The Army and GFEBS Overview - Under Secretary of Defense

The Army and GFEBS Overview - Under Secretary of Defense

Internal Control Process Course Overview Welcome to the Department of the Army (DA) Managers Internal Control (MIC) Program Training. The purpose of this training is to provide an overview of the Army Managers Internal Control Process. It is appropriate for management at all levels, personnel conducting evaluations, and internal control

Identify Units Monitor Corrective Action Plans Identify and Assess Risk Document and Implement Document Processes and Controls Assess (Test) Internal Controls ASA(FM&C)

02/23/2020 2 Internal Control Process Course Objectives: Background Internal Controls and Reasonable Assurance Assessable Units Roles and Responsibilities Documenting Duties in Performance Plans/ Agreements Risk Assessment Key Processes and Controls Internal Control Evaluation Plan (ICEP) Contro l Evaluations Statement of Assurance ASA(FM&C)

Process 02/23/2020 3 Background Leadership Emphasis What is the Tone at the Top? Tone at the Top defines managements leadership and commitment towards openness, honesty, integrity, and ethical behavior. It is the most important component of the control environment. The tone at the top is set by all levels of management and has a trickle-down effect on all employees. ASA(FM&C)

02/23/2020 4 Leadership Emphasis The Army must have an internal control process that adds value and demonstrates a commitment to effective stewardship of resources entrusted to us by the American people. Leadership emphasis of the Army Managers Internal Control Program is crucial! 5 Leadership Emphasis Memoranda are one method to emphasize leadership

commitment to the program, others include establishing senior councils, leadership training, and other activities that set a positive and supportive attitude toward internal control activities. Is your command committed to establishing a positive control environment? 6 Why Have an Internal Control Program Why do we need an internal control program? We already have Government Accountability Office (GAO), Department of Defense Inspector General (DoDIG), and U.S. Army Audit Agency (AAA) audits. There are several drawbacks to reliance on audits to identify control weaknesses:

They are reactive rather than proactive. It is difficult to control or contain negative publicity. Auditors are experts at auditing, but they do not have the subject matter knowledge of the staff performing the function on a daily basis. Recommendations for solutions come from outside. Impact on morale can be negative. ASA(FM&C) 02/23/2020 7 Why Have an Internal Control Program Reliance on an effective internal control program has many positive benefits over reliance on outside audits: Requires an in-depth understanding of processes, associated risks and controls the staff experts performing functions can best identify areas of concern and propose solutions. Recommendations for solutions come from within the

organization. Identification of the problem prior to impact and the ability to contain negative publicity. Can be implemented as part of the strategic planning process. Has a positive impact on effectiveness and accomplishment of the organizations mission. ASA(FM&C) 02/23/2020 8 What are Internal Controls? The rules, procedures, techniques and devices employed by managers to ensure that what should occur in their daily operations does occur on a continuing basis. Examples of internal controls include: The organization structure itself (designating specific responsibilities and accountability).

Formally designed procedures (e.g. required certifications and reconciliations). Checks and balances (e.g. separation of duties, limitation of access). Recurring reports and internal reviews, supervisory monitoring, performance reviews. Physical devices (e.g. locks and fences). A broad array of measures used by managers to provide reasonable assurance that their subordinates are performing as intended. ASA(FM&C) 02/23/2020 9 Internal Controls Key Controls Key internal controls are essential controls that must, per guidance, be implemented and maintained.

A key internal control is one whose failure would break or seriously impair a system or process. A key internal control is identified by Headquarters, Department of the Army functional proponents in their governing regulations. Key internal controls establish the baseline requirements for the internal control evaluations conducted by AUMs. Internally developed for functions not covered in ARs. ASA(FM&C) 02/23/2020

10 Reasonable Assurance An acceptable degree of confidence in the internal controls to deter or detect material failures in complying with Integrity Act objectives. A management judgment based on the effectiveness of internal controls and the extent of internal control deficiencies and material weaknesses. ASA(FM&C) 02/23/2020 11 Basics of the Internal Control Process Cycle The process should be an ongoing, integral

part of daily operations: Verify/Identify components or units (assessable units). Identify and assess risk. Document key processes and controls. Assess (evaluate/test) internal controls. Document and implement improvements. Monitor corrective action plans. ASA(FM&C) 02/23/2020 12 Assessable Units The Army is segmented into reporting organizations (currently 44) who are in turn responsible for designating the assessable units within their organizations. Assessable units may be further segmented into sub units.

