Effective Date: July 21, 2008
Expiration Date: July 21, 2022
Office of the Chief Financial Officer
Directive revalidated with administrative edits to correct responsible office information and to comply with NPR 1400.1.
a. NASA's policy is to comply with Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Internal Control, which provides government-wide requirements for internal control and accountability, based on 31U.S.C. § 3512 (b) and (c). Specifically, it is NASA's policy to:
(1) Develop and maintain internal control policies, procedures, plans, and assessments to provide reasonable assurance that the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations are achieved.
(2) Hold Officials-in-Charge (OICs) and Center Directors responsible for the development, implementation and effectiveness of internal controls, and for annually assessing and reporting on the effectiveness of internal controls.
(3) Ensure that internal control and accountability underpin decisive governance over organizational structure; policies and procedures; processes for managing programmatic, financial and institutional activities; checks and balances; and tools and techniques to uphold the Agency's integrity, efficiency, and effectiveness.
(4) Ensure that internal controls are well integrated into new or revised activities when making changes to ongoing activities and implementing new activities in programmatic and institutional operations or financial management processes.
a. This NASA Policy Directive (NPD) applies to NASA Headquarters and NASA Centers, including Component Facilities and Service Support Centers. The Jet Propulsion Laboratory, a Federally Funded Research and Development Center, is subject to its own internal control requirements and procedures consistent with its status as a government- owned, contractor-operated facility.
b. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
c. In this directive, all document citations are assumed to be the latest version, unless otherwise noted.
a. Powers of the Administration in Performance of Functions, 51 U.S.C.§ 20113.
b. Chief Financial Officers Act of 1990, 31 U.S.C. § 901-903.
c. Government Performance and Results Act of 1993, 31 U.S.C. § 1115 et seq.
d. Federal Financial Management Improvement Act of 1996, 31 U.S.C. § 3512.
e. Improper Payments Information Act of 2002, 31 U.S.C. § 3321.
f. Clinger-Cohen Act of 1996, 40 U.S.C. § 11101 et seq.
g. Information and Communication Technology Standards and Guidelines, 36 CFR pt. 1194.
a. Inspector General Act of 1978, as amended, 5 U.S.C. App., et seq.
b. Rehabilitation act of 1973, as amended, 29 U.S.C. § 794 (d).
c. Federal Managers' Financial Integrity Act of 1982, 31 U.S.C. § 3512 (b) and (c).
d. Federal Information Security Management Act (FISMA) of 2002, 44 U.S.C. § 3541 et seq.
e. OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control (07/15/2016), including:
(1) Appendix A, Internal Control over Financial Reporting.
(2) Appendix B, Improving the Management of Government Charge Card Programs.
(3) Appendix C, Requirements for Effective Measurement and Remediation of Improper Payments.
f. OMB Circular A-130, Management of Federal Information Resources.
g. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government.
h. CFO Council, Implementation Guide for OMB Circular A-123, Management's Responsibility for Internal Control, Appendix A, Internal Control over Financial Reporting.
i. NPR 2810.1, Security of Information Technology
j. Mission Support Council (MSC) Charter.
k. NC 1000.8, NASA Senior Assessment Team (SAT) Charter.
a. The Administrator shall:
(1) Serve as the highest authority for reasonable assurance of internal control throughout the Agency.
(2) Certify and sign the annual Statement of Assurance and related required reports.
b. OICs and Center Directors shall:
(1) Implement internal control consistent with the body of OMB Circular A-123.
(2) Maintain internal control according to the GAO Standards for Internal Control in the Federal Government, which includes standards for control environment, risk assessment, control activities, information and communications, and monitoring.
(3) Certify compliance with these standards on an annual basis according to the Statement of Assurance process and evaluation tools established in the NASA Internal Control Program Handbook.
(4) Provide timely inputs throughout the year to the SAT regarding potential internal control deficiencies.
(5) Ensure timely completion of corrective actions for identified control deficiencies.
(6) Develop and provide specialized/functional internal control training as necessary.
c. In accordance with the MSC Charter, the MSC Chairperson shall:
(1) Maintain cognizance of internal control policies and initiatives.
