Effective Date: July 21, 2008
Expiration Date: June 21, 2014
NASA's policy is to comply with Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Internal Control, which provides government-wide requirements for internal control and accountability, based on the Federal Managers' Financial Integrity Act (FMFIA). Specifically, it is NASA's policy to:
a. Develop and maintain internal control policies, procedures, plans, and assessments to provide reasonable assurance that the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations are achieved.
b. Hold Officials-in-Charge (OICs) and Center Directors responsible for the development, implementation and effectiveness of internal controls, and for annually assessing and reporting on the effectiveness of internal controls.
c. Ensure that internal control and accountability underpin decisive governance over organizational structure; policies and procedures; processes for managing programmatic, financial and institutional activities; checks and balances; and tools and techniques to uphold the Agency's integrity, efficiency, and effectiveness.
d. Ensure that internal controls are well integrated into new or revised activities when making changes to ongoing activities and implementing new activities in programmatic and institutional operations or financial management processes.
This NASA Policy Directive (NPD) applies to NASA Headquarters and NASA Centers, including Component Facilities and Service Support Centers. The Jet Propulsion Laboratory is subject to its own internal control requirements and procedures consistent with its status as a government- owned, contractor-operated facility.
a. 42 U.S.C. º 2473(c)(1), Section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
b. 31 U.S.C. ºº 3512 (b) and (c), Federal Managers' Financial Integrity Act of 1982 (Pub.L. 97-255).
c. 31 U.S.C. ºº 901-903, Chief Financial Officers Act of 1990 (Pub.L. 101- 576).
d. 5 U.S.C. App., et seq., Inspector General Act of 1978, as amended.
e. 31 U.S.C. º 1115 et seq., Government Performance and Results Act of 1993.
f. 31 U.S.C. º 3512 note, Federal Financial Management Improvement Act of 1996 (Pub.L. 104-208).
g. 31 U.S.C. º 3321 note, Improper Payments Information Act of 2002 (Pub.L. 107-330).
h. 40 U.S.C. ºº 11101 et seq., Clinger-Cohen Act of 1996 (Pub.L. 104- 106).
i. 44 U.S.C. º 3541 et seq., Federal Information Security Management Act (FISMA) of 2002.
j. 29 U.S.C. º 794d, 36 CFR, Part 1194, Rehabilitation Act of 1973, Section 508, as amended.
a. OMB Circular A-123, Management's Responsibility for Internal Control, including:
(1) Appendix A, Internal Control over Financial Reporting.
(2) Appendix B, Improving the Management of Government Charge Card Programs.
(3) Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments.
b. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government.
c. OMB Circular A-127, Financial Management Systems.
d. OMB Circular A-130, Management of Federal Information Resources.
e. CFO Council, Implementation Guide for OMB Circular A-123, Management's Responsibility for Internal Control, Appendix A, Internal Control over Financial Reporting.
f. Operations Management Council (OMC) Charter.
g. Senior Assessment Team (SAT) Charter.
h. NPD 1000.0, Strategic Management & Governance Handbook.
i. NPD 1000.3, The NASA Organization.
j. NPD 1210.2, NASA Surveys, Audits, and Reviews Policy.
k. NPD 1280.1, NASA Management System Policy.
l. NPD 1400.1, Documentation and Promulgation of Internal NASA Requirements.
m. NPD 2800.1, Managing Information Technology.
n. NASA Procedural Requirements (NPR) 2810.1, Security of Information Technology.
o. NPD 9800.1, NASA Office of Inspector General Programs.
p. NPD 9910.1, Government Accountability Office/NASA Office of Inspector General Audit Liaison, Resolution, and Followup.
q. NASA Financial Management Requirements, Office of the Chief Financial Officer (OCFO).
r. NASA Internal Control Program Handbook, Office of Internal Controls and Management Systems (OICMS).
a. The Administrator shall:
(1) Serve as the highest authority for reasonable assurance of internal control throughout the Agency.
(2) Certify and sign the annual Statement of Assurance and related required reports.
b. OICs and Center Directors shall:
(1) Implement internal control consistent with the body of OMB Circular A-123.
(2) Maintain internal control according to the GAO Standards for Internal Control in the Federal Government, which includes standards for control environment, risk assessment, control activities, information and communications, and monitoring.
(3) Certify compliance with these standards on an annual basis according to the Statement of Assurance process and evaluation tools established in the NASA Internal Control Program Handbook.
(4) Provide timely inputs throughout the year to the SAT regarding potential internal control deficiencies.
(5) Ensure timely completion of corrective actions for identified control deficiencies.
(6) Develop and provide specialized/functional internal control training as necessary.
c. The Chairperson of the Operations Management Council shall:
(1) Maintain cognizance of internal control policies and initiatives.
