What is ARMICS (Agency Risk Management and Internal Control Standards)?

Agency Risk Management and Internal Control Standards (ARMICS) is an initiative of the Department of Accounts (DOA) for all state agencies within the Commonwealth of Virginia. The primary purpose of ARMICS is to ensure fiscal accountability and safeguard the Commonwealth's assets.   

 

The Commonwealth of Virginia has designed ARMICS to achieve the following objectives:

  1. Strategic: Support for being “best-managed” state in the nation through internal control best practices
  2. Operational: Effective and efficient use of fiscal resources and other assets
  3. Reporting: Integrity and reliability of financial reporting
  4. Compliance: Compliance with applicable laws and regulations
  5. Stewardship: Protection and conservation of assets


To meet these standards, an agency must demonstrate that is has five internal control components of the COSO framework established and fully functioning.

COSO Framework

 

 

 

 

 

 

 

 

 

 

 

For more information on the COSO framework please go to this link https://www.coso.org/
 

To support ARMICS submission, two levels of assessment need to be completed:

  • Stage 1 – Agency Level Risk Assessment on the COSO Framework
    • Stage 1 consists of a questionnaire on five COSO internal controls components and is completed by both management and staff members. The individuals who are asked to contribute to this questionnaire may vary from year to year depending on the requested review items for the ARMICS filing. The questionnaire is conducted every three years at a minimum and can be completed sooner when certain criteria are met. The deadline for the filing process is September 30th and if your assistance is requested for Stage 1, you can expected to be contacted within the months leading up to the deadline.
    • Following the completion of the questionnaire and the ARMICS filing, a detailed analysis of the questionnaire responses is completed and a report is provided to senior leadership for review.
  • Stage 2 – Process or Transaction Level Control Assessment
    • Stage 2 consists of the identification of fiscal processes and significant fiscal processes. A risk assessment of each significant fiscal process is completed to test the effectiveness of the control activities and the results of the assessment are documented.

 

Who is Responsible for ARMICS?

While each state employee has personal internal control responsibility, the agency head holds ultimate responsibility and must assume ownership for internal control.

Other agency executives and managers must support the agency’s internal control philosophy, promote compliance, and maintain control within their areas of responsibility. Chief financial officers and fiscal officers have key oversight and policy enforcement roles over fiscal matters. Other agency managers may hold lead responsibility for compliance with non-financial aspects of laws, directives, policies, procedures, and the code of ethics.

Internal auditors hold essential responsibilities for assessing, testing, and reporting on internal control. However, internal auditors cannot relieve agency management from its internal control responsibilities.

For more information of ARMICS, please visit https://www.doa.virginia.gov/reference/ARMICS/ARMICS_Assessment_Tools.shtml