Module 1 Section 3 - Management's Responsibility for Enterprise Risk Management and Internal Control PDF
Document Details
Tags
Summary
This document outlines the responsibilities for enterprise risk management and internal control, including components, framework, and requirements. It covers topics such as definitions, types of risks, and controls. It also details the importance of internal controls in achieving organizational objectives.
Full Transcript
**MOD 1, Section/Module 3 - MANAGEMENT'S RESPONSIBILITY FOR ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL - - 20 Questions (25% Test)** **Lesson 1 & 2 -- Noted Test Areas** 1. Enterprise Risk Management (ERM) and Internal Control (IC) are components of a governance framework. a. ERM a...
**MOD 1, Section/Module 3 - MANAGEMENT'S RESPONSIBILITY FOR ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL - - 20 Questions (25% Test)** **Lesson 1 & 2 -- Noted Test Areas** 1. Enterprise Risk Management (ERM) and Internal Control (IC) are components of a governance framework. a. ERM as a discipline deals with identifying, assessing, and managing risks. b. Internal control is a process effected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. 2. 5 Framework Responsibilities c. Establishing and achieving goals and objectives d. Seizing opportunities to improve effectiveness and efficiency of operations e. Providing reliable reporting f. Maintaining compliance with relevant laws and regulations g. Implementing management practices that effectively identify, assess, respond, and report on risks 3. Center of ERM & IC Requirements h. OMB Circular A-123 i. Requires each agency to develop a risk profile, includes 7 components 1. ID Objectives 2. ID Risk 3. Inherent Risk Assessment 4. Current Risk Response 5. Residual Risk Assessment 6. Proposed Risk Response 7. Proposed Action Category ii. Internal Control Over Reporting (ICOR) \[was previously Internal Control Over Financial Reporting (ICOFR)\] -- provide assurance testing for financial reports iii. Federal Information System Controls Audit Manual (FISCAM) - originally issued by GAO in January 1999, presents a methodology for performing information system control audits. Two types of controls (1) General Controls, (2) Business Process Controls. i. Federal Managers\' Financial Integrity Act (FMFIA) of 1982 -- ALSO known as Integrity Act iv. Section 2 (31 U.S.C. 3512(d)(2)) FMFIA requires Annual Statement of Assurance - head of each executive agency annually submit to the President and Congress j. A-123 & FMFIA reinforces Government Performance and Results Act Modernization Act (GPRAMA) k. Government Accountability Office (GAO) Standards for Internal Control in the Federal Government (the Green Book) 4. Agencies complete Annual Risk Profile and submit external in Agency Financial Report (AFR) or the Performance and Accountability Report (PAR). 5. Leading ERM and Internal Controls international standards setters l. Committee of Sponsoring Organizations of the Treadway Commission (COSO) m. International Organization for Standardization (ISO) 6. ERM Definition n. Agency-wide approach to addressing the full spectrum of the organization's external and internal risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos. 7. Major Types of Risk o. Inherent p. People q. Control 8. Shared Service Providers r. Management is still responsible for processes and user controls of 3^rd^ party, must monitor the process as whole 9. Internal Controls provide reasonable assurance that: s. Programs achieve intended results t. Resources used efficiently u. Protection from waste, fraud, mismanagement v. Laws and regulations followed w. Financial reporting reliable and accurate 10. 5 Components of Internal Controls x. Control environment y. Risk assessment z. Control activities a. Information and communication b. Monitoring 11. Internal Control Deficiencies c. Control deficiency d. Significant deficiency -- reported internal e. Material weakness -- reported external -- AFP/PAR 12. OMB Circular No. A-130, Appendix I f. Responsibilities for Protecting and Managing Federal Information Resources, Security Programs/Privacy Programs 13. Annual Statements -- Levels of Assurance g. Unmodified statement of assurance -- effective, no material weakness h. Modified statement of assurance -- effective, one or more material weakness i. Statement of no assurance -- no assessments, material weakness pervasive
