Effective Date: September 30, 2008
Expiration Date: January 30, 2015
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | ALL ||
3.1.1 This systematic analysis identifies a program's or function's susceptibility to failing to achieve its objectives or goals, to producing erroneous reports or data, to allowing unauthorized use of resources, to permitting illegal or unethical acts, and to receiving an adverse or unfavorable financial statement audit opinion.
3.1.2 A risk assessment is conducted in order to identify, measure, and analyze, risks, internal and external, controllable and uncontrollable, so that steps toward mitigation may be taken, particularly in those areas identified as having the greatest risk. It is also a useful tool to ensure that proper internal controls are in place to manage identified risks. Risk assessments can provide reasonable assurance that the internal control structure is well designed and operational, timely, updated to meet changing conditions, and that NASA's objectives are being achieved.
3.2.1 NASA shall conduct annual risk assessments of financial management cycles where the level of risk is unknown. Once a baseline risk level is determined a formal risk assessment is required every three years. If a process undergoes significant re-design, legislation or requirement changes, or change in personnel performing the activities a formal risk assessment must be undertaken prior to the next three year cycle. At least annually management shall update/review existing risk assessment documentation.
3.2.2 NASA shall conduct the additional risk assessments required by the Improper Payments Information Act in accordance with Chapter 4 of this NPR.
3.3.1 Agency Chief Financial Officer (CFO). Shall assure that risk assessments are conducted at least once every three years on all Agency financial management programs.
3.3.2 Director, Quality Assurance Division (QAD), OCFO. Shall oversee the entity- level assessment for all Agency financial management programs, develop an assessment tool to provide to those areas being assessed, and ensure corrective actions are taken as appropriate.
3.3.3 Center CFOs/NASA Shared Services Center/Manager, Business Process and Application Support Office, Integrated Enterprise Management Program (IEMP) Competency Center/ Officials-in-Charge (OICs) of Headquarters Offices. Shall conduct risk assessments in accordance with QAD guidance, and submit the completed assessments in the format specified by QAD.
3.3.4 Points of Contact for Areas to Be Assessed. Maintain the completed risk assessment documentation, including supporting information, and monitor and document progress toward resolving recommendations on Corrective Action Plans.
3.4.1 Financial managers and program managers with financial management responsibilities shall ensure risk assessments on their financial processes are conducted in accordance with QAD guidance and the authorities and references listed in Section 4.3 and take steps toward mitigation may be taken, particularly in those areas identified as having the greatest risk. Documentation of the risk assessments shall be maintained by the Center's Financial Quality Assurance Office and shall be available to QAD upon request.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | ALL |
|| NODIS Library | Financial Management(9000s) | Search ||