OMB A Update

Similar documents
OMB Update Enterprise Risk Management. April, 2018

OMB Update AGA Internal Control and Fraud Prevention Training

Performance Budgeting for Federal Agencies. A Framework. JOHN MERCER (link to John Mercer's Website) IN PARTNERSHIP WITH AMS MARCH 18, 2002

DIRECTIVE TRANSMITTAL

AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model

FRAUD RISK MANAGEMENT

Understanding Improper Payments: Sustaining and Renewing the Commitment to Ending Improper Payments

Budget Execution and Performance Integration. ASMC PDI Prepare to Launch

OGR Biannual IT Scorecard

Certified Defense Financial Manager (CDFM)

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Budget Execution and Performance Integration Mini-Course #15A/B ASMC PDI

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

United States Department of the Interior

Department of Homeland Security Office of Inspector General

EXPORT PROMOTION. Better Information Needed about Federal Resources. Report to the Chairman, Committee on Small Business, House of Representatives

Delivering Clarity to Credit Unions Through Expertise and Experience

A New Federal Performance Framework

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Department of Homeland Security Federal Emergency Management Agency

ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey

GAO Comptroller General

GAO IMPROPER PAYMENTS. Weaknesses in USAID s and NASA s Implementation of the Improper Payments Information Act and Recovery Auditing

Applying COSO s Enterprise Risk Management Integrated Framework

Improper Payments in High-Priority Programs: In Brief

Lessons Learned from the Financial Crisis: Recent Developments in Insurance Regulation

OMB Circular A-11, Part II: Strategic Plans and Annual Performance Plans

CORPORATE RISK MANAGEMENT POLICY

Enterprise Risk Management for Water Utilities. Justin Carlton, CMA, MBA Financial Analyst Tualatin Valley Water District

SERIES 300 UNDER SECRETARY OF DEFENSE (COMPTROLLER) (USD(C))/CHIEF FINANCIAL OFFICER (CFO), DEPARTMENT OF DEFENSE

Enterprise Risk Management Balancing Risks & Identifying Opportunities WEBINAR

GUIDELINES for Fiscal Year 2016 Performance and Accountability Reports/ Agency Financial Reports. and

Auditing of Governmental and Not-for-Profit Organizations

Financial Audit Manual

Overview. Department of Audits and Accounts. Year at a Glance Emerging Issues. Enhancing Our Client Engagement

DEPARTMENT OF HEALTH AND HUMAN SERVICES. Office of Inspector General s Use of Agreements to Protect the Integrity of Federal Health Care Programs

ENTERPRISE. you be. Should. doing it? R I S K M A N A G E M E N T. actuaries.ca

SINGLE AUDIT UPDATE. Presented By Joel Knopp, CPA

Enterprise Risk Management From Book to Board Room

CRS Report for Congress

1st Capacity Building Seminar on Enterprise Risk Management

What Is Enterprise Risk Management?

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

GAO Fraud Risk Framework Rebecca Shea, Director Forensic Audits and Investigative Services

From Back Room to Board Room: Federal CFO Role in Managing the Cost of Government

CSB s Fiscal Year 2014 Purchase Card Program Assessed as High Risk

Department of Defense

Chief Financial Officers Council (CFO) Meeting minutes,

Tax governance in the Middle East Governing tax activity within your business

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS

ERM Sample Flashcards

FOCUS Fall Conference November 12-13, 2009 OMB UPDATE. (Plus ARRA) Bill Cole Audit Partner Cherry, Bekaert & Holland, LLP

An Introduction to Enterprise Risk Management. Mark Brown, SVP, Chief Financial Officer First Carolina Corporate Credit Union

IMMIGRATION DETENTION

SuperCircular and Budget and Accounting PIN

POLICY. Date initially approved: March, 2010 Date of last revision:

Procedures for Management of Risk

Energize Your Enterprise Risk Management

Now THAT YOUR ORGANIZATION'S INITIAL WORK

BUDGET PROCESS TIME LINE AND BUDGET ORDINANCE. Adopted by Resolution No (September 6, 1995) Amended by Resolution No (April 20, 2005)

