OMB Circular A-123 13th Annual Rutgers Governmental Accounting & Auditing Update Conference December 18, 2006 Lessons Learned Terry Carnahan Managing Director.

Slides:



Advertisements
Similar presentations
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Advertisements

Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
Internal Control–Integrated Framework
Driving change in information risk within the financial services industry Subtitle Date.
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Chapter 10 Accounting Information Systems and Internal Controls
Internal Control.
The Islamic University of Gaza
OMB A-123 Update CRT April 20, 2015 Mike Wetklow
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING
V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.
TRANSACTION SERVICES ADVISORY Romania conference – IPO process Victor Kevehazi, Senior Partner 18 October 2005.
Information Technology Audit
Internal Auditing and Outsourcing
Control and Accounting Information Systems
PUBLIC SECTOR Internal Controls Over Financial Reporting (ICOFR) Management’s Assertions Central PA Chapter of the AGA February 9, 2011 ADVISORY.
Central Piedmont Community College Internal Audit.
Auditing Internal Control over Financial Reporting
Chapter 3 Internal Controls.
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 What Companies Should Be Doing Now.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
Transitioning to the COSO 2013 Update.  Released on May 14, 2013  Designed to build upon the foundation of the 1992 Framework  Will supersede the 1992.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Introduction to Internal Control Systems
OMB Circular A-123 Lessons Learned OMB Circular A-123 Lessons Learned FEDERAL ADVISORY Sean Hoffman Partner KPMG LLP.
Page 1 Internal Audit Outsourcing The Moss Adams Approach to Internal Audit Outsourcing Proposed SOX 404 Changes.
Considering Internal Control
Internal Control in a Financial Statement Audit
Service Organization Reports – What Agencies Need to Know.
AUDIT FEI Career Management Group Qualifications for a Successful CFO/Controller in Today's Market December 3, 2009.
© 2007 KPMG, the Malaysian member firm of KPMG International, a Swiss cooperative. All rights reserved. 1 Differing Roles of Internal Auditor and Risk.
September 30, 2008 BIBA ROUNDTABLE Regulatory Panel.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Richard F. Chambers, CIA, CGAP Vice President, IIA Learning Center The Institute of Internal Auditors.
2004 Casualty Loss Reserve Seminar SOP 97-3 Department of Labor Special Fund Assessments September 13, 2004 Bill Stanfield, ACAS, MAAA.
Factors Associated with IT Audits by the Internal Audit Function Discussant Comments October 2, 2009 INFORMATION RISK MANAGEMENT ADVISORY.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Chapter 9: Introduction to Internal Control Systems
Indiana Regional Sewer District Association October 26, 2015.
Case 6.2 Waste Management Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent.
FINANCIAL SERVICES ADVISORY SERVICES 13 March 2007 Challenges faced by consultants whilst consulting on Basel II.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
KPMG GOVERNMENT INSTITUTE The Future of Government Financial Reporting: Where Do We Go From Here? AGA Baltimore Chapter AUDIT Andrew C. Lewis, CPA, CGFM,
Linkage of Risk, Capital and Financial Management CAS Annual Meeting Aaron Halpert, ACAS, MAAA Leslie R. Marlo, FCAS, MAAA November 12, 2007 INSURANCE.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Trade Compliance Considerations April 13, © 2016 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
Internal control - the IA perspective
Rethinking classroom design
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

OMB Circular A th Annual Rutgers Governmental Accounting & Auditing Update Conference December 18, 2006 Lessons Learned Terry Carnahan Managing Director KPMG Federal Internal Audit Services

2 Agenda Background Challenges Lessons Learned Just Check the Box ? Opportunities

3 Background Office of Management and Budget (OMB) Circular A-123, “Management’s Responsibility for Internal Control”, revised December, 2004 A-123 provides guidance to Federal agencies regarding compliance with the Federal Managers’ Financial Integrity Act of 1982 (FMFIA)

4 Background, con’t “... A-123 defines management’s responsibility for internal control in Federal agencies... A-123 and the statute it implements, the FMFIA, are at the center of the existing Federal requirements to improve internal control.” —Linda Springer Office of Management and Budget December 21, 2004* * “Memorandum to the Chief Financial Officers, Chief Operation Officers, Chief Information Officers, and Program Managers: Revisions to OMB Circular A-123, Management’s Responsibility for Internal Control,” December 21, 2004

5 Internal Control Attestations in the Government What is Internal Controls over Financial Reporting (ICFR)? Internal Control is defined as a process, effected by an entity’s board of directors, management/other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following: Accurate maintenance of records in reasonable detail Recording of transactions as necessary in preparing financial statements Assurance that receipts/expenditures have appropriate authorizations Prevention or detection of unauthorized acquisition Prevention or detection of unauthorized use of the issuer’s assets Compliance with applicable laws and regulations

