Internal Control Program-ICONO and ICOFR

advertisement
Managers’ Internal Control Program
ICONO and ICOFR
Navy Medicine Audit Readiness Training
Symposium
5 and 6 June 2012
Ms. Meg Sherwood, Program Manager—ICONO
Ms. Freda King, Program Manager—ICOFR
Context Purpose Outcome
Context
To understand the MIC Program’s two parallel components:
Internal Controls over Nonfinancial Operations (ICONO) and
Internal Controls over Financial Reporting (ICOFR).
Purpose
To better define the MIC Program’s structure and objective.
Outcome
Commands are able to utilize the tools available in the MIC
Program to support audit readiness efforts.
FOR OFFICIAL USE ONLY
2
Agenda
1. MIC Program Overview
2. Internal Controls over Nonfinancial Operations (ICONO)
3. Internal Controls over Financial Reporting (ICOFR)
4. Exercise: Classifying and Reporting Deficiencies
5. Questions
FOR OFFICIAL USE ONLY
3
Part 1:
MIC PROGRAM OVERVIEW
FOR OFFICIAL USE ONLY
4
Legal/Regulatory Framework
Federal Managers’ Financial
Integrity Act of 1982 (FMFIA)
OMB Circular A-123
“Management’s Responsibility
for Internal Control”
ICONO
ICOFR
ICOFS
ICONO: Internal Controls Over Non-financial Operations
ICOFR: Internal Controls Over Financial Reporting
ICOFS: Internal Controls Over Financial Systems
Annual Statement of Assurance
From FMFIA:
“…internal accounting and administrative controls of each
executive agency shall be established IAW standards prescribed by the
Comptroller General…”
~ Head of each agency must prepare an annual statement
certifying whether the agency’s systems of internal
accounting and administrative control comply with FMFIA
From OMB Circular A-123:
~ Implementing guidance for federal agencies
~ Establishes 3 objectives of internal controls
~ Outlines 5 standards of internal control activities
3 Levels of Assurance:
~ Unqualified: no material weaknesses (MWs)
~ Qualified: MWs identified with corrective action plan
developed
~ No Assurance: no assessment done or MWs are
pervasive
Goal: Effective Internal Controls
FOR OFFICIAL USE ONLY
5
What are Internal Controls?
• Organization, policies and procedures to help program and
financial managers achieve results and safeguard the integrity
of their programs.
•
Ensure what should occur in daily activities does occur.
• 3 objectives:
•
•
•
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
Safeguarding
of assets is a
subset
• Support performance-based management
• Incorporate into every business process
• Further, not hinder, mission accomplishment
•
Cost/benefit analysis when implementing controls
Goal: provide reasonable assurance 3 objectives are met
FOR OFFICIAL USE ONLY
6
5 Standards of Internal Control Activities
Monitoring
MICP, CLT, MEDIG,
CE, JC, PPMAP
Control Activities
Policies/procedures, SOPs
Risk Assessment
DSG’s Areas for Leadership Engagement;
Internal Controls Program Management Office
(ICPMO)
Control Environment
“Tone from the top,” SG’s Memo on Internal
Controls, Code of Ethics
FOR OFFICIAL USE ONLY
7
MICP Program Guidance
BUMEDINST 5200.13A
Annual Program Guidance
FOR OFFICIAL USE ONLY
8
ICONO and ICOFR Assessable Units (AUs)
FY 12 Managers' Internal Control Program ICONO Assessable Units
Quarter 4
Quarter 3
Quarter 2
Quarter 1
Reporting Responsibilities
#
12-01
12-02
12-03
12-04
12-05
12-06
12-07
12-08
12-09
12-10
12-11
12-12
12-13
12-14
12-15
12-16
12-17
12-18
12-E1
12-19
12-20
12-21
12-22
12-23
12-24
12-25
12-26
12-E2
12-27
12-28
12-29
12-30
12-31
12-32
12-33