ERM Capability A Rating Agency s View. David N. Ingram, CERA Director Enterprise Risk Management, Financial Services Ratings Standard & Poor s

TAX RISK MANAGEMENT AND CONTROL POLICY

AUDIT COMMITTEE CHARTER

GAO MANAGEMENT REPORT. Improvements Needed in Controls over the Preparation of the U.S. Consolidated Financial Statements. Report to Agency Officials

Recovery Accountability and Transparency Board Final Report to Congress on Activities Related to Hurricane Sandy Funds May 2015

Risk Management at ANZ

Managing Fraud and Other Risks in Federal Programs. Uniform Guidance Performance. Performance Metrics Audits

Alexander Hamilton Best Practices Summit. USAA Enterprise Risk Management

RISK MANAGEMENT POLICY

Department of Homeland Security Management Directives System MD Number: 1330 Issue Date: 02/14/2005 PLANNING, PROGRAMMING, BUDGETING AND EXECUTION

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Solving the Mystery USSGL. By Laura A. Logan, CPA, CGFM April 16, 2014

Best Practices Guide: Coordinating the Preparation and Audit of Federal Financial Statements

Presented by Kristina Narvaez President & CEO ERM Strategies, LLC

REPORT 2016/030 INTERNAL AUDIT DIVISION. Audit of project management at the United Nations Institute for Training and Research

Enterprise Risk Management (ERM) A Business Enabler or a Compliance Issue? Prepared by Nico Snyman MBA, FIRMSA, M.I.S) Chief Executive Officer (CEO)

Performance Metrics and Budgeting. Paul L. Posner George Mason University May 18, 2011

NAVAL POSTGRADUATE SCHOOL

2008 Cost Estimating Handbook

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

ERM: Lessons Learned and Tools Used from One University's Nearly 10-Year Implementation Journey. University Risk and Compliance

Risk An overview and MIS An audit Perspective

Excellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015

ERM and the new world of insurance regulation. Where insurers should focus now to find business value

TIBC Budget Formulation

Texas Workforce Commission

Finally ERM Made Easy: ERM for Dummies Has Evolved!

Jeffrey A. Slotnick CPP, PSP Ron Worman, The Sage Group The ESRM Commission

Summary Enterprise Risk Management Framework

Enterprise Risk Management (ERM) & Compliance

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

GAO SARBANES-OXLEY ACT. Consideration of Key Principles Needed in Addressing Implementation for Smaller Public Companies

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Guidance Note: Internal Capital Adequacy Assessment Process (ICAAP) Credit Unions with Total Assets Greater than $1 Billion.

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

WHITE PAPER. Solvency II Compliance and beyond: Title The essential steps for insurance firms

RESERVE BANK OF MALAWI

ERM/ORSA Training Thai General Insurance Association (TGIA)

Standard No. 110 VALUATION REPORTS. Report Disclosure Standards and Recommendations

Rethinking Federal Credit: Managing Loan and Loan Guarantee Programs in a Changing Environment. Thursday, May 17, 2018

Transcription:

OMB A-123 2016 Update Management s Responsibility for Internal Controls and Enterprise Risk Management March 29, 2016 Mark Reger Office of Federal Financial Management Office of Management and Budget

Evolution of Management Controls The Federal Managers Financial Integrity Act of 1982 (FMFIA) requires the General Accountability Office (GAO) to prescribe standards of internal control in the Federal Government, more commonly known as the Green Book. OMB to establish guidelines for agencies to evaluate their systems of internal control to determine FMFIA compliance, more commonly known as OMB Circular No. A-123, Management s Responsibility for Internal Control. Between 1982 and 2004 OMB A-123 focused on management controls across all business lines and operations. In 2004, OMB A-123 focused on financial reporting and avoided Sarbanes Oxley legislation to require internal control audits in the Federal Government. Since 2004 OMB A-123 has become known only as a financial reporting and compliance requirement. CXO/Operations Support Private sector embraces Enterprise Risk Management Now the federal government moves towards ERM. 2

