NASA Headquarters' DirectivesEffective Date: October 20, 2010
Expiration Date: June 20, 2016
Responsible Office: IA
| NASA Headquarters' Directives |
|
| HQPD 1280.1 Effective Date: October 20, 2010 Expiration Date: June 20, 2016 Responsible Office: IA |
NASA Headquarters' Integrated Management System Policy Directive |
This document is uncontrolled when printed.
Check the NASA Online Directives Information System (NODIS) Library
to verify that this is the correct version before use.
It is NASA Headquarters policy to:
a. Establish the NASA Headquarters' Integrated Management System (IMS) framework and structures through which the Headquarters manages mission, roles, and responsibilities; and, to ensure alignment of this framework with internal control requirements.
b. An Integrated Management System (IMS) is an integration of multiple management systems each of which is specifically focused on achieving objectives and goals related to a functional, programmatic, or operational area such as acquisitions, environmental management, human capital management. The effective integration of the individual management systems enables the achievement of NASA's mission.
c. An IMS allows Agency Managers to create one structure that can help to effectively and efficiently deliver on NASA's objectives. From managing employees' needs, to monitoring programs, from encouraging best practices to minimizing risks and maximizing resources, an integrated approach can help NASA achieve its objectives.
This HQPD applies to NASA Headquarters.
a. 42 U.S.C. 2473 (c) (1), Section 203(c) (1) of the National Aeronautics and Space Act of 1958, as amended.
b. NPD 1280.1, NASA Integrated Management System Policy
a. OMB Circular A-123, Management's Responsibility for Internal Control.
b. NPD 1000.0, Governance and Strategic Management Handbook.
c. NPD 1000.3, The NASA Organization.
d. NPD 1001.0, NASA Strategic Plan.
e. NPD 1200.1, NASA Internal Control
f. Sarbanes-Oxley Act of 2002, Pub. L. 107-204.
g. Executive Agency Accounting and Other Financial Management Reports and Plans, 31 U.S.C. รต 3512, as amended.
a. The Officials-in-Charge of Headquarters Offices shall implement and maintain the respective elements of the HQ IMS as they relate to their organizations. Attachment A describes the Headquarters IMS.
b. The Assistant Administrator for the Office of Internal Controls and Management Systems shall:
(1) Perform internal audits at Headquarters to evaluate and report on the effectiveness of the Headquarters IMS in supporting Headquarters activities.
(2) Collect, coordinate, and report on data and information captured from Headquarters assessments to the Senior Assessment Team (SAT) and the Mission Support Council (MSC) as required.
None.
None.
HQPD 1200.1, Headquarters Quality Management System Manual, dated November 29, 2006
HQPG 1280.3, Management System Internal Audits, dated September 10, 2003
A.1 The comprehensive set of processes that NASA follows is collectively called the integrated management system. These processes incorporate the external requirements that come to Federal agencies in the form of public laws and presidential directives, as well as internally generated requirements.
A.2 A number of external and internal requirements have shaped the way NASA conducts its missions and operations, as shown in Figure 2.1, System Requirements.
A.3 Three primary NASA documents embody the Agency's framework for the IMS and are in turn used to guide all other supporting documents developed to manage the Agency. These documents are: Governance and Strategic Management Handbook (GSMH) (NPD 1000.0), the NASA Organization (NPD 1000.3), and the NASA Strategic Plan (NPD 1001.0).
B.1 NASA governs with three Agency-level councils with distinct charters and responsibilities: the Strategic Management Council (SMC), the Mission Support Council (MSC), and the Program Management Council (PMC), per NPD 1000.3. These councils are essential components of governance; no other Agency-wide chartered governing councils are required. Additional advice and assessment are solicited from external bodies within the science and research communities.
B.2 NASA controls its IMS processes through the following governance structure:
a. The SMC serves as the Agency's senior decision-making body for strategic direction and planning. The SMC determines NASA's strategic direction and assesses Agency progress toward achieving NASA's Vision.
b. The MSC serves as NASA's senior decision making body for institutional plans and implementation strategies. The council determines and assesses mission support requirements to enable the successful accomplishment of the Agency's Mission.
c. The PMC serves as the Agency's senior decision-making body to baseline and assess program/project performance and ensure successful achievement of NASA strategic goals.
d. Center Directors are members of the Agency SMC, MSC and PMC councils and are responsible for developing and managing the Center's institutional capabilities (such as processes, competency development and leadership, human capital, facilities, and independent review) required for the execution of programs, projects, and missions assigned to the Center. Programs and projects are executed at the NASA Centers under the direction of Mission Directorate Associate Administrators. The Center Director has specifically delegated Technical Authority responsibilities related to projects. Each Center has developed a governance structure which is aligned with the Agency Governance structure in order to elevate issues to the three Agency Councils as appropriate. The agendas for the three Councils are populated with issues raised by the Administrator, OICs and Centers.
