MCR Basics
Where ROs should submit their MCR?
What is the MCR_Mailbox?
Provides the overall framework for establishing and maintaining an effective internal control system.
What is the GAO Green Book?
Actions that management establishes through policies and procedures as part of the control activities component to specifically mitigate risks.
What are control techniques?
The first component of the internal control system.
What is Control Environment?
A document that is sent to the RO that is used to note the revisions of a MCR submission.
What is the MCR Checklist w/ Comments?
Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring.
What are the five components of the GAO Green Book?
When inherent risk score equals mitigated risk score.
What is an out-of-tolerance control technique?
A process effected by an oversight body, management, and other personnel, designed to provide reasonable assurance that the objectives of an entity will be achieved.
What is an internal control process?
Documents the agency's internal control system, identify and respond to risks, and meets FMFIA reporting requirments.
What is the Management Control Review (MCR)?
The GAO Green Book lists 17 of these to support the design, implementation, and operations of the associated components of the internal control system.
What are the 17 Principles?
Requires the Comptroller General to issue standards for internal control in the federal government.
What is the requirements of FMFIA?
Provides assurance that controls are in place and effective.
What is the Responsible Official (RO) Certification Memo?
Provides specific requirements for assessing and reporting on controls in the federal government.
What is OMB Circular A-123?
Informs the agency’s FMFIA reporting and supports the management assurances in the annual Performance and Accountability Report (PAR).
What is the MCRC's assessment?
Document justification explaining why a CAP is not required.
What management should do when a control is rated out-of-tolerance but has been deemed obsolete?
Operations, Reporting, and Compliance.
What are the categories that management uses when grouping its objectives?