Presentation on theme: "How Does EVERY Manager Get Involved?”"— Presentation transcript:
1How Does EVERY Manager Get Involved?” “OMB Circular A-123How Does EVERY Manager Get Involved?”
2Philip J. Giza FMS Senior Accountant Financial Management Services Program Support CenterDepartment of Health & Human Services
3Association of Government Accountants Richmond ChapterHenrico Training Center, Richmond, VAOMB Circular A-123 -How Does EVERY Manager Get Involved?Wednesday, May 16th, 20078:45 am to 9:35 amPhilip J. Giza
4SOXSOX or Sarbanes-Oxley or Sarbanes-Oxley of 2002 or section 404 of the Sarbanes-Oxley Act of 2002 was enacted in response to corporate accountability failures of the past several years and contains a provision calling for management’s assessment of internal control over financial reporting similar to the long-standing requirements for executive branch agencies in 31 U.S.C. § 3512 (c),(d), commonly referred to as the Federal Managers’ Financial Integrity Act (FMFIA), to issue annual statements of assurance over internal control in the agency.Opinions on internal control over financial reporting as required by the Sarbanes-Oxley Act for publicly traded companies are important to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.Regulators, public companies, audit firms, and investors generally agree that the Sarbanes-Oxley Act of 2002 has had a positive and significant impact on investor protection and confidence.At the same time, the costs associated with the Sarbanes-Oxley Act have been significant and additional steps should be taken to improve the efficiency and cost-effectiveness of its implementation.
5SOX to A-123In initiating the revisions to Circular No. A-123, OMB cited the new internal control requirements for publicly traded companies that are contained in section 404 of the Sarbanes-Oxley Act of 2002.Federal agencies also have a duty to attain and maintain the public’s trust and confidence.Specifically, federal agencies have a stewardship obligation to prevent fraud, waste, and abuse; to use tax dollars appropriately; and to ensure financial accountability to the President, the Congress, and the American people.In the broadest context, internal control represents an organization’s plans, methods, and procedures used to meet its missions, goals, and objectives and serves as the first line of defense in safeguarding assets and preventing and detecting errors, fraud, waste, abuse, and mismanagement.
6Circular A-123: Background Federal Managers’ Financial Integrity Act (FMFIA) of 1982 and its implementing regulation, OMB Circular A-123Rigorous Implementation of the 1980s - ->- - > Focus shifted to CFO Act Audits in 1990sCorporate Scandals led to Sarbanes-Oxley Act of 2002 (SOX) and Revised OMB Circular A-123 (December 2004)Revised Circular A-123 Requires Management to Assess, Test, Document, and Report on Internal Controls Over Financial Reporting (ICOFR) by using prescribed methodology included in Appendix A
7A-123 New & ImprovedThe Office of Management and Budget (OMB) revised its Circular Number A-123, in December 2004 (effective beginning with fiscal year 2006) to:strengthen the requirements for conducting management’s assessment of internal control over financial reporting.Major revisions contained in Appendix A of the circular:include requiring CFO Act agency management to annually assess the adequacy of internal control over financial reporting,provide a report on identified material weaknesses and corrective actions,and provide separate assurance on the agency’s internal control over financial reporting.
8Federal Agencies = 15 Departments and ~ 86 Independent Agencies Federal Legislative History: Integration and Coordination with Other Control ActivitiesFederal Agencies = 15 Departments and ~ 86 Independent Agenciesare subject to numerous legislative and regulatory requirements that promote and support an effective internal control structure.Management should coordinate and integrate the Internal Control over Financial Reports (ICOFR) assessment with these reviews, including FMFIA and other existing internal reviews to leverage the benefit of work already being performed and avoid duplication of effort.