6 Enhancing Internal Control over Financial Reporting/Government Attestations SEC definition: Internal Control over Financial Reporting (ICOFR) A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. COSO Is the Recognized Internal Control Framework for Financial Reporting COSO control components (accepted by U.S. government and its agencies) incorporated into new A-123 GAO adopted into government standards

7 Integrated Internal Control Framework ICOFR Reporting Oversight Technology Evaluation

8 Challenges Today, agency managers face three challenges: Compliance with A-123 Minimize the cost of compliance by integrating related internal controls Reduce the overall cost of controls and transform operations to improve mission effectiveness These challenges also present opportunities: Minimize the cost of compliance by integrating related internal controls Reduce the overall cost of controls and transform operations to improve mission effectiveness

9 Lessons Learned 1 Bob Violino, “Sarbox: Year 2”, September 15, 2005, CFO IT Fall 2005 Issue, CFO.com. 2 Richard M. Steinberg, “Resources, Ownership, and Discipline; Key 404 Lessons”, Oct. 18, 2005, Compliance Week 3 Larry E. Rittenberg and Patricia K. Miller, “Sarbanes-Oxley Section 404 Work: Looking at the Benefits”, Jan. 2005, IIA Research Foundation Expensive and chaotic 1 Realization that requirements are permanent 2 Surprising degree to which information technology contributes to financial processes 1 Better understanding and analysis of monitoring controls 2 Need to embed ICOFR within programs, operations 2 Re-implementation of basic controls 2 “Over-identified” key controls 3

10 Just Check the Box ? A-123 Compliance Federal agencies are usually more willing to embrace new initiatives that address program improvement But, new regulatory compliance initiatives are generally seen as “necessary evils” that distract an agency from its mission Compliance with new regulations often degenerates into “check the box” exercises The additional costs associated with A-123 compliance have not helped Agencies miss-out by just “checking the A-123 box” A-123 is an opportunity to transform and improve

11 Opportunities A-123 results in greater focus on strengthening internal controls High initial A-123 compliance costs Improved Business Practices Better Understanding of Costs Linking Controls to Performance

12 Opportunities Total Cost of a Control Increasingly felt by Agencies doing A-123 Largely hidden; historically unknown to Agencies Improved Business Practices Better Understanding of Costs Linking Controls to Performance

13 Opportunities Control Portfolio mapping Manual vs. Automated controls Detective vs. Preventive controls Improved Business Practices Better Understanding of Costs, con’t Linking Controls to Performance

14 Opportunities Understanding manual controls Costs of controls relate to actual performance Manual controls- Labor-intensive (costly); perhaps hundreds of employees involved Introduce risk of human error Often detective, not preventative = no protection against waste What percentage of an Agency’s Performance costs are related to manual controls ? Improved Business Practices Better Understanding of Costs, con’t Linking Controls to Performance

15 Opportunities Controls are important tools for identifying: New opportunities for managing risk New ways to improve business performance Controls allow agencies to rethink how they operate A-123 compliance leads to fresh insights into performance and potential cost savings Linkage between controls and program improvement A-123 compliance encourages agencies to develop a “portfolio” view of their existing controls Assessment of quality and quantity of controls from different perspectives: operating units, applications, locations, risks, and objectives Improved Business Practices Better Understanding of Costs Linking Controls to Performance

16 Opportunities Automated Manual Detective Preventive Existing Control Current Control Portfolio (at most Agencies) Mostly manual controls that only detect anomalies after- the-fact Anomalies’ effects (wasted money, time, effort) already felt Result in higher-than-necessary control costs Missed opportunity for control cost-savings Current Control Portfolio Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t

17 Opportunities Automated Manual Detective Preventive Existing Control Desired Control Portfolio Mostly automated controls that prevent anomalies from occurring or taken effect Anomalies’ effects (wasted money, time, effort) are never felt Reduce control costs by introducing cost-savings Help agencies better manage their risks of doing business Desired Control Portfolio Previous Control Future (new) Control Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t

18 Opportunities Automated Manual Detective Preventive Existing Control Warning: Simply automating controls is no cure-all Business processes must be well understood Controls must exist at the proper places in a process Goal: generate relevant information to enable appropriate action The total costs of controls must be understood Desired Control Portfolio Previous Control Future (new) Control Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t

19 Don’t Just Check the Box Enhance controls by embedding them in operations (e.g., business units) Maintain rigorous testing process Move beyond compliance to improve business performances Improve their controls processes by going from manual controls to automated controls (e.g., detective to preventive) Use the controls portfolio as a new “lens” to improve processes

20 The information contained herein for the MEV Independent Validation and Verification Project is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © (2006) KPMG LLC, a Swiss cooperative. All rights reserved. Printed in USA. Terry Carnahan Managing Director Federal Internal Audit Services KPMG LLP (202)