Presentation is loading. Please wait.

Presentation is loading. Please wait.

2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager OMB Circular A-123 (Appendix.

Published byTristan Grymes Modified over 9 years ago

Similar presentations

Presentation on theme: "2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager OMB Circular A-123 (Appendix."— Presentation transcript:

1 2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager OMB Circular A-123 (Appendix A) Implementation

2 What is OMB Circular A-123? Provides Federal managers guidance on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on management controls* Appendix A was added late 2005 with a focus of the management process for assessing internal control over financial reporting * From “Purpose and Authority” of Circular No. A-123

3 Assurance reporting at different levels DOE Headquarters Assurance Statement Chicago Field Office Roll up Site A-123 Assessment and Reporting Tool (AARTs) Assurance Statement LBNLSite AART

4 Material accounts  Balance sheet Other Liabilities Accounts Payables Other Non- intragovernmental assets General Property, Plant, and Equipment  Stmt of Net Costs World Class Scientific Research Capacity Reimbursable Programs  Stmt of Financing Depreciation and Amortization Major processes  Entity Controls  Process Controls Budget to Close Procure to Pay Enterprise Resource Management Project to Asset Quote to Cash

5 FY07 Timelines MilestonesDue Dates Internal Control training 10/1/2006 through 12/15/2006 Revised Site AART toolkit Mid December Review of Site AART data (including Financial Statement Assertion linkage) 12/15/2006 through 2/15/2007 OMBA-123 Webpage development 11/1/2006 through 12/31/2006 1st Quarterly reporting 1/5/2007 (tentative) Realignment of FY 2006 Data for new Site AART features 2/15/07 through 5/15/2007 Testing 2/15/2007 through 7/31/2007 2nd Quarterly reporting 4/6/2007 (tentative) Remediation of controls 2/15/2007 through 6/15/2007 3rd Quarterly reporting 7/6/2007 (tentative)

6 FY07 Timelines (Continued) MilestonesDue Dates Preliminary assurance reporting 8/10/2007 (tentative) Final assurance reporting 8/27/2007 (tentative) Periodic assessment team meeting Ongoing Quarterly Steering Committee meeting Ongoing Periodic status report to CFO Ongoing

7 New/Changed process? Note any significant process change that may have been prompted by or resulted in any of the following  New regulations requiring additional controls to ensure compliance  Organizational changes in which new leadership has implemented new procedures or directives  Existing automated processes changed to manual ones Process owners are required to discuss any of the above with the implementation team

8 Why Hours required for testing activities in FY2006 Agreed controls required clarification or revisions Required resources to track the revised controls

9 How to Review the controls under the sub-processes rated “Moderate” and “Low” risks Based on the way the control is worded, conclude the following:  What does the control accomplish (its objective)?  Is the control objective preventive, detective, or both in nature (Control Set Mode)?  Mark the key control(s) with two asterisks at the end of the sentence and list the key control(s) first  Re-rate the Control Set Design Effectiveness based on the new definition of the rating

10 Key Controls/Controls Set Key Controls are: Controls that have the greatest and most critical impact in mitigating risk occurrence A control Set is A logical grouping of controls designed to mitigate a common risk statement

11 Control Set Design Effectiveness Rating FY 2007 (New)FY 2006 (Old) 3 Significant Design Deficiency High probability of the risk occurring Material Weakness More than a remote likelihood of material misstatement of Financial Statement 4 Design Deficiency More than a remote possibility of the risk occurring Reportable Condition More than a remote likelihood and more than inconsequential misstatement of Financial Statement 5 Minor Design Deficiency Only a remote possibility of the risk occurring Control Deficiency The control will prevent or detect a misstatement of Financial Statements 6 Designed Effectively Less than a remote possibility of the risk occurring Designed Effectively The control will prevent or detect a misstatement of Financial Statements

12 Control Set Design Considerations Design Effectiveness Rating Decisions should consider:  Degree of automation of the control set  Type and mode of control set  Frequency of execution of the control set  Existence of compensating controls  Risk Assessment rating  Relative exposure  Potential for risk occurrence

13 How to Design Effectiveness Rationale (An example) for a rating of 6 (control set designed effectively): Control set contains both manual and automated controls directly linked to key risks. The control set provides for preventive and detective controls to mitigate the risk and provides for identification of issues should the risk occur. The number of controls also appears adequate based on the level of risk.

