requirement • One point in time • Coverage of all • functions • Emphasis on most • efficient and effect • way to meet • requirement • Daily review • If you rely upon an outside audit service to identify and report on control deficiencies – it is to late (e.g., embarrassment and negative impact to mission). . 7.

  9. Culture Needs to Change Driven By Senior Management “Culture that has allowed massive waste of taxpayers’ dollars has become business-as-usual at the Department of Defense.  Particularly in today’s fiscal environment, this cannot be tolerated.  If this is not corrected, the Department’s ability to continue defending the Nation and to provide for its national security will be compromised.  Taxpayers simply will not tolerate the continuing waste of their resources in light of the debt we face and our competing budgetary needs”. ~Senator John McCain, (R-AZ) – Senate Armed Services Committee (SASC), September 2011. “ We need to change the culture of the Department where Commanders are held directly accountable for the efficient use of dollars.”~Honorable Robert Hale, DoD Comptroller – House Armed Services Committee, January 2012. “Need to Change the Culture,” – Communicate what senior management needs to hear versus what you think they want to hear --- candor --- proactive versus reactive. – Through the chain of command! 8.

  10. Turning Theory Into Reality • How do we minimize risk to the Command? – Risk is defined as “the potential that a chosen action or activity will lead to a loss” -- • Loss: Life, funds, reputation (embarrassment), timeliness, accuracy, security, • privacy and completeness • So What? • Limited Scope • Emphasis on • Requirement • One point in time • Coverage of all • functions • Emphasis on most • efficient and effect • way to meet • requirement • Daily review • If you rely upon an outside audit service to identify and report on control deficiencies – it is to late (e.g., embarrassment and negative impact to mission). . 9.

  11. Change of Culture Candor versus Groupthink Groupthink is a psychological phenomenon that occurs within groups of people. Group members try to minimize conflict and reach a consensus decision without critical evaluation of alternative ideas or viewpoints. Causes loss of individual creativity, uniqueness, and independent thinking. Also, collective optimism and collective avoidance.” Past – “Old School” Groupthink Status quo, a commonly used form of the original Latin "statu quo" – literally "the state in which" – is a Latin term meaning the current or existing state of affairs.[1] To maintain the status quo is to keep the things the way they presently are. Status Quo Future – Self Reporting – Good News and Bad Candor Candor is unstained purity freedom from prejudice or malice :fairness Change in an organization is shifting/transitioning individuals, teams, and organizations from a current state to a desired future state. It is an organizational process aimed at empowering employees to recommend, accept and embrace changes in their current business environment. Change 10.

  12. Candor versus Groupthink An effective Managers’ Internal Control Program – Empowers those that are involved in the operational, administrative and program processes and procedures to self-report inefficiencies (i.e., risk) - Empowerment = dependency upon candor, and encouragement of self-reporting of risk. • "The hardest thing you may ever be called upon to do is stand alone among your peers and superior officers,“ – (leadership is the courage and integrity to do the right thing and to communicate the message – of not what superiors want to hear but rather what they need to hear to in order to effectively lead). • "To stick out your neck after discussion becomes consensus, and consensus ossifies into group think.” American Forces Press Service, “Gates Urges West Point Graduates to be Great Leaders,” May 25 2009 • “Challenge conventional wisdom and call things as you see them to subordinates and superiors alike.” • “As an officer if you blunt truths or create an environment where candor is not encouraged, then you’ve done yourself and the institution a disservice.” • “In the early days of the surge, Gen. Petraeus's forthright candor with both superiors and subordinates was an important part of the plan's success.” • He never offered unwarranted or sugar-coated optimism. His honesty -- and action -- in the face of uncertainty won the loyalty of those around him”. Washington Post, Article titled, “ Gen. Petraeus: No Sugar-Coated Optimism”, by Col. Michael E. Haith (Ret), United States Army, July 6, 2011 Remarks delivered by Secretary Robert M. Gates to the U.S. Air Force Academy, April 2, 2010 11.

  13. Turning Theory Into Reality • How Do We Minimize Risk to the Command? – Risk is defined as “the potential that a chosen action or activity will lead to a loss” • Loss can be: Life, funds, reputation (embarrassment), timeliness, accuracy, security, privacy, completeness etc. Change Accomplish Requirement Accomplish Requirement Efficiently & Effectively “Mitigation of Risk ” Form Over Substance Substance Over Form Prioritize Risk With Mission Requirements and Provide Mitigation Change of Organizational Culture Focus on Risk and Incentivize Self – Reporting Groupthink What does leadership want to hear? Candor What does leadership need to hear? 12.