9Examples of existing control-related activities include those listed below. Federal Managers’ Financial Integrity Act of 1982 (FMFIA);Federal Financial Management Improvement Act of 1996 (FFMIA);Chief Financial Officers Act of 1990, as amended (CFO Act);Improper Payments Information Act of 2002 (IPIA);Section 831 of the Defense Authorization Act of 2002 (Recovery Auditing);Single Audit Act, as amended;Inspector General Act of 1978 (IG Act);Federal Information Security Management Act of 2002 (FISMA);Information Technology Management Reform Act of 1996 (Clinger Cohen Act)Enterprise Architecture Documentation; andFinancial Management Systems Documentation.
10OMB A-123 Related Legislation & Regulatory Requirements Integration and Coordination with Other Control Activities (another view)Accounting and Auditing Act of 1950The Grandfather of legislation for Internal ControlsFederal Financial Management Improvement Act of 1996 (FFMIA)An Act to amend the Accounting and Auditing Act of 1950 to require ongoing evaluations and reports on the adequacy of the systems of internal accounting and administrative control of each executiveand others are:Chief Financial Officers Act of 1990, as amended (CFO Act);Improper Payments Information Act of 2002 (IPIA);Section 831 of the Defense Authorization Act of 2002 (Recovery Auditing);Single Audit Act, as amended;Inspector General Act of 1978 (IG Act);Federal Information Security Management Act of 2002 (FISMA);Information Technology Management Reform Act of 1996 (Clinger Cohen Act)Enterprise Architecture Documentation; andFinancial Management Systems Documentation.
11An Agency’s FMFIA assessment should … Consider the work done to comply with these various statutes, as well as the laws and regulations identified in the ICOFR Process.Use that information to determine the extent to which such work contributes to the overall assessment and whether any deficiencies identified should be included in the FMFIA report.
12Assessment of Internal Controls Administrative and Program Compliance The assessment of internal controls over operations (administrative and program) reports whether those controls are operating effectively.The assessment is based:on general management knowledge gained from daily operations of agency programs and systems,management reviews to assess internal controls,and other available sources.
13General Management knowledge for a Federal Agency can and should include the following: Audits of financial statements under the Chief Financial Officers Act of 1990, as amended (CFO Act);IG and GAO reports;Reviews of financial systems under Federal Financial Management Improvement Act of 1996 (FFMIA) or OMB Circular A-127, Financial Systems;Annual evaluations under Federal Information Security Management Act of 2002 (FISMA) and OMB Circular A-130, Management of Federal Information Resources;Government Performance and Results Act (GPRA) annual performance plans and reports;
14And also the following sources: Program Assessment Rating Tool (PART) Assessments;Improper Payments Information Act of 2002 (IPIA) risk assessments and reports;Single audit reports;Management reviews with internal control assessment as a by-product;Reports and other information provided by Congressional committees;Program evaluations;Other reviews or reports related to Federal Agency operations; andResults from tests of key controls performed as part of the ICOFR assessment under Appendix A.
15The content and source of survey tools, testing instruments, etc The content and source of survey tools, testing instruments, etc. used by the program manager should be coordinated through an Internal Control Officer.For FMFIA, A-123 requires that agency managers and employees identify deficiencies in internal controls from the sources listed above and the results of their internal control assessment process and report the control deficiencies.Management must document the findings/conclusions of all Internal Control Reviews and ensure that such evaluations/self-assessments are adequately planned and coordinated.All reports, work papers, correspondence, and related memoranda are to be maintained by the sub-organization and readily available for inspection by the Agency.
16Congress recognized the importance of internal controls. 57 years ago,the Budget and Accounting Procedures Act of 1950 became the first major act to place primary responsibility for establishing and maintaining internal control squarely on the shoulders of MANAGEMENT.
17And to put all of therelated A-123 historyinto perspective,the first major Accounting Act occurred 57 years ago and …
18… Jamestown, Virginia was settled 400 years ago, on Monday, May 14th, 1607.
