| NODIS Library | Financial Management(9000s) | Search |

NPR 9010.3A
Effective Date: February 03, 2020
Expiration Date: February 03, 2025
Printable Format (PDF)

Subject: Financial Management Internal Control

Responsible Office: Office of the Chief Financial Officer

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | AppendixC | ALL |

Appendix A. Definitions

Control Deficiency. An identified weakness in the design or operation of a control that precludes management or employees, in the normal course of operations, from preventing or detecting misstatements on a timely basis. Control deficiencies are categorized as material and reportable or non-reportable depending upon the severity and potential impact if the control fails.

Design Deficiency. A control deficiency that results when a control necessary to meet the control objectives is missing or an existing control is not properly designed, so that even if the control objective operates as designed, the objective may not be met.

Entity-level Assessment. A self-assessment questionnaire based upon the internal control standards completed by selected NASA management and staff on the five standards for internal control: control environment, risk assessment, control activities, information and communications, and monitoring. The questionnaire is intended to assist management in identifying areas of potential internal control weakness for further review.

Financial Management Cycles. The major business processes of an organization that have been established for internal control review and evaluation purposes and that define the complete process to ensure a common understanding and the work activities involved in accomplishing the function through the process.

Financial Reporting. An agency’s annual financial statements and other significant internal and external financial reports that could have a material effect on significant spending, budgetary, or other financial decision of the agency or that are used to determine compliance with laws and regulations.

Improper Payment Information Act (IPIA) Review. A review of Agency disbursements for a defined period to determine whether payments are in compliance with rules, regulations, and Federal requirements.

Internal Control (also referred to as Management Internal Control). Policies and procedures instituted by management to provide reasonable assurance of the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

Internal Control Review. An in-depth examination of an entity’s system of internal controls at the transaction or process-level that documents, assesses, and tests the operational effectiveness of internal controls over operations to identify internal control gaps or deficiencies that could adversely impact the ability of the organization to achieve mission or goals.

Material Weakness. A reportable condition, or combination of reportable conditions, that results in more than a remote likelihood that a material misstatement of the financial statements, or other significant financial reports, will not be prevented or detected.

Operation Deficiency. A control deficiency that results when a properly designed control does not operate as designed or when the person performing the control is not qualified or properly skilled to perform the control effectively.

Quality Assurance Review. A review conducted to evaluate compliance with financial, legal, and regulatory policy and control monitoring program requirements and special reviews directed by OCFO management.

Reportable Deficiency (also called Significant Deficiency). A control deficiency, or combination of control deficiencies, that adversely affects NASA’s ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement in the financial statements, or other significant financial reports, will not be detected or prevented.

Recovery Audit. An assessment of payments for a defined period conducted to identify and collect improper payments (i.e., duplicate payments or overpayments), as prescribed by OMB Circular No. A-123.

Reportable Deficiency. A significant deficiency.

Risk Assessment. The identification, measurement, and analysis of risks or vulnerabilities; internal and external, controllable and uncontrollable; at individual business levels and for NASA as a whole.

Simple Deficiency. A deficiency in the design or operation of a control that is not considered to be a reportable deficiency or a material weakness.

Statement of Assurance. A certification included in the annual Agency Financial Report (AFR) that represents the Administrator’s informed judgment as to overall adequacy and effectiveness of internal control. The Administrator will provide either an unmodified (an effective and efficient system of internal controls exists) or a modified (an overall sound system of internal control exists but one or more material weaknesses have been identified) statement of assurance or a statement of no assurance on the system of internal control.

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | AppendixC | ALL |
| NODIS Library | Financial Management(9000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.