our clients€¦ · morganfranklin consulting is working with our clients to determine the path...
TRANSCRIPT
Our ClientsConsumer Product Safety Commission
Corporation for National and Community Service
Department of Agriculture
Department of the Air Force
Department of the Army
Department of Labor
Department of the Navy
Department of Veterans Affairs
Office of Personnel Management
Pension Benefit Guaranty Corporation
Securities and Exchange Commission
U.S. Marine Corps
A-123 TODAYThe recent update to Office of Management and Budget (OMB) Circular
A-123 Appendix A provides agencies with flexibility to move from a historically
rigid internal control compliance program to one that focuses on value-add
mitigation of risk and supports transparency and data quality in the Agency’s
reports. To focus on the most significant Agency priorities, this movement
should be integrated with the Agency’s Enterprise Risk Management (ERM)
processes. This is not a simple task and will likely be an ongoing multi-year
process as each Agency’s internal control, ERM, and data quality efforts
continue to mature.
• Integrated metrics to monitor risk and performance
• Culture that embraces open discussion of risk
• Project and Program Management
• Strong Risk and Internal Control Governance Structure
• Leverage existing efforts and structure
• Strong Change Management
• An environment of self-assessment and reporting of challenges and deficiencies
Success Factors
MorganFranklin Consulting is working with our clients to determine the
path forward to realign existing compliance programs to meet the new
requirements. Regardless of your Agency’s status, we have the right
professionals needed to devise a sustainable solution that helps your
Agency achieve an optimal value-driven internal control program.
BACK TO THE FUTURETHEN NOW
Financial ReportingAll reporting—including internal, external, financial, non-financial (operations/mission)
Assessment of controls at the process level
• Integrate ERM and internal controls over reporting
• Materiality determined based on significance of reports
• Assessment of Green Book principles
• FMFIA Assurances
• Separate Internal Control over Financial Reporting Assurance
• FMFIA Assurances
• Risk Profile
• Data Quality Plan
FOCU
S FOCUS
SCO
PESCO
PERE
PORT
ING REPO
RTING
What is Still Required?Agencies are still required to present management assurances, along with a report
on identified material weaknesses and corrective actions. Agency management remains
responsible for determining and maintaining internal control activities and whether
materiality thresholds align with the level of control activities needed to provide
reasonable assurances.
Digital Accountability and Transparency Act
Fed
eral
Man
ager
’s F
inan
cial
Inte
gri
ty A
ct
Fraud Reduction and Data Analytics ActGAO Green Book
Federal Financial M
anagem
ent Imp
rovem
ent Act
Risk Management Council
Senior Management Council
Planning & Scoping Testing Remediation Reporting
Agency Statement of
Assurance
• Data Quality Plan• Manual Data Quality Controls for Federal Spending• ITGC relating to Data Quality
Data QualityEnterprise RiskManagement
!
INTERNAL CONTROL PROGRAM
KEY REPORTS
External
Internal
Financial
Non-financial
• Reporting (App A)• Charge Cards (App B)• Payment Integrity (App C) • Financial System (App D)• Entity Level (Green Book)• CAPs• Management’s Internal Control Assessment
Internal Control
Management’s Internal Control Assessment
AU 1Statement of
Assurance
Assessable Unit Internal Control Form
Section 1 — General Information
AU 2Statement of
Assurance
Assessable Unit Internal Control Form
Section 1 — General Information
AU 3Statement of
Assurance
Assessable Unit Internal Control Form
Section 1 — General Information
• Risk Profile• Risk Register
OMB Circular A-123
SELF-ASSESSMENT
1 Identified all significant key reports?
1 Integrated risk management into performance and strategic
review processes?
1 Assessed risk and control environment using an
integrated ERM and internal controls maturity model?
1 Developed an Entity Level Controls assessment that serves
as a feedback loop to inform risk management activities and
strengthen controls to meet FMFIA objectives?
1 Developed a risk-based approach and/or data tools for
assessing risks in existing systems, processes and data quality to
meet reporting objectives?
1 Established an approach to develop its Data Quality Plans at the
component and Agency levels?
1 Established a risk governance structure to effectively manage
systems, data/reporting, operational, and financial risks?
1 Assessed the challenges in your data environment (e.g.
population, structured vs un-structured data, data oversight,
mitigating OIG DATA Act findings)?
1 Leveraged risk and data tools to identify and eliminate
duplicative and unnecessary processes that do not address
risks?
Have you considered whether your Agency has…
Our ClientsConsumer Product Safety Commission
Corporation for National and Community Service
Department of Agriculture
Department of the Air Force
Department of the Army
Department of Labor
Department of the Navy
Department of Veterans Affairs
Office of Personnel Management
Pension Benefit Guaranty Corporation
Securities and Exchange Commission
U.S. Marine Corps
morganfranklin.com