A-123 History 1980 1985 1990 1995 2000 2005 2010 2015 1981 OMB First Issued Circular No. A-123, Internal Control Systems 1982 OMB Issued Internal Control Guidelines and the Federal Managers Financial Integrity Act was enacted 1983 OMB Issued an Updated Circular No. A-123, Internal Control Systems 1986 OMB Updated A-123 to Require Management Control Plans to guide efforts 1995 OMB updated A-123, Management Accountability and Control to reflect GPRA, CFO Act, IG Act 2004 OMB updated A-123, Management s Responsibility for Internal Control to reflect new internal control requirements for publicly-traded companies contained in the Sarbanes-Oxley Act of 2002; added Appendix A, Internal Control Over Financial Reporting. 2005 - CFO Council Issued A-123 Appendix A Implementation Guide and OMB Required Appendix A Implementation Plans 2006-OMB First Issued A-123 Appendix B for Government Charge Cards and Appendix C for Improper payments (Appendix C updates 2006 to 2014) 2013 OMB First Issued A-123 Appendix D for Compliance with the Federal Financial Management Improvement Act 2014 OMB updated A-11, Preparation, Submission, and Execution of the Budget and includes Enterprise Risk Management and Internal Control 3

New A-123 Structure A-123 Today A-123 Tomorrow OMB Circular 123/Appendix A Financial Reporting OMB Circular A-123 Internal Control and Enterprise Risk Management Appendix B, Charge Cards Appendix A, Reporting Appendix C, Improper Payments Appendix D, FFMIA Compliance Appendix B, Charge Cards Appendix C, Improper Payments Appendix D, FFMIA Compliance 4

Agency and Industry Input GAO Green Book Advisory Council, included CFO Council Representation (7/2013 to 9/2014) DOC, State, NSF, DOJ, DHS/IRS Three Agency Workgroups (11/2013 to 3/2014) USDA, DOJ, Ed CFO Council ERM Forum (April 2014) CFO Council ERM Project (2/2014 to 2/2015) HHS, Ed AGA Forum on Internal Control (9/2014) President s Management Council Briefing (5/2015) Provided A-123 to Agencies for Comment (6/2015) Partnership for Public Service ERM Event of Excellence (6/2015, 9/2015) CFO s, CRO s, GAO, Inspectors General 5

Assessing Internal Control Updated Integrated Internal Control Framework. Agencies need to integrate and coordinate risk management and internal control efforts across the enterprise and between management silos. Assessment of Entity Level Controls. Internal control at the entity level refers to the Green Book s five components of internal control must be effectively designed, implemented, and operating, and operating together in an integrated manner, for an internal control system to be effective. The Green Book s 17 principles support the effective design, implementation, and operation of the associated components and represent requirements necessary to establish an effective internal control system. Updated Sources of Documentation. The agency head's assessment of internal control can be documented using a variety of information sources. Green Book Components of Internal Control and Principles 6

Correcting Internal Control Deficiencies Corrective Action Options. All control deficiencies pose some level of risk to an organization. The risk level could be minimal or material, and is determined by management s risk tolerance. There are a number of possible corrective action options which could include: Acceptance Avoidance Risk mitigation Transfer/sharing Corrective Action Requirements. Cooperative Audit Resolution and the Role of an Audit Committee. 7

Reporting on Internal Control Assurance Statement Reporting Today Assurance Statement Reporting Tomorrow FMFIA Section 2, Internal Control Over Operations FMFIA Section 2, Internal Control Over Financial Reporting FMFIA Section 4, Financial System Conformance FFMIA, Section 803 (a) Requirements Federal Financial Management System Requirements; Applicable accounting standards; and The USSGL at the transaction level. Internal Control Over Operations (FMFIA Section 2) Internal Control Over Financial Reporting and Compliance with the FFMIA FMFIA Section 2, Internal Control Over Financial Reporting FMFIA Section 4, Financial System Conformance 8