ASA(FM&C) 02/23/2020 13 Assessable Units Army Internal Control Organization A AA of w e i v l Re m a u a Ann Progr

ui G ASA(FM&C) ce n da Au di ts ICA em at t S ts

en ICA ICA Reporting Organization SRO AUM AUM Headquarters Principal Officials Army Command Army Service Component Command Direct Reporting Unit SRO

SRO AUM AUM AUM AUM AUM AUM AUM *ICA Internal Control Administrator *SRO Senior Responsible Official *AUM Assessable Unit Manager

Roles and Responsibilities Reporting Organizations HQDA principal officials, Army Commands, Army Service Component Commands, and Direct Reporting Units are the primary reporting organizations in the Army internal control process The heads of these organizations are responsible for providing leadership, a positive command climate and support for the Army internal control process and will: Designate a senior responsible official (SRO). Designate the assessable units (and assessable unit managers) within the organization. Report significant deficiencies in internal controls. Implement corrective actions at the local level. Sign and submit an annual statement of assurance that accurately

describes the status of internal controls within their organization. 15 Roles and Responsibilities Senior Responsible Officials (SRO) Have overall responsibility for ensuring implementation of an effective internal control process for the organization. Designate an internal control administrator (ICA) to administer the internal control process within the reporting organization and serve as the focal point for all internal control matters. Oversee the preparation of an annual assurance statement that accurately describes the status of internal controls in the reporting organization and fully disclose any material weaknesses. 16 Roles and Responsibilities

Assessable Unit Managers (AUMs) Designated by the head of the reporting organization. Usually a Colonel or civilian equivalent. Where grade structure does not support this level, AUM may be the senior military or HQDA civilian functional manager. Provide leadership and support needed to ensure that internal controls are in place and operating effectively. Designate an ICA to administer the Managers Internal Control Program within the assessable unit. 17 Roles and Responsibilities Assessable Unit Mangers (Continued) Ensure that: Managers and ICAs are trained and understand responsibilities.

Managers are responsible for identifying internal and external risks and establishing controls to mitigate risks. An ICEP is established and maintained. Internal control evaluations are conducted according to the ICEP. Required documentation is retained. 18 Roles and Assessable Unit Mangers (Continued) Responsibilities Certify the results of evaluations. Identify and report material weaknesses. Sign and submit annual feeder statement to the next higher command level. ASA(FM&C)

02/23/2020 19 Roles and Responsibilities Internal Control Administrators (ICA) Administer the MICP within the reporting organization. Advise the SRO or AUM on implementation and status of the organizations MIC Program. Conduct and track internal control training . Develop and maintain an ICEP. Coordinate the preparation of the organizations Annual Statement of Assurance. Ensure material weaknesses are reported, tracked and closed on schedule, and retain all documentation supporting the annual statement of assurance. 20 Documenting Duties in Performance

Plans/Agreements An explicit statement of responsibility for internal controls and ICOFR must be in the performance agreements of commanders, managers, and ICAs responsible for the execution or oversight of effective internal controls, down to and including assessable unit level. The explicit statement of responsibility should be brief and may take any form, but it must be specific enough to provide individual accountability. Supervisors may use a stand-alone element or may include the internal control responsibility as part of a broader element. The following are examples of explicit statements that would suffice: ASA(FM&C) 02/23/2020 21 Performance Plans/Agreements

