Effective Date: February 03, 2020
Expiration Date: February 03, 2025
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | AppendixC | ALL ||
1.1.1 Internal controls are an integral part of NASA’s programmatic, institutional, and financial management operations and consist of all the measures taken by the Agency to safeguard resources against fraud, waste, and abuse; ensure accuracy and reliability of financial information; ensure efficient and effective operations; and ensure compliance with Federal laws, regulations, and Agency policy.
1.1.2 Internal controls are designed and executed to facilitate meeting objectives and mitigating risks in an effort to prevent undesired results or to ensure desired outcomes and are every employee’s responsibility. However, managers are held accountable for establishing and maintaining a sound system of internal control within their respective area of responsibility.
1.1.3 This chapter describes the internal control requirements as they apply to financial management. Management shall establish a positive internal control environment; identify risks to achieving the mission and goals; implement control activities to mitigate risks; perform continuous monitoring of control activities; and ensure good communication throughout the organization to maintain an effective internal control environment.
1.2.1 The NASA Administrator has the highest authority for reasonable assurance of internal control throughout the Agency in accordance with NPD 1200.1, NASA Internal Control and NPD 9910.1, Government Accountability Office/NASA Office of Inspector General Audit Liaison, Resolution, and Follow-up Program. The NASA Administrator shall report to the President, Congress, and OMB on the effectiveness of the Agency’s financial management internal controls, in its annual Statement of Assurance, in compliance with Executive Agency Accounting and Other Financial Management Reports and Plans, 31 U.S.C. § 3512.
1.2.2 Per OMB Circular No. A-50, Audit Followup, the NASA Administrator has designated the NASA Deputy Administrator to serve as the NASA Audit Follow-up Official (AFO) in accordance with NPD 9910.1.
1.2.3 In accordance with the Chief Financial Officers Act, A Mandate for Federal Financial Management Reform, GAO/AFMD-12.19.4, the Agency CFO, Office of the Chief Financial Officer, owns all financial management systems and is authorized to manage directly; evaluate and approve the design, budget, development, implementation, operation, and enhancement of agency wide and agency component accounting, financial and asset management systems; and ensure that the systems comply with applicable Federal laws and regulations and generally accepted accounting principles, accounting standards, and requirements of OMB, the Department of Treasury, and others. The Agency CFO shall establish, implement, and maintain a sound system of internal control for all financial activities, including financial operations and reporting and conduct an annual assessment of internal controls over reporting as prescribed by OMB Circular No. A-123, (Revised), Management’s Responsibility for Enterprise Risk Management and Internal Control. The Agency CFO is responsible for: internal control over financial reporting, NASA travel cards, Improper Payments Information Act (IPIA)/Recovery Audit program implementation, and risk assessments of financial operations, per below.
184.108.40.206 Financial Reporting. NASA is required to provide an annual Statement of Assurance. This statement is based on management’s assessment of internal control over operations, reporting, and compliance with laws and regulations. In order to be able to provide this assurance, the Agency CFO shall:
a. Determine the scope of significant financial reports.
b. Document the key processes (i.e., cycles) and controls over financial operations and reporting.
c. Assess the design of internal controls over financial operations and reporting.
d. Test the operational effectiveness of internal controls as of June 30.
e. Integrate internal control throughout the entire Agency and through the entire cycle of planning, budgeting, accounting, audit liaison, and reporting.
f. Report annually in the Agency Financial Report on the effectiveness of internal control.
g. Establish processes to ensure prompt and proper resolution of material weaknesses.
220.127.116.11 NASA Travel Cards. The Agency CFO serves as the Agency-wide functional lead for NASA travel cards in accordance with OMB Circular No. A-123, Appendix B; NPR 9700.1, Travel, and NPD 1200.1, and shall:
a. Coordinate audits of travel cards by the Office of the Inspector General (OIG), the Government Accountability Office (GAO) and other external entities, and OCFO internal control reviews.
b. Review/concur on required reports to OMB on NASA travel card statistics, deficiencies, corrective actions, and improvements.
c. Conduct periodic reviews of the travel card process internal controls to ensure controls are designed appropriately and operate effectively to safeguard against waste, fraud, abuse, and mismanagement.
18.104.22.168 With respect to IPIA/Recovery Audit Program Implementation, in accordance with OMB Circular No. A-123, Appendix C, the Agency CFO shall:
a. Conduct risk assessments for all Agency programs to determine programs susceptible to significant improper payments.
b. For programs identified as susceptible to significant improper payments, conduct sufficient review of program payments to obtain a statistically valid estimate of the annual improper payments.
c. Implement a plan to reduce improper payments for all programs and activities determined to have improper payments that exceed thresholds.
d. Implement a recovery audit program to prevent, detect, and recover overpayments.
e. Report annually in the Agency Financial Report on the results of improper payment and recovery activities.
22.214.171.124 Risk Assessments of Financial Operations. The Agency CFO shall assure that risk assessments are conducted at least annually on all Agency financial management programs.
1.2.4 The Director, Quality Assurance Division (QAD), Office of the CFO (OCFO) shall serve as the functional owner of the Agency’s internal control program and oversee the management of the financial management internal control program, including:
a. Conducting detailed reviews of NASA’s internal controls over financial reporting and improper payments pursuant to OMB Circular No. A-123.
b. Ensuring the appropriate certifications of NASA’s accounting systems are completed pursuant to OMB Circular No. A-123 Appendix D.
c. Preparing the annual statement of assurance including assessments of financial operations, fraud, and reporting, including whether NASA’s financial management systems comply with OMB Circular No. A-123 Appendix D requirements and reporting plans to correct any nonconformance in the area of financial management.
d. Recommending Agency policy and establishing guidance pertaining to the financial management internal control program.
e. Advising on internal audit and assessment with regard to financial management operations.
f. Overseeing the entity-level assessment for all Agency programs, developing an assessment tool to provide to those areas being assessed, and ensuring corrective actions are taken.
g. Serving as the OCFO focal point for all financial management audits, reviews evaluations and assessments and financial information requests submitted by audit organizations, coordinating with all parties to ensure requirements are met in a complete and timely manner.
