Download - MIC A Practical Approach
![Page 1: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/1.jpg)
THIS TRAINING SEMINAR INCORPORATES TOPICS FROM A VARIETY OF MIC
PROGRAM MATERIAL
MIC A Practical Approach
YN2 Austin Skidmore, NRMW RCC (N5)
![Page 2: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/2.jpg)
Training Objectives
Gain an advanced understanding of MIC requirements
Become familiar with MIC terminology and expectations
Understand MIC reporting procedure
Learn to conduct risk and control assessmentsBe able to develop an Inventory of Assessable
UnitsProvide knowledge that is both relevant to
Commanding Officers and practical to front line MIC Coordinators
![Page 3: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/3.jpg)
COLLECTION OF CONTROL SYSTEMS A COMMAND HAS ESTABLISHED TO ACCOMPLISH ITS MISSION
PRACTICES ADOPTED MANAGEMENT TO PROVIDE ASSURANCE THAT PROGRAMS CARRIED OUT IN ACCORDANCE WITH ESTABLISHED OBJECTIVES
SYSTEM OF CONDUCTING PERIODIC REVIEWS OF PROCESS EFFECTIVENESS
PROGRAM THAT INTENDS TO ELIMINATE OR REDUCE FRAUD, WASTE, ABUSE AND MISMANAGEMENT
What is MIC?
![Page 4: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/4.jpg)
A N E F F E C T I V E M I C P R O GR A M H E L P S I D E N T I F Y A N D C O R R E C T W EA K N E SS E S W I T H I N A N O R G A N I Z AT I O N. B EN E F I T S O F A N EF F EC T I V E M I C P R O G R A M I N C LU D E :
1) V I S I B I L I T Y I N T O O R G A N I Z AT I O N A L W E A K N E SS E S
2 ) A B I L I T Y T O A N T I C I PAT E P O T E N T I A L O R S Y S T EM I C W EA K N E SS E S
3 ) P R O C ESS ES T O C O R R EC T W EA K N E SS E S B E F O R E T H EY B E C O M E D E T R I M E N TA L T O T H E O R G A N I Z AT I O N
4 ) C O M P L I A N C E W I T H T H E F E D E R A L M A N A G E R S ’ F I N A N C I A L I N T EG R I T Y A C T ( F M F I A ) A N D O T H ER L AW S A N D R E G U L AT I O N S
What does MIC do for my organization?
![Page 5: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/5.jpg)
Why must we engage in MIC?
Department of the Navy’s Internal Control Manual – SECNAV M-5200.35
SECNAV Instruction 5200.35E
OMB Circular A-123 GAO Standards For Internal Control DoD Instruction 5010.40 (MIC) Program Procedures DoD FY 2009 Guidance For Preparation Of The Annual SOA DoD FY 2011 Internal Control Over Financial Reporting Guidance Federal Managers Financial Integrity Act Of 1982 (FMFIA)
![Page 6: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/6.jpg)
KEYS TO SUCCESS FOR AN EFFECTIVE MIC PROGRAM:
LEADERSHIP EMPHASIS : A MIC Program must be supported by top leadership.
EDUCATION AND TRAINING :
Managers at all levels must understand the importance of internal controls.
MONITORING AND REPORTING :
Monitoring progress and reporting results are essential.
How can I make MIC a success?