ASSESSABLE UNIT
Command Evaluation Program
Government Travel Charge Card
Government Purchase Card I
Information Assurance - Personally Identifiable Information
Sustainment, Restoration, Modernization Process
Records Management
DOD-VA Health Care Resource Sharing Rates
Personal Property Accountability - Maintenance Management
Contract Management - Contracting Officer's Representative (COR) Responsibilities
Aged Due-Ins
Reprocessing of Single Use Devices
Risk Management
Custody and Control of Outpatient Medical Records
Verification of Eligibility for Medical Care
Reporting/Recording of OCO and WW Obligations
Contract Management - Licensing & Credentialing for Medical Service Contracts
Defense Travel System
Timekeeping and Attendance
Elective #1 (Region- or Activity-developed)
UBO--TPC--MSA--MAC
Government Purchase Card II
Anti Fraud
Medical Coding
Personal Property Accountability - Equipment Management
Pharmacy/Expired Drug Turn-In
Information Assurance - Non-US Citizen Personnel Security
Information Assurance - Protected Health Information (PHI)
Elective #2 (Region- or Activity-developed)
Reimbursable Support Agreements
Patient Safety
Command Manpower Data Management
Command Special Pays
Information Assurance - Appropriate Use of IT Resources
Information Assurance - IA Workforce Improvement
Financial Management Training
ALL
ALL
ALL
ALL
NME, NMW, WRNMMC
ALL
NME, NMW, WRNMMC
NME, NMW, WRNMMC
ALL
ALL
NMW
NME, WRNMMC
NME, NMW, WRNMMC
NME, NMW, WRNMMC
ALL
NME, NMW, WRNMMC
ALL
ALL
ALL
NME, NMW, WRNMMC
ALL
ALL
ALL
ALL
NME, NMW, WRNMMC
ALL
ALL
ALL
ALL
NME, NMW, WRNMMC
ALL
ALL
ALL
ALL
ALL
Required by
TMA
BUMED
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
MICP analyzes
operational
and financial
internal
controls across
all functional
areas
FY 12 Managers' Internal Control Program ICOFR CLT Process Areas
Required by
Quarter
1
2
3
4
ASSESSABLE UNIT
Consumables
Federal Receivables
Real Property
Civilian Payroll
Reporting Responsibilities
ALL
ALL
ALL
ALL
FOR OFFICIAL USE ONLY
TMA
X
X
X
X
BUMED
X
X
X
X
9
Quarterly & Annual Reporting Requirements
• Quarterly Certifications
• Annual Statement of Assurance (SOA)
• Provide two levels of assurance, one for ICONO and one for
ICOFR, that internal controls are in place and operating
effectively
• Provide sources that were assessed to determine the level of
assurance and identify control deficiencies
• Report deficiencies
• Attest to implementation of Standard Operating Procedures
(SOPs)
FOR OFFICIAL USE ONLY
10
Sources of Internal Control Assessment
• MICP Sources:
•
•
ICONO: Assessable Unit results
ICOFR: Command Level Testing (CLT) results
• Other Sources:
Internal to Navy Medicine
• MEDIG findings
• Command Evaluation
Program
• Logistics Assist Visits
• UBO Quarterly Audits
• Unauthorized Commitments
• Management Observation
• Program Reviews
External to Navy Medicine
• Government Accountability
Office (GAO)
• DoD IG findings
• Navy IG findings
• Navy Audit Service (NAS)
• Joint Commission
Inspections
• PPMAP Inspections
FOR OFFICIAL USE ONLY
11
Level of Assurance
• Unqualified: Reasonable assurance with no material
weaknesses (MWs) reported. Certification must be
accompanied by a firm basis for this position.
• Qualified: Reasonable assurance with the exception of one or
more MW(s) reported. Certification must cite MW(s) that
precluded an unqualified statement.
• No Assurance: No reasonable assurance either because no
assessments were conducted or MWs are pervasive.