  14. DoDI 5010.40 – MICP Procedures Procedures • Each DoD and OSD Component establishes a MICP • Establish a Senior Management Counsel to oversee operational, financial, and financial systems reporting • Appoint a MICP Coordinator • Coordinates with assessable unit managers to ensure proper documenting of end-to-end processes • Identifies best practices and develops efficiencies to improve control documentation, enhance controls, eliminate inefficient controls, and implement new controls. • Ensures subject matter experts assess risk and may impact mission or operations. • Ensures identification of internal control objectives. • Assists in testing and classification of internal controls • Ensures corrective actions plans are developed • Ensures best practices and deficiencies are shared across assessable units. • Tracks progress of corrective actions • Actively communications with the DoD Component Senior Management Council • Maintains MICP documentation DoD Component Heads • Establish a MICP to: • Assess inherent risks in mission-essential processes • Document and design internal controls • Test the design and operating effectiveness of existing internal controls • Identify and classify control deficiencies and execute corrective actions plans • Monitor and report the status of corrective action plans • Designate in writing the MICP Coordinator • Conduct a formal assessment of the acquisition functions requirements outline • Submit the annual statement of assurance to the Sec Def • Instruction Applies to: • OSD • Military Departments • Joint Chiefs of Staff • Combatant Commands • DoDIG Defense Agencies • DoD Field Activities • DoD Components 13.

  15. DoDI 5010.40 – MICP Procedures Reporting Categories Assessable Units • Communications • Intelligence • Security • Comptroller and Resource Management • Contract Administration • Force Readiness • Information Technology • Acquisition • Manufacturing, Maintenance, and Repair • Other • Personnel and Organizational Management • Procurement • Property Management • Research, Development, Test and Evaluation • Security Operations • Support Services • Budget-to-Report • Hire-to-Retire • Order-to-Cash • Procure-to-Pay • Acquire-to-Retire • Plan-to-Stock Assessable Unit Managers (AUMs) • Segments into organizational, functional or other assessable units • Must ensure entire organization is covered • Must be large enough to allow managers to evaluate significant portion of the activity being examined • Must be small enough to be able to document processes and controls • MICP Coordinator appoints and trains AUM for each assessable units • Assess risk • Identifies internal control objectives • Documents operational, administrative, system and financial internal controls • Reviews processes and procedures and recommendations • Tests effectiveness of internal controls • Identifies and classifies internal control deficiencies • Develops corrective actions • Tracks progress of corrective action plans • Maintains MICP documentation Statement of Assurance 14.

  16. Where to Begin? - “Tone-at-the Top” What is the “Tone at the Top”? “Tone at the Top” is a term that is used to define management’s leadership and commitment towards openness, honesty, integrity, and ethical behavior. It is the most important component of the control environment. The tone at the top is set by all levels of management and has a trickle-down effect on all employees. • For a Managers’ Internal Control Program to be effective: Need Senior Management’s Support Thru: • Communication - Management must clearly communicate its ethics and values throughout the area they manage. These values could be communicated formally through written codes of conduct and policies, staff meetings, memos, etc. or informally during day to day operations. • Active Participation - Kick-Off and Quarter Meetings – Discussions relevant to internal controls, and associated risks • Reporting - Create and promote path for employees to self-report and feel safe from retaliation • Reward Active Participation - Creation of Commander’s Award – Recognition of Successful Internal Control Activity 15.

  17. Begin With An Entity- Level Risk Assessment Reliance Upon an Entity-Level Risk Assessment • Enhances ability to understand key business risks • Integral piece of management’s risk assessment process • Provides structured process that becomes the cornerstone for prioritizing risks • Focuses attention on areas meriting management review and monitoring • Builds knowledge and confidence in risk management • Understand the Component’s highest risks to mission • Understand the Component’s business, to include strategies and objectives • Develop a preliminary understanding of key business risks and processes and align them to the Component’s strategic plan and objectives • Create a customized risk universe – a framework to categorize key business risks – that reflects the risks facing the Component • Determining current risk monitoring activities • Understand the effectiveness of entity-level controls, such as: • Policies and procedures • Code of conduct • Segregation of duties • Business continuity and disaster recovery plans for all primary data centers and business unit facilities; and • Fraud prevention/detection programs • Scope the risk assessment by obtaining input from all key stakeholders • Assess, prioritize, and validate key business risks with the key stakeholders • Report the results of the risk assessment and using those results to develop a corrective action strategy Risk Assessment Process Overview 16.

