![[NASA Logo]](../Images/nasaball.gif) |
NASA Procedures and Guidelines |
||||
This Document is Obsolete and Is No Longer Used.
|
|||||
|
|
|||||
|
|
||||
| | TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | ALL | | |||||
1.1.1 Internal controls are an integral part of NASA's programmatic, institutional, and financial management operations and consist of all the measures taken by the Agency to safeguard resources against fraud, waste, and abuse; ensure accuracy and reliability of financial information; ensure efficient and effective operations; and ensure compliance with Federal laws, regulations, and Agency policy.
1.1.2 Internal controls are used to facilitate reaching objectives and to mitigate risks in an effort to prevent undesired results or to ensure desired outcomes and are every employee's responsibility. However, it is the managers who are held accountable for establishing and maintaining a sound system of internal control within their respective area of responsibility.
1.1.3 This chapter describes the internal control requirements as they apply to financial management. Management shall establish a positive internal control environment; identify risks to achieving the mission and goals; implement control activities to mitigate risks; perform continuous monitoring of control activities; and ensure good communication throughout the organization to sustain an effective internal control environment.
1.2.1 NASA shall establish, implement, and maintain internal controls for all financial activities.
1.2.2 NASA shall conduct an annual review/assessment of internal controls over financial reporting as prescribed by Office of Management and Budget (OMB) Circular No. A-123, Appendix A, Management's Responsibility for Internal Control: Implementation Guide.
1.2.3 NASA shall report annually to the President, Congress, and OMB on the effectiveness of the Agency's financial management internal controls in compliance with the Federal Managers' Financial Integrity Act of 1982.
1.3.1 NASA Administrator. Shall serve as the highest authority for reasonable assurance of internal control throughout the Agency in accordance with NPD 1200.1 and NPD 9910.1.
1.3.2 NASA Deputy Administrator. Shall serve as the NASA Audit Followup Official (AFO) in accordance with NPD 1200.1 and NPD 9910.1.
1.3.3 Assistant Administrator, Office of Internal Control and Management Systems (OICMS). Shall serve as the functional owner of the Agency's internal control program in accordance with NPD 1200.1.
1.3.4 Agency CFO/Agency Deputy CFO. Shall implement and maintain a sound system of internal controls over financial operations and reporting.
1.3.5 Director, Quality Assurance Division (QAD), Office of the CFO (OCFO). Shall oversee the management of the financial management internal control program, including:
a. Conducting detailed reviews of NASA's internal controls over financial reporting and improper payments pursuant to OMB Circular No. A-123.
b. Conducting detailed reviews of NASA's accounting systems pursuant to OMB Circular No. A-127.
c. Providing support for the annual statement of assurance as it pertains to financial operations and financial reporting, including whether NASA's financial management systems comply with OMB Circular No. A-127 requirements and reporting plans to correct any non-conformance in the area of financial management.
d. Recommending Agency policy and establishing guidance pertaining to the financial management internal control program.
e. Advising on internal audit and assessment with regard to financial management operations
1.3.6 Center Directors/Center CFOs/Executive Director, NASA Shared Services Center/Manager, Business Process and Application Support Office, Integrated Enterprise Management Program (IEMP) Competency Center/Officials-in-Charge (OICs) of Headquarters Offices. Shall conduct internal control assessments of financial management activities under their control, as prescribed in this volume; develop and implement corrective action plans for identified deficiencies; and provide quarterly reports on non-material weaknesses and monthly reports on material weaknesses (including actions taken to remedy the deficiencies) to the QAD.
1.3.7 Center CFOs and program managers with fiscal management responsibility. Shall establish, implement, and maintain internal controls for all financial activities under their direction.
1.3.8 All managers and employees with financial responsibilities. Shall ensure that internal controls are embedded throughout their financial management operations and processes and that NASA resources are used efficiently and effectively to achieve intended program results.