Examples of Explicit Statements Headquarters, Department of the Army functional proponents. These individuals should comply with AR 11-2, paragraph 1-12. Army Command, Army Service Component Command, and Direct Reporting Unit commanders and managers. These individuals should comply with AR 11-2, paragraph 1-12. Senior responsible official. These individuals should comply with AR 11-2, paragraph 1-13. Assessable unit managers. These individuals should comply with AR 11-2, paragraph 11-14. Internal control administrators. These individuals should comply with AR 11-2, paragraph 1-16. ASA(FM&C) 02/23/2020 22

Risk Assessment What is Risk? The probable or potential adverse effects from inadequate internal controls that may result in the loss of Government resources through fraud, error, waste or mismanagement. 23 Risk Assessment Commanders and managers at all levels are responsible for conducting risk assessments. Begin with an entity level risk assessment: Enhances ability to understand key business risks. Integral piece of managements risk assessment process. Provides structured process that becomes the cornerstone for prioritizing risks. Focuses attention on areas meriting management review and monitoring. Builds knowledge and confidence in risk

management. ASA(FM&C) 02/23/2020 24 Risk Assessment Elements of Risk Assessment and Management: Risk identification what are the internal/ external risks? Risk measurement/analysis what is the significance of the adverse impact of the risk? Risk management effective controls o Will not provide 100% (absolute) assurance that nothing adverse will happen o Should be designed to mitigate risks reasonable assurance (vs. absolute assurance) 25

Key Processes and Controls Document key processes and controls: Those persons assigned to a specific function will be the knowledge experts on efficiencies, inefficiencies, risks, and the identification and impact of current controls. Develop ICEP. MICP must consider all mission essential functions Begin with inventory of key functions. ASA(FM&C) 02/23/2020 26 Internal Control Evaluation Plan (ICEP)

A written plan to evaluate applicable key controls identified by HQDA functional proponents over a 5-year period. Developed by AUM and managers in accordance with SRO guidance and organizational objectives. Format is flexible, but should clearly indicate: Which areas will be evaluated Who will conduct each evaluation When each evaluation will occur 27 Internal Control Evaluation Plan (ICEP)

Updated annually. AUMs may supplement ICEP with additional evaluations that address the unique needs of the activity based on organizational risk assessment and SRO objectives. Goal is to provide reasonable assurance that Army programs are being executed efficiently and effectively. ASA(FM&C) 02/23/2020

28 Internal Control Evaluation Plan (ICEP) Should be tied to a risk assessment process. Controls for high-risk areas should be evaluated more often than controls for less risky areas. It is helpful to include the governing regulation relating to each evaluation area. 29 Internal Control Evaluation Plan (ICEP) Level: HQDA 5 YR ICP FY 10 - 14 Function

Category Function Description Policy (AR) Evaluation Method Specific Reg Info FY10 FY11 FY12 FY13 FY14 X

X X X X Locally Directed Evaluations SAFM-CE SAFM-FOA SAFM-FOR SAFM-FOR Financial Management Army Cost Estimating Tool Accuracy AR 11-18

ACEIT Test Plan/Beta Testing OSD Policy and AR 11-2 Checklist OSD Comptroller Developed X X X X X

OSD Policy Checklist OSD Comptroller Developed X X X X X Controls over Changes in Contractor Personnel Checklist

FOR Developed X X X X X Emergency Response Plan Locally developed checklist X X X

X X X X X Internal Controls OMB Circular A-123, Appendix A Financial Management Acquisition GFEBS Security GFEBS

Financial Management GFEBS Acquisition OSD Annual Financial Statement Checklist Purchase Card / Billing Official Account APC Handbook Controls Over Changes in Contractor Personnel Checklist X Checklist

FOR Developed X X DA-Wide Inventory Listing SAFM-BUC, I, O, R Financial Management Internal Controls AR 11-2 Checklist Appendix D

SAFM-BU All Base Support Records Management (ARIMS/MARKS) AR 25-400-2 DA Pam 25-403 Checklist Appendix B SAFM-BU All Supply Policies & Procedures for Property Accountability AR 735-5

Checklist AR 710-2, Appendix B SAFM-BU All Security Information Systems Security Safe or Cabinet Security AR 380-5 Checklist Appendix F SAFM-BU All Financial Management

