Policy
Directive
Effective Date: July 21, 2008
Expiration Date: July 30, 2029
|
|
NASA Policy Directive |
NPD 1200.1E Effective Date: July 21, 2008 Expiration Date: July 30, 2029 |
Change# |
Approver |
Date Approved |
Description/Comments |
1 |
Office of the Chief Financial Officer |
07/21/2017 |
Directive revalidated with administrative edits to correct responsible office information and to comply with NPR 1400.1. |
2 |
Office of the Chief Financial Officer |
07/25/2024 |
Directive revalidated with administrative edits to comply with NPR 1400.1, and clarify responsible office information and to include Attachment A. Acronyms. |
a. NASA's policy is to comply with Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control, which provides government-wide requirements for internal control and accountability, based on Federal Managers' Financial Integrity Act (FMFIA) of 1982, 31 U.S.C. § 3512 (b) and (c). Specifically, NASA's policy includes:
(1) Developing and maintaining internal control policies, procedures, plans, and assessments to provide reasonable assurance of achieving the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.
(2) Holding Officials-in-Charge (OICs) and Center Directors responsible for the development, implementation and effectiveness of internal controls, and for annually assessing and reporting on the effectiveness of internal controls.
(3) Ensuring that internal controls and accountability underpin decisive governance over organizational structure, policies and procedures; processes for managing programmatic, financial and institutional activities, checks and balances, and tools and techniques to uphold the Agency's integrity, efficiency, and effectiveness.
(4) Ensuring that internal controls are well integrated into new or revised activities when changing ongoing activities and implementing new activities in programmatic and institutional operations or financial management processes.
a. This NASA Policy Directive (NPD) applies to NASA Headquarters and NASA Centers, including Component Facilities and Service Support Centers. The Jet Propulsion Laboratory, a Federally Funded Research and Development Center, is subject to its own internal control requirements and procedures consistent with its status as a government-owned, contractor-operated facility.
b. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
c. In this directive, all document citations are assumed to be the latest version, unless otherwise
d. Information and Communication Technology Standards and Guidelines, 36 CFR pt. 1194.
e. Documents cited as authority, applicable, or reference documents may be cited as a different categorization, which characterizes its function in relation to the specific context.
a. Chief Financial Officers Act of 1990, 31 U.S.C. § 901-903.
b. Government Performance and Results Act of 1993, 31 U.S.C. § 1115 et seq.
c. Federal Financial Management Improvement Act of 1996, 31 U.S.C. § 3512.
d. Improper Payments Information Act of 2002, as amended, 31 U.S.C. § 3321.
e. Clinger-Cohen Act of 1996, 40 U.S.C. § 11101 et seq.
f. Powers of the Administration in performance of functions, 51 U.S.C. § 20113.
g. Information and Communication Technology Standards and Guidelines,36 CFR, pt. 1194.
a. Inspector General Act of 1978, as amended, 5 U.S.C. App.6, et seq.
b. Rehabilitation Act of 1973, as amended, 29 U.S.C. § 794 (d).
c. Federal Managers' Financial Integrity Act (FMFIA) of 1982, 31 U.S.C. § 3512 (b) and (c).
d. Federal Information Security Management Act (FISMA) of 2002, 44 U.S.C. § 3541 et seq.
e. OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and Internal Control.
f. OMB Circular A-123, Appendix A, Management's Responsibility for Enterprise Risk Management of Reporting and Data Integrity Risk (6/6/2018).
g. OMB Circular A-123, Appendix B, A Risk Management Framework for Government Charge Card Programs (8/27/2019).
h. OMB Circular A-123, Appendix C, Requirements for Payment Integrity Improvement (3/5/2021).
i. OMB Circular A-130, Managing Information as a Strategic Resource (7/28/2016).
j. OMB Memorandum M-13-21, Implementation of the Government Charge Card Abuse Prevention Act of 2012 (9/16/2013).
k. NPR 2810.1, Security of Information and Information Systems.
l. NC 1000.8, NASA Senior Assessment Team (SAT) Charter.
a. The Administrator shall:
(1) Serve as the highest authority for reasonable assurance of internal control throughout the Agency.
(2) Certify and sign the annual Statement of Assurance and related required reports.
b. OICs and Center Directors shall: b. OICs and Center Directors shall:
(1) Implement internal control consistent with OMB Circular A-123, Management's Responsibility for Enterprise Risk Management and internal control.
(2) Maintain internal control according to the GAO Standards for Internal Control in the Federal Government, which includes standards for:
(a) Control Environment: establish the management and oversight of the internal control system.
(b) Risk Assessment: Establish objectives to identify, analyze and respond to risks and incorporate potential for fraud.
(c) Control Activities: Establish the processes, procedures, and information technology used to realize objectives and identify risks.
(d) Information and Communication: Communicate quality information to achieve objectives using appropriate methods.
(e) Monitoring: Assess quality performance using audits and other reviews and promptly resolve findings.
(3) Provide timely inputs to the Senior Assessment Team (SAT)throughout the year regarding potential internal control deficiencies.
(4) Ensure timely completion of corrective actions for identified control deficiencies.
(5) Develop and provide specialized/functional internal control training. c. In accordance with the MSC Charter, the MSC Chairperson shall:
(1) Maintain cognizance of internal control policies and initiatives.
(2) Serve as the final review official for the annual Statement of Assurance process, the annual Statement of Assurance signed by the Administrator, and related reporting requirements. d. The SAT shall:
(1) Provide leadership and oversight with respect to NASA's internal control program, which aims to ensure that internal controls are commensurate with identified risks and results-oriented management in accordance with NC 1000.8, NASA Senior Assessment Team (SAT) Charter. For more detailed information and responsibilities, see NC 1000.8, NASA Senior Assessment Team Charter.
e. Director, Quality Assurance Division (QAD), Agency OCFO, shall:
(1) Serve as the functional owner of the Agency's internal control program.