C.1 The NASA HQ IMS includes many processes to control the planning and implementation of Agency strategy to obtain efficient performance and desired results. This assures that programs are executable within budget portfolios and assures transparency in planning, programming, budgeting, and execution. It must be clear what NASA is buying with its funding, and programs must meet cost, schedule, and performance goals.
C.2 NASA policy is developed, reviewed, approved and documented using the NASA Online Directives Information System (NODIS). The system ensures NASA Policy Directives (NPDs) and NASA Procedural Requirements (NPRs) are coordinated and available to Agency personnel. NPDs describe what is required by NASA management to achieve NASA's vision, mission and compliance with external mandates, and who is responsible for carrying out those requirements. NPRs provide Agency mandatory instructions and requirements to implement the policy. The NODIS directives review cycle schedule establishes deadlines for the review and approval of directives. The following are the categories and numbering conventions in NODIS that comprise all policy at NASA. These categories are the backbone for the IMS at NASA HQ.
| NODIS CATEGORY |
| 1000-1999 Organization and Administration |
| 2000-2999 Legal Policies |
| 3000- 3999 Human Resources and Personnel |
| 4000-4999 Property, Supply and Equipment |
| 4000-4999 Property, Supply and Equipment |
| 6000-6999 Transportation |
| 7000-7999 Program Formulation |
| 8000-8999 Program Management |
| 9000-9799 Financial Management |
| 9800-9999 Audits and Investigations |
D.1 The Office of Management and Budget (OMB) Circular A- 123 defines the management responsibilities for internal control in Federal agencies. It was reissued by OMB's Office of Federal Financial Management on 21 December 2004 and addressed to all Federal Chief Financial Officers, Chief Information Officers, and Program Managers. The revised Circular A- 123 is a re-examination of the existing internal control requirements for Federal agencies and was initiated in light of the new internal control requirements for publicly-traded companies contained in the Sarbanes- Oxley Act of 2002 (Pub. L. 107-204). The Circular and the statute it implements, the Federal Managers' Financial Integrity Act of 1982 (Pub. L. 97-255), are at the center of the existing Federal requirements to improve internal control. Agencies and individual Federal managers must take systematic and proactive measures to (i) develop and implement appropriate, cost-effective internal control for results- oriented management; (ii) assess the adequacy of internal control in Federal programs and operations; (iii) separately assess and document internal control over financial reporting;(iv) identify needed improvements; (v) take corresponding corrective action; and (vi) report annually on internal control through management assurance statements. These Internal Control Requirements are embodied within the following categories.
a. Control Environment
The control environment sets the tone of an organization, influencing the control consciousness of its people. A positive control environment is the foundation for all other standards. It provides discipline and structure as well as the climate which influences the quality of internal control. Several key factors affect the control environment, including: The integrity and ethical values maintained and demonstrated by management and staff; management's commitment to competence; management's philosophy and operating style including the degree of risk the agency is willing to take; the attitude and philosophy of management toward information systems, accounting, personnel functions, monitoring, and audits and evaluations; the agency's organizational structure for planning, directing, and controlling operations; human capital policies and practices; and the agency's relationship with the Congress and central oversight agencies such as OMB.
b. Risk Assessment
A precondition to risk assessment is the establishment of clear, consistent control objectives. Risk assessment is the identification and analysis of relevant potential risks associated with achieving the objectives, and forming a basis for determining how risks should be managed. Once risks have been identified, they should be analyzed for their possible effect. Risk analysis generally includes estimating the risk's significance, assessing the likelihood and consequences of its occurrence, and deciding how to manage the risk.
c. Control Activities
The policies, procedural requirements, work instructions, techniques, and mechanisms that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks to achieving your organization's objectives. Control activities occur at all levels and functions of the entity. They include a wide range of diverse activities such as approvals, authorizations, verifications, reconciliations, performance reviews, maintenance of security, and the creation and maintenance of related records which provide evidence of execution of these activities as well as appropriate documentation. Control activities may be applied in a computerized information system environment or through manual processes. Activities may be classified by specific control objectives, such as ensuring completeness and accuracy of information processing.
