Presentation on theme: "OMB Circular A-123, Appendix A"— Presentation transcript:
1OMB Circular A-123, Appendix A Adam GoldbergOffice of Federal Financial ManagementOffice of Management and Budget
2“Corporation: An ingenious device for obtaining profit without individual responsibility.” Ambrose BierceUnfortunately, this is the perception of corporate America today. The scandals in corporate America have prompted everyone to re-evaluate what controls are in place to detect and prevent fraud, waste, and abuse.
3John Greenleaf Whittier “As a small businessperson, you have no greater leverage than the truth.”John Greenleaf WhittierI particularly like this quote because of its simple, but powerful message.Whether we focus on large corporations, Federal departments and agencies, or small businesses, this quote is applicable to all of them.This is also the intent and message of the requirements in OMB Circular No A requiring management to assess its internal control environment and to report truthfully on its effectiveness and then work to improve deficiencies identified.
5Circular A-123A-123 was revised in December 2004 to incorporate Sarbanes-Oxley Section 404 principles into federal financial management.Revision deals primarily with internal controls over financial reporting.Revised A-123 effective FY2006.FMFIA and original A-123 guidance required establishing internal controls and administrative accounting.A-123 was revised in December of 2004 to incorporate Sarbanes-Oxley principles into federal financial management. The revision deals with internal controls over financial reporting and audit requirements.Revised A-123 guidance added Appendix A which requires management to separately assess, test, document, and report internal control over financial reporting.Revised A-123 requirements are effective starting this fiscal year, 2006.
6OMB Circular No. A-123 Original Guidance Management Assurance Self AssessmentDocumentationAnnual ReportingRevised GuidanceManagement AssuranceSelf AssessmentEnhanced DocumentationAnnual ReportingNew Appendix ATesting for Reasonable AssuranceAdditional Assurance for Internal Control over Financial ReportingNew RequirementsAppendix A, Internal Control over Financial ReportingDocumentation of assessment methodology, key processes and controls, testing resultsDirect testing by managementNew assurance statement; subset of FMFIA assurance statementAs of June 30; updated through PAR submission
7A-123, Appendix A vs. Sarbanes-Oxley Management ResponsibilityA-123, App AEnhanced Financial DisclosuresSOX 404WhoAgency ManagementCorporate ManagementWhatEstab & Maintain ICOFRProvide Reasonable Assurance Statement of ICOFRProvide Assurance Statement of Management’s Responsibility for ICOFRStatement of Effectiveness of IC StructureAuditor Attestation Report on Management’s AssessmentWhenFiscal Year 2006Year-ending on or after Nov. 15, 2004How OftenAnnualSarbanes-Oxley has been in effect longer than the A-123 revisions. To compare, both require an assurance statement of Internal Controls Over Financial Reporting (ICOFR). Notice, however, that there are differences:A-123 requires a reasonable assurance statement while Sarbanes-Oxley requires an Assurance Statement of Responsibility.A-123 does not require a Statement of Effectiveness of the Internal Control (IC) Structure.Finally, A-123 also does not require and an Auditor Attestation which is a Report on Management’s Assessment.
8Similarities (Sarbanes-Oxley/A-123) Focus is on internal controlsPurpose is for reliable financial reporting and effective, efficient operationsResponsibility falls primarily on managementThe major principles of Sarbanes-Oxley are reflected in A-123.The focus is on internal controlsThe purpose is for reliable financial reporting and effective, efficient operations.Finally, the responsibility for reliable financial reporting and effective operations is placed on management.
9Differences (Sarbanes Oxley/A-123) Criminal penaltiesSeparate audit of internal controls over financial reportingHowever, there are distinct differences between A-123 and Sarbanes-Oxley:A-123 does not carry criminal liability for managersA-123 does not require a separate audit for control structures with the exception of the Department of Homeland Security (DHS). Instead of a separate internal control audit, A-123 requires a “management assurance” statement. This statement is considered sufficient in place of the separate audit unless an agency repeatedly fails to correct known deficiencies.
10Differences in Implementation: Federal vs. Private All transactions in the federal government must have legal authority (prescribed by law).Goals and motivations of federal agencies differ from their private sector counterparts.Federal Agencies already subject to a web of laws to promote prudence and accountability (before Sarbanes-Oxley or A-123 revision)You may wonder why A-123 differs from Sarbanes-Oxley at all. Well, the differences stem from the differences of the sectors: Public (federal) versus Private.First, private companies are PROSCRIBED by law. Meaning, they have the authority to make purchases, etc. unless expressly ILLEGAL. In the Public sector, on the other hand, purchases are PRESCRIBED meaning there are more regulations, policies and procedures all intended to ensure that all fiscal and budgetary actions are legal.Federal agency leaders are held responsible performance and accountability while private sector leaders are held accountable for the bottom line. Because the public sector managers are more concerned with performance than the bottom line, there is less risk of financial data manipulation in the public sector.Finally, Federal Agencies were already subject to a web of laws that promote principles similar to those of Sarbanes-Oxley. (See Next Slide “Puzzle Pieces”)
11Puzzle Pieces of Federal Internal Control Framework FMFIAGPRACFO ActIG ActFFMIAFISMAIPIASingle Audit ActClinger-Cohen ActA-123GAO Green BookAs you can see, there are a number of laws and regulations that govern federal financial management. Collaboratively, these laws and regulations can work together to solve the “puzzle” of an internal control framework that enable agencies to provide reliable financial reporting and effective, efficient operations.Notes:FMFIA- Federal Management Financial Integrity and AnalysisCFO Act, As amended.FFMIA-Federal Financial Management Improvement Act of 1996.IPIA-Improper Payments Information Act of 2002GPRA-Government Performance and Results ActIG Act of 1978, As AmendedFISMA-Federal Information Security Management Act of 2002.Single Audit Act, As AmendedClinger-Cohen Act of 1996COSO- Committee of Sponsoring Organizations (control framework)A-123- Appendix A, As Amended.