  18. Importance of Organizational Participation An Effective MICP Is Dependent Upon Communication Through Chain-of-Command Top - Down Perspective and Bottom - Up • Clear, focused communications of the Component’s mission, and • Commander/Director’s priorities and challenges. • Formal Communication Framework between senior leadership and • MICP Commander Formal Communication Framework Built Upon Trust and Empowerment • Full participation with communications. Key participate in execution of Component’s mission and MICP Coordinator’s input towards potential risks and controls to risk mitigate Senior Functional Managers • Formal and informal access to Commander/Directors, Senior Managers, Functional Leads and Assessable Unit Managers. • Provides support towards compliance with laws, regulations and instructions and provides guidance to Component staff on implementation of MICP. MICP Coordinator • Ongoing communications with MICP Program Manager in confirmation of assessable unit process, controls and related risks. Receiver of feedback from management regarding prior reporting of material risk and changes to requirements towards assessable units. Assessable Unit Managers 17.

  19. Managers’ Internal Control Program Historically – Reactive (What Does Management Want to Hear) Self-Reporting – Punitive Versus Incentivized “Paper-Drill Exercise” Focus on Timelines and Format Reliance Upon Outside Audit Agencies • Reliance upon GAO, DoDIG and Military Audit Services to identify material internal control weaknesses. • Candor not part of culture – i.e., “group-think.” Threat of retribution for self-reporting “bad news.” • Filtered communications • Score received by Component based upon timeliness of SOA submission and adherence to format not substance of content . • Ramp-up of submission of SOA related activities occur several weeks prior to submission deadline versus an ongoing activity year-round. Current Emphasis – Proactive (What Does Management Need to Hear) Reliance Upon Resources in Component Self-Reporting – Incentivize Versus Punish Report Supported by Documentation of MICP Process Focus on Risk • Reliance upon analysis by “resident experts” analysis of assessable units to identify material internal control weaknesses. • Development of a “cost culture” • Reward self-reporting by all levels of organization regarding potential risks to the mission and recommendations for mitigation. • Based upon documentation of segment of business processes and procedures, identify risk, rank risk and focus upon greatest risks that may impact organization. • Develop SOA content throughout the year based upon documentation internally generated, analyzed and agreed upon . 18.

  20. Breakdown of Command’s Functions Into Assessable Units Command – USFOR-A • Sub-component • Comptroller – J-8 • Function • Commander’s Emergency Response Program • Assessable Units* • Verification and accurate reporting of CERP payments “Assessable Units are defined as segments of business activities (i.e., transaction level). 19.

  21. An Example - Process Flow R-1 R-1 20.

  22. An Example – Army Form DA 11-2 21.

  23. An Example – Risk Matrix CJ1 – Property Accountability Inherent Risk Mitigated Risk Risk Assessment Results - High RISK Control Environment: • Is required to ensure all personnel maintain proper oversight and accountability of U.S. Government property in order to maintain good stewardship of resources and avoid issues of fraud, waste or abuse. Inherent Risks: • Loss or destruction of sensitive items • Loss or destruction of nonexpendable or durable equipment Consequences Existing Management Controls: Likelihood • Provide hand receipts at the user level • Conduct monthly sensitive items inventory by alternating officers • Provide leadership emphasis on properly securing and using equipment • Spot checks on property accountability 22.

  24. Unclassified The MICP Assessments Includes Functions of an Organization Mfg, Maint, & Repair Supply Property Mgmt Force Readiness Commo, Intel & Secur Contract Admin Info Tech Procurement Personnel & Org Major System Acq Comptroller & RM RDT&E Security Assist Support Svcs FMFIA Over Financial Reporting Appendix A 23.

  25. Managers’ Internal Control Program Cycle A. Identify Functional Areas J. Monitor Corrective Plans B. Identify Assessable Units Managers’ Internal Control Program I. Report in SOA “Material” Findings C. Assign Assessable Unit Manager(s) H. Mitigate Risk Through Remediation D. Document Key Processes and Controls G. Align Risk with Command Priorities E. Assess/Test Internal Controls F. Communicate and Prioritize Risk 24.

