SlideShare a Scribd company logo

MIC A Practical Approach

Download as PPTX, PDF
Austin Skidmore
Austin Skidmore

This training seminar covers topics from the MIC program including: understanding MIC requirements and terminology; MIC reporting procedures; conducting risk and control assessments; developing an inventory of assessable units. The training aims to provide both relevant knowledge for commanding officers and practical skills for MIC coordinators.

1 of 62
T H I S T R A I N I N G S E M I N A R I N C O R P O R A T E S T O P I C S F R O M A V A R I E T Y O F M I C P R O G R A M M A T E R I A L MIC A Practical Approach YN2 Austin Skidmore, NRMW RCC (N5)
Training Objectives  Gain an advanced understanding of MIC requirements  Become familiar with MIC terminology and expectations  Understand MIC reporting procedure  Learn to conduct risk and control assessments  Be able to develop an Inventory of Assessable Units  Provide knowledge that is both relevant to Commanding Officers and practical to front line MIC Coordinators
 COLLECTION OF CONTROL SYSTEMS A COMMAND HAS ESTABLISHED TO ACCOMPLISH ITS MISSION  PRACTICES ADOPTED MANAGEMENT TO PROVIDE ASSURANCE THAT PROGRAMS CARRIED OUT IN ACCORDANCE WITH ESTABLISHED OBJECTIVES  SYSTEM OF CONDUCTING PERIODIC REVIEWS OF PROCESS EFFECTIVENESS  PROGRAM THAT INTENDS TO ELIMINATE OR REDUCE FRAUD, WASTE, ABUSE AND MISMANAGEMENT What is MIC?
A N E F F E C T I V E M I C P R O G R A M H E L P S I D E N T I F Y A N D C O R R E C T W E A K N E S S E S W I T H I N A N O R G A N I Z A T I O N . B E N E F I T S O F A N E F F E C T I V E M I C P R O G R A M I N C L U D E : 1 ) V I S I B I L I T Y I N T O O R G A N I Z A T I O N A L W E A K N E S S E S 2 ) A B I L I T Y T O A N T I C I P A T E P O T E N T I A L O R S Y S T E M I C W E A K N E S S E S 3 ) P R O C E S S E S T O C O R R E C T W E A K N E S S E S B E F O R E T H E Y B E C O M E D E T R I M E N T A L T O T H E O R G A N I Z A T I O N 4 ) C O M P L I A N C E W I T H T H E F E D E R A L M A N A G E R S ’ F I N A N C I A L I N T E G R I T Y A C T ( F M F I A ) A N D O T H E R L A W S A N D R E G U L A T I O N S What does MIC do for my organization?
Why must we engage in MIC?  Department of the Navy’s Internal Control Manual – SECNAV M-5200.35  SECNAV Instruction 5200.35E  OMB Circular A-123  GAO Standards For Internal Control  DoD Instruction 5010.40 (MIC) Program Procedures  DoD FY 2009 Guidance For Preparation Of The Annual SOA  DoD FY 2011 Internal Control Over Financial Reporting Guidance  Federal Managers Financial Integrity Act Of 1982 (FMFIA)
K E Y S T O S U C C E S S F O R A N E F F E C T I V E M I C P R O G R A M : LEADERSHIP EMPHASIS:  A MIC Program must be supported by top leadership. EDUCATION AND TRAINING:  Managers at all levels must understand the importance of internal controls. MONITORING AND REPORTING :  Monitoring progress and reporting results are essential. How can I make MIC a success?
MIC Process DEVELOP MIC PLAN
MIC Plan An executive summary which captures the command’s approach in maintaining an internal control program Considered a Road Map to new MIC Coordinators
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
T H E P R O C E S S O F S E G M E N T I N G A N O R G A N I Z A T I O N I N C L U D E S : 1 ) I D E N T I F Y I N G M A J O R C O M P O N E N T S O R P R O G R A M S 2 ) D I V I D I N G T H E C O M P O N E N T S I N T O A S S E S S A B L E U N I T S 3 ) R E L A T I N G A S S E S S A B L E U N I T S T O R E S P O N S I B L E M A N A G E R S Segmenting the Organization
Inventory of Assessable Units (AU) Develop an Inventory of AUs that:  Are divisions of major components, functions, or programs  Have clear limits or boundaries  Are identifiable to a specific responsible manager  Constitute the entire organization
Functional Area Sub-segment Department  Research, Development, Test and Evaluation  Major Systems Acquisition  Procurement  Contract Administration  Force Readiness  Manufacturing, Maintenance and Repair  Supply Operations  Property Management  Communications and/or Intelligence and/or Security  Information Technology  Personnel and/or Organizational Management  Comptroller and/or Resource Management  Support Services  Security Assistance  Other (Transportation)  Financial Statement Reporting  N01  N1  N3  N4  N5  N6  N7  N8  N9 Segmenting the Organization
Sample Inventory of AUs
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION ASSIGN RESPONSIBILITY
MIC Coordinator Top Leadership  Ensure requirements are communicated and completed on time  Coordinate efforts to prepare a MIC Plan and MIC Certification Statement  Monitor the performance and results of risk assessments and reviews  Obtain MIC training  Establish of internal controls to provide reasonable assurance requirements are met  Maintain an inventory of assessable units  Perform risk assessments and internal control reviews.  Submit an annual overall MIC Certification Statement  Monitor and improve internal controls What is my role?
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS ASSIGN RESPONSIBILITY
Flowcharting This chart represents some of the most commonly used flowchart symbols Symbols may very by source
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL ASSIGN RESPONSIBILITY
The three phases of a risk assessment generally include: Identifying a risk that potentially impacts the organization’s mission and objectives Assessing the impact and likelihood of that risk Responding to the risk with appropriate controls IDENTIFY ASSESS RESPOND
R I S K I D E N T I F I C A T I O N O C C U R S A S A R E S U L T O F C O N S I D E R A T I O N O F F I N D I N G S F R O M A U D I T S , E V A L U A T I O N S , A N D O T H E R A S S E S S M E N T S I D E N T I F I C A T I O N O F R I S K S R E S U L T I N G F R O M B U S I N E S S , P O L I T I C A L , A N D E C O N O M I C C H A N G E S A R E D E T E R M I N E D R I S K S T O T H E A G E N C Y A S A R E S U L T O F P O S S I B L E N A T U R A L C A T A S T R O P H E S O R C R I M I N A L O R T E R R O R I S T A C T I O N S A R E T A K E N I N T O A C C O U N T R I S K S P O S E D B Y N E W L E G I S L A T I O N O R R E G U L A T I O N S A R E I D E N T I F I E D Risk Identification
