The MICP guides the review, assessment, and reporting of internal control effectiveness for the Department of Defense (DoD). Its primary objectives are to assess inherent risks in business processes, document and design internal controls, test the controls’ operating effectiveness, identify and classify deficiencies, prepare and execute Corrective Action Plans (CAPs), and monitor and report on CAP statuses until deficiencies are resolved. Each DoD Agency and Field Activity must also submit an annual Statement of Assurance (SoA) that delivers explicit assurance of appropriate internal controls for operational and administrative functions, financial reporting, and financial management systems.
CSCI supports DoD Agencies and Field Activities to develop comprehensive MICP strategies and apply sustainable, repeatable processes to design, implement, monitor, and report on internal controls. Our responsibilities include gathering MICP requirements; establishing baselines for policies, processes, and training; designing templates; evaluating business process workflows, testing internal controls, identifying deficiencies, and preparing CAPs; developing the annual SoA; and conducting end-to-end MICP sustainment training.
CSCI also assists with the design and implementation of processes to manage enterprise risk. We have developed procedures in compliance with the Office of Management and Budget (OMB) Circular No. A-123: Management’s Responsibility for Enterprise Risk Management (ERM) and Internal Control to identify, prioritize, and respond to enterprise risk, and support development of risk registers and risk profiles. Additionally, we lead efforts to develop risk input in collaboration with Agency and Field Activity management.