MCR Basics
Where ROs should submit their MCR?
What is the MCR_Mailbox?
The first component of the internal control system.
What is Control Environment?
A document that is sent to the RO that is used to note the revisions of a MCR submission.
What is the MCR Checklist w/ Comments?
A process effected by an oversight body, management, and other personnel, designed to provide reasonable assurance that the objectives of an entity will be achieved.
What is an internal control process?
Provides the overall framework for establishing and maintaining an effective internal control system.
What is the Standards for Internal Control in the Federal Government (GAO Green Book)?
Documents the agency's internal control system, identify and respond to risks, and meet FMIA reporting requirments.
What is the Management Control Review (MCR)?
Actions that management establishes through policies and procedures as part of the control activities component to specifically mitigate risks.
What are control techniques?
Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring.
What are the five components of the Standards for Internal Control in the Federal Government (GAO Green Book)?
Requires the Comptroller General to issue standards for internal control in the federal government.
What is the requirements of FMFIA?
Provides assurance that controls are in place and effective.
What is the Responsible Official (RO) Certification Memo?
When inherent risk score equals mitigated risk score.
What is an out-of-tolerance control technique?
Provides specific requirements for assessing and reporting on controls in the federal government.
What is OMB Circular A-123?
Informs the agency’s FMFIA reporting and supports the management assurances in the annual Performance and Accountability Report (PAR).
What is the MCRC's assessment?
Document justification explaining why a CAP is not required.
What management should do when a control is rated out-of-tolerance but has been deemed obsolete?
Operations, Reporting, and Compliance.
What are the categories where risks can be classified.