FOR OFFICIAL USE ONLY
12
Part 2:
INTERNAL CONTROLS OVER
NONFINANCIAL OPERATIONS
(ICONO)
FOR OFFICIAL USE ONLY
13
ICONO Assessable Units
• Organized functionally
• Inventory developed based on TMA- and BUMED-identified risks
• Reviewed and updated annually with input from program
managers/subject matter experts
• Supplemented by Region/Activity identified electives
• Support audit readiness initiatives
• Increased effort to introduce data driven elements and transactional
reviews into the assessments
Goal: Identify control deficiencies and implement
corrective actions
FOR OFFICIAL USE ONLY
14
Identifying Deficiencies
• Must be control related
• Identified through the Assessable Units, as well as, the internal
and external assessment sources
• Classify the deficiency according to its severity
• Establish corrective action plans to address deficiencies
•
•
Activities are responsible for implementing the corrective actions within
their control and updating their plans
Regions/BUMED provide oversight to ensure corrective actions are
being implemented and provide implementation assistance when needed
• Report through quarterly Certification Statements and Annual
Statement of Assurance (SOA)
FOR OFFICIAL USE ONLY
15
Classifying Deficiencies
• How severe is the deficiency?
• Is there a significant threat to mission, resources, and/or image?
• Deficiency Categories:
•
•
•
Material Weakness (MW): A reportable condition of combination of
reportable conditions, which is significant enough to report to the next
higher level. The determination is a management judgment as to
whether a weakness is material.
Reportable Condition (RC): A control deficiency, or combination of
control deficiencies, that adversely affects the ability to meet mission
objectives but are not deemed by the Head of the Component as
serious enough to report as material weaknesses.
Item to be Revisited (IR): An internal control issue brought to
management’s attention with insufficient information to determine
whether the control deficiency is material or not. These issues will be
revisited throughout the following quarters to determine the materiality of
16
the control deficiency.
FOR OFFICIAL USE ONLY
Corrective Action Plans
• Develop for all deficiencies—whether or not you report them
• Elements to include:
•
•
•
•
Identify the deficiency
Set a target correction date
Identify the corrective actions that will be taken to remediate the
deficiency
Call attention to higher level assistance, if needed
• Monitor and update progress on a regular basis
FOR OFFICIAL USE ONLY
17
Determining What Deficiencies to Report
• Report from your organization’s perspective
•
•
MTFs/activities should report deficiencies as they impact the
MTF/activity
Regions should report deficiencies as they impact the Region
• Questions to ask:
•
•
•
Does higher echelon need to know about this issue?
Can we resolve this issue within our own means at the MTF/activity or
Regional level?
Does this issue permeate the entire Region or is it an isolated issue?
FOR OFFICIAL USE ONLY
18
Determining Level of Assurance
• A management decision
• Based on the types of deficiencies identified and whether or not
the items need to be reported to the next higher level
• 3 levels of assurance: qualified, unqualified, no assurance
Level of Assurance
Types of Deficiencies
Unqualified
No MWs
Some RCs and/or IRs identified
Qualified
1 or more MWs
No Assurance
MWs are pervasive
No assessments were conducted
FOR OFFICIAL USE ONLY
19
How ICONO Efforts Support Audit Readiness
• Examine and/or test internal controls to ensure compliance with
laws, regulations, policies, etc.
