1 / 23

OMB Circular A-123 (Appendix A) Implementation

OMB Circular A-123 (Appendix A) Implementation. 2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager. What is OMB Circular A-123?.

christian-zurlo
Télécharger la présentation

OMB Circular A-123 (Appendix A) Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OMB Circular A-123 (Appendix A)Implementation 2007 Activities Reviewing and Compiling control points for Site AART Presented to : Process Owners By Grace Huang, Project Manager

  2. What is OMB Circular A-123? • Provides Federal managers guidance on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on management controls* • Appendix A was added late 2005 with a focus of the management process for assessing internal control over financial reporting * From “Purpose and Authority” of Circular No. A-123

  3. Assurance reporting at different levels

  4. Material accounts Balance sheet Other Liabilities Accounts Payables Other Non-intragovernmental assets General Property, Plant, and Equipment Stmt of Net Costs World Class Scientific Research Capacity Reimbursable Programs Stmt of Financing Depreciation and Amortization Major processes Entity Controls Process Controls Budget to Close Procure to Pay Enterprise Resource Management Project to Asset Quote to Cash Site AART

  5. FY07 Timelines

  6. FY07 Timelines (Continued)

  7. New/Changed process? • Note any significant process change that may have been prompted by or resulted in any of the following • New regulations requiring additional controls to ensure compliance • Organizational changes in which new leadership has implemented new procedures or directives • Existing automated processes changed to manual ones Process owners are required to discuss any of the above with the implementation team

  8. Why • Hours required for testing activities in FY2006 • Agreed controls required clarification or revisions • Required resources to track the revised controls

  9. How to • Review the controls under the sub-processes rated “Moderate” and “Low” risks • Based on the way the control is worded, conclude the following: • What does the control accomplish (its objective)? • Is the control objective preventive, detective, or both in nature (Control Set Mode)? • Mark the key control(s) with two asterisks at the end of the sentence and list the key control(s) first • Re-rate the Control Set Design Effectiveness based on the new definition of the rating

  10. Key Controls/Controls Set • Key Controls are: Controls that have the greatest and most critical impact in mitigating risk occurrence • A control Set is A logical grouping of controls designed to mitigate a common risk statement

  11. Control Set Design Effectiveness

  12. Control Set Design Considerations • Design Effectiveness Rating Decisions should consider: • Degree of automation of the control set • Type and mode of control set • Frequency of execution of the control set • Existence of compensating controls • Risk Assessment rating • Relative exposure • Potential for risk occurrence

  13. How to • Design Effectiveness Rationale (An example) for a rating of 6 (control set designed effectively): Control set contains both manual and automated controls directly linked to key risks. The control set provides for preventive and detective controls to mitigate the risk and provides for identification of issues should the risk occur. The number of controls also appears adequate based on the level of risk.

  14. How to • Project team will determine the following for review: • The direct impact on the DOE entity-wide financial statements if the control is not able to mitigate the risk(s) involved • DOE entity-wide statements • Balance Sheet • Statement of Net Costs • Statement of Financing • In the event that the impact on the entity- wide financial statement is indirect, reference “Indirect impact”

  15. How to • The five financial statement assertions (project team will complete this for review):

  16. How to • Revising controls • When? • It is not possible to form a clear, concise control objective which addresses how the risk involved may be averted or detected • Lack of specificity in the Risk/Control set • Underlying business processes have changed prompting the controls to be changed or eliminated • Controls as worded are inaccurate depiction of the actual business processes and procedures • The Control Set Type (Auto vs. Manual) and Frequency have changed

  17. How to • A risk/control set – before and after Example (before): Risk: Improper orders can occur Control: Procurement supervisors review the purchase requisitions for any unallowable items and assign transactions to buyers. Buyers review transactions then source requisitions into purchase orders and place orders with vendors.

  18. How to • A risk/control set – before and after Example (After): Risk: Prohibited items may be ordered via LBNL Procurement systems Controls: Procurement supervisors review the purchase requisitions for any unallowable items. The DPU Supervisor signs off on monthly statement and reviews the backup documentation. Buyers review and approve those purchase orders within their delegated signature authority. SAS approvers review for any prohibited items and approve the requisitions.

  19. How to • How is after different from before? • A more clear control objective – prevents unallowable costs from incurring by preventing and/or detecting the requisition of prohibited items • Specific reference to multiple processes in which the control objective is achieved

  20. Our goals • To address the feedback from DOE HQ OMB A-123 Project Management Team (PMT) : • Most risk statements are detailed and well formed, but some lack specificity • While the control activities are defined, it is difficult to discern the control objectives. • To streamline effort for FY07 implementation activities by striving for more clear and concise control objectives

  21. Optional/Recommended • Efficiency Opportunities Identifier While the control set design may be effective, A-123 evaluations should also assess efficiency where possible. If during the course of the evaluation opportunities to improve the efficiency of controls are identified, record a “Yes” in the Efficiency Opportunities Column (Col. V). The nature of the potential efficiency should be recorded in the detailed A-123 Documentation.

  22. Design Efficiency Opportunities • Automation of manual controls • Elimination of duplicative controls • Consolidation of multiple controls into a more effective control • Alteration of control frequency • Transition from detective to preventive controls • Alignment of numbers and complexity of controls with level of risk

  23. Questions?

More Related