1.4.1 Internal Control over Financial Reporting. NASA is required to provide an annual Statement of Assurance for Internal Control over Financial Reporting. This statement is a subset of the overall Statement of Assurance and is based on management's assessment of financial reporting internal control effectiveness. In order to be able to provide this assurance, the Agency CFO shall:
a. Determine scope of significant financial reports and materiality for financial reporting.
b. Document the key processes (i.e., cycles) and controls over financial reporting.
c. Assess the design of internal controls over financial reporting.
d. Test the operational effectiveness of internal controls as of June 30.
e. Integrate internal control throughout the entire agency and through the entire cycle of planning, budgeting, accounting, audit liaison, and reporting.
f. Report annually in the Agency Financial Report on the effectiveness of internal control over financial reporting.
g. Establish processes to ensure prompt and proper resolution of material weaknesses.
1.4.2 NASA Travel Card. The Agency CFO serves as the Agency-wide functional lead for NASA travel cards in accordance with OMB Circular No. A-123, Appendix B; NPR 9700.1, and NPD 1200.1, and shall:
a. Coordinate audits of travel cards by the OIG, the Government Accountability Office (GAO) and other external entities, and OCFO internal control reviews.
b. Review/concur on required reports to OMB on NASA travel card statistics, deficiencies, corrective actions, and improvements.
c. Conduct periodic reviews of the travel card process internal controls to ensure controls are designed appropriately and operate effectively to safeguard against waste, fraud, abuse and mismanagement.
1.4.3 Improper Payment Information Act (IPIA). The Agency CFO shall implement an Agency-wide IPIA and Recovery audit program in accordance with OMB Circular No. A-123, Appendix C, and shall:
a. Conduct risk assessment for all agency programs to determine programs susceptible to significant erroneous payments.
b. Conduct sufficient review of program payments to obtain a statistically valid estimate of the annual improper payments.
c. Implement a plan to reduce erroneous payments to a level above the OMB threshold.
d. Implement a recovery audit program to prevent, detect, and recover overpayments.
e. Report annually in the Agency Financial Report on the results of improper payment activities.
1.5.1 The Joint Financial Management Improvement Program (JFMIP), Framework for Federal Financial Management Systems, defines financial management systems as core financial systems, other financial and mixed systems, shared systems, and departmental executive information, and OMB prescribes policies and standards for developing, operating, evaluating, and reporting on financial management systems in order to produce accurate and timely financial reports. NASA's policy to meet these requirements is provided below.
a. IEMP. NASA's core financial system shall be a module of IEMP. The IEMP Competency Center is responsible for ensuring that NASA's core financial management system and all associated systems provide reliable data in a usable format that enables the Agency to accomplish its mission, improve financial management, and integrate budget and performance. The IEMP Competency Center is responsible for ensuring that adequate internal controls are in place and working effectively to meet all requirements.
b. Financial Information Classification Structure. All IEMP systems shall reflect an Agency-wide financial information classification structure that is consistent with the United States Standard General Ledger (USSGL), provides for tracking of specific program expenditures, and covers financial and financially related information.
c. Integration. All IEMP systems shall be designed and operate in a manner that provides effective and efficient interrelationships among software, hardware, personnel, procedures, controls, and data contained within systems.
d. USSGL Application. All IEMP systems shall apply USSGL requirements at the transaction level and follow the definitions and defined uses of the general ledger accounts as described in the USSGL.
e. Federal Accounting Standards. All IEMP systems shall maintain accounting data to permit reporting in accordance with accounting standards recommended by Federal Accounting Standards Advisory Board (FASAB) and issued by the Director of OMB and/or the Secretary of Treasury.
f. Financial Reporting. All IEMP systems shall meet all of NASA's financial reporting requirements, including NPR 9310.1 and 9311.1 on External Reporting.
g. Budget Reporting. All IEMP systems shall enable the Agency to prepare, execute, and report on the agency's budget in accordance with requirements of OMB Circular No. A-11, Preparation, Submission and Execution of the Budget, Agency policy, and other legal, regulatory, and policy requirements.
h. Functional Requirements. All IEMP systems shall conform to GAO's functional requirements for the design, development, operation, and maintenance of financial management systems. This includes such areas as ensuring that internal system edits are in place to control fund availability and account structure between related transactions.
i. Computer Security Act Requirements. All IEMP systems shall incorporate security controls in accordance with the Computer Security Act of 1987 and OMB Circular No. A-130, Management of Federal Information Resources, for those systems that contain "sensitive information" as defined by the Computer Security Act.
j. Documentation. All IEMP systems shall have clear instructions documented in both hard copy and electronic version in accordance with the requirements contained in Federal Financial Management System requirements.