19Federal Government-Wide Results: FY 2006 Status of the Implementation of A-123, Appendix A = All 24 CFO Act agencies or 100% completed first year of A-123 implementation.16 of the 24 CFO Act agencies or 66% implemented a full scope A-123 assessment (testing all key processes)8 of the 24 CFO Act agencies or 33% implemented a multi-year phased-in assessment (testing a portion of the key processes) and provided plans for testing the remaining processes within three years.Government-wide internal control material (FMFIA) weaknesses increased by 12% from 2005.
20Government-Wide Results: FMFIA Issues Identified by Agency Heads as of FY 2005 and FY 2006 = Section 2Overall InternalControl WeaknessesSection 4SystemsNonconformances20052006Beginning83681516New20366Resolved3324Consolidated15Reassessed3Ending8014
21Why did the Federal material weaknesses increase in 2006? Transparency was achieved in many agencies?Federal Agencies successfully reached the non-accountant/financial managers who are provided more of the organization’s vulnerabilities or “hidden” issues?Amnesty was given in 2006; turn in your “findings” and no (or few) questions are asked in 2006?“Show us now or show others later” was explained well?Process/Cycle memos’ documented procedures in 2005 showed the discovered anomalies in managers’ processes?
22Corrective Action Plan or CAP (guideline examples for your consideration) Year the issue was first identifiedOrganization official to monitor progressProgress performance indicatorsQuantifiable target or milestone progressOriginal targeted corrective action dateRevised targeted corrective action dateActual corrective action date
23Why have we not solved ALL of the accounting IC issues since the first OMB A-123 in 1983? Did we have the right people with the right skills in the right positions?Did we listen to the “noise?.”Did we bring “bad” news out ASAP & “fix” the process and not the people?Could the “Feds” consolidate their A-123 related legislation, Acts, etc.? Are there too many?There are KEY legislations, acts, and circulars, and documents that have invented the financial wheel.There is some overlap, duplication, or redundancy that has occurred over the last 57 years.Could Revised OMB A-123 be the start of a consolidation process?
24Highlights of GAO T, a report to the Subcommittee on Government Management, Finance, and Accountability, Committee on Government Reform, House of RepresentativesInternal control is at the heart of accountability for our nation’s resources and how effectively government uses them.The testimony –outlined the importance of internal control,summarized the Congress’s long-standing interest in internal control and the related statutory framework,discussed GAO’s experiences and lessons learned from agency assessments since the early 1980s,and provided GAO’s views on the Office of Management and Budget’s (OMB) recent revisions to its 2004 Circular A-123.
25GAO highlighted six issues important to successful implementation of the revised Circular, specifically, the need for:supplemental guidance and implementation tools;2. vigilance over the broader range of controls covering program objectives;3. strong support from MANAGERS through out the agency, and at all levels;4. risk-based assessments and an appropriate balance between the costs and benefits of controls;5. management testing of controls in operation to assess if they are designed adequately and operating effectively; and6. MANAGEMENT accountability for control breakdowns.
26What GAO said and found: Internal control represents an organization’s plans, methods, and procedures used to meet its missions, goals, and objectives and serves as the first line of defense in safeguarding assets and preventing and detecting errors, fraud, waste, abuse, and mismanagement.Internal control provides reasonable assurance that an organizations’ objectives are achieved through (1) effective and efficient operations, (2) reliable financial reporting, and (3) compliance with laws and regulations.
27Polling Question for you ! My organization has a comprehensive and coordinated approach to internal control management?Possible Answers:YesNoI do not know - I am just waiting for Joe K., Ester H., Mike B., Joe D., Mike W., and Valerie T. to speak after you.