Risk Identification A risk assessment determines where potential hazards exists that might prevent the organization from achieving its objectives. Asking the following questions may also help to identify risks:  What could go wrong in the process?  What processes require the most judgment?  What processes are most complex?  What must go right for proper reporting?  How do we know whether we are achieving our objectives?  Where are our vulnerable areas?
Business Risk Types Are we at risk of a threat to mission, threat to resources, or threat to image?  Financial risk - Loss of assets or available operating or capital budget  Human resources risk - Management and staff are not sufficient to meet needs and mission of organization  Reputation risk - Negative public opinion  Technology risk - Systems and technology tools, in design and operation, do not allow achievement of mission  Strategic risk - Mission or strategic plan does not support overall DON objectives  Operational risk - Operational policies and procedures do not sufficiently control business to allow achievement of mission  Environmental risk - Operations negatively impact the environment
GAO Risk Types For each risk identified in a process, a control activity should be identified and documented in the risk assessment. The GAO identifies three types of risk: 1) Inherent risk - The original susceptibility to a potential hazard or material misstatement, assuming there are no related specific control activities. 2) Control risk - The risk that a hazard or misstatement will not be prevented or detected by the internal control. 3) Combined risk - The likelihood that a hazard or material misstatement would occur and not be prevented or detected on a timely basis by the agency's internal control.
Threat Types  Threat to Mission - Is there a threat to achieving the mission of the organization. Threats to Mission include:  impaired fulfillment of essential mission or operations  unreliable information causing unsound management decisions  violations of statutory or regulatory requirements  impact on information security  depriving the public of needed Government services  Threat to Resources - Is there a threat to physical, financial or human resources. When a control deficiency has a clear dollar value associated with it, anything greater than one percent (1%) of the organization’s budget would be considered material.  Threat to Image - Consider the impact on the organization’s image does it bring substantial negative publicity. Threats to Image may include:  sensitivity of the resources involved (e.g., drugs, munitions)  current or probable Congressional and / or media interest  diminished credibility or reputation of management
Categorizing Risk Level
M E T H O D S U S E D B Y P R O G R A M M A N A G E R S T O E N S U R E A C H I E V E M E N T O F O B J E C T I V E S A N D T O S A F E G U A R D T H E I N T E G R I T Y O F T H E I R P R O G R A M S . C O N T R O L A C T I V I T I E S A R E E S T A B L I S H E D T O M A N A G E A N D M I T I G A T E T H E I D E N T I F I E D R I S K S . E X A M P L E S O F C O N T R O L A C T I V I T I E S A R E P R O C E S S O W N E R S H I P , T R A N S A C T I O N A P P R O V A L S , S E P A R A T I O N O F D U T I E S , A N D P E R F O R M A N C E M E A S U R E M E N T S . I N T E R N A L C O N T R O L S E N S U R E T H E A C C O M P L I S H M E N T O F O B J E C T I V E S ; C O M P L I A N C E W I T H L A W S A N D R E G U L A T I O N S ; R E L I A B L E A N D T I M E L Y I N F O R M A T I O N A N D E F F I C I E N T O P E R A T I O N S . Internal Controls
I N T E R N A L C O N T R O L S P R O V I D E R E A S O N A B L E A S S U R A N C E T H A T T H E F O L L O W I N G A R E T R U E :  C O M P L I A N C E W I T H L A W S A N D R E G U L A T I O N S  A C C O M P L I S H M E N T O F O B J E C T I V E S  R E L I A B L E A N D T I M E L Y I N F O R M A T I O N F O R D E C I S I O N M A K I N G  E F F I C I E N T O P E R A T I O N S  S A F E G U A R D I N G O F R E S O U R C E S F R O M W A S T E , F R A U D , A B U S E A N D M I S M A N A G E M E N T What purpose do controls serve?
PREVENTATIVE DETECTIVE  DETER UNDESIRABLE EVENTS FROM OCCURRING. PREVENTATIVE CONTROLS SHOULD BE DESIGNED TO DISCOURAGE ERRORS AND IRREGULARITIES FROM OCCURRING  DETECT AND CORRECT UNDESIRABLE EVENTS THAT HAVE OCCURRED. DETECTIVE CONTROLS SHOULD BE DESIGNED TO IDENTIFY AN ERROR OR IRREGULARITY AFTER IT HAS OCCURRED Types of Controls
DIRECTIVE CORRECTIVE  CAUSE OR ENCOURAGE A DESIRABLE EVENT TO OCCUR. DIRECTIVE CONTROLS SHOULD BE DESIGNED TO ASSIST IN ACCOMPLISHING GOALS AND OBJECTIVES  ARE AIMED AT RESTORING THE SYSTEM TO ITS EXPECTED STATE. CORRECTIVE CONTROLS CAN TERMINATE THE AFFECTED PROCESS, REVERSE THE ERROR, OR REMEDY THE RESULTS OF THE ERROR Types of Controls
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT ASSIGN RESPONSIBILITY
Conducting Risk Assessments Risk assessments can vary in format; however, documentation should:  Identify the risks to the accomplishment of the assessable unit’s objectives  Identify the level of inherent risk (high, moderate, low)  Identify the level of control risk (high, moderate, low)  Identify the level of combined risk (high, moderate, low)  Document any existing controls that are in place to mitigate the risk
Conducting Control Assessments Internal control assessments can vary in format; however, documentation should:  Relate each control to a specific risk  Identify the control test objective to validate assumed level of control risk  Describe the design of the control that will be tested  State effectiveness of the control design based on the test performed  Describe how the operation of the control was tested  State effectiveness of the control operation based upon the test performed
