Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
72 Cards in this Set
- Front
- Back
What is the name of the department internal control effort? |
Managers internal control program |
|
The purposes of the federal managers financial integrity act of 1982 are to prevent waste or misuse of agency funds or property and to assure the accountability of what? |
Assets |
|
What 5 things do internal controls reasonably ensure? |
1. Programs achieve intended results 2. Resources used efficiently 3. Programs/resources are protected from waste, fraud, and mismanagement 4. Laws and regulations are followed 5. Financial reporting is reliable and accurate |
|
What agency issues standards for internal control in the federal government? |
Government accountability office |
|
Segregation of duties is a type of which internal control standard? |
Control activities |
|
The financial managers financial integrity act report must include agency plans to correct what type of weaknesses? |
Material weakness |
|
Who decides whether a weakness is material enough to warrant reporting as a material weakness to the next higher level? |
It is a management judgment |
|
What should be the last milestone of the corrective action plan for each material weakness? |
Correction validation |
|
The DoD component heads statement of assurance must take one of how many forms? |
Three |
|
How many standards are there in the GAO standards of internal control? |
5 |
|
For what program is the full scope of management responsibility defined in DOD instruction 5010.40? |
DOD's managers' internal control program |
|
When a DOD component head provides a statement of assurance that the components controls our inplace and achieving their intended objectives, is this a statement of absolute assurance or reasonable assurance? |
Reasonable |
|
What is the term for probable or potential adverse effects from inadequate internal control? |
Risk |
|
What kind of weakness significantly impairs the fulfillment of a DOD components mission? |
Material |
|
True or false: the July 15th, 2016 updated version of OMB circular A-123 requires CFO Act Agencies to hire a chief risk officer for the purpose of establishing an enterprise risk management capability within the agency. |
False |
|
What are the two major categories of control areas included in GAO's federal information system controls audit manual (FISCAM)? |
General and business process application controls |
|
Who manages the Military Intelligence Programs (MIP)? |
Under Secretary for Defense of Intelligence USD(I) |
|
Who manages the National Intelligence Programs? |
Director of National Intelligence (DNI) |
|
ERM as a discipline deals with what three tasks? |
Identifying, assessing, and managing risks |
|
Which policy and legislation are the center of requirements to improve accountability in federal government programs and operations? |
Policy: OMB Circular A-123 Law: Federal Managers Financial Integrity Act (FMFIA) of 1982 |
|
Which OMB Circular provides information and guidance on internal controls? |
OMB Circular A-123 |
|
FMFIA was codified in accordance with which US Code title? |
31 USC 3512 |
|
FMFIA Act of 1982 established the legal framework for what? |
Internal controls for the federal government. |
|
OMB Circular A-123 corresponds to what DoD instruction? |
DOD managers internal control program, DoDI 5010.40 |
|
Which office established standards for internal control in the federal government? |
Government Accountability Office (GAO); previously known as Government Accounting Office before FMFIA |
|
The GAO's standards for internal control in the federal government are included in what document? |
The Green Book |
|
What act did the FMFIA of 1982 amend? |
Accounting and auditing act of 1950 |
|
Per FMFIA, what are the three provisions each executive agency must provide reasonable assurances for? |
1. Obligations and costs comply with applicable law 2. Funds, property, and other assets are safeguarded against waste, loss, unauthorized use or misappropriation 3. Revenues, expenditures and assets are properly accounted for |
|
What is outlined in section 2 of OMB Circular A-123? |
1. Define management's responsibilities for ERM 2. Encourages agencies to establish a risk management counsel RMC |
|
What is outlined in section 4 of OMB Circular A-123? |
Management's responsibility to continuously monitor, assess, and improve the effectiveness of internal controls |
|
What do appendices A-D in OMB Circular A-123 involve? |
1. Implementation plans 2. Government charge card program's internal controls 3. Estimation & remediation of improper payments 4. Compliance with Federal Financial Management Improvement Act 1996 |
|
Which office defined the enterprise risk management ERM? |
OMB |
|
Define enterprise risk management |
An effective agency wide approach to addressing the full spectrum of an organization's risks within an entire portfolio; rather than addressing risks within silos |
|
Name the seven steps associated with the enterprise risk management model |
1. Establish context 2. Identify risks 3. Analyze and evaluate risks 4. Develop alternatives 5. Respond to risks 6. Monitor and review 7. Continuous risk identification (EIADRMC) |
|
What is the primary purpose of developing a risk profile? |
Provide a thoughtful analysis of the risks an Agency faces in achieving its objectives |
|
In regards to creating a risk profile, give an example of a vulnerability assessment tool |
Heat map used in risk review boards at NAVWAR |
|
How does the green book define internal control? |
process affected by an entities oversight body, management, and other personnel that provides reasonable assurance the objectives of an entity are achieved |
|
True or false: using the internal control requirements in OMB Circular A-123 guarantees waste, fraud, and mismanagement of federal programs and operations will not occur. Why or why not? |
False; it only provides a means of managing the risk associated with waste, fraud, and mismanagement |
|
Who is ultimately responsible at all levels for ensuring efficient internal controls? |
Management |
|
What is the internal control over financial reporting (ICOFR) process designed to do? |
Provide reasonable assurance regarding the reliability of financial reporting |
|
Per the CDFM instructor, what is the most important assertion management can reasonably make through the ICOFR process? |