• Evaluate processes to determine if Standard Operating
Procedures (SOPs) are fully implemented and correct processes
where they are not
• Practice pulling documents which support transactions
• Identify internal control deficiencies and correct them before
audit
FOR OFFICIAL USE ONLY
20
Part 3:
INTERNAL CONTROLS OVER
FINANCIAL REPORTING
(ICOFR)
FOR OFFICIAL USE ONLY
21
OMB Circular A-123, Appendix A
Internal Controls
Over
Financial Reporting
(ICOFR)
Objective
• OMB Circular A-123, Appendix A - Internal Controls
over Financial Reporting (ICOFR)
Requires Management to Assess, Test, Document, and Report on Financial
Controls
• Financial Improvement and Audit Readiness(FIAR) Plan
 Provide Guidelines, Goals, Priorities, and Strategies to become Audit Ready
• Achieving Audit Readiness
DoD’s Goals and Roles to Achieve Audit Readiness
FOR OFFICIAL USE ONLY
23
Appendix A - Governing Statutes
• Federal Managers’ Financial Integrity Act
of 1982
Requires all DoD managers to assess the effectiveness of management
controls applicable to their responsibilities
An Act to amend the Accounting and Auditing Act of 1950 to require
ongoing evaluations and reports of the adequacy of the systems of internal
accounting and administrative control
• Sarbanes-Oxley Act of 2002
Public Company Accounting Reform and Investor Protection Act
FOR OFFICIAL USE ONLY
24
Appendix A - Requirements
• Reporting on Financial Internal Controls
Internal Controls are specific policies procedures and
activities that are established to manage or mitigate risks
• Assessing and Validating Controls and Processes
Internal Controls are part of every process and activity being
performed throughout the organization
• Providing ICOFR Annual Assurance Statement
Internal controls provided reasonable assurance that what
should happen does happen
FOR OFFICIAL USE ONLY
25
Internal Control
• Internal Control Objectives:
• Effectiveness and Efficiency of Operations,
• Reliability of Financial Reporting, and
• Compliance with Applicable Laws and Regulations
FOR OFFICIAL USE ONLY
26
Standards of Internal Control Activities
• Control Environment - the organizational structure to sustain organizational
support for effective internal control
• Risk Assessment - identify internal and external risks that may prevent the
organization from meeting its objectives
• Control Activities - include policies, procedures and mechanisms in place to
help ensure that agency objectives are met
• Information and Communications - should be relevant, reliable, and timely
• Monitoring - periodic reviews, reconciliations or comparisons of data should
be included as part of the regular assigned duties of personnel
FOR OFFICIAL USE ONLY
27
Financial Improvement and Audit
Readiness (FIAR)
• FIAR Plan (OMB Circular A-123, Appendix A)
•Goals
•Priorities
•Strategies
•FIAR Phases
•Discovery
•Corrective Action
•Evaluation
•Assertion
•Validation
•Audit
FOR OFFICIAL USE ONLY
28
FIAR Goals
• Improve the Department’s Financial Management Operations
• Provide our Service men and women with the resources they
need to carry out the mission
• Improving our stewardship of the resources entrusted to us by
the taxpayers.
FOR OFFICIAL USE ONLY
29
FIAR Priorities
• The First Priority is the Budgetary Resources. The benefits of
focusing on budgetary information are to:
Improve the visibility of budgetary transactions
Provide for operational efficiencies through more readily available
financial information;
Improve fiscal stewardship (ensures that funds appropriated, expended
and recorded are reported accurately, reliably and timely); and
Improve budget processes and controls
• The Second Priority is the Mission Critical Assets. Mission
critical assets are:
Military Equipment
Real Property
Inventory
Operating Materials and Supplies
General Equipment
FOR OFFICIAL USE ONLY
30
FIAR Strategies
• Wave 1
Appropriations
Received
Wave 2
Statement
of
Budgetary
Resources
Wave 3
Mission Critical
Assets
Existence &
Completeness
FOR OFFICIAL USE ONLY
Wave 4
Full Audit
(except for
valuation)
31
WAVE 1
Appropriations Received
• Accurate and timely recording of the budget authority needed to
commit, obligate, and expend funds
• Processes and controls include activities performed to control
and record transactions related to:



Receipt of the budget (Appropriations Received)
Distribution of the Budget to the Major Commands
Fund Balance with Treasury (FBWT)
FOR OFFICIAL USE ONLY
32
WAVE 2
Statement of Budgetary Resources
• The SBR presents:




all budgetary resources a reporting entity has available
the status of those resources at period end
a reconciliation of changes in obligated balances from the beginning to
the end of the period
and cash collections and disbursements for the period reported.
• Includes all processes, internal controls, systems and supporting
documentation that must be audit ready before the SBR can be
audited.