Budget Execution DFAS IN AR 37-1 Checklist Appendix W X X X X X SAFM-BU All Financial

Administration Defense Travel System DoD FMR, Vol 9 Checklist Chapter 3 X X X X X X

X X X X X 30 Internal Control Evaluation An internal control evaluation is a detailed, systematic, and comprehensive examination of key controls to determine if they are: in place. being used as intended. effective in achieving their purpose. These evaluations determine susceptibility

of a function or process to waste, loss, unauthorized use or misuse of resources. ASA(FM&C) 02/23/2020 31 Internal Control Evaluation Must result in a specific determination of effectiveness. Formal internal control evaluations must be conducted at least once every 5 years. Commanders may require more frequent evaluations based on risk assessment, leadership emphasis, audit/inspection findings etc. ASA(FM&C) 02/23/2020

32 Internal Control Evaluation HQDA functional proponent may identify an internal control evaluation process for use in evaluating key internal controls. All evaluations will be conducted in one of two ways: Internal Control Evaluations. o Published in governing Army regulations. Existing management review process. Commanders and managers are free to choose the method of evaluation unless the HQDA functional proponent requires the use of an existing Army wide functional management review process. ASA(FM&C) 02/23/2020

33 Internal Control Evaluation Support evaluations with documentation that clearly indicates: Who conducted the evaluation and when. Methods used. Deficiencies found. Corrective action taken. ASA(FM&C) 02/23/2020 34 Internal Control Evaluation Maintain the support documentation in the

unit/activity where evaluation was done or with the checklist. Documentation on internal control evaluations must be maintained according to AR 25-400-2. Assessable units retain required documentation on the most recent internal control evaluation. ASA(FM&C) 02/23/2020 35 Internal Control Evaluation Methods of testing controls Direct Observation Checking separation of duties Checking physical controls Review of files or other Documents Reviewing for the evaluated characteristic

Identifying trends in data Sampling Reviewing a percent of items/documents Simulation Using scenarios to test controls Interviews ASA(FM&C) 02/23/2020 36 Internal Control Evaluations Document evaluations on DA Form 11-2 37

Statement of Assurance Important Dates Mid May* Statements from Army Commands, Army Service Component Commands and Direct Reporting Units due to OASA (FM&C). End of May* Statements from Headquarters Principals due to OASA (FM&C). Mid August* Final signed Army statement delivered to the Secretary of Defense. *Specific dates provided in annual guidance 38 Statement of Assurance Annual statements are personal certifications by the commander/deputy that internal controls within their respective organizations are effective.

A requirement of the Federal Managers Financial Integrity (FMFIA) Act. Provides an objective assessment of internal controls. Supported by annual feeder statements received from commanders of subordinate organizations. Supports the Secretary of Defenses statement to the President and Congress. 39 Statement of Assurance Cover Memorandum Internal Controls over Non-Financial reporting (ICONO) statement. Internal Controls Over Financial Reporting (ICOFR) Statement. Signature of organizational head or principal deputy. 40

Statement of Assurance Required Statements Unqualified statement of assurance: I am able to provide an unqualified statement of reasonable assurance that (name of activity) internal controls meet the objectives of Federal Managers Financial Integrity Act (FMFIA) Internal Controls over Nonfinancial Operations programs, administrative and operations/OMB Circular A-123, Appendix A. Based on reasonable assurance (negative assurance) that internal controls meet the objectives of FMFIA and OMB Circular A-123, Appendix A. No new material weaknesses are identified or reported. 41 Statement of Assurance Required Statements

Qualified statement of assurance: I am able to provide a qualified statement of reasonable assurance that (name of activity) internal controls meet the objectives of Federal Managers Financial Integrity Act (FMFIA) Internal Controls over Nonfinancial Operations programs, administrative and operations /OMB Circular A-123, Appendix A with the exception of (number) material weaknesses described in (Tab B/D/E/F). These weaknesses were found in the internal controls over the effectiveness and efficiency of operations and compliance with applicable laws and regulations as of the date of this memorandum. Other than the material weaknesses noted in (Tab B/D/E/F) the internal controls were operating effectively and no other material weaknesses were found in the design or operation of the internal controls. Controls are in place and generally operating as intended. Exceptions are noted in Tab B/D/E/F of Statement. 42