(2) Develop and update internal control policy and implementation practices for the SAT, MSC, and Agency approval.
(3) Serve as advisory staff and working group for the SAT.
(4) Develop an annual Statement of Assurance guidance and call letter.
(5) Incorporate the OCFO draft financial management assurance statement and related deficiencies into the draft Statement of Assurance.
(6) Present the results of the Statement of Assurance process to the SAT and recommend reporting internal control deficiencies in the Statement of Assurance.
(7) Prepare MSC-approved Statement of Assurance recommendations for final review and concurrence.
(8) Conduct periodic reviews of Center/Headquarters organizational internal control practices.
(9) Develop and provide general internal control awareness and training.
f. The Chief Financial Officer (OCFO) shall:
(1) Oversee Agency-wide compliance with OMB Circular A-123, Appendix A, Management of Reporting and Data Integrity Risk (6/6/2018).
(a) Prepare OMB Circular A-123, Appendix A Implementation Plan, and submit it to OMB.
(b) Oversee an annual assessment of internal controls over financial reporting and report to OMB, as required.
(c) Prepare a financial management section of the Statement of Assurance and work with the QAD, Agency OCFO to finalize the Statement of Assurance report.
(d) Develop and provide training on internal control over financial reporting.
(2) Oversee NASA travel card management as set forth in OMB Circular A-123, Appendix B, A Risk Management Framework for Government Charge Card Programs (8/27/2019), and OMB Memorandum M-13-21, Implementation of the Government Charge Card Abuse Prevention Act of 2012 (9/16/2013).
(3) Oversee Agency compliance with OMB Circular A-123, Appendix C, Requirements for Payment Integrity Improvement (3/5/2021).
g. The Chief Information Officer (CIO) shall:
(1) Provide oversight of the management of NASA's information resources as required by OMB Circular A-130.
(2) Ensure that NASA protects all NASA information and associated information technology systems, both classified and unclassified, as required by 44 U.S.C. § 3541 et seq. and NPR 2810.1.
(3) Provide policy, guidance, and training to the Agency, as required by statute and regulation, for records management, compliance with 29 U.S.C. § 794(d), and other areas for which the Office of the CIO is responsible.
h. The Assistant Administrator, Office of Strategic Infrastructure, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA fleet cards according to OMB Circular A-123, Appendix B.
(2) Review/concur on reports required by OMB on NASA fleet card statistics, deficiencies, corrective actions, and improvements.
i. The Assistant Administrator, Office of Procurement, shall:
(1) Provide policy, procedures, and other guidance, as necessary, for managing NASA purchase cards in accordance with OMB Circular A-123, Appendix B.
(2) Review/concur on reports required by OMB on NASA purchase card statistics, deficiencies, corrective actions, and improvements.
j. The Inspector General shall:
(1) Oversee independent audits, investigations, and complaints regarding possible violations of law, fraud, waste, abuse, and other internal control deficiencies as mandated by 5 U.S.C. App., et seq.
(2) Serve as an ex officio member of the MSC, providing an independent perspective on identification, assessment, and closure of material weaknesses on the Council's watch list.
(3) Serve in an advisory capacity on the SAT, providing an independent perspective on NASA's internal control program.
Note: See NPD 5104.1, Government Charge Card, Section 5, for detailed responsibilities of the Executive Director of NSSC, Agency Program Coordinators, Assistant Administrator for Strategic Infrastructure, Assistant Administrator for Procurement, and other offices for the management, oversight, and implementation of the Government Charge Card Program.
None.
a. Timeliness in developing and completing corrective actions associated with internal control deficiencies.
b. Decline over time in the overall number and seriousness of internal control deficiencies.
c. Timeliness of collecting individual Statement of Assurance inputs from OICs and Center Director.
d. Timeliness of the Agency's Statement of Assurance submittal.
Attachment A. Acronyms
CFO Chief Financial Officer
CFR Code of Federal Regulations
CIO Chief Information Officer
FISMA Federal Information Security Management Act
FMFIA Federal Managers' Financial Integrity Act
GAO General Accountability Office
MSC Mission Support Council
NC NASA Charter
NPD NASA Policy Directive
NPR NASA Procedural Requirements
OCFO Office of the Chief Financial Officer
OMB Office of Management and Budget
OIC Officials-in-Charge
QAD Quality Assurance Division
SAT Senior Assessment Team
U.S.C. United States Code
Attachment B. References
a. OMB Circular A-123, Appendix D, Management of Financial Management Systems - Risk and Compliance (12/23/2022).
b. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government.
c. CFO Council, Implementation Guide for OMB Circular A-123, Management's Responsibility for Internal Control, Appendix A, Internal Control over Financial Reporting.
d. NPD 1000.0, NASA Governance and Strategic Management Handbook.
e. NPD 1000.3, The NASA Organization.
f. NPD 1280.1, NASA Integrated Management System Policy.
g. NPD 1400.1, Documentation and Promulgation of Internal NASA Requirements
h. NPD 2800.1, Managing Information Technology.
i. NPD 5104.1, Government Charge Cards
j. NPD 9800.1, NASA Office of Inspector General Programs.
k. NPD 9910.1, Government Accountability Office/NASA Office of Inspector General Audit Liaison, Resolution, and Follow-up Program.
l. NPR 9030.3, Financial Management Internal Control.
None.
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.