14 How to Project team will determine the following for review:  The direct impact on the DOE entity-wide financial statements if the control is not able to mitigate the risk(s) involved DOE entity-wide statements –Balance Sheet –Statement of Net Costs –Statement of Financing  In the event that the impact on the entity- wide financial statement is indirect, reference “Indirect impact”

15 How to The five financial statement assertions (project team will complete this for review): P resentation and disclosure Is it recorded in the right place? E xistence or occurrence Did it happen and when? R ights and obligations Do we own or owe what we think we do? C ompleteness and accuracy Is anything missing? V aluation or allocation Are the numbers right?

16 How to Revising controls  When? It is not possible to form a clear, concise control objective which addresses how the risk involved may be averted or detected Lack of specificity in the Risk/Control set Underlying business processes have changed prompting the controls to be changed or eliminated Controls as worded are inaccurate depiction of the actual business processes and procedures The Control Set Type (Auto vs. Manual) and Frequency have changed

17 How to A risk/control set – before and after Example (before): Risk: Improper orders can occur Control: Procurement supervisors review the purchase requisitions for any unallowable items and assign transactions to buyers. Buyers review transactions then source requisitions into purchase orders and place orders with vendors.

18 How to A risk/control set – before and after Example (After): Risk: Prohibited items may be ordered via LBNL Procurement systems Controls: Procurement supervisors review the purchase requisitions for any unallowable items. The DPU Supervisor signs off on monthly statement and reviews the backup documentation. Buyers review and approve those purchase orders within their delegated signature authority. SAS approvers review for any prohibited items and approve the requisitions.

19 How to How is after different from before?  A more clear control objective – prevents unallowable costs from incurring by preventing and/or detecting the requisition of prohibited items  Specific reference to multiple processes in which the control objective is achieved

20 Our goals To address the feedback from DOE HQ OMB A-123 Project Management Team (PMT) :  Most risk statements are detailed and well formed, but some lack specificity  While the control activities are defined, it is difficult to discern the control objectives. To streamline effort for FY07 implementation activities by striving for more clear and concise control objectives

21 Optional/Recommended Efficiency Opportunities Identifier While the control set design may be effective, A-123 evaluations should also assess efficiency where possible. If during the course of the evaluation opportunities to improve the efficiency of controls are identified, record a “Yes” in the Efficiency Opportunities Column (Col. V). The nature of the potential efficiency should be recorded in the detailed A-123 Documentation.

22 Design Efficiency Opportunities Automation of manual controls Elimination of duplicative controls Consolidation of multiple controls into a more effective control Alteration of control frequency Transition from detective to preventive controls Alignment of numbers and complexity of controls with level of risk

23 Questions?

Download ppt "2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager OMB Circular A-123 (Appendix."

Similar presentations

Auditing the Purchasing Process

Auditing the Purchasing Process
MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
AICPA SAS 112: Case studies and Intermediate Reporting Issues Presented by Frank Crawford, CPA Crawford & Associates, P.C.

AICPA SAS 112: Case studies and Intermediate Reporting Issues Presented by Frank Crawford, CPA Crawford & Associates, P.C.
Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated.

Using Internal Control to Manage Risk Mary C. Braun, CPA, CGFM Management Concepts, Incorporated.
The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
Managing Risk: A Framework and Reporting Cycle 2014.

Managing Risk: A Framework and Reporting Cycle 2014.
G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
Service Provider Support of Audit Readiness Office of the Under Secretary of Defense (Comptroller) March 14, 2011.

Service Provider Support of Audit Readiness Office of the Under Secretary of Defense (Comptroller) March 14, 2011.
Massachusetts Department of Elementary & Secondary Education

Massachusetts Department of Elementary & Secondary Education
Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
C. Conger 6/7/2011 Financial Management Assurance & OMB Circular A-123 Integration with Contractor Assurance at Fermilab OMB Circular A-123: Management's.

C. Conger 6/7/2011 Financial Management Assurance & OMB Circular A-123 Integration with Contractor Assurance at Fermilab OMB Circular A-123: Management's.
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.

New Audit Risk Standards Are You Ready? John P. Langan, CPA Principal in Charge Public Service Group Metro, DC Office LarsonAllen LLP.
SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.

SAS 112 – The Year After Presented by Chris Ray Partner - KPMG LLP KPMG LLP.
SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.

SAS 112 Update Chapter 9 Presented by Chris Ray, Partner KPMG LLP KPMG LLP.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit

Similar presentations

Ads by Google