2 FAM 020
MANAGEMENT CONTROLS
(CT:GEN-538; 02-25-2019)
(Office of Origin: CGFS/DCFO)
2 FAM 021 SCOPE AND AUTHORITY
2 FAM 021.1 Policy and Scope
(CT:GEN-401; 01-10-2013)
a. The Department of State must maintain effective
systems of management controls (also referred to as internal controls). All
levels of management are responsible for ensuring adequate controls over all
Department operations. New organizations, programs, or functions must
incorporate effective systems of management controls.
b. All Department managers (domestic and at post) must
establish cost-effective systems of management controls to ensure U.S.
Government activities are managed effectively, efficiently, economically, and
with integrity. Responsibility for preventing fraud and waste is not solely
confined to financial or internal audit personnel. Each manager and
supervisor, whether in accounting, administration, program, or budget, is
responsible for management controls. A sound management control process is a
dynamic, cost-saving management tool. Management control programs must be
designed to provide reasonable assurance regarding the prevention of or prompt
detection of errors, irregularities, and mismanagement.
c. As required by the Federal Managers' Financial
Integrity Act (FMFIA), all management control systems must incorporate the
Government Accountability Office (GAO) Internal Control Standards. Department
of State managers must:
(1) Evaluate such systems on an ongoing basis;
(2) Correct detected deficiencies in such systems;
(3) Perform risk assessments as circumstances warrant,
but not less than every 5 years;
(4) Undertake management control reviews once a need
is determined; and
(5) Review and report on the adequacy of the
Departments control systems annually in support of the Secretarys annual
assurance statement to the President and the Congress.
d. The management control program applies to all
program, administrative, operational, and financial areas of the Department.
2 FAM 021.2 Authorities and
Requirements
(CT:GEN-505; 05-21-2018)
The authority to establish, maintain, evaluate, improve,
and report on management controls throughout the Department is derived from the
statutory requirements listed in this section. The relevant U.S. Office of
Management and Budget (OMB) guidance and the U.S. Government Accountability
Office (GAO) internal control standards for implementing these requirements are
also noted. Additional statutory requirements are contained in OMB Circular
A-123, Section III:
(1) Accounting and Auditing Act of
1950, as amended: This Act requires the head of each executive agency
to establish and maintain adequate systems of internal accounting and
administrative controls; i.e., internal controls;
(2) Federal Managers' Financial
Integrity Act (FMFIA) of 1982, 31 U.S.C. 3512: This Act amended the
Accounting and Auditing Act of 1950 to require ongoing evaluations and reports
of the adequacy of the systems for internal accounting and administrative
control of each executive agency. It includes the following additional
requirements and objectives:
(a) Internal accounting and administrative control
standards are to be prescribed by the Comptroller General (Standards for
Internal Control in the Federal Government, issued in 1999, revised);
(b) Evaluations are to be conducted by each executive
agency of its system of internal accounting and administrative control in
accordance with guidelines established by the Director of the Office of
Management and Budget in OMB Circular A-123; and
(c) An annual statement of assurance is to be submitted
by the head of each executive agency to the President and the Congress on the
status of the agencys systems of management controls and whether the agencys
financial management systems conform to Government-wide requirements;
(3) Chief Financial Officers Act of
1990, 31 U.S.C. 902, Public Law 101-576: This Act has as one of its
stated purposes the improvement of systems of accounting, financial management,
and internal controls to assure the issuance of reliable financial information
and to deter fraud, waste, and abuse of U.S. Government resources;
(4) Improper Payments Elimination and
Recovery Act (IPERA) of 2010, Public Law 111-204, which amended the
Improper Payments Information Act of 2002, Public Law 107-300: This Act
requires that agencies periodically review all programs and activities that the
agency head administers and identify all program and activities that may be
susceptible to significant improper payments, and have a cost-effective
recapture audit program to identify and collect overpayments and other improper
payments;
(5) OMB Circular A-123, as amended,
Managements Responsibility for Internal Control: This circular promulgates
a U.S. Government-wide internal control policy and a system of agency
responsibilities and requirements. Its purpose is to address instances of
fraud, waste, and abuse of Government resources and mismanagement of Government