28Circular A-123, Appendix AEvaluate Internal Control at the entity level using COSO Framework (GAO Checklist)Assess Tone at the TopPerform Risk AssessmentsEvaluate Internal Control at the Process, Transaction, or Application Level (Agency Guidance Manual)Identify and gain an understanding of Major Business CyclesIdentify and test significant cyclesThis work could also provide support for overall FMFIA assurance statement relating to operations and compliance objectives
292004 Revised A-123 Short Answer Who makes up your Organization’s “Board of Directors” (OMB-123 or Accounting Style)? Or Who was and is responsible under the Evolution of the A-123?1983 Original OMB A-123Answer = CFO, Senior Accountant, or anyone who was not wearing green eye shades and using columnar pads of paper (as PCs only started to became popular.)2004 Revised A-123Current Possible Answers = CFO Council, Oversight board, Governance Board, County Executives, and Financial and Program Stakeholders2004 Revised A-123 Short AnswerEvery MANAGER in the entire organizationFuture Answer for most agencies + Present Answer for a Select fewEveryone in the organization
30A COSO internal control framework for your ideas
31What is the Environment of your Organization? Tone at the top?Positive; process and results oriented; and “attack” the processes, not the messenger or the people?Documentation?Would we rather shred it or document it?Communication?Is there collaboration on financial, administrative, AND program issues?Are our employees and managers able to speak up when the find problems and situations?Is there a history of dialogue and honest communicationDo you get out of our cubicles, offices, and buildings, to meet face-to-face?Transparency?Your policy/themes or just your windows?Transitions?How did Jennifer Cavedo transition AGA Richmond Chapter to Joy Yeh?
32Marketing OMB A-123 and Internal Controls: Understanding your non-accounting audienceSimplifying the Accounting jargon …KISS (Keep it simple and short)
33Marketing OMB A-123 and Internal Controls: (continued) Legalese (noun) or Law Jargon =language that is typically used in legal documents, and is generally considered by lay people to be difficult to understand.Accounting Speak, Accountingese, or Accounting Jargon =language that is typically used in accounting documents, and is universally considered by lay people to be impossible to understand and boring to read.
34One example of the Marketing of A-123: The first draft of a letter I wrote to introduce the OMB A-123 to an Agency’s executives and sub-organizations’ executives, did NOT use these two words - “Internal Controls.”Why? (Their eyes would have …)The draft letter was not written “DOWN to the audience”, instead it was written “TO the audience.”Understanding our audience, brings us closer to successfully marketing to the managers we want to reach.In most of the Federal 13 Departments and 86 agencies, the focus is Program related and not Administrative. As accountants and finance types, we should, we must understand our customers to be able to relate and translate our “Accountingease” to their professional perspectives.
35How heavy is this bottle of water? What is your answer and how do you interpret what I am really asking and communicating in my question?
36Answers to questions depend on … How our customer interprets our communications.How comfortable he or she is with Accounting, Auditing Financial, and internal control terms.And hundreds of factors …
37The text book answer is … It depends on how long …This is how difficult it is for most of our customers to understand what we are attempting to accomplish when we ask our “A-123 questions.”Many of our customer managers are focused and involved with their own professions and not as much on “administrative support” functions and professions such as accounting, finance, etc.
38Marketing of OMB A-123’s concepts to our customers Who is our target audience in the Federal universe?What are the HR classifications of these managers or types of functions they manage?What are your organization’s major transaction cycles and sub-cycles.
39Next few slides will show = Major transaction cycles and their sub-cycles.This is similar to the “Old” JFMIP circle flowcharts.Examples of how sub-organizations could ensure that all significant financial statement accounts are covered and the key controls at the sub-cycle level are addressed.
