Agency Risk Management and Internal Control Standards

Agency Risk Management and Internal Control Standards (ARMICS) is a directive issued by the State Comptroller, mandates the use of internal control standards and "best practices" that directly support the Commonwealth's vision and long-term objectives. This directive requires the implementation and annual assessment of agency internal control systems in order to provide reasonable assurance of the integrity of fiscal processes related to the submission of the transactions to the Commonwealth's general ledger, submission of financial statement directive materials, compliance with laws and regulations, and stewardship over the Commonwealth's assets.

Key steps in the ARMICS process

  • Process/Transaction Assessment and Testing: Performed by units and departments on an ongoing basis
  • Annual central unit and departmental certification, signed by:
    • Departments, schools, VPs
    • Central support units
  • Annual VCU certification to Virginia Department of Accounts, signed by:
    • President
    • VP Finance and Administration
  • Enterprise Risk Management (ERM): An organization-wide approach to risk management that integrates risk management with strategic planning

Resources for ARMICS risk assessment

Central Units, Departments and Schools are responsible for identifying all significant fiscal processes. For each significant fiscal process, the unit must perform the following in the VCU ARMICS Database:

  • Document the process steps
  • Assess the risks in the process
  • Identify the controls performed to mitigate risk
  • Test the effectiveness of controls
  • Develop a Corrective Action Plan if there are significant weaknesses in controls

This process supports the Annual ARMICS certification to the Controller’s office and to the Commonwealth.