programs resulting from deficiencies in internal controls or deficiencies in
compliance with internal controls. The circular provides guidance to Federal
managers on improving the accountability and effectiveness of Federal programs
and operations by establishing, assessing, correcting, and reporting on
management controls. The circular has specific appendices that address
controls over financial reporting (Appendix A); the U.S. Government charge card
program (Appendix B); and payments made under IPERA (Appendix C). The circular
requires each agency head to report annually on management control through
management assurance statements (overall FMFIA assurance). In addition to, and
as a component of the overall FMFIA assurance statement, the agency head must
provide an assurance statement on the effectiveness of internal control over
financial reporting;
(6) OMB Circular A-123 Appendix D, as
amended, Financial Management Systems: This circular prescribes policies
and standards for executive departments and agencies to follow in developing,
operating, evaluating, and reporting on financial management systems; and
(7) Government Accountability Office
(GAO) Standards for Internal Control in the Federal Government, as
revised: The FMFIA requires the GAO to issue standards for internal controls
in Government. The standards provide the overall framework for establishing
and maintaining internal control and for identifying and addressing major
performance and management challenges and areas at greatest risk of fraud,
waste, abuse, and mismanagement.
2 FAM 021.3 Definitions
(CT:GEN-401; 01-10-2013)
Assessable unit: Any
Department segment having one or more management control system upon which
periodic risk assessments must be performed. The individual assessable unit
should be of an appropriate nature and size to facilitate a meaningful risk
assessment. All Department segments must be assessed, with the exception of
those involved in statutory development or interpretation or other
discretionary policymaking processes.
Control deficiency: An
inadequacy in a design or operation of a control that does not allow management
or employees, in the normal course of their assigned functions, to prevent or
detect misstatements on a timely basis and to meet the organizations internal
control objectives.
Corrective action plan (CAP):
A document that is developed by management for all material weaknesses and
significant deficiencies identified either for program or financial reporting.
The CAP specifically identifies an overall corrective action accountability
official; describes the significant deficiencies; and lists and provides a
status of corrective actions and a timeline for resolution. CAPs for program
or financial reporting are tracked internally by either the Management Control
Steering Committee (MCSC) or the Senior Assessment Team (SAT).
Corrective action review (CAR): The
method by which the action taken by Department managers to correct material
weaknesses and significant deficiencies are validated to ensure the intended
results were achieved and adequate management controls were established and are
working. Normally coordinated by the bureau or office management control
coordinator, the CAR will be completed within 1 year of reporting the material
weakness or significant deficiencies as corrected or downgraded to a
deficiency. Results of the CAR are reportable to the Management Control
Steering Committee.
Department segment: A
component (organization, program, operation, or function) having a specific,
responsible manager, which can be considered as an assessable unit.
Evaluation and corrective action
documentation: The documents that explain and support the results of
corrective action reviews and must be maintained for risk assessments,
management control reviews, and follow-up corrective actions. They should
contain the methodology used; the personnel involved and their roles; the key
factors considered; the evidence reviewed; and the conclusions reached. This
information will be useful for reviewing the validity of conclusions reached;
evaluating the performance of individuals and the effectiveness of controls
involved in the assessments and reviews; and for performing subsequent
assessments and reviews. The incumbent manager of the segment must retain this
documentation for a period of not less than 3 years.
General control environment:
The reflection of the overall attitude, awareness, and actions of management
concerning the importance of controls and its emphasis in the Department
segment. Such factors include, but are not limited to, the following:
(1) Management emphasis on management control;
(2) Organizational structure;
(3) Policies and procedures;
(4) Delegation and communication of authority and
responsibility;
(5) Personnel;
(6) Procurement practices; and
(7) Knowledge of and enforcement of a code of conduct.