Statement of Assurance Required Statements Statement of no assurance: I can provide no assurance that (name of activity) internal controls meet the objectives of Federal Managers Financial Integrity Act (FMFIA) Internal Controls over Nonfinancial Operations programs, administrative and operations programs/OMB Circular A-123, Appendix A. Problems are pervasive and systemic. Losses cannot be quantified. 43 Statement of Assurance What to report?

Judgment call Consider materiality Washington Post test Audit recommendations or ADA violations indicating weak or non-existent controls Significant deficiencies revealed during process testing 44 Statement of Assurance What to report? Weaknesses requiring action or awareness of higher HQ. Instances of fraud, waste and abuse. MICP is ultimately a Commanders program. 45

Statement of Assurance Tab A How the Assessment was Conducted Tab A-1. Basis for Reasonable Assurance. Tab A-2. Other Information. Leadership emphasis, training and execution. Tab A-3. Internal Control Program and Related Accomplishments during reporting cycle. What did you do well? What did you fix? How many did you train? How much $ did you save? Who did you help? 46 Statement of Assurance Material Weaknesses Tab B ICONO/Non-financial Material Weaknesses. Tab C Systemic Weaknesses (Reserved for OSD). Tab D ICOFR, General Fund. Tab E ICOFR, AWCF (AMC/HQDA only). Tab F ICOFR, Civil Works (USACE/HQDA only).

47 Summary Develop and maintain an ICEP. Conduct risk assessments. Conduct internal control evaluations in accordance with the ICEP. Document evaluations. Ensure AUMs certify results. Annual Statement of Assurance. ASA(FM&C) 02/23/2020 48 Training Modules Available Becoming an Internal Control Administrator MICP Process

Preparing Your Annual Statement of Assurance Cover Memorandum TAB A - How the Assessment was Conducted Conducting Evaluations The Material Weaknesses Process ASA(FM&C) 02/23/2020 49 Additional Information ASA(FM&C) web page http://asafm.army.mil/offices/FO/IntControl.aspx?OfficeCode=1500 ASA(FM&C) 02/23/2020 50

Managers Internal Control Program (MICP) Computer-Based Training (CBT) Modules 2 June 2010 MICP Computer-Based Training Modules The Army MICP - Internal Control Administrator (ICA) Course Becoming An Internal Control Administrator (ICA)

GAO Standards for Internal Controls in the Federal Government Internal Control Process Internal Control Evaluations Preparing Your Annual Statement of Assurance Cover Memorandum TAB A - How the Assessment was Conducted The Material Weakness Process Internal Controls in Army Regulations The Army MICP - Senior Responsible Official (SRO) Course GAO Standards for Internal Controls in the Federal Government MICP Process The Army MICP - Assessable Unit Manager (AUM) Course GAO Standards for Internal Controls in the Federal Government MICP Process Internal Control Evaluations MICP Computer-Based Training Modules The Army MICP Managers Course GAO Standards for Internal Controls in the Federal Government

MICP Process The Material Weakness Process The Army MICP - Personnel Conducting Evaluations Course MICP Process Internal Control Evaluations The Material Weakness Process The Army MICP - Internal Controls in Army Regulations Course GAO Standards for Internal Controls in the Federal Government MICP Process Internal Controls in Army Regulations ASA(FM&C) 02/23/2020 53 MICP Computer-Based Training Modules All modules will require

students to complete an exam (70% pass/fail). Upon successful completion of each module, the student will receive a generated certificate completion. ofFuture enhancements will include voice narration, review questions, graphics, etc. MICP Computer-Based Training Modules The CBT modules reside within AKO. Access is available from: AKO: https://www.us.army.mil/ ASA(FM&C) website:

http://asafm.army.mil/offices/FO/IntControl.aspx?OfficeCode =1500 The following slides provide detailed instructions for accessing and registering for the MICP CBT modules. Accessing the MICP Computer-Based Training Courses from AKO MICP Computer-Based Training Courses Step 1: Login to Army Knowledge Online (https://www.us.army.mil/) MICP Computer-Based Training Courses Step 2: Select from the Self Service drop down menu, My Education MICP Computer-Based Training Courses Step 3: Select ALMS, Army Learning Management System

