Our ClientsConsumer Product Safety Commission

Corporation for National and Community Service

Department of Agriculture

Department of the Air Force

Department of the Army

Department of Labor

Department of the Navy

Department of Veterans Affairs

Office of Personnel Management

Pension Benefit Guaranty Corporation

Securities and Exchange Commission

U.S. Marine Corps

A-123 TODAYThe recent update to Office of Management and Budget (OMB) Circular

A-123 Appendix A provides agencies with flexibility to move from a historically

rigid internal control compliance program to one that focuses on value-add

mitigation of risk and supports transparency and data quality in the Agency’s

reports. To focus on the most significant Agency priorities, this movement

should be integrated with the Agency’s Enterprise Risk Management (ERM)

processes. This is not a simple task and will likely be an ongoing multi-year

process as each Agency’s internal control, ERM, and data quality efforts

continue to mature.

• Integrated metrics to monitor risk and performance

• Culture that embraces open discussion of risk

• Project and Program Management

• Strong Risk and Internal Control Governance Structure

• Leverage existing efforts and structure

• Strong Change Management

• An environment of self-assessment and reporting of challenges and deficiencies

Success Factors

MorganFranklin Consulting is working with our clients to determine the

path forward to realign existing compliance programs to meet the new

requirements. Regardless of your Agency’s status, we have the right

professionals needed to devise a sustainable solution that helps your

Agency achieve an optimal value-driven internal control program.

BACK TO THE FUTURETHEN NOW

Financial ReportingAll reporting—including internal, external, financial, non-financial (operations/mission)

Assessment of controls at the process level

• Integrate ERM and internal controls over reporting

• Materiality determined based on significance of reports

• Assessment of Green Book principles

• FMFIA Assurances

• Separate Internal Control over Financial Reporting Assurance

• FMFIA Assurances

• Risk Profile

• Data Quality Plan

FOCU

S FOCUS

SCO

PESCO

PERE

PORT

ING REPO

RTING

What is Still Required?Agencies are still required to present management assurances, along with a report

on identified material weaknesses and corrective actions. Agency management remains

responsible for determining and maintaining internal control activities and whether

materiality thresholds align with the level of control activities needed to provide

reasonable assurances.

Digital Accountability and Transparency Act

Fed

eral

Man

ager

’s F

inan

cial

Inte

gri

ty A

ct

Fraud Reduction and Data Analytics ActGAO Green Book

Federal Financial M

anagem

ent Imp

rovem

ent Act

Risk Management Council

Senior Management Council

Planning & Scoping Testing Remediation Reporting

Agency Statement of

Assurance

• Data Quality Plan• Manual Data Quality Controls for Federal Spending• ITGC relating to Data Quality

Data QualityEnterprise RiskManagement

!

INTERNAL CONTROL PROGRAM

KEY REPORTS

External

Internal

Financial

Non-financial

• Reporting (App A)• Charge Cards (App B)• Payment Integrity (App C) • Financial System (App D)• Entity Level (Green Book)• CAPs• Management’s Internal Control Assessment

Internal Control

Management’s Internal Control Assessment

AU 1Statement of

Assurance

Assessable Unit Internal Control Form

Section 1 — General Information

AU 2Statement of

Assurance

Assessable Unit Internal Control Form

Section 1 — General Information

AU 3Statement of

Assurance

Assessable Unit Internal Control Form

Section 1 — General Information

• Risk Profile• Risk Register

OMB Circular A-123

SELF-ASSESSMENT

1 Identified all significant key reports?

1 Integrated risk management into performance and strategic

review processes?

1 Assessed risk and control environment using an

integrated ERM and internal controls maturity model?

1 Developed an Entity Level Controls assessment that serves

as a feedback loop to inform risk management activities and

strengthen controls to meet FMFIA objectives?

1 Developed a risk-based approach and/or data tools for

assessing risks in existing systems, processes and data quality to

meet reporting objectives?

1 Established an approach to develop its Data Quality Plans at the

component and Agency levels?

1 Established a risk governance structure to effectively manage

systems, data/reporting, operational, and financial risks?

1 Assessed the challenges in your data environment (e.g.

population, structured vs un-structured data, data oversight,

mitigating OIG DATA Act findings)?

1 Leveraged risk and data tools to identify and eliminate

duplicative and unnecessary processes that do not address

risks?

Have you considered whether your Agency has…

Our ClientsConsumer Product Safety Commission

Corporation for National and Community Service

Department of Agriculture

Department of the Air Force

Department of the Army

Department of Labor

Department of the Navy

Department of Veterans Affairs

Office of Personnel Management

Pension Benefit Guaranty Corporation

Securities and Exchange Commission

U.S. Marine Corps

morganfranklin.com