Improper payment: Any payment
that should not have been made or that was made in an incorrect amount
(including overpayments and underpayments) under statutory, contractual,
administrative, or other legally applicable requirements. Improper payment
also includes any payment to an ineligible recipient, payment for an ineligible
good or service, a duplicate payment, or payment for a good or service not
received (except for such payments where authorized by law).
Inherent risk: The potential
for waste, loss, unauthorized use, or misappropriation due solely to the nature
of an activity itself. Unacceptable or highly undesirable risk becomes the
basis for establishing and maintaining management controls.
Internal control/management control:
The plan of organization, policies, and procedures adopted by management to
provide reasonable assurance that throughout all organizational elements and
activities of the Department, the objectives of management are achieved and the
integrity of the programs are safeguarded. The internal control objectives,
which are enumerated in the FMFIA, are summarized as follows:
(1) Obligations and costs comply with applicable law
and regulations;
(2) Assets are safeguarded against waste, loss,
unauthorized use, and misappropriation;
(3) Revenues and expenditures applicable to agency
operations are recorded and accounted for properly so that accounts and
reliable financial and statistical reports may be prepared and accountability
of the assets may be maintained; and
(4) Programs are efficiently and effectively carried
out in accordance with applicable law and management policy.
Internal control standards:
The standards issued by the Comptroller General, as revised, to establish, maintain,
and evaluate systems of management control. These are applicable to all
Department operations and administrative functions but are not intended to
limit or interfere with duly granted authority related to developing
legislation, rulemaking, or other discretionary policymaking.
Management control coordinator:
A senior-level manager designated by an Assistant Secretary, office head, or
chief of mission (COM) to ensure that the requirements of the FMFIA and the
Departments management control program are adequately carried out by the
bureau, office, or post. Also serves as the bureau liaison to the Office of
Management Control staff.
Management control evaluation:
A detailed evaluation of a program or activity to determine whether adequate
and appropriate control techniques exist. There are two types:
(1) Management control review is a detailed evaluation
of the existing systems of management controls to determine whether necessary
controls are in place and producing the intended results; and
(2) Alternative management control review is an Office
of Inspector General (OIG) audit or a financial, a computer security system
management, or a consulting review. The review determines that the control
techniques of the activity are operating in compliance with Circular A-123.
These types of reviews can be used in lieu of a management control review if
they encompass the same scope and techniques of a management control review.
Management or internal control
objective: A desired goal or condition to be achieved by the control
techniques used on a component. Each objective is to take into consideration
the nature of the component and the requirements of Circular A-123 (revised).
Limiting factors such as budget constraints, statutory and regulatory restrictions,
staff limitations, and the cost-benefits of each control technique are to be
considered in determining desired management control objectives.
Management control officer:
The Chief Financial Officer (CFO), who is designated by the Secretary of State
to direct the Departments implementation of and compliance with the Federal
Managers Financial Integrity Act.
Management control system (or system
of management control): The organizational structure, operating
procedures, and administrative practices adopted by all levels of management to
provide reasonable assurance that programs and administrative activities are
effectively carried out in accordance with the objectives of the Federal
Managers Financial Integrity Act (FMFIA) and OMB Circular A-123, revised.
Management control system
documentation: Consists of written policies, organization charts,
procedures, manuals, memoranda, flow charts, decision tables, software, and
other related written materials pertaining to controls within each Department
segment. This documentation must be current and permanently on file. Such
documentation will serve to:
(1) Describe the management control methods and
measures;
(2) Communicate responsibilities and authorities for
operating such methods and measures; and
(3) Assist in the review of the management controls
and their functioning.
Management control techniques:
The processes and documents used to efficiently and effectively accomplish a
management control objective and thus help safeguard an activity from waste,
loss, unauthorized use, or misappropriation.
Material weaknesses:
Significant deficiencies in which the agency head determines to be significant
enough to report outside of the agency. Such weakness would:
(1) Significantly impair the fulfillment of the
Departments mission;
(2) Deprive the public of needed services;
(3) Significantly weaken safeguards against waste,
loss, unauthorized use, or misappropriation of funds, property, other assets or
conflict of interest;
(4) Merit the attention of the agency head/senior
management, the President, or the relevant congressional oversight committee;
or
(5) Be of a nature that omission from the report could
reflect adversely on the actual or perceived management integrity of the
agency.
