Presentation on theme: "Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green."— Presentation transcript:
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green Book” MICP Web Site: email@example.com@mail.mil
2 Revised “Green Book” Introduces 17 Principles Section 3512 (c) and (d) of the United States Code. Requires that Federal agency executives periodically review and annually report on the agency’s internal controls. FMFIA requires the Comptroller General to prescribe internal control standards. GAO’s “Green Book” Federal Managers’ Financial Integrity Act (FMFIA) Provides the internal control standards for federal agencies for both program and financial management. The standards provide management criteria for designing, implementing and operating an internal control system. The standards retain the five components of internal control but introduce 17 principles. These principles were adopted from the Committee of Sponsoring Operations of the Treadway Commission (COSO). 1. 1. Committee of Sponsoring Operations of the Treadway Commission (COSO) - On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its revisions and updates to the 1992 document Internal Control - Integrated Framework. COSO’s goal in updating the framework was to increase its relevance in the increasingly complex and global business environment so that organizations worldwide can better design, implement, and assess internal control. COSO is a joint initiative of five private sector organizations and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control, and fraud deterrence. The AICPA is a member of COSO.Committee of Sponsoring Organizations of the Treadway Commission
Provides Managers Criteria for Designing, Implementing and Operating an Effective Internal Control System 3 1.Oversight body and management should demonstrate a commitment to integrity and ethical values 1. 2.The oversight body should oversee the entity’s internal control system. 3.Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity’s objectives. 4.Management should demonstrate a commitment to recruit, develop, and retain competent individuals. 5.Management should evaluate performance and hold individuals accountable for their internal control responsibilities. Control Environment 1. “Tone-At-The-Top” is provided as an attribute to Principle 1. “Tone at the Top” can be either a driver or a barrier to internal control.” 6.Management should define objectives clearly to enable the identification of risks and define risk tolerances. 7.Management should identify, analyze, and respond to risks related to achieving the defined objectives. 2. 8.Management should consider the potential for fraud when identifying. 9.Management should identify, analyze, and respond to significant changes that could impact the internal control system. Risk Assessment The standards in the “Green Book” are organized by the five components of internal control Components of Internal Controls Principles That Define Each Component Overview of Framework 2. Management estimates the significance of identified risks to assess their effect on achieving the defined objectives at both the entity and transaction level.
Provides Managers Criteria for Designing, Implementing and Operating an Effective Internal Control System 4 10.Management should design control activities to achieve objectives. 11.Management should design the entity’s information system and related control activities to achieve objectives and respond to risks. 1. 12.Management should implement control activities through policies. Design Control Activities 1. Control activities help management fulfill responsibilities and address identified risk responses in the internal control system. 13.Management should use quality information to achieve the entity’s objectives. 14.Management should internally communicate the necessary quality information to achieve the entity’s objectives. 2. 15.Management should externally communicate the necessary quality information to achieve the entity’s objectives. Information and Communication Components of Internal Controls Principles That Define Each Component 2. Management receives quality information about the entity’s operational processes that flows up the reporting lines from personnel to help management achieve the entity’s objectives. Perform Monitoring Activities 16. Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. 3 17. Management should remediate identified internal control deficiencies on a timely basis. 3. Management establishes a baseline to monitor the internal control system. Once established, management can use the baseline as criteria in evaluating the internal control system and make changes to reduce the difference between criteria and condition.;