RA, Control Test, and CA easy three step process
Sample Risk Assessment
Sample Control Assessment
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT DOCUMENT FINDINGS ASSIGN RESPONSIBILITY
Documentation DON anticipates the MIC Program will become Auditable. Here is what you need to stay on track:  MIC Plan  Inventory of Assessable Units (AU)  Risk Assessments (RA)  Internal Control Assessments  Statement of Assurance (SOA)
MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT DOCUMENT FINDINGS PREPARE REPORTS ON RESULTS ASSIGN RESPONSIBILITY
 D I R E C T E D B Y T H E O V E R S I G H T P L A N N I N G B O A R D ( O P B ) C H A R T E R O F 1 5 J U N 0 4  1 3 F U N C T I O N A L C A T E G O R I E S  R E P O R T E D T O N A V A L A U D I T S E R V I C E A N D N A V I G  D A T A C A L L C O N D U C T E D F E B / M A R T I M E F R A M E  P R O V I D E D W E B - B A S E D D A T A E N T R Y T O O L O N L I N E T O S U B M I T R I S K A N D O P P O R T U N I T Y  O N L Y E C H E L O N I I A N D A B O V E G E T A C C E S S Risk and Opportunity Assessment (ROA)
Functional Categories Risks and Opportunities are grouped into 13 Functional Areas 1) Acquisition Integrity/Fraud 2) Anti-Terrorism/Force Protection 3) Education and Training 4) Environmental Protection and Safety 5) Facilities and Real Property Management 6) Financial Management 7) Force Readiness and Fleet Operations 8) Healthcare and Member Support Services 9) Information Technology Management 10)Intelligence and Classified Programs 11) Logistics, Supply, and Maintenance Ops 12) Manpower and Personnel 13) Systems Acquisition and Acquisition Logistics
Sample Risk and Opportunity Risk:  Stand-alone NOSC facilities are not in compliance with ATFP criteria. NOSC facilities are under the purview of CNIC, but despite efforts to update OPNAVINST 3300.53B, this instruction has not been updated  New Navy Reserve accessions often do not meet mobilization standards Opportunity:  NAVRESFOR is unable to use DTS to book travel requirements and process travel claims at this time. Legacy business processes require NAVPTO involvement and a manpower intensive process at the CTO to book Navy Reserve travel arrangements
A N A N N U A L R E P O R T T H A T C E R T I F I E S T H E S E C N A V ’ S L E V E L O F R E A S O N A B L E A S S U R A N C E C E R T I F I E S T H E O V E R A L L A D E Q U A C Y A N D E F F E C T I V E N E S S O F I N T E R N A L C O N T R O L S W I T H I N T H E D O N A V E N U E T O R E P O R T P O T E N T I A L “ N A V Y - W I D E ” I S S U E S B A S E D O N I N P U T S F R O M T H E F I E L D C O M P R I S E D O F W E A K N E S S E S A N D A C C O M P L I S H M E N T S I N D E N T I F I E D B Y A S S E S S M E N T F I N D I N G S P R O V I D E S M O N I T O R I N G A N D T R A C K I N G O F C O R R E C T I V E A C T I O N S Statement of Assurance (SOA)
Certification Statement Annual SOA Certification Statement Letterhead Memorandum
Reasonable Assurance  An unqualified statement of assurance - reasonable assurance with no material weaknesses reported.  A qualified statement of assurance - reasonable assurance with exception of one or more material weakness(es) noted.  A statement of no assurance - no reasonable assurance because no assessments conducted or the noted material weaknesses are pervasive.
Determining Materiality What constitutes a “material” weakness? Materiality is a management judgment. It is difficult to apply a strict formula to determine whether something is or is not material  Is the issue control-related?  Is the issue command/activity-wide?  Does the issue pose a Threat to Mission, Resources, or Image? * An issue is only material if it affects your organization as a whole
Material Weakness Criteria Material Weakness guidelines exist within DoD Instruction 5010.40. A Material Weakness must satisfy two conditions:  It must be a deficiency in which existing internal controls do not provide reasonable assurance that the objectives of the MIC Program are being met. In effect, the weakness results from internal controls that are not in place, not used, or not adequate.  It must be a deficiency that requires the attention of the next higher level of management. Managers should report a weakness to the next higher level if doing so is required to resolve the issue. A manager should also consider reporting a weakness to the next higher level if it is serious enough to bring to their attention (even if the issue can be resolved at the reporting manager's level).
SOA Online Tool The Tool encompasses all four segments of the SOA reporting requirements:  New Weaknesses  Prior Period Weaknesses  Accomplishments  Management Control Certification Statement Efficiency: Streamlines SOA data collection and reporting process Access: Easy access to submit updates and certification statements Monitoring: Provides a mechanism to track accomplishments and weaknesses Consolidation: Acts as a central database and stores historical data Consistency: Templates in the tool assist in completing certification statement
SOA Tool New MIC Coordinators go to: <https://www/fmosystems.na vy.mil/soa/login/index.cfm?fus eAction=Logout> Here MIC Coordinators request access to the SOA Tool and prepare the annual SOA Certification Statement
Inputs are being recognized
RCCs CNRFC DON CNO
Reporting Chain
Self-Assessment Tool Available at the FMO Systems website: <http://www.fmo.navy.mil/fin_imp/mic/tools_index.htm> Web-based Tool to provide Commands "current state” measurement of their MIC Program. This tool will help Leaders answer the following Internal Control questions:  Are they designed well?  Are they functioning as designed?  Are further improvements needed?
MIC A Practical Approach
MIC A Practical Approach
MIC A Practical Approach
MIC A Practical Approach