![Page 7: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/7.jpg)
MIC Process
DEVELOP MIC PLAN
![Page 8: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/8.jpg)
MIC Plan
An executive summary which captures the command’s approach in maintaining an internal control program
Considered a Road Map to new MIC Coordinators
![Page 9: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/9.jpg)
![Page 10: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/10.jpg)
![Page 11: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/11.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
![Page 12: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/12.jpg)
THE PROCESS OF SEGMENTING AN ORGANIZATION INCLUDES:
1) IDENTIFYING MAJOR COMPONENTS OR PROGRAMS
2) DIVIDING THE COMPONENTS INTO ASSESSABLE UNITS
3) RELATING ASSESSABLE UNITS TO RESPONSIBLE MANAGERS
Segmenting the Organization
![Page 13: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/13.jpg)
Inventory of Assessable Units (AU)
Develop an Inventory of AUs that:
Are divisions of major components, functions, or programs
Have clear limits or boundaries
Are identifiable to a specific responsible manager
Constitute the entire organization
![Page 14: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/14.jpg)
Functional Area Sub-segment Department
Research, Development, Test and Evaluation
Major Systems Acquisition Procurement Contract Administration Force Readiness Manufacturing, Maintenance and Repair Supply Operations Property Management Communications and/or Intelligence
and/or Security Information Technology Personnel and/or Organizational
Management Comptroller and/or Resource
Management Support Services Security Assistance Other (Transportation) Financial Statement Reporting
N01 N1 N3 N4 N5 N6 N7 N8 N9
Segmenting the Organization
![Page 15: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/15.jpg)
Sample Inventory of AUs
![Page 16: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/16.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
ASSIGN RESPONSIBILITY
![Page 17: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/17.jpg)
MIC Coordinator Top Leadership
Ensure requirements are communicated and completed on time
Coordinate efforts to prepare a MIC Plan and MIC Certification Statement
Monitor the performance and results of risk assessments and reviews
Obtain MIC training
Establish of internal controls to provide reasonable assurance requirements are met
Maintain an inventory of assessable units
Perform risk assessments and internal control reviews.
Submit an annual overall MIC Certification Statement
Monitor and improve internal controls
What is my role?
![Page 18: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/18.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
MAP THE PROCESS
ASSIGN RESPONSIBILITY
![Page 19: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/19.jpg)
Flowcharting
This chart represents some of the most commonly used flowchart symbols
Symbols may very by source
![Page 20: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/20.jpg)
![Page 21: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/21.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
MAP THE PROCESS
IDENTIFY RISK/CONTROL
ASSIGN RESPONSIBILITY
![Page 22: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/22.jpg)
The three phases of a risk assessment generally include:
Identifying a risk that potentially impacts the organization’s mission and objectives
Assessing the impact and likelihood of that risk
Responding to the risk with appropriate controls
IDENTIFY ASSESS RESPOND
![Page 23: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/23.jpg)
RISK IDENTIFICATION OCCURS AS A RESULT OF CONSIDERATION OF FINDINGS FROM AUDITS, EVALUATIONS, AND OTHER ASSESSMENTS
IDENTIFICATION OF RISKS RESULTING FROM BUSINESS,POLITICAL, AND ECONOMIC CHANGES ARE DETERMINED
RISKS TO THE AGENCY AS A RESULT OF POSSIBLE NATURALCATASTROPHES OR CRIMINAL OR TERRORIST ACTIONS ARE TAKEN INTO ACCOUNT
RISKS POSED BY NEW LEGISLATION OR REGULATIONS AREIDENTIFIED
Risk Identification
![Page 24: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/24.jpg)
Risk Identificatio
n
A risk assessment determines where potential hazards exists that might prevent the organization from achieving its objectives.
Asking the following questions may also help to identify risks:
What could go wrong in the process?
What processes require the most judgment?
What processes are most complex?
What must go right for proper reporting?
How do we know whether we are achieving our objectives?
Where are our vulnerable areas?
![Page 25: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/25.jpg)
Business Risk Types
Are we at risk of a threat to mission, threat to resources, or threat to image?
Financial risk - Loss of assets or available operating or capital budget
Human resources risk - Management and staff are not sufficient to meet needs and mission of organization
Reputation risk - Negative public opinion
Technology risk - Systems and technology tools, in design and operation, do not allow achievement of mission
Strategic risk - Mission or strategic plan does not support overall DON objectives
Operational risk - Operational policies and procedures do not sufficiently control business to allow achievement of mission
Environmental risk - Operations negatively impact the environment
![Page 26: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/26.jpg)
GAO Risk Types
For each risk identified in a process, a control activity should be identified and documented in the risk assessment.
The GAO identifies three types of risk:
1) Inherent risk - The original susceptibility to a potential hazard or material misstatement, assuming there are no related specific control activities.
2) Control risk - The risk that a hazard or misstatement will not be prevented or detected by the internal control.
3) Combined risk - The likelihood that a hazard or material misstatement would occur and not be prevented or detected on a timely basis by the agency's internal control.
![Page 27: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/27.jpg)
Threat Types
Threat to Mission - Is there a threat to achieving the mission of the organization. Threats to Mission include:
impaired fulfillment of essential mission or operations unreliable information causing unsound management decisions violations of statutory or regulatory requirements impact on information security depriving the public of needed Government services
Threat to Resources - Is there a threat to physical, financial or human resources. When a control deficiency has a clear dollar value associated with it, anything greater than one percent (1%) of the organization’s budget would be considered material.
Threat to Image - Consider the impact on the organization’s image does it bring substantial negative publicity. Threats to Image may include:
sensitivity of the resources involved (e.g., drugs, munitions) current or probable Congressional and / or media interest diminished credibility or reputation of management
![Page 28: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/28.jpg)
Categorizing Risk Level
![Page 29: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/29.jpg)
M ET H O D S U SE D BY P R O G R A M M A N A G E R S T O EN S U R E A C H I EV E M E N T O F O B J E C T I V E S A N D T O SA F E G UA R D T H E I N T E G R I T Y O F T H E I R P R O G R A M S.
C O N T R O L A C T I V I T I E S A R E E STA B L I SH E D T O M A N A G E A N D M I T I G AT E T H E I D E N T I F I E D R I S K S.
EXA M P L ES O F C O N T R O L A C T I V I T I E S A R E P R O C E SS O W N E R S H I P, T R A N S A C T I O N A P P R OVA L S, S EPA R AT I O N O F D U T I E S, A N D P E R F O R M A N C E M E A S U R EM E N T S.
I N T E R N A L C O N T R O L S E N S U R E T H E A C C O M P L I S H M EN T O F O B J E C T I V ES ; C O M P L I A N C E W I T H L AW S A N D R E G U L AT I O N S ; R E L I A B L E A N D T I M E LY I N F O R M AT I O N A N D E F F I C I E N T O P E R AT I O N S.
Internal Controls
![Page 30: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/30.jpg)
I N T E R N A L C O N T R O L S P R OV I D E R E A S O N A B L E A SS U R A N C E T H AT T H E F O L L O W I N G A R E T R U E :
C O M P L I A N C E W I T H L AWS A N D R E G U L AT I O N S
A C C O M P L I S H M E N T O F O B J EC T I V E S
R E L I A B L E A N D T I M E LY I N F O R M AT I O N F O R D EC I S I O N M A K I N G
E F F I C I E N T O P ER AT I O N S
S A F E G UA R D I N G O F R E SO U R C E S F R O M WA ST E , F R A U D, A B U S E A N D M I SM A N A G E M EN T
What purpose do controls serve?