  26. MICP in Afghanistan 25.

  27. GEN Allen’s “Tone-at-the Top” Letter of 18 October 2012 26.

  28. GEN Allen’s “Tone-at-the Top” Letter of 18 October 2012 27.

  29. GEN Allen’s “Tone-at-the Top” Letter of 18 October 2012 “My intent is to move beyond checking the block and conduct detailed analysis and an honest assessment when providing reasonable assurance that financial, operational, and administrative controls are in place…….It is “no longer business as usual,” in terms of allocation and spending for non mission essential resources”…..I want you to remain proactive in the self-identification of issues and self-reporting of internal control deficiencies…….to prevent a problem before it occurs instead of after the mission has been negatively impacted and reported by an “outside audit agency”……It is imperative that we use candor in our communications to ensure that the execution of management decisions is based upon information our senior leadership need to hear versus information that is perceived to be desirable to hear.” 28.

  30. We Need to Change How We Do Business Reactive or Proactive Drawdown plan estimates for U.S. and more than a dozen other nations will shrink the foreign military footprint in Afghanistan by 40,000 troops in total by close of CY 2012 Identification and execution of plans prior to drawdown will result in significant savings. Approach: Reactive: Continue “business as usual” or Proactive: Pursue and enact policies prior to planned draw down of personnel. “Does it make sense?” • Construction • Leases • Purchases – equipment/supplies • Overtime • Vehicles • Projects 29.

  31. USFOR-ASpecific Challenges • “High personnel turnover/lack of continuity” • “Reliance upon accurate property book with additional burden associated with draw down” • “Lack of trained personnel for contract surveillance towards “service” type contracts” • “Draw down of personnel and conflicting strategies in high tempo environment “ • “Balance of requirements of completing assigned missions and evaluation of internal controls,” and • “Lack of contract oversight/contractors having duties that are inherently governmental in functions.” 30.

  32. An Example - MICP Plan of Action • Components identify Assessable Unit Manager (AUM) • Provide overview of MICP to AUM • Inform of training, communication and documentation responsibilities with AUM and related deliverables • Identify functional areas, and command/control responsibilities • Review Commander’s priorities and concerns of regarding risk • Obtain initial feedback of additional areas of risk that should be included in prioritization of risk process. • Provide functional areas and assessable unit managers assigned to each area • Participate on monthly status calls with USFOR-A MICP Coordinator • Two-way communications of alignment of risk from the Commander perspective and risk identified by the Regional and Other Commands • Review documentation and “next steps” • Provide mitigation of risk with corrective actions as these issues are identified • Provide assessment of risk for each functional area • Prioritize risk for each functional area • Provide “quick reaction” recommendations that may provide mitigation of risk to the Command due to overall risk and/or systemic in nature • Document processes/procedures and controls • Determine for high and medium risk levels the evaluation of controls (do controls mitigate risk or do they require remediation) • Complete review of assessable units with recommendations for corrective actions • Determine material internal control deficiencies that are material • Complete the USFOR-A Statement of Assurance Overview of the FY 13 Managers’ Internal Control Program 31.

  33. An Example - Next Steps USFOR-A MICP Coordinator: Steve Silverstein, J8 (DSN: 318-449-4159) Robert. S.Silverstein@swa.army.milShare Drive “FY13 USFOR-A Managers’ Internal Control Program” • Milestone: 15 November 2012 • Assign Directorate Assessable Unit Coordinator (AUC) • Contact USFOR-A MICP Coordinator to schedule MICP Introductory Training (one hour) • Participate in monthly interface (i.e., telephone call and/or face-to-face) with USFOR-A MICP Coordinator • Review organizational structure and identify assessable units (functional area) • Assign staff person(s) responsibility for each assessable unit and sub function if required -- Assessable Unit Managers (AUM) • Have MICP Coordinator and each assessable unit manager sign “appointment letter” • Complete computer –based MICP training (MICP Coordinator and Assessable Unit Managers) • Request onsite coaching/training from USFOR-A MICP Coordinator • Contact USFOR-A MICP Coordinator to schedule one hour MICP Training for Assessable Unit Managers (AUMs) • Provide list of assessable units to USFOR-A Coordinator • Provide MICP Coordinator and Assessable Unit Manager signed “appointment letters” • Milestone: 15 December 2012 • Identify and prioritize risk associated with each major process/procedure for each assessable unit • Provide documentation/analysis of identified potential risk and recommendation for remediation (i.e., corrective actions) • Provide risk and remediation to MICP Coordinator (if “material” then brief through chain of command) • Participate in a in-process-review and monthly USFOR-A MICP VTC. 32.