Recommended

Scorecards
ScorecardsScorecards
ScorecardsJohn Halsted
 
ICOFR - Complete
ICOFR - CompleteICOFR - Complete
ICOFR - CompleteLutfi Hedir
 
How to Become a Martian
How to Become a MartianHow to Become a Martian
How to Become a MartianBrian Shiro
 
Key note presentation_amfiu conference
Key note presentation_amfiu conferenceKey note presentation_amfiu conference
Key note presentation_amfiu conferenceMustapha Mugisa
 
Webinar Presentation: Minnesota's Value of Solar
Webinar Presentation: Minnesota's Value of SolarWebinar Presentation: Minnesota's Value of Solar
Webinar Presentation: Minnesota's Value of SolarJohn Farrell
 
Nahha Annual report2015
Nahha Annual report2015Nahha Annual report2015
Nahha Annual report2015iHawaiidigital
 
An entropic order quantity (en oq)
An entropic order quantity (en oq)An entropic order quantity (en oq)
An entropic order quantity (en oq)Divyesh Solanki
 
Jonathan Gualberto: A Sales Representative with an Enviable Track-Record
Jonathan Gualberto: A Sales Representative with an Enviable Track-RecordJonathan Gualberto: A Sales Representative with an Enviable Track-Record
Jonathan Gualberto: A Sales Representative with an Enviable Track-RecordjonathanGualberto
 

Recommended

Scorecards
ScorecardsScorecards
ScorecardsJohn Halsted
 
ICOFR - Complete
ICOFR - CompleteICOFR - Complete
ICOFR - CompleteLutfi Hedir
 
How to Become a Martian
How to Become a MartianHow to Become a Martian
How to Become a MartianBrian Shiro
 
Key note presentation_amfiu conference
Key note presentation_amfiu conferenceKey note presentation_amfiu conference
Key note presentation_amfiu conferenceMustapha Mugisa
 
Webinar Presentation: Minnesota's Value of Solar
Webinar Presentation: Minnesota's Value of SolarWebinar Presentation: Minnesota's Value of Solar
Webinar Presentation: Minnesota's Value of SolarJohn Farrell
 
Nahha Annual report2015
Nahha Annual report2015Nahha Annual report2015
Nahha Annual report2015iHawaiidigital
 
An entropic order quantity (en oq)
An entropic order quantity (en oq)An entropic order quantity (en oq)
An entropic order quantity (en oq)Divyesh Solanki
 
Jonathan Gualberto: A Sales Representative with an Enviable Track-Record
Jonathan Gualberto: A Sales Representative with an Enviable Track-RecordJonathan Gualberto: A Sales Representative with an Enviable Track-Record
Jonathan Gualberto: A Sales Representative with an Enviable Track-RecordjonathanGualberto
 
Kmc presentation
Kmc presentationKmc presentation
Kmc presentationJohn3920
 
1000: 基調講演
1000: 基調講演1000: 基調講演
1000: 基調講演NVIDIA Japan
 
FINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptxFINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptxiHawaiidigital
 
NaHHA Annual Report 2014
NaHHA Annual Report 2014NaHHA Annual Report 2014
NaHHA Annual Report 2014iHawaiidigital
 
Chapter 13 presidency
Chapter 13 presidencyChapter 13 presidency
Chapter 13 presidencybethanyroisland
 
Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence Cinema Hotel
 
Aug.11
Aug.11Aug.11
Aug.11Yesh Lazarte
 
The link between risk management critical controls and auditing
The link between risk management critical controls and auditingThe link between risk management critical controls and auditing
The link between risk management critical controls and auditingNimonik
 
Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839Irina Steenbeek, PhD
 
A Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity ModelsA Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity ModelsData Crossroads
 
business-systems-development-brochure
business-systems-development-brochurebusiness-systems-development-brochure
business-systems-development-brochureNick Serafimov
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategyB.R Keerthi
 
TMTR Capability Story
TMTR Capability StoryTMTR Capability Story
TMTR Capability StoryTMTR People Solution Pvt. Ltd.
 
Executive Answers Process
Executive Answers ProcessExecutive Answers Process
Executive Answers ProcessRyan Cahill
 
Role of teams in organziational change
Role of teams in organziational changeRole of teams in organziational change
Role of teams in organziational changeSilahAwan
 
Who's Who in Clinical Research
Who's Who in Clinical Research Who's Who in Clinical Research
Who's Who in Clinical Research Kunal Sampat
 
Organizing and controlling
Organizing and controllingOrganizing and controlling
Organizing and controllingIrving Ambrona
 
Organizational Resilience
Organizational ResilienceOrganizational Resilience
Organizational ResilienceNaresh Jain
 
KODAK Presentation .pptx
KODAK Presentation .pptxKODAK Presentation .pptx
KODAK Presentation .pptxMichaelDotto2
 
Securing Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warrenSecuring Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warrenIPPAI
 
The Digital Transformation: A New World Order
The Digital Transformation: A New World OrderThe Digital Transformation: A New World Order
The Digital Transformation: A New World OrderAMA Iowa (American Marketing Association Iowa Chapter)
 
01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres Milaan01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres MilaanHRmagazine
 

More Related Content

Viewers also liked

Kmc presentation
Kmc presentationKmc presentation
Kmc presentationJohn3920
 
1000: 基調講演
1000: 基調講演1000: 基調講演
1000: 基調講演NVIDIA Japan
 
FINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptxFINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptxiHawaiidigital
 