Moving From Compliance to Managing Risks Check the Box (A-123 Today) Compliance with New GAO Internal Control Standards Treating Risk as only Negative Heavy Emphasis on Financial Reporting CXO/Operations Support Regarding Risk Management as Separate Check the Box on 3 Year A-123 Assessments Proactively Managing Risks (A-123 Tomorrow) Risk Based Approach with New Internal Control Standards Defining risk as both positive (e.g., taking on risk to improve government services) and negative Balanced Emphasis on Financial Reporting and Mission Support Integrating Risk Management and Internal Control Manage Risks Across Organizational Structures 9

A-123: The Foundation for ERM Risks and Uncertainty Strategic Operational Reputational Financial Etc. Strategic Decisions (OMB A-11) Budget Decisions (OMB A-11) Mission/Vision Goals Setting Objective Setting Strategic Reviews Policy President s Budget Congressional Justification Program Management (OMB A-11) Cross Agency Priority Goals Agency Priority Goals Fed Stat CXO/Operations Support (OMB A-123) Operational Control Objectives Reporting Control Objectives Compliance Control Objectives Risk Assessments 10

Relationship of Enterprise Risk Management to Internal Control Governance ERM Internal Controls First Introduced in OMB Circular A-11, FY 2014 A-123 and A-11 introduce an ERM Framework to support performance management and better guide internal controls Source: COSO 11

Best Practices 1. ERM and A-123 should co-exist but not as stand-alone activities 2. Senior management buy-in of ERM value is essential 3. Implement a Risk Management Framework and phased ERM Implementation approach 4. Establish an objective organizational accountability structure 5. Establish/leverage formal governing bodies where they exist 6. Establish a culture of risk reward 7. Make better use of data analytics 8. Quantify the impact of past risk events 9. Engage performance, strategic, risk management, budget activities simultaneously 10. Document risk decisions and the rationale for managing risk 13

Next Steps: Enterprise Risk Management Playbook I. Introduction II. Enterprise Risk Management Framework III. Enterprise Risk Management Governance Structure IV. Managing Risks On A Portfolio Basis Across An Agency V. Best Practices VI. Tools and Templates CXO/Operations Support 13

Implementing an ERM Framework Drafted by the ERM Steering Committee Draft will be socialized with groups such as the Partnership for Public Service and the CXO Councils Provides a guide on where to get started with ERM Designed as reference to be used to develop tools, templates, and promote best practices Similar to OMB s 2004 Internal Control Process and CFOC s A- 123 Implementation Guide Products 14

Next Steps: ERM Training What is Enterprise Risk Management? What is a CRO and what are the roles and responsibilities of the CFO and other CXOs (i.e., good governance)? What does success look like? What are the best practices? Overview of ERM Standards. Comparisons between COSO and ISSO (not vs.). The link between ERM and Internal Control Standards. What are the tools and templates of ERM? How do I get started? Do I have to do it all at once, what s a How to build ERM into CXO/Operations existing sample maturity model? Support processes rather than add on? Strategic Foresight. What role do inspector generals play in ERM? What are the road rules for management engagement of inspector generals in ERM? 15

Enterprise Risk Management Model Risk Environment /Context State and Local Governments 1. Establish Context 6. Monitor and Review 2. Identify Risks Communicate and Learn 5. Respond To Risks 3. Analyze and Evaluate 4. Develop Alternatives Extended Enterprise Administration Policy 16

OMB A-123, Appendix A, Internal Control Over Reporting Coming Summer 2016 External Financial Reporting Internal Financial Reporting External Non- Financial Reporting Internal Non- Financial Reporting Internal Control Over Reporting Objectives Entity Level Controls Reports to be included in the assessment (e.g., USA Spending) Service Organizations Fraud Evaluating Control Deficiencies Source: COSO 17

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback