1. 1 October ASMC Monthly Luncheon Holiday Inn Eisenhower Avenue, Alexandria, VA October 17, 2007 Army Manager’s Internal Control program Presented by: Mr. John J. Argodale Deputy Assistant Secretary of the Army (Financial Operations)

2. 2 Federal Managers’ Financial Integrity Act (FMFIA) of 1982 – Establishes specific requirements with regard to management controls. The agency head must establish controls that reasonably ensure that (i) obligations and costs comply with applicable law, (ii) assets are safeguarded against waste, loss, unauthorized use or misappropriation, and (iii) revenues and expenditures are properly recorded and accounted for. The Act encompasses program, operational, and administrative areas as well as accounting and financial management. OMB Circular A-123 – Defines management’s responsibility for internal control in Federal agencies. A re-examination of the existing internal control requirements for Federal agencies was initiated in light of the new internal control requirements for publicly-traded companies contained in the Sarbanes-Oxley Act of 2002. Circular A-123 and the statute it implements, the FMFIA, are at the center of the existing Federal requirements to improve internal controls. OMB Circular A-123 Appendix A – The circular provides updated internal control standards and new specific requirements for conducting management’s assessment of the effectiveness of internal control over financial reporting (ICOFR) Army Manager’s Internal Control program

3. 3 Management’s Responsibility Management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. Internal control, in the broadest sense, includes the plan of organization, methods and procedures adopted by management to meet its goals. Management is responsible for developing and maintaining internal control activities that comply with the following standards to meet the objectives: Control Environment Risk Assessment Control Activities Information and Communications, and Monitoring

4. Management’s Responsibility Continued Management should identify internal and external risks that may prevent the organization from meeting its objectives. When identifying risks, management should take into account relevant interactions within the organization as well as with outside organizations Identified risks should be analyzed for their potential effect or impact on the agency 4

5. 5 Over AllQualified ICOFR No Assurance Army Manager’s Internal Control program

6. 6 FRisk: The uncertainty of an event occurring that could have an impact on the achievement of objectives. FRisk assessment: A systemic process for assessing and integrating professional judgments about probable adverse conditions and/or events. FRisk management: The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects. Key “Risk” Definitions “Risk in itself is not bad; risk is essential to progress, and failure is often a key part of learning. But we must learn to balance the possible negative consequences of risk against the potential benefits of its associated opportunity.” [Van Scoy, Roger L. Software Development Risk: Opportunity, Not Problem. Software Engineering Institute, CMU/SEI-92-TR-30, ADA 258743, September 1992]

7. 7 Army Risk Factors FFraud, waste, abuse, or mismanagement of government resources FEffect on combat readiness or program accomplishment FIllegal acts FPolitical sensitivity or media interest FEffect on safety, health, security or morale FSystemic weaknesses—might result in recurring problems FMinor deficiencies that become significant in the aggregate FPreviously identified problems not being corrected

8. 8 FYields disciplined analytical approach to evaluation FHighlights potential risks in the organization that might otherwise be unknown FFosters dedicated audit coverage to high-risk areas FAllocates resources where pay-back is greatest FProvides a tool for management to gauge or assess enterprise risk The Value of Risk-Based Planning

9. 9 FTactical Level: –“a potent arm in the Commander’s arsenal much like a rifle or an artillery round is to a Soldier in the kinetic fight.” COL Thomas Horlander, MNCI CJ8 F Strategic Level: –An enabler that develops capabilities for an adaptive Army in an environment of persistent conflict Money as a Strategic Weapon

10. 10 F Cost of the Army –Depreciation measures aging equipment in an Army increasingly reliant on technology and equipment F Controls – Defense Travel System (DTS) – Wide Area Work Flow (WAWF) – Funds Control Module (FCM) – Temporary Change of Station (TCS) Army CFO Priorities

11. 11 F Senior Leadership Engagement F Analytical Toolset F Disciplined Decision-Making Adopting a Cost Culture: 3 Conditions

12. 12 Need for Additional Controls F NEED TO HOLD MANAGERS ACCOUNTABLE F NEED TO MAKE MICP MORE THAN A PAPER DRILL F CONTROLS ENABLE THE ARMY TO BE GOOD STEWARD OF RESOURCES F BETTER CONTROLS MEAN BETTER VISIBILITY OVER RESOURCES AND THE EFFECTIVENESS OF OPERATIONS