NaHHA Annual Report 2014
NaHHA Annual Report 2014NaHHA Annual Report 2014
NaHHA Annual Report 2014iHawaiidigital
 
Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence Cinema Hotel
 

Viewers also liked (7)

Kmc presentation
Kmc presentationKmc presentation
Kmc presentation
 
1000: 基調講演
1000: 基調講演1000: 基調講演
1000: 基調講演
 
FINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptxFINAL.AnnualReport2016.pptx
FINAL.AnnualReport2016.pptx
 
NaHHA Annual Report 2014
NaHHA Annual Report 2014NaHHA Annual Report 2014
NaHHA Annual Report 2014
 
Chapter 13 presidency
Chapter 13 presidencyChapter 13 presidency
Chapter 13 presidency
 
Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence Hotel z pomysłem - Cinema Residence
Hotel z pomysłem - Cinema Residence
 
Aug.11
Aug.11Aug.11
Aug.11
 

Similar to MIC A Practical Approach

The link between risk management critical controls and auditing
The link between risk management critical controls and auditingThe link between risk management critical controls and auditing
The link between risk management critical controls and auditingNimonik
 
Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839Irina Steenbeek, PhD
 
A Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity ModelsA Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity ModelsData Crossroads
 
business-systems-development-brochure
business-systems-development-brochurebusiness-systems-development-brochure
business-systems-development-brochureNick Serafimov
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategyB.R Keerthi
 
Executive Answers Process
Executive Answers ProcessExecutive Answers Process
Executive Answers ProcessRyan Cahill
 
Role of teams in organziational change
Role of teams in organziational changeRole of teams in organziational change
Role of teams in organziational changeSilahAwan
 
Who's Who in Clinical Research
Who's Who in Clinical Research Who's Who in Clinical Research
Who's Who in Clinical Research Kunal Sampat
 
Organizing and controlling
Organizing and controllingOrganizing and controlling
Organizing and controllingIrving Ambrona
 
Organizational Resilience
Organizational ResilienceOrganizational Resilience
Organizational ResilienceNaresh Jain
 
KODAK Presentation .pptx
KODAK Presentation .pptxKODAK Presentation .pptx
KODAK Presentation .pptxMichaelDotto2
 
Securing Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warrenSecuring Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warrenIPPAI
 
01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres Milaan01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres MilaanHRmagazine
 
Part 2: Leadership & Innovation Tactics
Part 2: Leadership & Innovation TacticsPart 2: Leadership & Innovation Tactics
Part 2: Leadership & Innovation TacticsDustin Haisler
 
Preparing for CRM
Preparing for CRMPreparing for CRM
Preparing for CRMQGate
 
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...Traction Conf
 
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - London
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - LondonGRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - London
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - LondonGRESB
 

Similar to MIC A Practical Approach (20)

The link between risk management critical controls and auditing
The link between risk management critical controls and auditingThe link between risk management critical controls and auditing
The link between risk management critical controls and auditing
 
Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839Dmmaturitymodelscomparison 190513162839
Dmmaturitymodelscomparison 190513162839
 
A Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity ModelsA Comparative Study of Data Management Maturity Models
A Comparative Study of Data Management Maturity Models
 
business-systems-development-brochure
business-systems-development-brochurebusiness-systems-development-brochure
business-systems-development-brochure
 
Simplify your analytics strategy
Simplify your analytics strategySimplify your analytics strategy
Simplify your analytics strategy
 
TMTR Capability Story
TMTR Capability StoryTMTR Capability Story
TMTR Capability Story
 
Executive Answers Process
Executive Answers ProcessExecutive Answers Process
Executive Answers Process
 
Role of teams in organziational change
Role of teams in organziational changeRole of teams in organziational change
Role of teams in organziational change
 
Who's Who in Clinical Research
Who's Who in Clinical Research Who's Who in Clinical Research
Who's Who in Clinical Research
 
Organizing and controlling
Organizing and controllingOrganizing and controlling
Organizing and controlling
 
Organizational Resilience
Organizational ResilienceOrganizational Resilience
Organizational Resilience
 
KODAK Presentation .pptx
KODAK Presentation .pptxKODAK Presentation .pptx
KODAK Presentation .pptx
 
Securing Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warrenSecuring Airport Terminals Passengers And Cargo By Geoff warren
Securing Airport Terminals Passengers And Cargo By Geoff warren
 
The Digital Transformation: A New World Order
The Digital Transformation: A New World OrderThe Digital Transformation: A New World Order
The Digital Transformation: A New World Order
 
01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres Milaan01 Julie Vens-De Vos - HRRH congres Milaan
01 Julie Vens-De Vos - HRRH congres Milaan
 
Part 2: Leadership & Innovation Tactics
Part 2: Leadership & Innovation TacticsPart 2: Leadership & Innovation Tactics
Part 2: Leadership & Innovation Tactics
 
Preparing for CRM
Preparing for CRMPreparing for CRM
Preparing for CRM
 
Indicadores de internacionalizacion
Indicadores de internacionalizacionIndicadores de internacionalizacion
Indicadores de internacionalizacion
 
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...
Revenue Optimization: The Science of Sales and Customer Success - Julie Weill...
 