40Examples of Sub-Cycles Major Transaction CycleExamples of Sub-CyclesFunds ManagementFund Balance with TreasuryInvestmentsFinancial ReportingGeneral Ledger MaintenanceAccount Analysis & ReconciliationNotes & Supplementary InformationExternal Financial ReportingContingenciesFinancial CloseoutBudget Execution and MonitoringExecutionMonitoringHuman Resources ManagementPayrollTime and AttendancePersonnel (Hiring/Terminating)BenefitsPurchasing and ProcurementRequests and AwardsReceipt of Goods/ServicesContracts MonitoringContract CloseoutsCash Disbursements / PaymentsRevenueBillingInteragency AgreementsNon-Exchange RevenueCash ReceiptsDisaster ReliefProgram Eligibility and CoverageObligations and BillingsClaims ProcessingReportingInventory ControlAcquisitionDistributionDisposalsInventory CountProperty ManagementCapital Acquisition RequestsDepreciationCapitalizationLeases (Operating or Capital)Grants ManagementCloseoutsMedicaidSCHIPPaymentsEntitlement Benefits Due and PayableMedicareMedicaid/SCHIPMedicare Advantage and Part DBenefits PaymentsMedicare Fee for ServiceMedicare AdvantagePart DSocial InsuranceTrust Fund ATrust Fund BTrust Fund D
41Human Resources, Human Capital, or Personnel Management - Examples Newly hired accountants and auditors must be able to identify, understand, and resolve legal and regulatory compliance issues.Develop tomorrow's stakeholders – identifying candidates with skills and backgrounds to work in the current environment.Pre-employment screening for all managers (and employees)Efficient Interview processesEmployment Investigation RequirementsPosition Descriptions that include financial responsibilities.
42Federal GrantsIn my previous position as the HHS director, my division paid out the grants for HHS and 12 other Federal Agencies. These grant funds (a $1 billion a work day) for 12 Federal Agencies continue to flow down through 32,000 accounts to the states and local areas, and to 127 other countries.To what degree do you believe I promoted internal control to my worldwide customers and stakeholders?
43Grant Payment And Cycle Memo - Examples (OPDIV = an operating division)
44RISK – Are our we or our managers ignoring A-123 issues? If so …What is the probability that the Washington Post or the Richmond Time-Dispatch will find out about this before you do as the CFO, accountant, auditor, or financial guru?Do you know your Newspaper/Internet factors and rating?
45My interpretations & presentations … of the numerous acts, circulars, legislation, documents and examples presented today are for teaching purposes. Use the tools presented to go back and read the intent and richness of the original documents.Present and market A-123 and its 57 years of historical support in a way that is meaningful and useful to each of your managers in the organizations you serve.
46Latest news on the non-governmental SOX & A-123. Will they be strengthened or diluted in 2007 and 2008?What is your opinion?Some people say,‘Where SOX and private industry goes,so shall the government.’What do you believe?
47Try one of these A-123 Sites: CFO Council’s “Implementation Guide for OMB Circular A-123.”The Audit Process (2nd Edition – January 3, 2005) by the HHS OIG’s Office of Audit Services (http://oig.hhs.gov/organization/OAS/OIGAuditProcess.pdfOMB Circular No. A-123, Management’s Responsibility for Internal Control, (http://www.whitehouse.gov/omb/circulars/a123/a123_rev.pdf)
48More Sites:CFO Council Implementation Guide for OMB Circular No. A-123, Management’s Responsibility for Internal Control, Appendix A, Internal Control over Financial Reporting (http://www.cfoc.gov/documents/Implementation_Guide_for_OMB_Circular_A-123.pdf)GAO: Standards for Internal Control in the Federal Government, November 1999, GAO/AIMD (http://www.gao.gov/special.pubs/ai00021p.pdf)GAO: Internal Control Management and Evaluation Tool, August 2001, GAO G (http://www.gao.gov/new.items/d011008g.pdf
49Contact these Organizations’ sites for their OMB A-123 perspectives: U.S. GovernmentFederal Departments & AgenciesFederal Office of Inspector Generals (OIGs)State & Local GovernmentsAccounting, Auditing, Consulting Corporations
50Thank You for your time and your input. Philip J. GizaDirect =Address:Department of HHSPhilip Giza, FMS5600 Fishers Lane, Suite 18B-45Rockville, MD
51OMB A-123 & Its Rich History … just the end of the Beginning.