Updating MIC Manual

Updating the MICM with the recommended templates may provide the DON MICP with short-term and long-term benefits. Short-term benefits may include compliance with the Green Book and improved communication with external auditors. Long-term benefits may include more effective internal controls and increased audit readiness.

In the short-term, compliance with the Green Book is an important reason since the Green Book requires all federal agencies to address the 17 principles in addition to the five internal control standards beginning FY 2016. Therefore, the MICP may want to either revise or supplement its MICM to meet this upcoming requirement. A failure to account for the 17 principles would cause a major deficiency in DON’s internal control system since the MICM would not even meet the federal requirements listed in the Green Book.

However, failure to implement the 17 principles may cause many other major deficiencies. Such a gap may cause many internal control problems.

External auditors will assess DON internal control systems during financial audits, and not meeting any one requirement listed in the Green Book would disqualify DON from receiving a clean audit opinion due to a major deficiency in the DON internal control system.

Besides helping the MICM comply with the Green Book, the recommended templates may assist commands in communicating with external

auditors. The templates are designed to help commands present their internal controls in a way that external auditors understand since the format is similar to and based off of the COSO Framework used in the private sector. Using internal control self-assessment forms that have recognizable terminology congruent with the MICM, Green Book, and COSO Framework may help all stakeholders.

The templates may assist commands in documenting their internal controls in a manner that external auditors can quickly trace internal control deficiencies to the 17 new principles. The templates also allow commands to retain current MICM processes by continuing to use the MICM’s four documentation requirements: 1) Risk Assessment Tables, 2) Internal Control Assessment, 3) Corrective Action Plans, and 4) MIC Plan.

The MICM’s risk assessment table can accomplish the four principles associated with the risk assessment component without making any modifications. The MICM, however, may benefit from having a template that lists each principle to ensure that each is addressed and not overlooked.

Furthermore, having a template that also lists each Attribute associated with each principle may help ensure that thorough self-assessments of internal controls are in place.

The MICM’s internal control assessment example does not specify which one of the five internal control standards or 17 principles are being addressed.

This ambiguity may make it difficult for external auditors to understand how documented deficiencies relate to the Green Book’s requirements and the COSO Framework. The MICM’s control assessment table may either be modified to map each item to the corresponding internal control component or principle, or the information currently documented can instead be placed onto the recommended templates in Appendix B. This mapping process is described in Chapter V, Development of Templates.

The information currently documented within Corrective Action Plans may

component, but commands would need to document how their monitoring activities in fact fulfill the two monitoring principles. To accomplish this, the MICM’s Corrective Action Plans may either be modified to map current monitoring activities to each internal control principle or the information from commands’ current Corrective Action Plan documentation can be placed onto the recommended templates in Appendix B.

Modifying the MICM documentation requirements, specifically the MIC Plan, to align with the evolution of internal control frameworks external to DON may make command internal control systems more effective by improving the monitoring of internal control deficiencies. Furthermore, commands may benefit from the Green Book’s Attributes associated with each principle being added to the MIC Plan because it may help DON internal control systems become more effective. The recommended templates in Appendix B incorporate the Green Book’s Principles and Attributes using the Illustrative Tools and may be used to address each internal control in more detail and cover new areas previously overlooked.

Beyond the short-term potential benefits, DON may benefit in the long-term from adding the 17 principles, which are intended to help make an organization’s internal control systems more effective. Similar to how the private sector benefits from the COSO Framework, DON may likewise use it to conduct risk assessments in various areas, such as cybersecurity, supply-chain, vendor, and change management. The MICP may be more effective in mitigating risks, deterring fraud, and meeting long-term objectives.

In addition, commands may be empowered to make stronger self-assessments when preparing for external audits by having a more detailed MICM that uses a cutting-edge internal control framework found within industry.

Distributing an updated MICM to commands may bring a fresh look at internal control. The recommended templates may be a valuable tool to help management in identifying and correcting material internal control weaknesses

From a broader perspective, DOD has been unable to obtain a clean audit opinion for decades, and internal control deficiencies are one contributing factor.

Expanding the MICP’s capabilities to current internal control guidance may help commands achieve audit readiness. Audit readiness is dependent upon effective internal control systems operating without any material weaknesses. The templates may ultimately help DON establish and sustain effective internal control systems and maintain audit readiness at all times as DOD pursues its first clean audit on its financial statements.

2. Counter-Arguments to Supplementing MICM with the