FOR OFFICIAL USE ONLY
33
Sample Statement of Budgetary
Resources (SBR)
BUDGETARY FINANCING ACCOUNTS
BUDGETARY RESOURCES
Unobligated balance, brought forward, Oct 1
Recoveries of prior year unpaid obligations
Budget authority
Appropriation
Spending authority from offsetting collections
Earned
Collected
Change in receivables from Federal sources
Change in unfilled customer orders
Advance received
Without advance from Federal sources
Subtotal
Nonexpenditure transfer, net, anticipated and actual
Permanently not available
Total Budgetary Resources
Status of Budgetary Resources
Obligations incurred:
Direct
Reimbursable
Unobligated balance:
Apportioned
Sub Total
Unobligated balance not available
Total status of budgetary resources
28,026,796
24,029,026
165,257,644
7,806,105
(144,220)
323,916
76,479
173,322,124
1,711,873
(3,170,061)
223,921,758
186,801,435
10,215,890
197,017,325
23,899,972
23,899,972
3,004,461
223,921,758
Changes in Obligated Balances
Obligated balance, net
Unpaid obligations, brought forward, Oct 1
Less: Uncollected customer payments for Federal sources,
brought forward, Oct 1
Total unpaid obligated balance
Obligations incurred net (+/-)
Less: Gross outlays
Less: Recoveries of prior year unpaid obligations, actual
Change in uncollected customer payments from federal sources
(+/-)
Obligated balance, net, end of period
Unpaid obligations
Less: Uncollected customer payments from Federal sources (-)
Total, unpaid obligated balance, net, end of period
Net Outlays:
Gross Outlays
Less: Offsetting Collections
Less: Distributed offsetting receipts
Net Outlays
2009 Combined
FOR OFFICIAL USE ONLY
93,776,544
(3,864,218)
89,912,326
197,017,325
(165,217,414)
(24,029,026)
65,742
101,547,429
(3,798,476)
97,746,953
165,217,414
(8,130,022)
(321,451)
156,765,941
34
WAVE 3
Mission Critical Assets (E&C)
• Focuses on the “existence and completeness” financial statement
assertions and includes the “rights” assertion and portions of the
“presentation and disclosure” assertion.
•
Reporting entities must ensure that:




all assets recorded in the property books exist
all of the reporting entities’ assets are recorded in their system
reporting entities have the right to report all assets (Rights)
assets are consistently categorized, summarized, and reported period to
period (Presentation and Disclosure).
FOR OFFICIAL USE ONLY
35
WAVE 4
Full Audit
• Include the proprietary side of financial transactions covered in
Wave 2, and:





•
accounts receivable
earned revenue
accounts payable
gross costs
other liabilities
Adds the “valuation” assertion for assets
FOR OFFICIAL USE ONLY
36
Assertions
Existence: Only valid or authorized transactions are processed during the correct period,
and the underlying asset exists during the period reported in the accounting system
Completeness: All transactions are processed that should be and the entire population of assets is
accounted for and established.
Rights & Obligations: Assets represent the rights of the organization as of a given date
(Ownership/Custody)
Valuation: Assets, liability, equity, revenue, and expense components have been included in the
financial statements at appropriate amounts.
Presentation and Disclosure: Components of the financial statements are properly classified,
described and disclosed (properly recorded as acquisitions, disposals, reparable, expendable,
salvageable)
FOR OFFICIAL USE ONLY
37
Asserting
• We will be asserting :
 that
our financial controls are in place and operating
effectively
 that our financial reports are accurately prepared
 that transactions can be supported with
documentation and that
 that we have fully complied with our laws and
regulations.