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - London
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - LondonGRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - London
GRESB slides - 2018 GRESB | Siemens Sustainable Real Assets Conference - London
 

MIC A Practical Approach

  • 1. T H I S T R A I N I N G S E M I N A R I N C O R P O R A T E S T O P I C S F R O M A V A R I E T Y O F M I C P R O G R A M M A T E R I A L MIC A Practical Approach YN2 Austin Skidmore, NRMW RCC (N5)
  • 2. Training Objectives  Gain an advanced understanding of MIC requirements  Become familiar with MIC terminology and expectations  Understand MIC reporting procedure  Learn to conduct risk and control assessments  Be able to develop an Inventory of Assessable Units  Provide knowledge that is both relevant to Commanding Officers and practical to front line MIC Coordinators
  • 3.  COLLECTION OF CONTROL SYSTEMS A COMMAND HAS ESTABLISHED TO ACCOMPLISH ITS MISSION  PRACTICES ADOPTED MANAGEMENT TO PROVIDE ASSURANCE THAT PROGRAMS CARRIED OUT IN ACCORDANCE WITH ESTABLISHED OBJECTIVES  SYSTEM OF CONDUCTING PERIODIC REVIEWS OF PROCESS EFFECTIVENESS  PROGRAM THAT INTENDS TO ELIMINATE OR REDUCE FRAUD, WASTE, ABUSE AND MISMANAGEMENT What is MIC?
  • 4. A N E F F E C T I V E M I C P R O G R A M H E L P S I D E N T I F Y A N D C O R R E C T W E A K N E S S E S W I T H I N A N O R G A N I Z A T I O N . B E N E F I T S O F A N E F F E C T I V E M I C P R O G R A M I N C L U D E : 1 ) V I S I B I L I T Y I N T O O R G A N I Z A T I O N A L W E A K N E S S E S 2 ) A B I L I T Y T O A N T I C I P A T E P O T E N T I A L O R S Y S T E M I C W E A K N E S S E S 3 ) P R O C E S S E S T O C O R R E C T W E A K N E S S E S B E F O R E T H E Y B E C O M E D E T R I M E N T A L T O T H E O R G A N I Z A T I O N 4 ) C O M P L I A N C E W I T H T H E F E D E R A L M A N A G E R S ’ F I N A N C I A L I N T E G R I T Y A C T ( F M F I A ) A N D O T H E R L A W S A N D R E G U L A T I O N S What does MIC do for my organization?
  • 5. Why must we engage in MIC?  Department of the Navy’s Internal Control Manual – SECNAV M-5200.35  SECNAV Instruction 5200.35E  OMB Circular A-123  GAO Standards For Internal Control  DoD Instruction 5010.40 (MIC) Program Procedures  DoD FY 2009 Guidance For Preparation Of The Annual SOA  DoD FY 2011 Internal Control Over Financial Reporting Guidance  Federal Managers Financial Integrity Act Of 1982 (FMFIA)
  • 6. K E Y S T O S U C C E S S F O R A N E F F E C T I V E M I C P R O G R A M : LEADERSHIP EMPHASIS:  A MIC Program must be supported by top leadership. EDUCATION AND TRAINING:  Managers at all levels must understand the importance of internal controls. MONITORING AND REPORTING :  Monitoring progress and reporting results are essential. How can I make MIC a success?
  • 8. MIC Plan An executive summary which captures the command’s approach in maintaining an internal control program Considered a Road Map to new MIC Coordinators
  • 9.
  • 10.
  • 12. T H E P R O C E S S O F S E G M E N T I N G A N O R G A N I Z A T I O N I N C L U D E S : 1 ) I D E N T I F Y I N G M A J O R C O M P O N E N T S O R P R O G R A M S 2 ) D I V I D I N G T H E C O M P O N E N T S I N T O A S S E S S A B L E U N I T S 3 ) R E L A T I N G A S S E S S A B L E U N I T S T O R E S P O N S I B L E M A N A G E R S Segmenting the Organization
  • 13. Inventory of Assessable Units (AU) Develop an Inventory of AUs that:  Are divisions of major components, functions, or programs  Have clear limits or boundaries  Are identifiable to a specific responsible manager  Constitute the entire organization
  • 14. Functional Area Sub-segment Department  Research, Development, Test and Evaluation  Major Systems Acquisition  Procurement  Contract Administration  Force Readiness  Manufacturing, Maintenance and Repair  Supply Operations  Property Management  Communications and/or Intelligence and/or Security  Information Technology  Personnel and/or Organizational Management  Comptroller and/or Resource Management  Support Services  Security Assistance  Other (Transportation)  Financial Statement Reporting  N01  N1  N3  N4  N5  N6  N7  N8  N9 Segmenting the Organization
  • 16. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION ASSIGN RESPONSIBILITY
  • 17. MIC Coordinator Top Leadership  Ensure requirements are communicated and completed on time  Coordinate efforts to prepare a MIC Plan and MIC Certification Statement  Monitor the performance and results of risk assessments and reviews  Obtain MIC training  Establish of internal controls to provide reasonable assurance requirements are met  Maintain an inventory of assessable units  Perform risk assessments and internal control reviews.  Submit an annual overall MIC Certification Statement  Monitor and improve internal controls What is my role?
  • 18. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS ASSIGN RESPONSIBILITY
  • 19. Flowcharting This chart represents some of the most commonly used flowchart symbols Symbols may very by source
  • 20.
  • 21. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL ASSIGN RESPONSIBILITY
  • 22. The three phases of a risk assessment generally include: Identifying a risk that potentially impacts the organization’s mission and objectives Assessing the impact and likelihood of that risk Responding to the risk with appropriate controls IDENTIFY ASSESS RESPOND
  • 23. R I S K I D E N T I F I C A T I O N O C C U R S A S A R E S U L T O F C O N S I D E R A T I O N O F F I N D I N G S F R O M A U D I T S , E V A L U A T I O N S , A N D O T H E R A S S E S S M E N T S I D E N T I F I C A T I O N O F R I S K S R E S U L T I N G F R O M B U S I N E S S , P O L I T I C A L , A N D E C O N O M I C C H A N G E S A R E D E T E R M I N E D R I S K S T O T H E A G E N C Y A S A R E S U L T O F P O S S I B L E N A T U R A L C A T A S T R O P H E S O R C R I M I N A L O R T E R R O R I S T A C T I O N S A R E T A K E N I N T O A C C O U N T R I S K S P O S E D B Y N E W L E G I S L A T I O N O R R E G U L A T I O N S A R E I D E N T I F I E D Risk Identification