In the context of financial reporting, a material
weakness is a significant deficiency, or a combination of significant
deficiencies, that result in more than a remote likelihood that a material
misstatement of the financial statements, or other significant financial reports,
will not be prevented or detected.
Nonconformance: Instances in
which financial management systems do not substantially conform to financial
systems requirements. Financial management systems include both financial and
financially related (or mixed) systems.
Reasonable assurance: A
judgment by Department management based upon available information that the
systems of management controls are operating as the FMFIA intended. Reasonable
assurance equates to a satisfactory level of confidence under given
considerations of costs, benefits, and risks.
Recapture auditing: A
documented review of financial records and supporting documentation that is
specifically designed to identify and recover overpayments.
Risk assessment: A documented
review of the susceptibility of an assessable unit, program, or activity to the
occurrence of fraud, waste, loss, unauthorized use, misappropriation, or
susceptibility to generate significant improper payments. General reviews will
focus on areas such as the existing inherent risk or vulnerability, existing
general control environment and safeguards in place, and adherence to the
internal control standards. The Department will employ a systematic method of
reviewing all programs and activities to identify programs and activities that
are susceptible to significant improper payments.
Significant deficiency (formerly
called a reportable condition): A deficiency, or combination of
deficiencies, that in managements judgment should be communicated because they
represent significant weaknesses in the design or operation of internal control
that could adversely affect the organizations ability to meet its internal
control objectives. A significant deficiency does not yet rise to the level of
seriousness of a material weakness; however, if effective corrections are not
made, the matter has the potential over time to develop into a material
weakness. Such weakness could:
(1) Significantly impair the fulfillment of the
Departments mission;
(2) Deprive the public of needed services;
(3) Significantly weaken safeguards against waste,
loss, unauthorized use, or misappropriation of funds, property, other assets,
or conflict of interest;
(4) Merit the attention of the agency head/senior
management, the President, or the relevant Congressional oversight committee;
or
(5) Be of a nature that omission from the report could
reflect adversely on the actual or perceived management integrity of the
agency.
In the context of financial reporting, a
significant deficiency is a control deficiency, or combination of control
deficiencies, that adversely affects the entitys ability to initiate,
authorize, record, process, or report external financial data reliably in
accordance with generally accepted accounting principles such that there is
more than a remote likelihood that a misstatement of the entitys financial
statements, or other significant financial reports, that is more that
inconsequential will not be prevented or detected.
Statement of assurance: A
letter or memorandum that states or certifies to a higher level of management
that the required evaluation of management controls was conducted in accordance
with OMB Circular A-123, revised. The memorandum states that the
organizations systems of management control taken as a whole complies with GAO
standards and provides reasonable assurance that programs are effectively
carried out in accordance with applicable law. The statement also identifies
the material weaknesses and/or significant deficiencies, if any, in the
organizations systems of management control, however identified, and contains
a plan for correcting these weaknesses.
2 FAM 022 RESPONSIBILITIES
2 FAM 022.1 The Secretary
(CT:GEN-345; 09-29-2008)
The Secretary is responsible for submitting an annual
statement of assurance to the President and the Congress on the overall
adequacy and effectiveness of the management controls within the Department and
conformance with U.S. Government-wide financial system requirements.
Additional detail on the annual assurance process is provided in 2 FAM 024.
2 FAM 022.2 The Under Secretary for
Management
(TL:GEN-279; 11-01-1992)
The Under Secretary for Management is responsible for
establishing and maintaining systems of management controls over all operations
within the Department of State. This responsibility includes determining that
systems are functioning as prescribed and are modified as required by changes
in conditions.