d. Information and Communication
For an entity to run and control its operations, it must have relevant, reliable, and timely communications relating to internal as well as external events. Information is needed throughout the entity for the entity to achieve all of its objectives. Managers need programmatic, institutional and financial data to determine whether they are meeting their organization's strategic and annual performance plans and to ensure effective and efficient use of resources. Pertinent information should be identified, captured, and distributed in a form and time frame that permits people to perform their duties efficiently. Effective communications should occur in a broad sense with information flowing down, across, and up the organization. In additional to internal communications, management should ensure there are adequate means of communicating with, and obtaining information from, external stakeholders that may have a significant impact on the agency achieving its goals. Moreover, effective information technology management is critical to achieving useful, reliable, and continuous recording and communication of information.
e. Monitoring Management should monitor controls to consider whether they are operating as intended and that they are modified as appropriate for changes in conditions. Monitoring is a process that assesses the quality of internal control performance over time. Monitoring should be performed continually and be ingrained in the agency's operations. It includes regular management and supervisory activities, comparisons, and reconciliations. Separate evaluations of control can also be useful by focusing directly on the controls' effectiveness at a specific time. The scope and frequency of separate evaluations should depend primarily on the assessment of risks and the effectiveness of ongoing monitoring procedures. Separate evaluations may take the form of self- assessments as well as reviews of control design and direct testing of internal control, such as through internal audits. Separate evaluations also may be performed by the agency Inspector General or an external (third party) auditor. Deficiencies found during ongoing monitoring or through separate evaluations should be communicated to the individual responsible for the function and also to at least one level of management above that individual. Serious matters should be reported to top management. Resultant corrective actions should be tracked to completion.
D.2 The NASA Integrated Management System Policy (NPD 1280.1), and the NASA Internal Control Policy (NPD 1200.1) aligns NASA's IMS policy to federal internal control requirements. NPD 1280.1 states: "It is NASA's policy to... c. Design Management Systems... at a minimum, to ensure that Management:
a. Creates and communicates to employees NASA's organizational structure and cultural environment. Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities.
b. Assures that a process is in place to set goals and objectives that support and align with the Agency's mission.
c. Implements activities for achieving the goals and objectives including performance measures.
d. Documents and implements policies, processes, and standards necessary to identify risks. Risks are assessed, considering likelihood and impact, as a basis for determining how they should be managed.
e. Implements policies, processes, and standards necessary to ensure risk responses are effective.
f. Ensures that integrated Institutional, Programmatic, and Financial risk assessments are performed at the Agency and Center level.
g. Conducts appropriate periodic reviews and assessments,reconciliations or comparisons of data, and other auditing and assessment activities to effect change and continual improvement. Monitoring shall include assessment of the quality of performance over time and assurance that the findings of audits and other reviews are promptly resolved.
D.3 Table 1 shows the relationship between NASA IMS and OMB Circular A- 123 internal control requirements.
Table 1 OMB Circular No. A-123 Requirements to NASA IMS Requirements
| OMB NO. A-123 | NASA IMS Requirements |
| Control Enviroment | Control Environment Setting Goals & Objectives Implementing Goals and Objectives |
| Risk Assessment | Risk Identification Implementing Controls Risk Assessment |
| Control Activities | Implementing Controls |
| Information and Communications | Risk Identification |
| Monitoring | Monitoring |
D.4 Table 2 provides a few examples of how the NASA HQ IMS supporting documents (NPDs/NPRs) contained in NODIS align with the NASA IMS policy requirements.</p>
| NASA IMS Requirement | NASA NPD/NPR | ||
| Control Environment | NPD 1000.0 (GSMH) | NPD 1000.3 (NASA Organization) | NPD 9010.2 (Financial Management) |
| Setting Goals & Objectives | NPD 1000.0 (Strategic Plan) | NPD 1000.0 (GSMH) | |
| Implementing Goals and Objectives | NPD 1000.3 (NASA Organization) | NPD 1000.5 (Strategic Acquisition) | |
| Risk Identification | NRP 8000.4 (Risk Management) | ||
| Implementing Controls | NPR 7120.7 (Program & Project Management | ||
| Risk Assessment | NPR 8000.4 (Risk Management) | ||
| Monitoring | NPD 9800.1 & NPD 9910.1 (IG Programs) | NPD 1200 (Internal Control) |
GSMH Governance and Strategic Management Handbook
HQPD NASA Headquarters' Policy Directive
IMS Integrated Management System
MSC Mission Support Council
NASA National Aeronautics and Space Administration
NODIS NASA Online Directives Information System
OMB Office of Management and Budget
PMC Program Management Council SMC Strategic Management Council
(URL for Graphic)None.