![Page 31: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/31.jpg)
PREVENTATIVE DETECTIVE
DETER UNDESIRABLE EVENTS FROM OCCURRING. PREVENTATIVE CONTROLS SHOULD BE DESIGNED TO DISCOURAGE ERRORS AND IRREGULARITIES FROM OCCURRING
DETECT AND CORRECT UNDESIRABLE EVENTS THAT HAVE OCCURRED. DETECTIVE CONTROLS SHOULD BE DESIGNED TO IDENTIFY AN ERROR OR IRREGULARITY AFTER IT HAS OCCURRED
Types of Controls
![Page 32: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/32.jpg)
DIRECTIVE CORRECTIVE
CAUSE OR ENCOURAGE A DESIRABLE EVENT TO OCCUR. DIRECTIVE CONTROLS SHOULD BE DESIGNED TO ASSIST IN ACCOMPLISHING GOALS AND OBJECTIVES
ARE AIMED AT RESTORING THE SYSTEM TO ITS EXPECTED STATE. CORRECTIVE CONTROLS CAN TERMINATE THE AFFECTED PROCESS, REVERSE THE ERROR, OR REMEDY THE RESULTS OF THE ERROR
Types of Controls
![Page 33: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/33.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
MAP THE PROCESS
IDENTIFY RISK/CONTROL
CONDUCT RISK/CONTROL ASSESSMENT
ASSIGN RESPONSIBILITY
![Page 34: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/34.jpg)
Conducting Risk Assessments
Risk assessments can vary in format; however,documentation should:
Identify the risks to the accomplishment of the assessable unit’s objectives
Identify the level of inherent risk (high, moderate, low)
Identify the level of control risk (high, moderate, low)
Identify the level of combined risk (high, moderate, low)
Document any existing controls that are in place to mitigate the risk
![Page 35: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/35.jpg)
Conducting Control Assessments
Internal control assessments can vary in format; however,
documentation should: Relate each control to a specific risk
Identify the control test objective to validate assumed level of control risk
Describe the design of the control that will be tested
State effectiveness of the control design based on the test performed
Describe how the operation of the control was tested
State effectiveness of the control operation based upon the test performed
![Page 36: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/36.jpg)
RA, Control Test, and CA easy three step process
![Page 37: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/37.jpg)
Sample Risk Assessment
![Page 38: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/38.jpg)
![Page 39: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/39.jpg)
Sample Control Assessment
![Page 40: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/40.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
MAP THE PROCESS
IDENTIFY RISK/CONTROL
CONDUCT RISK/CONTROL ASSESSMENT
DOCUMENT FINDINGS
ASSIGN RESPONSIBILITY
![Page 41: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/41.jpg)
Documentation
DON anticipates the MIC Program will become Auditable.
Here is what you need to stay on track:
MIC Plan
Inventory of Assessable Units (AU)
Risk Assessments (RA)
Internal Control Assessments
Statement of Assurance (SOA)
![Page 42: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/42.jpg)
MIC Process
DEVELOP MIC PLAN SEGMENT THE ORGANIZATION
MAP THE PROCESS
IDENTIFY RISK/CONTROL
CONDUCT RISK/CONTROL ASSESSMENT
DOCUMENT FINDINGS
PREPARE REPORTS ON
RESULTS
ASSIGN RESPONSIBILITY
![Page 43: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/43.jpg)
DIRECTED BY THE OVERSIGHT PLANNING BOARD (OPB) CHARTER OF 15 JUN 04
13 FUNCTIONAL CATEGORIES REPORTED TO NAVAL AUDIT SERVICE AND NAVIG
DATA CALL CONDUCTED FEB/MAR TIME FRAME
PROVIDED WEB-BASED DATA ENTRY TOOL ONLINE TO SUBMIT RISK AND OPPORTUNITY
ONLY ECHELON I I AND ABOVE GET ACCESS
Risk and Opportunity Assessment
(ROA)
![Page 44: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/44.jpg)
Functional Categories
Risks and Opportunities are grouped into 13 Functional Areas
1) Acquisition Integrity/Fraud 2) Anti-Terrorism/Force Protection 3) Education and Training 4) Environmental Protection and Safety 5) Facilities and Real Property Management6) Financial Management7) Force Readiness and Fleet Operations 8) Healthcare and Member Support Services9) Information Technology Management10)Intelligence and Classified Programs 11)Logistics, Supply, and Maintenance Ops12)Manpower and Personnel 13)Systems Acquisition and Acquisition
Logistics
![Page 45: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/45.jpg)
Sample Risk and OpportunityRisk:
Stand-alone NOSC facilities are not in compliance with ATFP criteria. NOSC facilities are under the purview of CNIC, but despite efforts to update OPNAVINST 3300.53B, this instruction has not been updated
New Navy Reserve accessions often do not meet mobilization standards
Opportunity:
NAVRESFOR is unable to use DTS to book travel requirements and process travel claims at this time. Legacy business processes require NAVPTO involvement and a manpower intensive process at the CTO to book Navy Reserve travel arrangements
![Page 46: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/46.jpg)
![Page 47: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/47.jpg)
A N A N N UA L R EP O RT T H AT C E RT I F I E S T H E SE C N AV ’ S L E V E L O F R E A S O N A B L E A SS U R A N C E
C E RT I F I ES T H E OV E R A L L A D E Q UA C Y A N D E F F E C T I V EN E SS O F I N T E R N A L C O N T R O L S W I T H I N T H E D O N
AV E N U E T O R EP O RT P O T E N T I A L “N AV Y-W I D E ” I SSU E S B A S E D O N I N P U T S F R O M T H E F I E L D
C O M P R I S E D O F W E A K N E SS E S A N D A C C O M P L I S H M E N T S I N D E N T I F I E DBY A SS E SS M E N T F I N D I N G S
P R OV I D ES M O N I T O R I N G A N D T R A C K I N G O F C O R R EC T I V E A C T I O N S
Statement of Assurance(SOA)
![Page 48: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/48.jpg)
Certification Statement
Annual SOA Certification Statement Letterhead Memorandum
![Page 49: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/49.jpg)
Reasonable Assurance
An unqualified statement of assurance - reasonable assurance with no material weaknesses reported.