2 FAM 022.3 The Comptroller
(CT:GEN-401; 01-10-2013)
The Comptroller has the following responsibilities:
(1) Serves as the management control officer for the
Department, under authority delegated by the Chief Financial Officer;
(2) Ensures the implementation of all statutory and
procedural requirements prescribed by the Federal Managers Financial Integrity
Act and OMB Circular A-123, Managements Responsibility for Internal Control
(Appendices A and C);
(3) Prepares the annual assurance statement from the
Secretary of State to the President and Congress;
(4) Chairs the Management Control Steering Committee, which
establishes Department policies and procedures for implementing and evaluating
management controls;
(5) Provides the Under Secretary for Management
periodic written or oral progress reports regarding significant weaknesses in
management controls and policy issues requiring consideration that are outside
the purview of the Management Control Steering Committee;
(6) Directs the segmentation of the Department into
organizations, programs, operations, and functions; directs the development of
an inventory of assessable units; ensures that risk assessments are performed
on a periodic basis; and monitors the implementation of corrective actions;
(7) Provides advice and technical assistance in
developing necessary guides for performing risk assessments and management
control reviews and designing management control systems;
(8) Approves subsequent plans for risk assessments and
reviews of management control systems;
(9) Establishes and maintains a program of quality
assurance over management control evaluations, reviews, and follow-up
corrective actions;
(10) Recommends Management Control Steering Committee
action on proposed management control designs;
(11) Ensures that appropriate follow-up action is taken
on management control deficiencies and financial losses by providing necessary
guidance in designing needed additional controls;
(12) Maintains a continuing liaison with and awareness
of the activities of other Department elements having responsibilities for
activities that contribute to the goals and objectives of the management
control program; and
(13) Reviews Government Accountability Office,
Inspector General, contractor, or management reports that apply in whole or in
part to management controls; reviews the analyses that Information Resource
Management (IRM) performs, which focuses on automated systems (general and
application controls); and ensures that risk assessments, management control
reviews, and determinations of deficiencies consider these sources of
information.
2 FAM 022.4 Management Control
Steering Committee (MCSC)
(CT:GEN-401; 01-10-2013)
a. A Management Control Steering Committee (MCSC) of
Department officials at the Assistant Secretary or equivalent level, chaired by
the management control officer (Comptroller), is responsible for setting
management control policy that will meet the needs of the Department. The
Under Secretary for Management selects the members. The Inspector General is a
nonvoting member of the committee.
b. In addition, the members of the committee work with
the management control officer to:
(1) Ensure that statutory and procedural requirements
established by the FMFIA and OMB Circular A-123, revised, are carried out;
(2) Set management control objectives for the
Department;
(3) Provide oversight of the Corrective Action Review
and other validation processes for the Department;
(4) Clear the final version of the annual FMFIA
statement of assurance; and
(5) Ensure attendance at all meetings of the committee
and will ensure that the principal deputy assistant secretary, or equivalent,
is available to attend when unavoidable travel commitments prevent attendance
by a member.
c. The MCSC is also responsible for providing
oversight of the status of the corrective action plans for areas of heightened
risk for waste, fraud, and mismanagement, otherwise known as high-risk areas.
To carry out this responsibility, the MCSC requires the cognizant bureau(s) to:
(1) Report at least annually on the status of action
plans by milestone completion dates;
(2) Validate that corrective actions undertaken have
achieved the intended results; and
(3) Link the corrective action plans to the budgeting
process.
d. The first MCSC meeting of the year will be held
primarily to report to the committee the status of all outstanding significant
deficiencies and or material weaknesses. At the end of the fiscal year, after
all of the chiefs-of-mission (COM) and bureau statement of assurance letters
are received, the MCSC will meet to discuss and determine whether or not the
Department needs to report:
(1) Any justification for closure to existing
significant deficiencies or material weaknesses;
(2) Any potential new significant deficiencies or
material weaknesses in the Departments Federal Managers' Financial Integrity
Act (FMFIA) statement of assurance; and
(3) Additional meetings will be held as frequently as
necessary to ensure timely preparation and clearance of the FMFIA statement of
assurance. Committee members may be accompanied to meetings by key staff
members unless notified by the chair that the committee will be meeting in
executive session.