MICP Computer-Based Training Courses Step 4: Select Catalog Search MICP Computer-Based Training Courses Step 5: Select Advanced Search MICP Computer-Based Training Courses Step 6: In the Advanced Search block, type %internal control MICP Computer-Based Training Courses Step 7: Six MICP courses will be listed select Register next to the course name that interests you. Follow the instructions. You will receive an email registration confirmation. Enjoy the training! CONTACT INFORMATION Please send questions/issues to: DAMICP CONUS.ARMY.MIL

ASA(FM&C) 02/23/2020 64

Recently Viewed Presentations

  • Presentation Template Guidelines  Do not modify the slide

    Presentation Template Guidelines Do not modify the slide

    Presentation Template Guidelines. Do not modify the slide masters. Use Arial for all fonts. Limit slide content for maximum legibility. Avoid distracting transitions and animations.
  • The perfect payday

    The perfect payday

    The perfect payday - fraud in the stock market. Liew Xuan Qi (A0157765N) Cheong Hui Ping (A0127945W) Hong chuan yin (A0155305M) Forelle and Bandler (2006)The perfect paydayWall Street Journal. Overview. How the stock market works. The main problems. Backdating.
  • An introduction to post-modern sculpture - Carlisle County

    An introduction to post-modern sculpture - Carlisle County

    An Introduction to Post-modern Sculpture Marcel Duchamp Marcel Duchamp Marcel Duchamp Man Ray Raoul Hausman Robert Rauschenberg Robert Rauschenberg Robert Rausenberg Claes Oldenburg Joseph Beuys Anselm Kiefer An Introduction to Post-modern Sculpture Marcel Duchamp Marcel Duchamp Marcel Duchamp Man Ray...
  • Plant Hormones - Santa Monica College

    Plant Hormones - Santa Monica College

    Major plant hormones and their action: Abscisic acid closing of stomata; seed dormancy Auxins elongation of shoots and roots, gravotropism, phototropism Cytokinins promotion of sprouting of lateral buds Ethylene ripening of fruit Gibberellins germination of seeds and sprouting of buds;...
  • Ayn Rand: Historical Background

    Ayn Rand: Historical Background

    Ayn Rand's philosophy "An industrialist who produces a fortune, and a gangster who robs a bank are regarded as equally immoral, since they both sought wealth for their own "selfish" benefit. A young man who gives up his career in...
  • AHS Tricolor Winners Through the Years Compiled and ...

    AHS Tricolor Winners Through the Years Compiled and ...

    TOUCHED BY MIDAS. 24. Daylily Tango by Nell Shimek, 1997, Brazosport club show, theme: Born to Boogie with Daylilies. 25. 'Vegas Lights" is the title. ... Chattahoochee Valley Daylily Soc., Columbus, GA. Mrs. Clark Duncan, 1992. 44. A creative design...
  • Resource Directory 1. Adult Services/Senior Citizens 2. Child

    Resource Directory 1. Adult Services/Senior Citizens 2. Child

    Women, Infant, and Children WIC- Supplemental nutrition program for pregnant, breastfeeding and postpartum women, infants and children up to 5 years of ages. WIC provides nutritious foods, information on health eating and lifestyles, and referrals to other services as needed.
  • Title of presentation - ocpe.nt.gov.au

    Title of presentation - ocpe.nt.gov.au

    "Learning at and through Work" "Learning at and through Work" Employment-based model, Structured training on and off the job, Formal training contracts between all parties, Has a training plan, and Fit under a National VET recognition framework, Supported by on-site...