(2) Serve as the final review official for the annual Statement of Assurance process, the annual Statement of Assurance signed by the Administrator, and related reporting requirements.
(3) Approve the addition and deletion of material weaknesses to or from the OMC watch list of Agency deficiencies.
(4) Serve as a forum for addressing issues received through the SAT (e.g., resources, coordination, and compliance).
d. The Chairperson of the Senior Assessment Team shall:
(1) Provide leadership and oversight with respect to NASA's internal control program, the goal of which is to ensure that internal controls are commensurate with identified risks and results-oriented management.
(i) Review and approve internal control policies, programs, initiatives, and similar activities.
(ii) Identify and ensure that adequate funding and resources are made available for an effective internal control program.
(2) Review and approve guidance associated with the annual Statement of Assurance process.
(3) Serve as a mechanism for evaluating existing and proposed internal control deficiencies and issues.
(i) Propose and forward to the OMC for decision, material weaknesses for external reporting, as required by statute, as well as other weaknesses and management challenges to be included on the OMC watch list.
(ii) Assess the adequacy and track the completion of corrective action plans developed in response to identified internal control deficiencies.
(4) Assess the effectiveness of Agency, Center, and organizational efforts with respect to internal control policies, procedures, processes, and activities.
e. The Assistant Administrator, Office of Internal Controls and Management Systems, Office of Institutions and Management, shall:
(1) Serve as the functional owner of the Agency's internal control program.
(2) Develop and update internal control policy and implementation practices for the SAT, OMC, and Agency approval.
(3) Serve as advisory staff and working group for the SAT.
(4) Develop an annual Statement of Assurance guidance and call letter.
(5) Incorporate the OCFO draft financial management assurance statement and related deficiencies into the draft Statement of Assurance.
(6) Present to the SAT results of the Statement of Assurance process and recommend internal control deficiencies to be reported in the Statement of Assurance.
(7) Prepare OMC-approved Statement of Assurance recommendations for final review and concurrence.
(8) Conduct periodic reviews of Center/Headquarters organizational internal control practices.
(9) Develop and provide general internal control awareness and training.
f. The Chief Financial Officer shall:
(1) Oversee Agency-wide compliance with OMB Circular A-123, Appendix A, Internal Control over Financial Reporting.
(i) Prepare A-123, Appendix A Implementation Plan, and submit it to OMB.
(ii) Oversee an annual asessment of internal control over financial reporting and report to OMB, as required.
(iii) Prepare a financial management section of the Statement of Assurance and work with the OICMS to finalize the Statement of Assurance report.
(iv) Develop and provide training on internal control over financial reporting.
(2) Oversee NASA travel card management as set forth in OMB Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs.
(3) Oversee Agency compliance with OMB Circular A-123, Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments.
g. The Chief Information Officer (CIO) shall:
(1) Provide oversight of the management of NASA's information resources as required by OMB Circular A-130, Management of Federal Information Resources.
(2) Ensure that NASA protects all NASA information and associated information technology systems, both classified and unclassified, as required by FISMA and NASA Procedural Requirements 2810.1, Security of Information Technology.
(3) Provide policy, guidance, and training to the Agency, as required by statute and regulation, for records management, compliance with Section 508 of the Rehabilitation Act, and other areas for which the Office of the CIO is responsible.
h. The Assistant Administrator, Office of Infrastructure and Administration, Office of Institutions and Management, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA fleet cards according to OMB Circular A-123, Appendix B, Improving the Management of Government Charge Card Programs.
(2) Review/concur on reports required by OMB on NASA fleet card statistics, deficiencies, corrective actions, and improvements.
i. The Assistant Administrator, Office of Procurement, Office of Institutions and Management, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA purchase cards in accordance with OMB Circular A-123, Appendix B.
(2) Review/concur on reports required by OMB on NASA purchase card statistics, deficiencies, corrective actions, and improvements.
j. The Inspector General shall:
(1) Oversee independent audits, investigations, and compliants regarding possible violations of law, fraud, waste, abuse, and other internal control deficiencies as mandated by the Inspector General Act.
(2) Serve as an ex officio member of the OMC, providing an independent perspective on identification, assessment, and closure of material weaknesses on the Council's watch list.
(3) Serve in an advisory capacity on the SAT, providing an independent perspective on NASA's internal control program.
a. Timeliness in developing and completing corrective actions associated with internal control deficiencies.
b. Decline over time in the overall number and seriousness of internal control deficiencies.
c. Timeliness of collecting individual Statement of Assurance inputs from OICs and Center Directors.
d. Timeliness of the Agency's Statement of Assurance submittal.
NPD 1200.1D, dated May 15, 2006.