Documentation is audit ready; specifically " documentation for internal control, all transactions, and other significant events is readily available for examination." |
|
What policy presented a methodology for performing information system control audits of federal and other governmental entities in accordance with professional standards? |
Federal Information System Controls Audit Manual (FISCAM) |
|
FISCAM can be used as the basis for an Independent evaluation of a federal agency's information security program required by what act? |
Federal information security management Act (FISMA) |
|
Name the five General Controls within the FISCAM process |
1. Security management 2. Access controls 3. Configuration management 4. Segregation of duties 5. Contingency planning |
|
FMFIA requires federal executive branch entities to establish internal controls in accordance with what standards? |
The Green Book |
|
What are the five internal control objectives that provide reasonable assurance? |
1. Programs achieve intended results 2. Resources used efficiently 3. Avoid waste, fraud & mismanagement 4. Laws and regulations are followed 5. Financial reporting is reliable and accurate |
|
Define business process application controls and what they help to ensure |
Controls directly related to individual computerized applications. They help ensure that transactions are complete, accurate, valid, confidential, and available |
|
Give an example of a process control in a third party provider situation |
An agency contracts out its IT development to a third party and that organization chooses to document, track, approve, and test all application changes internally. Them doing so, helps the agency retain significant control over the IT development process |
|
True or false: a well-designed and operated internal control can provide absolute assurance that all agency objectives will be met |
False; it can only provide reasonable assurance |
|
Name the five components associated with GAO framework for internal control |
1. Control environment 2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring |
|
Which of the 5 components within the GAO internal control framework are affected if management doesn't demonstrate a commitment to ethical values? |
#1 Control environment (principle 1) |
|
What is the difference between a corrective action plan (CAP) and a corrective action report (CAR)? |
CAP addresses the risk through monitoring while a CAR is a report on how the risk was mitigated |
|
Name the three categories of internal control deficiencies |
Control deficiency Significant deficiency Material weakness |
|
In regards to internal controls, when does a control deficiency exist? |
When a control does not allow management or personnel to achieve control objectives and address related risks |
|
In regards to internal controls, when does a significant deficiency exist? |
When a deficiency, or combination of deficiencies, is less severe than a material weakness yet important enough to merit attention by INTERNAL management |
|
What is a material weakness? |
A significant deficiency of internal controls that an agency head determines to be significant enough to report externally to OMB and Congress |
|
Give an example of a material weakness in the following situations: 1. Operations 2. Reporting 3. Compliance |
1. Operations: deprived the public of needed services2. Reporting: Financial status report is inaccurate and results in leadership making bad decisions3. Compliance: management is unable to reasonably ensure laws aren't being violated |
|
Who determines whether or not to categorize an internal control weakness as material? |
Management |
|
D o d instruction 5010.40 managers internal control procedures requires the under secretary of defense comptroller to do what two things? |
1. Establish a senior management counsel to provide oversight and accountability 2. Co-chair a FIAR governance board with the DOD deputy chief management officer (DCMO) to provide oversight and accountability for the DOD financial reporting and financial systems |
|
Who is the CFO within DOD? |
Under secretary of defense comptroller |
|
DODI 5010.40 direct each DOD and OSD component head to establish what? |
Managers Internal control program (MICP) |
|
What instruction provides procedures on correcting material weaknesses and submitting annual statements of assurance? |
DODI 5010.40 |
|
Name the associated laws and policies that provide direction for carrying out internal control programs for each of the below: Law GAO OMB DOD |
Law: FIMFIA GAO: the Green Book OMB: Circular A-123 DOD: DoDI 5010.40 |
|
A summary of corrective action plans for material weaknesses that have not been fully miligated at the time of reporting must be included in what document? |
The agency financial report (AFR), performance and accountability report (PAR), or other management report |
|
What are the four levels within the DOD that a material weakness is reviewed at? |
1. Installation or activity level (ECH III) 2. Major command or field activity (NAVWAR) 3. Component level (Navy) 4. DoD level |
|
Material weaknesses that cannot be resolved at the SECDEF level are reported in what document? |
Annual DOD statement of assurance |
|
What are the three types of statements that can be included on the annual statement of insurance? |
Statement of: unmodified, modified, or no assurance |
|
What are the four main components of the statement of assurance report? |
1. Statement of reasonable assurance regarding effectiveness of internal controls over operations 2. Explicit level of assurance regarding ICOFR 3. Explicit level of assurance regarding ICOFS 4. The level for each explicit assurance |
|
Give two examples of control activities |
No Antideficiency Act occurrence (control objective) and Purpose, Time and Amount training for budget analyst (control technique) |
|
What is an accessible unit in regards to internal control? |
A subdivision of an organization that ensures a reasonable level of management control and analysis |
|
What law and title outline the definition and requirement of reasonable assurance? |
Title 31 USC 3512 Federal managers financial integrity Act of 1982 (FMFIA) |
|
What guiding document requires the establishment of a senior management counsel? |
OMB Circular A-123 |