k. Compliance. All IEMP systems shall be in compliance with applicable laws, regulations, and policies.
l. Training and User Support. The IEMP Competency Center shall provide training and user support for all users of the systems to enable users to fully understand, operate and maintain the relevant financial management systems.
m. Maintenance. All IEMP systems shall have received on-going maintenance to ensure that systems continue to operate in an effective and efficient manner.
n. Access. All IEMP systems shall provide appropriate access to authorized users but shall not permit access to unauthorized users. This shall include appropriate system role assignments to safeguard segregation of duty issues.
o. Requirements Checklist. GAO issued the Checklist for Reviewing Systems under the Federal Financial Management Improvement Act (GAO-04-763G) that should be used to assist appropriate organizations in designing, developing, implementing, operating, maintaining, and reviewing financial management systems.
1.6.1 As prescribed by the GAO Standards for Internal Control in the Federal Government, the standards listed below define the minimum level of quality assurance for NASA's financial management internal control program and form the basis of the entity-level self assessment tool.
a. Control Environment. The control environment sets the tone of the organization by influencing the control conscience of its employees. Control environment factors include the integrity, ethical values, and competence of the employee; management's philosophy and operating style; the manner by which management assigns authority and responsibility, and organizes and develops its employees; and the attention and direction provided by NASA management. NASA managers shall establish and maintain an environment throughout the Agency that sets a positive and supportive attitude toward financial management internal controls and conscientious management.
b. Risk Assessment. Risk assessment is the identification, measurement, and analysis of risks or vulnerabilities, internal and external, controllable and uncontrollable, at individual business levels and for NASA as a whole. Risk assessment forms the basis for determining how the financial management risks shall be mitigated, and what type, quality, and quantity of financial management internal controls shall be implemented to reasonably assure that NASA's goals are achieved.
c. Control Activities. Control activities include policies, procedures, and mechanisms in place to help ensure that agency objectives are met. Policies and procedures should be formalized and made available and accessible to employees. When determining whether a particular control should be implemented, agencies should consider the risk and potential consequences of failure as well as the likely benefit and cost (in resources) of establishing the control.
d. Information and Communications. Communication allows employees to identify, capture, and exchange pertinent information in a form and timeframe that enable people to perform their duties. This not only includes information systems reports but it also includes the day-to-day communication among employees, organizations, supervisors, and senior management. Information and communication shall flow up and down the organization and flow across departments and divisions.
e. Monitoring. Continuous monitoring of control activities allows management to ensure that they are effective and adequate. In addition to ongoing monitoring activities, separate evaluations of financial management internal controls are conducted. Together, monitoring and corrective actions produce sufficient evidence that the financial control systems are effective. Monitoring is performed at a higher level than the routine checks built into the day-to-day routine and involves a greater degree of independence from those who perform the work.
1.7.1 The requirements for internal control of accounting transactions are listed below following the internal control objective. The accounting transactions to which these control objectives apply are outlined in NPRs in the 9200 series.
a. Validity. Internal controls shall be implemented to reasonably assure all recorded transactions are valid to prevent erroneous transactions from being introduced into official accounting records.
b. Authorization. Internal controls shall be implemented to reasonably assure appropriate documentation is on hand before any transactions are entered into financial management systems to prevent fraudulent or inaccurate use of resources.
c. Completeness. Internal controls shall be implemented to reasonably assure the prevention of omissions and facilitation of timely postings of all relevant data to the finance and accounting records.
d. Valuation. Internal controls shall be implemented to reasonably assure transactions are valued and posted correctly and data entries (dollar amounts) are entered accurately.
e. Classification. Internal controls shall be implemented to reasonably assure transactions are posted accurately and in accordance with the NASA General Ledger Chart of Accounts maintained in the IEMP system.
1.8.1 Financial management internal control shall be consistent with the OMB Circular No. A-123 and the implementation guide issued by the CFO Council. The approach used for documenting, assessing, testing, improving, and reporting on internal controls shall include planning the assessment by organizing the business processes, conducting the assessment to evaluate controls, reporting on the assessment results, and monitoring financial operations on an ongoing basis.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | ALL | |
| | NODIS Library | Financial Management(9000s) | Search | |