  • 24. Risk Identification A risk assessment determines where potential hazards exists that might prevent the organization from achieving its objectives. Asking the following questions may also help to identify risks:  What could go wrong in the process?  What processes require the most judgment?  What processes are most complex?  What must go right for proper reporting?  How do we know whether we are achieving our objectives?  Where are our vulnerable areas?
  • 25. Business Risk Types Are we at risk of a threat to mission, threat to resources, or threat to image?  Financial risk - Loss of assets or available operating or capital budget  Human resources risk - Management and staff are not sufficient to meet needs and mission of organization  Reputation risk - Negative public opinion  Technology risk - Systems and technology tools, in design and operation, do not allow achievement of mission  Strategic risk - Mission or strategic plan does not support overall DON objectives  Operational risk - Operational policies and procedures do not sufficiently control business to allow achievement of mission  Environmental risk - Operations negatively impact the environment
  • 26. GAO Risk Types For each risk identified in a process, a control activity should be identified and documented in the risk assessment. The GAO identifies three types of risk: 1) Inherent risk - The original susceptibility to a potential hazard or material misstatement, assuming there are no related specific control activities. 2) Control risk - The risk that a hazard or misstatement will not be prevented or detected by the internal control. 3) Combined risk - The likelihood that a hazard or material misstatement would occur and not be prevented or detected on a timely basis by the agency's internal control.
  • 27. Threat Types  Threat to Mission - Is there a threat to achieving the mission of the organization. Threats to Mission include:  impaired fulfillment of essential mission or operations  unreliable information causing unsound management decisions  violations of statutory or regulatory requirements  impact on information security  depriving the public of needed Government services  Threat to Resources - Is there a threat to physical, financial or human resources. When a control deficiency has a clear dollar value associated with it, anything greater than one percent (1%) of the organization’s budget would be considered material.  Threat to Image - Consider the impact on the organization’s image does it bring substantial negative publicity. Threats to Image may include:  sensitivity of the resources involved (e.g., drugs, munitions)  current or probable Congressional and / or media interest  diminished credibility or reputation of management
  • 29. M E T H O D S U S E D B Y P R O G R A M M A N A G E R S T O E N S U R E A C H I E V E M E N T O F O B J E C T I V E S A N D T O S A F E G U A R D T H E I N T E G R I T Y O F T H E I R P R O G R A M S . C O N T R O L A C T I V I T I E S A R E E S T A B L I S H E D T O M A N A G E A N D M I T I G A T E T H E I D E N T I F I E D R I S K S . E X A M P L E S O F C O N T R O L A C T I V I T I E S A R E P R O C E S S O W N E R S H I P , T R A N S A C T I O N A P P R O V A L S , S E P A R A T I O N O F D U T I E S , A N D P E R F O R M A N C E M E A S U R E M E N T S . I N T E R N A L C O N T R O L S E N S U R E T H E A C C O M P L I S H M E N T O F O B J E C T I V E S ; C O M P L I A N C E W I T H L A W S A N D R E G U L A T I O N S ; R E L I A B L E A N D T I M E L Y I N F O R M A T I O N A N D E F F I C I E N T O P E R A T I O N S . Internal Controls
  • 30. I N T E R N A L C O N T R O L S P R O V I D E R E A S O N A B L E A S S U R A N C E T H A T T H E F O L L O W I N G A R E T R U E :  C O M P L I A N C E W I T H L A W S A N D R E G U L A T I O N S  A C C O M P L I S H M E N T O F O B J E C T I V E S  R E L I A B L E A N D T I M E L Y I N F O R M A T I O N F O R D E C I S I O N M A K I N G  E F F I C I E N T O P E R A T I O N S  S A F E G U A R D I N G O F R E S O U R C E S F R O M W A S T E , F R A U D , A B U S E A N D M I S M A N A G E M E N T What purpose do controls serve?
  • 31. PREVENTATIVE DETECTIVE  DETER UNDESIRABLE EVENTS FROM OCCURRING. PREVENTATIVE CONTROLS SHOULD BE DESIGNED TO DISCOURAGE ERRORS AND IRREGULARITIES FROM OCCURRING  DETECT AND CORRECT UNDESIRABLE EVENTS THAT HAVE OCCURRED. DETECTIVE CONTROLS SHOULD BE DESIGNED TO IDENTIFY AN ERROR OR IRREGULARITY AFTER IT HAS OCCURRED Types of Controls
  • 32. DIRECTIVE CORRECTIVE  CAUSE OR ENCOURAGE A DESIRABLE EVENT TO OCCUR. DIRECTIVE CONTROLS SHOULD BE DESIGNED TO ASSIST IN ACCOMPLISHING GOALS AND OBJECTIVES  ARE AIMED AT RESTORING THE SYSTEM TO ITS EXPECTED STATE. CORRECTIVE CONTROLS CAN TERMINATE THE AFFECTED PROCESS, REVERSE THE ERROR, OR REMEDY THE RESULTS OF THE ERROR Types of Controls
  • 33. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT ASSIGN RESPONSIBILITY
  • 34. Conducting Risk Assessments Risk assessments can vary in format; however, documentation should:  Identify the risks to the accomplishment of the assessable unit’s objectives  Identify the level of inherent risk (high, moderate, low)  Identify the level of control risk (high, moderate, low)  Identify the level of combined risk (high, moderate, low)  Document any existing controls that are in place to mitigate the risk
  • 35. Conducting Control Assessments Internal control assessments can vary in format; however, documentation should:  Relate each control to a specific risk  Identify the control test objective to validate assumed level of control risk  Describe the design of the control that will be tested  State effectiveness of the control design based on the test performed  Describe how the operation of the control was tested  State effectiveness of the control operation based upon the test performed
