The Internal Controls and Management Evaluation Office performs a variety of internal control activities that provide DOC and NIST management with reasonable assurance that NIST’s internal controls are operating effectively. The Internal Controls and Management Evaluation Office (ICMEO) serves as NIST’s Senior Assessment Team (SAT), which is responsible for implementing the DOC Office of Financial Management’s (DOC-OFM) OMB Circular A-123, Appendix A review program. Results of OMB Circular A-123 internal reviews are reported to DOC-OFM with approval from the NIST Senior Management Council (SMC) and are also shared internally with NIST management through Summary of Findings and Recommendation Reports and briefings to NIST’s Enterprise Risk Management (ERM) Council. The office was established based on the Internal Controls Charter.
ICMEO services include:
- OMB Circular A-123 Audits
- DOC Entity Level Internal Controls Assessments
- Federal Managers Financial Integrity Act (FMFIA) Reporting
- Improper Payments Risk Assessments (IPRA)
- Conference Data Validation
- Ad-Hoc Internal Control Reviews
- Ad-Hoc Enterprise Risk Management-Internal Control (ERM-IC) Collaborations
- Internal Controls and Risk Validation Technical Expertise
Annual Internal Activities
ICMEO’s annually recurring internal activities include OMB Circular A-123 audits of financial controls, entity level risk assessment, erroneous payment risk assessments, and validation of NIST’s conference data reporting. In addition, ICMEO prepares NIST’s annual FMFIA Report on behalf of the NIST Director for submission to DOC’s Office of Program Evaluation and Risk Management (OPERM). The FMFIA Report summarizes all relevant internal controls activities for the fiscal year and includes the Director’s Statement of Assurance that NIST’s internal controls over its programs, financial reporting, and financial management system are operating effectively. These activities are reflected in the ICMEO Service Catalog. The schedules for these activities are based upon Department of Commerce due dates, and are presented in the A-123 Calendar.
In addition to recurring services, ICMEO provides audit and assurance services and expert guidance throughout the year on ad-hoc internal control reviews and ERM-IC collaborations as requested by DOC and NIST management.
To ensure management’s confidence in ICMEO audit results, all results are thoroughly documented by ICMEO auditors who are independent of the processes they audit. ICMEO seeks to add value for its customers by providing real time feedback to NIST management on opportunities to correct internal control deficiencies that have the potential to prevent NIST from achieving its strategic objectives