(2) Serve as the final review official for the annual Statement of Assurance process, the annual Statement of Assurance signed by the Administrator, and related reporting requirements.
d. The SAT shall provide leadership and oversight with respect to NASA's internal control program, the goal of which is to ensure that internal controls are commensurate with identified risks and results-oriented management, in accordance with NC 1000.8.
e. Director, Quality Assurance Division, OCFO, shall:
(1) Serve as the functional owner of the Agency's internal control program.
(2) Develop and update internal control policy and implementation practices for the SAT, MSC, and Agency approval.
(3) Serve as advisory staff and working group for the SAT.
(4) Develop an annual Statement of Assurance guidance and call letter.
(5) Incorporate the OCFO draft financial management assurance statement and related deficiencies into the draft Statement of Assurance.
(6) Present to the SAT results of the Statement of Assurance process and recommend internal control deficiencies to be reported in the Statement of Assurance.
(7) Prepare MSC-approved Statement of Assurance recommendations for final review and concurrence.
(8) Conduct periodic reviews of Center/Headquarters organizational internal control practices.
(9) Develop and provide general internal control awareness and training.
f. The Chief Financial Officer shall:
(1) Oversee Agency-wide compliance with OMB Circular A-123, Appendix A.
(a) Prepare A-123, Appendix A Implementation Plan, and submit it to OMB.
(b) Oversee an annual assessment of internal control over financial reporting and report to OMB, as required.
(c) Prepare a financial management section of the Statement of Assurance and work with the OICMS to finalize the Statement of Assurance report.
(d) Develop and provide training on internal control over financial reporting.
(2) Oversee NASA travel card management as set forth in OMB Circular A-123, Appendix B.
(3) Oversee Agency compliance with OMB Circular A-123, Appendix C.
g. The Chief Information Officer (CIO) shall:
(1) Provide oversight of the management of NASA's information resources as required by OMB Circular A-130.
(2) Ensure that NASA protects all NASA information and associated information technology systems, both classified and unclassified, as required by 44 U.S.C. § 3541 et seq. and NPR 2810.1.
(3) Provide policy, guidance, and training to the Agency, as required by statute and regulation, for records management, compliance with 29 U.S.C. § 794(d), and other areas for which the Office of the CIO is responsible.
h. The Assistant Administrator, Office of Strategic Infrastructure, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA fleet cards according to OMB Circular A-123, Appendix B.
(2) Review/concur on reports required by OMB on NASA fleet card statistics, deficiencies, corrective actions, and improvements.
i. The Assistant Administrator, Office of Procurement, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA purchase cards in accordance with OMB Circular A-123, Appendix B.
(2) Review/concur on reports required by OMB on NASA purchase card statistics, deficiencies, corrective actions, and improvements.
j. The Inspector General shall:
(1) Oversee independent audits, investigations, and complaints regarding possible violations of law, fraud, waste, abuse, and other internal control deficiencies as mandated by 5 U.S.C. App., et seq.
(2) Serve as an ex officio member of the MSC, providing an independent perspective on identification, assessment, and closure of material weaknesses on the Council's watch list.
(3) Serve in an advisory capacity on the SAT, providing an independent perspective on NASA's internal control program.
a. Timeliness in developing and completing corrective actions associated with internal control deficiencies.
b. Decline over time in the overall number and seriousness of internal control deficiencies.
c. Timeliness of collecting individual Statement of Assurance inputs from OICs and Center Directors.
d. Timeliness of the Agency's Statement of Assurance submittal.
NPD 1200.1D, NASA Internal Control and Accountability, dated May 15, 2006.
a. OMB Circular A-127, Financial Management Systems.
b. NPD 1000.0, NASA Governance and Strategic Management Handbook.
c. NPD 1000.3, The NASA Organization.
d. NPD 1210.2, NASA Surveys, Audits, and Reviews Policy.
e. NPD 1280.1, NASA Integrated Management System Policy.
f. NPD 1400.1, Documentation and Promulgation of Internal NASA Requirements and Charters.
g. NPD 2800.1, Managing Information Technology.
h. NPD 5104.1, Government Charge Cards.
i. NPD 9800.1, NASA Office of Inspector General Programs.
j. NPD 9910.1, Government Accountability Office/NASA Office of Inspector General Audit Liaison, Resolution, and Follow-up Program.