2 FAM 022.5 Senior Assessment Team
(CT:GEN-370; 05-19-2010)
The Senior Assessment Team (SAT) was established by the
Management Control Steering Committee (MCSC) and is responsible for the
oversight of the Departments compliance with the requirements of Appendix A of
OMB Circular A-123. The SAT is composed of senior executive-level managers
from various bureaus in the Department and is chaired by the Deputy Chief
Financial Officer. The SAT reports to the MCSC concerning the results of the
annual Appendix A work. This includes providing the status of material
weaknesses and significant deficiencies in the internal controls over financial
reporting and making recommendations to the MCSC concerning the annual
assurance regarding internal controls over financial reporting.
2 FAM 022.6 Office of Management
Control (CGFS/DCFO/MC)
(CT:GEN-402; 01-25-2013)
The Office of Management Control (CGFS/DCFO/MC)
administers the requirements of FMFIA for the Department. These requirements
include providing annual FMFIA guidance materials to the bureaus and posts;
compiling the results of the statement of assurance from the Assistant
Secretaries and chiefs of mission; and making recommendations to the MCSC concerning
both the Secretarys overall statement of assurance and assurance over
assessing internal controls over financial reporting as it will be presented in
the annual report. Procedures necessary to comply with Circular A-123 Appendix
A (internal controls over financial reporting) and Appendix C (improper
payments) are also performed by CGFS/DCFO/MC, including the coordination of
reporting in the annual report in accordance with OMB requirements.
Additionally, CGFS/DCFO/MC performs audit follow-up for GAO and OIG open
recommendations. (See 1 FAM 614.14 for further description.)
2 FAM 022.7 Bureau and Office Heads
and Chiefs of Mission
(CT:GEN-345; 09-29-2008)
Bureau and office heads (Assistant Secretaries or
equivalent) and chiefs of missions have the following responsibilities related
to internal control:
(1) Develop and maintain appropriate systems of
management controls for their organizations;
(2) Implement, maintain, and review management
controls on an ongoing basis to determine whether the controls are adequate and
functioning as prescribed;
(3) Perform risk assessments of each assessable unit
within their organizations as frequently as circumstances warrant, but not less
frequently than every 5 years;
(4) Report promptly to the management control officer
all significant management control deficiencies, weaknesses, and financial
losses. Follow-up reports on the corrective action(s) planned or taken to
prevent a recurrence must be submitted to the management control officer on an
annual basis; and
(5) Submit the chiefs-of-mission statements of
assurance to the regional bureaus (posts) and the corresponding bureau/office
statements of assurance to the Secretary (bureaus and offices) as described in 2 FAM 024.
2 FAM 022.8 Management Control
Coordinators
(CT:GEN-401; 01-10-2013)
a. The Assistant Secretary, office head, or chief of
mission designates management control coordinators. Fulfilling assigned
responsibilities must be a critical job element in performance agreements of
management control coordinators. In addition, bureau and office management
control coordinators should be the chief liaison to the Office of Management
Control (CGFS/DCFO/MC) staff and have direct access to the Assistant Secretary,
office head, or the next level below them.
b. The Assistant Secretary or office head must submit
the name, title, address, and telephone number of the coordinator to the Office
of Management Control whenever the designated coordinator is changed. The
individual designated should be a senior-level manager and is responsible for
coordinating the input for the Assistant Secretaries and chiefs of mission
annual assurance statements.
c. With direction and guidance from the management
control officer and the Office of Management Control, the bureau or office
management control coordinator will:
(1) Determine the inventory of assessable units for
the bureau or office;
(2) Conduct or arrange for all relevant management
control training;
(3) Coordinate the timely performance of risk
assessments and management control reviews (when required) among managers
responsible for the assessable units within the bureau or office and thoroughly
review all management control process products prior to their submission to the
management control officer;
(4) Ensure that managers of assessable units consider
Government Accountability Office and Inspector General reports and audits,
contractor and management studies, and analyses performed by the Information
Assurance Office (IRM/IA) and other Department offices when evaluating
management controls within their area of responsibility;
(5) Evaluate proposed bureau/post corrective actions
to ensure that they represent an effective and cost-beneficial approach for
resolving identifiable deficiencies or risks within existing resource
constraints; and
(6) Track and monitor these same required activities
among the post management control coordinators reporting to the bureau or
office.
d. The chief of mission designates a post management
control coordinator at each embassy, international organization or consulate
general (where the COM heads the consulate general) and submits the name,
title, address, and telephone number of this coordinator to the cognizant
bureau or office management control coordinator within 45 days from the issuance
of this subchapter and thereafter, whenever the designated officer is changed.
