Download presentation
Presentation is loading. Please wait.
Published byMaximillian Hubbard Modified over 8 years ago
1
OMB Circular A-123 13th Annual Rutgers Governmental Accounting & Auditing Update Conference December 18, 2006 Lessons Learned Terry Carnahan Managing Director KPMG Federal Internal Audit Services
2
2 Agenda Background Challenges Lessons Learned Just Check the Box ? Opportunities
3
3 Background Office of Management and Budget (OMB) Circular A-123, “Management’s Responsibility for Internal Control”, revised December, 2004 A-123 provides guidance to Federal agencies regarding compliance with the Federal Managers’ Financial Integrity Act of 1982 (FMFIA)
4
4 Background, con’t “... A-123 defines management’s responsibility for internal control in Federal agencies... A-123 and the statute it implements, the FMFIA, are at the center of the existing Federal requirements to improve internal control.” —Linda Springer Office of Management and Budget December 21, 2004* * “Memorandum to the Chief Financial Officers, Chief Operation Officers, Chief Information Officers, and Program Managers: Revisions to OMB Circular A-123, Management’s Responsibility for Internal Control,” December 21, 2004
5
5 Internal Control Attestations in the Government What is Internal Controls over Financial Reporting (ICFR)? Internal Control is defined as a process, effected by an entity’s board of directors, management/other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following: Accurate maintenance of records in reasonable detail Recording of transactions as necessary in preparing financial statements Assurance that receipts/expenditures have appropriate authorizations Prevention or detection of unauthorized acquisition Prevention or detection of unauthorized use of the issuer’s assets Compliance with applicable laws and regulations
6
6 Enhancing Internal Control over Financial Reporting/Government Attestations SEC definition: Internal Control over Financial Reporting (ICOFR) A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. COSO Is the Recognized Internal Control Framework for Financial Reporting COSO control components (accepted by U.S. government and its agencies) incorporated into new A-123 GAO adopted into government standards
7
7 Integrated Internal Control Framework ICOFR Reporting Oversight Technology Evaluation
8
8 Challenges Today, agency managers face three challenges: Compliance with A-123 Minimize the cost of compliance by integrating related internal controls Reduce the overall cost of controls and transform operations to improve mission effectiveness These challenges also present opportunities: Minimize the cost of compliance by integrating related internal controls Reduce the overall cost of controls and transform operations to improve mission effectiveness
9
9 Lessons Learned 1 Bob Violino, “Sarbox: Year 2”, September 15, 2005, CFO IT Fall 2005 Issue, CFO.com. 2 Richard M. Steinberg, “Resources, Ownership, and Discipline; Key 404 Lessons”, Oct. 18, 2005, Compliance Week 3 Larry E. Rittenberg and Patricia K. Miller, “Sarbanes-Oxley Section 404 Work: Looking at the Benefits”, Jan. 2005, IIA Research Foundation Expensive and chaotic 1 Realization that requirements are permanent 2 Surprising degree to which information technology contributes to financial processes 1 Better understanding and analysis of monitoring controls 2 Need to embed ICOFR within programs, operations 2 Re-implementation of basic controls 2 “Over-identified” key controls 3
10
10 Just Check the Box ? A-123 Compliance Federal agencies are usually more willing to embrace new initiatives that address program improvement But, new regulatory compliance initiatives are generally seen as “necessary evils” that distract an agency from its mission Compliance with new regulations often degenerates into “check the box” exercises The additional costs associated with A-123 compliance have not helped Agencies miss-out by just “checking the A-123 box” A-123 is an opportunity to transform and improve
11
11 Opportunities A-123 results in greater focus on strengthening internal controls High initial A-123 compliance costs Improved Business Practices Better Understanding of Costs Linking Controls to Performance
12
12 Opportunities Total Cost of a Control Increasingly felt by Agencies doing A-123 Largely hidden; historically unknown to Agencies Improved Business Practices Better Understanding of Costs Linking Controls to Performance
13
13 Opportunities Control Portfolio mapping Manual vs. Automated controls Detective vs. Preventive controls Improved Business Practices Better Understanding of Costs, con’t Linking Controls to Performance
14
14 Opportunities Understanding manual controls Costs of controls relate to actual performance Manual controls- Labor-intensive (costly); perhaps hundreds of employees involved Introduce risk of human error Often detective, not preventative = no protection against waste What percentage of an Agency’s Performance costs are related to manual controls ? Improved Business Practices Better Understanding of Costs, con’t Linking Controls to Performance
15
15 Opportunities Controls are important tools for identifying: New opportunities for managing risk New ways to improve business performance Controls allow agencies to rethink how they operate A-123 compliance leads to fresh insights into performance and potential cost savings Linkage between controls and program improvement A-123 compliance encourages agencies to develop a “portfolio” view of their existing controls Assessment of quality and quantity of controls from different perspectives: operating units, applications, locations, risks, and objectives Improved Business Practices Better Understanding of Costs Linking Controls to Performance
16
16 Opportunities Automated Manual Detective Preventive Existing Control Current Control Portfolio (at most Agencies) Mostly manual controls that only detect anomalies after- the-fact Anomalies’ effects (wasted money, time, effort) already felt Result in higher-than-necessary control costs Missed opportunity for control cost-savings Current Control Portfolio Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t
17
17 Opportunities Automated Manual Detective Preventive Existing Control Desired Control Portfolio Mostly automated controls that prevent anomalies from occurring or taken effect Anomalies’ effects (wasted money, time, effort) are never felt Reduce control costs by introducing cost-savings Help agencies better manage their risks of doing business Desired Control Portfolio Previous Control Future (new) Control Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t
18
18 Opportunities Automated Manual Detective Preventive Existing Control Warning: Simply automating controls is no cure-all Business processes must be well understood Controls must exist at the proper places in a process Goal: generate relevant information to enable appropriate action The total costs of controls must be understood Desired Control Portfolio Previous Control Future (new) Control Improved Business Practices Better Understanding of Costs Linking Controls to Performance, con’t
19
19 Don’t Just Check the Box Enhance controls by embedding them in operations (e.g., business units) Maintain rigorous testing process Move beyond compliance to improve business performances Improve their controls processes by going from manual controls to automated controls (e.g., detective to preventive) Use the controls portfolio as a new “lens” to improve processes
20
20 The information contained herein for the MEV Independent Validation and Verification Project is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © (2006) KPMG LLC, a Swiss cooperative. All rights reserved. Printed in USA. Terry Carnahan Managing Director Federal Internal Audit Services KPMG LLP (202) 533-3342 tcarnahan@kpmg.com www.kpmg.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.