  • 36. RA, Control Test, and CA easy three step process
  • 38.
  • 40. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT DOCUMENT FINDINGS ASSIGN RESPONSIBILITY
  • 41. Documentation DON anticipates the MIC Program will become Auditable. Here is what you need to stay on track:  MIC Plan  Inventory of Assessable Units (AU)  Risk Assessments (RA)  Internal Control Assessments  Statement of Assurance (SOA)
  • 42. MIC Process DEVELOP MIC PLAN SEGMENT THE ORGANIZATION MAP THE PROCESS IDENTIFY RISK/CONTROL CONDUCT RISK/CONTROL ASSESSMENT DOCUMENT FINDINGS PREPARE REPORTS ON RESULTS ASSIGN RESPONSIBILITY
  • 43.  D I R E C T E D B Y T H E O V E R S I G H T P L A N N I N G B O A R D ( O P B ) C H A R T E R O F 1 5 J U N 0 4  1 3 F U N C T I O N A L C A T E G O R I E S  R E P O R T E D T O N A V A L A U D I T S E R V I C E A N D N A V I G  D A T A C A L L C O N D U C T E D F E B / M A R T I M E F R A M E  P R O V I D E D W E B - B A S E D D A T A E N T R Y T O O L O N L I N E T O S U B M I T R I S K A N D O P P O R T U N I T Y  O N L Y E C H E L O N I I A N D A B O V E G E T A C C E S S Risk and Opportunity Assessment (ROA)
  • 44. Functional Categories Risks and Opportunities are grouped into 13 Functional Areas 1) Acquisition Integrity/Fraud 2) Anti-Terrorism/Force Protection 3) Education and Training 4) Environmental Protection and Safety 5) Facilities and Real Property Management 6) Financial Management 7) Force Readiness and Fleet Operations 8) Healthcare and Member Support Services 9) Information Technology Management 10)Intelligence and Classified Programs 11) Logistics, Supply, and Maintenance Ops 12) Manpower and Personnel 13) Systems Acquisition and Acquisition Logistics
  • 45. Sample Risk and Opportunity Risk:  Stand-alone NOSC facilities are not in compliance with ATFP criteria. NOSC facilities are under the purview of CNIC, but despite efforts to update OPNAVINST 3300.53B, this instruction has not been updated  New Navy Reserve accessions often do not meet mobilization standards Opportunity:  NAVRESFOR is unable to use DTS to book travel requirements and process travel claims at this time. Legacy business processes require NAVPTO involvement and a manpower intensive process at the CTO to book Navy Reserve travel arrangements
  • 46.
  • 47. A N A N N U A L R E P O R T T H A T C E R T I F I E S T H E S E C N A V ’ S L E V E L O F R E A S O N A B L E A S S U R A N C E C E R T I F I E S T H E O V E R A L L A D E Q U A C Y A N D E F F E C T I V E N E S S O F I N T E R N A L C O N T R O L S W I T H I N T H E D O N A V E N U E T O R E P O R T P O T E N T I A L “ N A V Y - W I D E ” I S S U E S B A S E D O N I N P U T S F R O M T H E F I E L D C O M P R I S E D O F W E A K N E S S E S A N D A C C O M P L I S H M E N T S I N D E N T I F I E D B Y A S S E S S M E N T F I N D I N G S P R O V I D E S M O N I T O R I N G A N D T R A C K I N G O F C O R R E C T I V E A C T I O N S Statement of Assurance (SOA)
  • 49. Reasonable Assurance  An unqualified statement of assurance - reasonable assurance with no material weaknesses reported.  A qualified statement of assurance - reasonable assurance with exception of one or more material weakness(es) noted.  A statement of no assurance - no reasonable assurance because no assessments conducted or the noted material weaknesses are pervasive.
  • 50. Determining Materiality What constitutes a “material” weakness? Materiality is a management judgment. It is difficult to apply a strict formula to determine whether something is or is not material  Is the issue control-related?  Is the issue command/activity-wide?  Does the issue pose a Threat to Mission, Resources, or Image? * An issue is only material if it affects your organization as a whole
  • 51. Material Weakness Criteria Material Weakness guidelines exist within DoD Instruction 5010.40. A Material Weakness must satisfy two conditions:  It must be a deficiency in which existing internal controls do not provide reasonable assurance that the objectives of the MIC Program are being met. In effect, the weakness results from internal controls that are not in place, not used, or not adequate.  It must be a deficiency that requires the attention of the next higher level of management. Managers should report a weakness to the next higher level if doing so is required to resolve the issue. A manager should also consider reporting a weakness to the next higher level if it is serious enough to bring to their attention (even if the issue can be resolved at the reporting manager's level).
  • 52. SOA Online Tool The Tool encompasses all four segments of the SOA reporting requirements:  New Weaknesses  Prior Period Weaknesses  Accomplishments  Management Control Certification Statement Efficiency: Streamlines SOA data collection and reporting process Access: Easy access to submit updates and certification statements Monitoring: Provides a mechanism to track accomplishments and weaknesses Consolidation: Acts as a central database and stores historical data Consistency: Templates in the tool assist in completing certification statement
  • 53. SOA Tool New MIC Coordinators go to: <https://www/fmosystems.na vy.mil/soa/login/index.cfm?fus eAction=Logout> Here MIC Coordinators request access to the SOA Tool and prepare the annual SOA Certification Statement
  • 54.
  • 58. Self-Assessment Tool Available at the FMO Systems website: <http://www.fmo.navy.mil/fin_imp/mic/tools_index.htm> Web-based Tool to provide Commands "current state” measurement of their MIC Program. This tool will help Leaders answer the following Internal Control questions:  Are they designed well?  Are they functioning as designed?  Are further improvements needed?

Editor's Notes

  1. These threat types are associated with an identified risk.
  2. Have class members read criteria for this slide