FOR OFFICIAL USE ONLY
38
BUMED Assertion Dates to TMA
Assessable Units
Assertion Dates
Travel
SEP 2012
Consumables
DEC 2012
Reimbursable Work Orders – Grantor
DEC 2012
Reimbursable Work Orders – Performer
APR 2013
Military Payroll
APR 2013
Contract Administration
JUL 2013
Non-Federal Receivables
JUL 2013
Federal Receivables
SEP 2013
Civilian Payroll
DEC 2013
Financial Reporting
DEC 2013
Fund Balance with Treasury
DEC 2013
FOR OFFICIAL USE ONLY
39
FIAR Phases
Audit
Discovery
Corrective
Action
Validation
Assertion
Evaluation
FOR OFFICIAL USE ONLY
40
BUMED’s FIP Tool Box
• Command Level Testing/Validation Testing
• Standard Operating Procedures (SOPs)
• FMO Samples and Workbooks
• NAS Sample Testing
FOR OFFICIAL USE ONLY
41
Audit Preparation
Verify Beginning
Balances
Supporting
Documents
Population
IT Controls
Control Testing
Service Providers
Reconciliations
Managers’ Internal Control Program
(MICP)
ICONO
ICOFR
MICP
FOR OFFICIAL USE ONLY
43
Audit Readiness
• It’s not just a Job; it’s the path to
audit success…
FOR OFFICIAL USE ONLY
44
Audit Readiness Trivia
• What are the Priorities of the FIAR Plan?
• What are Two Internal Control Objectives?
• What are the Five Financial Assertions?
• What is the date for Audit of the SBR?
• What is the date for Full Audit?
FOR OFFICIAL USE ONLY
45
Part 4:
EXERCISE: CLASSIFYING
AND REPORTING
DEFICIENCIES
FOR OFFICIAL USE ONLY
46
Scenario
• At Naval Hospital Atlantis, during a 6 month timeframe,
questionable transactions were found on the GTCCs for 60
members. During this timeframe, the total number of members
who used their card was 70.
• The types of questionable transactions included:
• Expenses not related to official government travel such as video games
purchased at Target
• Cash advances taken within a member’s permanent duty station and the
member is not on official government travel orders
• Airline tickets purchased for a member’s spouse and children
• Lodging charges for a member’s personal travel following a period of
official government travel
• These questionable expenses were not identified during travel
card or DTS voucher review processes
FOR OFFICIAL USE ONLY
47
Analysis
• Is the deficiency a threat to mission, resources, and/or image?
• How would you classify the deficiency and why?
•
Material Weakness, Reportable Condition, Item to be Revisited
• What is your corrective action plan?
• Would you report the deficiency? Why or why not?
• Is the deficiency related to ICONO, ICOFR, or both?
• If you do report the deficiency, what level of assurance do you
report?
•
Unqualified, Qualified, or No assurance
FOR OFFICIAL USE ONLY
48
Higher Level Resources
•
Federal Managers’ Financial Integrity Act of 1982 (P.L. 97-255)
•
OMB Circular A-123: Management’s Responsibility for Internal Control
•
DoD Financial Improvement and Audit Readiness (FIAR) Guidance of December
2011
•
DoDI 5010.40 of 29 July 2010: Managers’ Internal Control Program (MICP)
Procedures
•
SECNAVINST 5200.35E of 8 November 2006: Department of the Navy (DON)
Managers’ Internal Control (MIC) Program
•
SECNAV M-5200.35 of June 2008: Department of the Navy Managers’ Internal
Control Manual
•
OPNAVINST 5200.25D of 03 October 2011: Managers’ Internal Control Program
•
GAO Products: “Standards for Internal Control in the Federal Government” and
“Internal Control Management and Evaluation Tool”
49
FOR OFFICIAL USE ONLY
BUMED Resources
•
SG’s Memo on Internal Controls in Navy Medicine of 5 January 2012; Reference:
5200 Ser M82/11UM82757
•
DSG’s Memo on Annual Areas for Leadership Engagement of 30 August 2010;
Reference: 5200 Ser M82/10UM82749
•
BUMEDINST 5200.13A of 29 October 2008: Managers’ Internal Control Program
•
Managers’ Internal Control Program (MICP) Guidance for Fiscal Year (FY) 2012
dated 6 October 2011; Reference: 5200 Ser M82/11UM82758
FOR OFFICIAL USE ONLY
50
Questions?
Contact Information
• Meg Sherwood
Phone: 703-681-9487
Email: margaret.sherwood@med.navy.mil
• Freda King
Phone: 703-681-9471
Email: freda.king@med.navy.mil
FOR OFFICIAL USE ONLY
51
Download