| NODIS Library | Financial Management(9000s) | Search |

NASA
Procedural
Requirements

NPR 9010.3A
Effective Date: February 03, 2020
Expiration Date: February 03, 2025

COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES

Printable Format (PDF)

Subject: Financial Management Internal Control

Responsible Office: Office of the Chief Financial Officer

Chapter 3. Risk Assessment of Financial Operations

3.1 Overview

3.1.1 This systematic analysis identifies a program’s or function’s susceptibility to failing to achieve its objectives or goals, to producing erroneous reports or data, to allowing unauthorized use of resources, to permitting illegal or unethical acts, and to receiving an adverse or unfavorable financial statement audit opinion.

3.1.2 A risk assessment is conducted in order to identify, measure, and analyze risks; internal and external, controllable and uncontrollable; so that steps toward mitigation may be taken, particularly in those areas identified as having the greatest risk. It is also a useful tool to ensure that proper internal controls are in place to manage identified risks. Risk assessments can provide reasonable assurance that the internal control structure is well designed and operational, timely, updated to meet changing conditions, and that NASA’s objectives are being achieved.

3.2 Risk Assessment Requirements

3.2.1 The OCFO, QAD shall conduct annual risk assessments of significant financial management cycles, as defined and documented by the OCFO, QAD. The goal of the risk assessment is to prioritize key financial processes and control activities for assessment. A risk-based approach to assess financial internal controls allows NASA to focus the assessment process on those areas that are most at risk of material misstatement.

3.2.2 At least annually, the OCFO, QAD shall update/review existing risk assessment documentation.

3.2.3 The OCFO, QAD shall conduct the additional risk assessments required by Public Law 107-300 in accordance with Chapter 4 of this NPR.