  34. Questions 33.

  35. Appendix 34.

  36. Need to Take Two Steps Back – In order To Take One Step Forward Need to Document (at “transaction lever) GRAP Related Processes, Controls and Risk Acquisition Planning Competition Funding Acquisition Methods Contract Types Function- Procurement/Acquisition Assessable Unit – Competition/ Sole Source Full and Open Competition Yes C Justification provides a detailed description of why it is not possible or practical to obtain full and open competition for the procurement/acquisition (to include only one responsible source, unusual and compelling urgency, authorization or required by statue etc. Contracting Officer signs and dates justification statement No Justification Detailed Description R-1 Contracting Officer approves the justification but does not review or does not enforce the requirements towards a detailed and complete explanation. C Approval By Contracting Officer 35. R-1

  37. DoDI 5010.40 Terms Statement of Assurance (SoA) (per DoDI 5010.40, Managers’ Internal Control (MIC) Program Procedures) Assessable UnitAn organizational subdivision of a DoD Component that must comply with the MIC Program. Note that Components: Must segment into organizational assessable units All parts of the DoD Component must be covered Must maintain a current inventory of its assessable units Control DeficiencyThe design or operation of a control that does not allow the organization to prevent or detect misstatements on a timely basis or to accomplish the mission objectives. Financial Statement Reporting Entity (FSRE)An entity assigned by either the Office of Management and Budget (OMB) or the DoD to produce and provide to OUSD(Comptroller) stand alone, financial statements, both quarterly and annual. Internal ControlsThe organization, policies, and procedures that help program and financial managers achieve results and safeguard the integrity of their program Internal Control AssessmentA documented evaluation on the effectiveness and adequacy of the system [of internal controls] to meet the mission objectives, implemented in a cost effective way. Internal Control Assessment (Overall)An assessment of the internal control effectiveness for the functions under the Federal Manager’ Financial Integrity Act (FMFIA). The overall process includes all programs, activities, and operational areas [i.e., the Internal Control Reporting Categories defined in DoDI 5010.40]. Internal Control Assessment (ICA) Internal Control Over Financial Reporting (ICOFR)An assessment of the effectiveness of internal controls over financial reporting which closely follows the guidance in Appendix A of OMB Circular A-123 and MIC Program Annual Guidance provided by OUSD(Comptroller). Material Weakness (Overall)A reportable condition that is significant enough to report to the next higher level. It is management’s judgment as to whether a weakness is deemed material responsible for the area in question 36.

  38. DoDI 5010.40 Terms Reasonable AssuranceAn informed judgment by management as to the overall adequacy and effectiveness of internal controls based upon available information that the systems of internal controls are operating as intended. There are three possible assurance statements: An unqualified statement of assurance is reasonable assurance with no material weaknesses reported. Each unqualified SoA shall provide a firm basis for that position, which the PSA or Principal Deputy (the Director or Deputy Director for DoD Field Activities) will summarize in the cover memorandum. Tab A contains a more extensive explanation of how the assessment helped justify the reporting entity’s assertion of an unqualified statement. A qualified statement of assurance is reasonable assurance with the exception of one or more material weakness(es) noted. The cover memorandum must cite the material weaknesses in internal management controls that preclude an unqualified statement. Tab B fully describes all weaknesses, the corrective actions being taken, and by whom, and the projected dates of correction for each action. A statement of no assurance is no reasonable assurance because no assessments were conducted or the noted material weaknesses are pervasive. The reporting entity shall provide an extensive rationale for this position. Reportable Condition (Overall)A control deficiency (or combination of deficiencies) that in management’s judgment, should be communicated because they represent significant weaknesses in the design or operation of internal controls that could adversely affect the organization’s ability to meet its internal control objectives. Reportable Condition (ICOFR)A control deficiency (or combination of deficiencies) that adversely affects the entity’s ability to initiate, authorize, record, process or report external financial data reliably according to generally accepted principles such that there is more than a remote likelihood that a misstatement of the entity’s financial statements, or other significant financial reports, is more than inconsequential will not be prevented or detected RiskThe possibility an event will adversely effect the achievement of internal control objectives and result in the loss of Government resources or cause an agency to fail to accomplish significant mission objectives through fraud, error, or mismanagement. Systemic WeaknessA weakness that materially affects internal controls across organizational and program lines, and usually affects more than one DoD Component. . 37.

  39. DoDI 5010.40 Terms . RiskThe possibility an event will adversely effect the achievement of internal control objectives and result in the loss of Government resources or cause an agency to fail to accomplish significant mission objectives through fraud, error, or mismanagement. Systemic WeaknessA weakness that materially affects internal controls across organizational and program lines, and usually affects more than one DoD Component. Note: A systemic weakness is determined by the PSA with functional responsibility for the area in question 38.

More Related