Internal Control Review Requirements and Request for Wyoming's Internal Control Review Activities (ICRA) for Fiscal_Year (FY) 2010

United States Department of the Interior
BUREAU OF LAND MANAGEMENT
Wyoming State Office
P.O. Box 1828
IN REPLY REFER TO: Cheyenne, Wyoming 82009-1828
1220 (950) P

March 10, 2010
EMAIL TRANSMISSION: March 11, 2010

Instruction Memorandum No. WY-2010-021
Expires: 9/30/2011
To: Wyoming Management Team
From: Associate State Director
Subject: Internal Control Review Requirements and Request for Wyoming's Internal Control Review Activities (ICRA) for Fiscal_Year (FY) 2010
DD: 7/30/2010
Program Area: Office of Management and Budget (OMB) Circular A-123, Management's Responsibility for Internal Controls.
Purpose: This Instruction Memorandum contains information on the Bureau's Internal Control Review Requirements and requests a variety of information from each Division, District Office, and Field Office of all internal control review activities for FY 2010. This information is needed to document the results of the Annual Assurance Statement of Internal Controls that is completed and certified by the State Director each FY. The Annual Assurance Statement represents the State Director's informed judgment as to the overall adequacy and effectiveness of internal controls of programs within his area of responsibility throughout the Wyoming organization.
Policy/Action: All program leads, supervisors, and managers are involved in internal control review activities pertaining to their program areas.

What is Internal Control? Internal controls are policies, processes, and systems that supervisors and program managers use to continually assess and evaluate program operations to ensure programs achieve their intended results; resources are used efficiently and consistent with agency mission; laws and regulations are followed to make program adjustments to meet changing conditions; to help identify and address major risks for fraud, waste, abuse, and mismanagement; and to ensure that reliable and timely resource information is maintained, reported, and used in decision-making.

Internal control has three main objectives: 

• To promote effectiveness and efficiency of operations
• To ensure reliability of financial reporting 
• To maintain compliance with applicable laws and regulations Operations 
• Promotes efficiency and effectiveness of operations through standardized processes 
• Ensures the safeguarding of assets through control activities

Financial --Promotes integrity of data used in making business decisions  Assists in fraud prevention and detection through the creation of an auditable trail of evidence
Compliance--Helps maintain compliance with laws and regulations through periodic monitoring

Internal Control has five standards:

• Control Environment -- Management and employees establish and maintain an environment throughout the organization that sets a positive and supportive attitude toward internal control and conscientious management.
• Risk Assessment -- Requires program risk assessment of external and internal factors to determine the best approach for risk management and the development of internal control activities to mitigate those risks to meet the three main objectives.
• Control Activities -- Control activities are the policies, procedures, techniques, and mechanisms that help ensure that management's directives to mitigate risks are accomplished. Control activities are an integral part of the BLM's entire cycle of planning, budgeting, management, accounting, and auditing processes. 
• Information and Communications -- Requires that internal and external information is reliable and relevant and communicated throughout the organization in a timely manner to enable decision makers to carry out operational responsibilities. 
• Monitoring -- Internal control monitoring assesses effectiveness and quality of operations over time and ensures that findings of audits and other reviews are promptly resolved.  Internal Controls Standards/Objectives Internal Audits Messages from Senior Management Policies and Procedures Code of Ethics The process which ensures that relevant information is identified and communicated in a timely manner The policies and procedures that help ensure that actions are identified to manage risk are executed and timely The control conscience of an organization. The “tone at the top" The evaluation of internal and external factors that impact an organization's performance Business Risk Management Process Risk Management Internal Audit Risk Assessment Disclosure Committee Delegation of Authority/Approvals Common Processes and Systems Segregation of Duties Account Reconciliations Information Technology Controls Code of Ethics Documented Policies and Procedures Cultural Assessment Training Management Analysis

The process to determine whether internal control is adequately designed, executed effective and adaptive Internal control review activities occur daily, monthly, yearly or infrequently and are assessed by a variety of methods as follows:

• General Management Evaluations (GMEs)
• Technical Program Reviews (TPRs)
• Program Management Reviews (PMRs)
• Routine and Special program studies, reviews, audits, assessments, and evaluations
• Office of Inspector General (OIG) Audits
• Government Accountability Office (GAO) Audits
• Audits of Financial Statements and Documents (such as monthly and yearly audits in procurement, property, budget, etc.)
• Program Assessment Rating Tool (PART) Analyses
• Contractor Reviews/Audits/Studies (i.e., KPMG, Deloitte & Touche, etc.) 

Attachment 2 shows the existing evaluations, GAO and OIG audits for our organization to date. Please review this information and canvas your staffs for any additional ICRA that will be completed in FY 2010 or that a staff member has or will participate in by providing information to an audit, review, or assessment. These activities need to be consolidated in the format indicated on the spreadsheet and sent to the Division of Support Services (WY 950), Attn: Mike Valle on, or preferably before, July 30, 2010. This information will be used to document our State's submission of the Annual Assurance Statement to the Washington Office. The Bureau is requiring each State to complete and update on a yearly basis program risk assessments for 100 percent of their components based on each State's Program Component Inventory. Please refer to the Wyoming State Component Inventory in Attachment 1. The definition of component is defined as a major program, administrative activity, organization, or functional subdivision of the BLM that requires one or more separate systems of internal controls. All updates to the program risk assessments and any new assessments need to be completed by the State program leads and signed by the respective Deputy State Director (WY 920, WY 930, and WY 950) and submitted to Mike Valle by July 30, 2010. Documentation that these risk assessments have been completed will be included with the Annual Assurance Statement.

Timeframe: Please submit all ICRA information and updates to program risk assessments to Mike Valle, (WY 950), by close of business on July 30, 2010.

Budget Impact: Minimal. Background: In accordance with the provisions found in OMB Circular A-123, Management's Responsibility for Internal Controls, the Federal Managers Financial Integrity Act of 1982 (FMFIA), OMB Circular A-127, Financial Systems, Federal Information Security Management Act, and Department of the Interior (DOI) guidelines, BLM Managers are required to continuously monitor and assess the effectiveness of their internal controls and report annually on the adequacy of their programs and operations. Manual/Handbook Sections Affected: None
Coordination: N/A Contact: If you have questions or comments, please contact Mike Valle, (WY 950), Management Analyst, in the Division of Support Services, at (307) 775-6049.
Signed by: Authenticated by: Ruth Welch Pamela D. Hernandez Associate State Director Wyoming Central Files 2 Attachments 1-Wyoming State Component Inventory (1 p.) 2-FY 2010 Internal Control Review Accomplishments (4 pp.)