The individual designated should be a ranking officer, usually a management
officer, with direct access to the chief of mission or deputy chief of mission
on matters related to management controls.
e. Where there are constituent posts or multiple-post
missions, the COM will designate a management control coordinator for each
constituent post and/or mission, who will report directly to the embassy
management control coordinator. The embassy management control coordinator is
responsible for compiling and incorporating the responses from the constituent
posts and/or missions into the chief of mission (COM) annual statement of
assurance and submitting this information to the respective bureau for inclusion
of the Assistant Secretarys statement of assurance.
2 FAM 022.9 Director General of the
Foreign Service and Director of Personnel
(CT:GEN-345; 09-29-2008)
The Director General of the Foreign Service and Director
of Personnel, with advice and guidance from the management control officer, is
responsible for establishing and issuing procedures to provide that performance
agreements appropriately reflect management control responsibilities for
developing and issuing guidance for recognition of positive accomplishments
related to management control and for appropriate disciplinary action for
violations.
2 FAM 022.10 Director of the
Foreign Service Institute (FSI)
(CT:GEN-370; 05-19-2010)
a. The Director of the Foreign Service Institute (FSI),
with advice and guidance from the management control officer, is responsible
for establishing courses of instruction on policies, procedures, methods, and
systems of management controls, as well as on approaches to evaluating,
improving, and reporting on systems of management controls utilizing risk
assessments and management control reviews.
b. In addition, the director is responsible for:
(1) Coordinating the development of course content
with the management control officer;
(2) Revising course content to reflect changes to
policies, procedures, methods, and systems of management control; and
(3) Providing the management control officer periodic
reports on course effectiveness and student evaluation of course content.
2 FAM 022.11 Inspector General
(CT:GEN-370; 05-19-2010)
a. The Inspector General (IG) has the responsibility to
conduct independent and objective audits, inspections, reviews, and
investigations of Department programs and operations (see 1 FAM 050).
This work can include reviews of management controls to determine whether they
are documented, effective, and operating as intended, with recommendations for
improvement, when appropriate. Also when appropriate, the IG reports
significant management control deficiencies to the Under Secretary for Management
or to the Secretary.
b. The IG provides advice and technical assistance to
managers and management control officers to establish/improve management
controls.
c. The IG serves as a nonvoting member of the
Departments Management Control Steering Committee and the Senior Assessment
Team (SAT) to offer advice and guidance to the MCSC and SAT regarding audit and
inspection findings and recommendations, material weaknesses and significant
deficiencies, and the status of corrective actions, as well as other management
areas of concern and interest to the Department.
2 FAM 022.12 Department Managers
(CT:GEN-358; 06-11-2009)
a. All managers throughout the bureaus, offices, and
posts are responsible for maintaining and monitoring systems of management
controls in their areas, and performance agreements must appropriately reflect
this responsibility.
b. Department managers must provide their management
control coordinator with plans, reports, and necessary information required to
fulfill the responsibility for ensuring that policies and standards established
by the Federal Managers Financial Integrity Act, OMB Circular A-123, revised,
and this subchapter are met and carried out. This includes, but is not limited
to, the information required for their respective bureaus or posts to prepare
chiefs of mission assurance submitted to regional bureaus and the corresponding
bureau/office statements of assurance submitted to the Secretary.
c. Department managers must submit reports to the
management control officer on significant positive accomplishments related to
management control and disciplinary action taken for significant violations of
management controls.