1.2.5 The OCFO Audit Liaison Representative (ALR) shall provide day-to-day coordination of audit liaison efforts for the financial management community.
1.2.6 Program managers with fiscal management responsibility shall:
a. Establish, implement, and maintain internal controls for all financial activities under their direction.
b. Assign a Point of Contact (POC) to be the focal point for all financial audits and informational requests and ensure that the POC understands and carries out the responsibilities associated with audit liaison.
1.2.7 The OCIO Agency Applications Office is responsible for ensuring that NASA’s core financial management system and all associated systems is operational and meets the requirements provided by OCFO.
1.2.8 All managers and employees with financial responsibilities shall ensure that internal controls are embedded throughout their financial management operations and processes and that NASA resources are used efficiently and effectively to achieve intended program results.
1.2.9 Financial managers and program managers with financial management responsibilities shall ensure risk assessments on their financial processes are conducted in accordance with QAD guidance and take necessary steps toward mitigation, particularly in those areas identified as having the greatest risk. Documentation of the risk assessments will be maintained by the Center’s Financial Quality Assurance Office and be made available to the QAD upon request.
1.2.10 NASA Organizations Receiving Requests by Audit Organizations. Any NASA organization receiving inquiries and requests from audit organizations for financial information shall forward them to the QAD.
1.3.1 As prescribed by Standards for Internal Control in the Federal Government, GAO-14-704G, the standards listed below define the minimum level of quality assurance for NASA’s financial management internal control program and form the basis of the entity-level self-assessment tool.
a. Control Environment. The control environment sets the tone of the organization by influencing the control conscience of its employees. Control environment factors include the integrity, ethical values, and competence of the employee; management’s philosophy and operating style; the manner by which management assigns authority and responsibility and organizes and develops its employees; and the attention and direction provided by NASA management. NASA managers shall establish and maintain an environment throughout the Agency that sets a positive and supportive attitude toward financial management internal controls and conscientious management.
b. Risk Assessment. Risk assessment is the identification, measurement, and analysis of risks or vulnerabilities; internal and external, controllable and uncontrollable; at individual business levels and for NASA as a whole. Risk assessment forms the basis for determining how the financial management risks are mitigated and what type, quality, and quantity of financial management internal controls are implemented to reasonably assure that NASA’s goals are achieved.
c. Control Activities. Control activities include policies, procedures, and mechanisms in place to help ensure that Agency objectives are met. Policies and procedures should be formalized and made available and accessible to employees. When determining whether a particular control should be implemented, agencies should consider the risk and potential consequences of failure as well as the likely benefit and cost (in resources) of establishing the control.
d. Information and Communications. Communication allows employees to identify, capture, and exchange pertinent information in a form and timeframe that enable people to perform their duties. This not only includes information systems reports but it also includes the day-to-day communication among employees, organizations, supervisors, and senior management. Information and communication should flow up and down the organization and flow across departments and divisions.
e. Monitoring. Continuous monitoring of control activities allows management to ensure that they are effective and adequate. In addition to ongoing monitoring activities, separate evaluations of financial management internal controls are conducted. Together, monitoring and corrective actions produce sufficient evidence that the financial control systems are effective. Monitoring is performed at a higher level than the routine checks built into the day-to-day routine and involves a greater degree of independence from those who perform the work.
1.4.1 The requirements for internal control of accounting transactions are listed below following the internal control objective.
a. Validity. Internal controls are to be implemented to reasonably assure all recorded transactions are valid to prevent erroneous transactions from being introduced into official accounting records.
b. Authorization. Internal controls are to be implemented to reasonably assure appropriate documentation is on hand before any transactions are entered into financial management systems to prevent fraudulent or inaccurate use of resources.
c. Completeness. Internal controls are to be implemented to reasonably assure the prevention of omissions and facilitation of timely postings of all relevant data to the finance and accounting records.
d. Valuation. Internal controls are to be implemented to reasonably assure transactions are valued and posted correctly and data entries (dollar amounts) are entered accurately.
e. Classification. Internal controls are to be implemented to reasonably ensure transactions are posted accurately and in accordance with the NASA General Ledger Chart of Accounts.
1.5.1 Financial management internal controls are to be consistent with the OMB Circular No. A-123. The approach used for documenting, assessing, testing, improving, and reporting on internal controls includes planning the assessment by organizing the business processes, conducting the assessment to evaluate controls, reporting on the assessment results, and monitoring financial operations on an ongoing basis.
1.6.1 The NASA CFO shall establish an audit liaison function for financial management operations. The audit liaison function assists and supports management in responding effectively and efficiently to audits, evaluations, assessments, and reviews and facilitates the audit process. At NASA, the financial audit liaison function is also used to respond to other types of financial information requests. This chapter details the roles and responsibilities involved in the financial audit liaison function within the OCFO.
1.6.2 Financial managers and program managers with financial management responsibilities shall perform the audit liaison functions of those functions consistent with Agency-wide policy outlined in NPD 9910.1 and, as specified in this NPR, adhering to guidance and deadlines that may be established by the OCFO for each audit or information request.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | AppendixC | ALL |
|| NODIS Library | Financial Management(9000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.