A qualified statement of assurance - reasonable assurance with exception of one or more material weakness(es) noted.
A statement of no assurance - no reasonable assurance because no assessments conducted or the noted material weaknesses are pervasive.
![Page 50: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/50.jpg)
Determining Materiality
What constitutes a “material” weakness?Materiality is a management judgment. It is difficult to apply a strict formula to determine whether something is or is not material
Is the issue control-related?
Is the issue command/activity-wide?
Does the issue pose a Threat to Mission, Resources, or Image?
* An issue is only material if it affects your organization as a whole
![Page 51: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/51.jpg)
Material WeaknessCriteria
Material Weakness guidelines exist within DoD Instruction 5010.40.
A Material Weakness must satisfy two conditions:
It must be a deficiency in which existing internal controls do not provide reasonable assurance that the objectives of the MIC Program are being met. In effect, the weakness results from internal controls that are not in place, not used, or not adequate.
It must be a deficiency that requires the attention of the next higher level of management. Managers should report a weakness to the next higher level if doing so is required to resolve the issue. A manager should also consider reporting a weakness to the next higher level if it is serious enough to bring to their attention (even if the issue can be resolved at the reporting manager's level).
![Page 52: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/52.jpg)
SOA Online Tool
The Tool encompasses all four segments of the SOA reporting requirements:
New Weaknesses Prior Period Weaknesses Accomplishments Management Control Certification Statement
Efficiency: Streamlines SOA data collection and reporting process
Access: Easy access to submit updates and certification statements
Monitoring: Provides a mechanism to track accomplishments and weaknesses
Consolidation: Acts as a central database and stores historical data
Consistency: Templates in the tool assist in completing certification statement
![Page 53: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/53.jpg)
SOA Tool
New MIC Coordinators go to:
<https://www/fmosystems.navy.mil/soa/login/index.cfm?fuseAction=Logout>
Here MIC Coordinators request access to the SOA Tool and prepare the annual SOA Certification Statement
![Page 54: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/54.jpg)
![Page 55: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/55.jpg)
Inputs are being recognized
![Page 56: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/56.jpg)
RCCs
CNRFC
DON
CNO
![Page 57: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/57.jpg)
Reporting Chain
CONGRESSSECDEFSECNAV
CNOCNRFC
NRMW RCCNOSC
![Page 58: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/58.jpg)
Self-Assessment Tool
Available at the FMO Systems website:
<http://www.fmo.navy.mil/fin_imp/mic/tools_index.htm>
Web-based Tool to provide Commands "current state” measurement
of their MIC Program. This tool will help Leaders answer the following
Internal Control questions:
Are they designed well?
Are they functioning as designed?
Are further improvements needed?
![Page 59: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/59.jpg)
![Page 60: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/60.jpg)
![Page 61: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/61.jpg)
![Page 62: MIC A Practical Approach](https://reader036.vdocuments.mx/reader036/viewer/2022062503/58e7c5101a28ab0a228b51c5/html5/thumbnails/62.jpg)