2 FAM 023 MANAGEMENT CONTROL
EVALUATIONS AND IMPROVEMENT PROCESS
2 FAM 023.1 Implementation
(CT:GEN-401; 01-10-2013)
a. Bureau, office, and post managers, under the
direction and guidance of the management control officer, are responsible for
improving management controls in the Department. The management control
evaluation, improvement, and reporting process is comprised of seven steps:
(1) Organizing the process;
(2) Segmenting the organization;
(3) Conducting risk assessments;
(4) Developing plans for subsequent actions;
(5) Conducting management control reviews;
(6) Taking corrective actions; and
(7) Reporting on management controls.
b. Coordinating with bureau and office management
control coordinators, the Office of Management Control (CGFS/DCFO/MC) will
develop guidelines for the seven steps listed in paragraph a of this
section. The bureau and office management control coordinators are
responsible for further dissemination and coordination to ensure compliance.
c. The Office of Management Control must maintain
adequate documentation to support the management control evaluation,
improvement, and reporting process. This includes management control
systems documentation as well as evaluation and corrective action
documentation, as defined in 2 FAM 021.3.
2 FAM 023.2 Reporting Significant
Accomplishments or Violations Relating to Management Controls
(CT:GEN-401; 01-10-2013)
a. As necessary, the head of the bureau or office must
send to the Office of Management Control (CGFS/DCFO/MC) a memorandum addressed
to the management control officer setting forth the following:
(1) If appropriate, the name and position of the
officer(s) or employee(s) responsible for a significant accomplishment or
violation;
(2) All pertinent facts, including the type of
accomplishment or violation; the primary reason or cause of violations; and any
statement of the responsible officer(s) or employee(s) with respect to
circumstances believed to be extenuating;
(3) A statement of the administrative action taken to
reward recognized accomplishments and discipline violators of management
controls including, if applicable, an explanation as to why no administrative
action was taken; and
(4) A statement recommending additional steps that
could be taken relating to the individual (e.g., award or disciplinary action)
or the system (e.g., communicates accomplishment to other Department organizations
or develops and issue new safeguards to prevent recurrence of the violation).
b. As appropriate, use applicable TAGS and follow
procedures for including this material in the individual(s) official personnel
file (see 3 FAM).
2 FAM 024 Annual Management assurance
process
(CT:GEN-505; 05-21-2018)
a. The Federal Managers' Financial Integrity Act
(FMFIA) requires the Secretary to submit an annual statement of assurance to
the President and the Congress (at the close of the fiscal year) on the overall
adequacy and effectiveness of the management controls within the
Department. FMFIA also requires the Secretary to provide an annual
statement on whether the Departments financial management systems conform with
U.S. Government-wide requirements, presented in OMB Circular A-123 Appendix D,
Financial Management Systems. Beginning with fiscal year 2006, the
Secretary was also required to provide an annual assurance statement on the
effectiveness of internal control over financial reporting, which is an
addition to and also a component of the overall FMFIA assurance statement.
b. The Secretary must disclose any material weaknesses
or nonconformances for the Department and provide plans for corrective actions
and progress against those plans. The annual statements are included in
the Departments annual report, which is due November 15.
c. The Office of Management Control (CGFS/DCFO/MC)
prepares the Secretarys assurance letter based on the recommendation of the
Management Control Steering Committee (MCSC). The MCSCs recommendation
is based on the results of the annual statements of assurance from the
Departments Assistant Secretaries, the results of the review and test work
done in accordance with OMB Circular A-123 Appendix A, the status of corrective
actions for existing significant deficiencies and material weaknesses, and
other internal control work. The Senior Assessment Team (SAT) will
provide recommendation to the MCSC concerning the assurance related to internal
controls over financial reporting.
d. Annually, chiefs of mission, Assistant Secretaries,
and office heads will provide an assurance statement, addressed to the
Secretary, concerning the effectiveness of internal controls in their
respective operations. The Bureau of the Comptroller and Global Financial
Services will provide guidance concerning the timing and content of the
assurance statements.
2 FAM 025 THROUGH 029 UNASSIGNED