120 likes | 404 Vues
Interior Implements Revised OMB Circular A-123--Appendix A: Internal Controls over Financial Reporting. DOI Business Conference Eric Eisenstein, Office of Financial Management. DOI A-123 – Status Outline. Approach – Top Down Assessment Process Operational Challenges Progress to Date
E N D
Interior Implements Revised OMB Circular A-123--Appendix A:Internal Controls over Financial Reporting DOI Business Conference Eric Eisenstein, Office of Financial Management
DOI A-123 – Status Outline • Approach – Top Down • Assessment Process • Operational Challenges • Progress to Date • Project Monitoring Tools • Moving Forward – Adding Value
Consolidated Control Environment PAR / Financial Reporting Approach – Top Down Independent Review and Analysis Integrated Internal Control Framework (A-123) Evaluation (GPRA, Single Audit, FMFIA) Reporting (CFO, GPRA, IPIA) Technology (FISMA, FFMIA, Clinger Cohen) Oversight (IG Act) Bureau Control Processes
The Interior Challenge Department of the Interior Increasing Demands in Service Areas • Documenting our Compliance with A-123 • Dealing with the Complexity of the Interior Business Environment • 64 Sub-functions Mapped to the OMB Business Reference Model • 10 Major Components • 2500 Business Locations • 16 Financial Systems • 27 Acquisition Systems • 107 Property Systems
Integrating Existing Processes • Retooling Existing Management Control and Performance Activities • Revised and Issued Updated Management Control Guidance • Developing More Efficient Approaches to Compliance with Multiple Requirements (Information Technology, etc.) • Capitalize on Expansive Bureau Control Reviews • New Processes Geared to Financial Reporting Controls • Tied SES and Employee Performance to A123 Delivery • Instituted Implementation Monitoring Process
What We Have Done • Expanded the Interior Management Control and Audit Follow-up Council to Include the CIO and Procurement Executive • Organized a Senior Assessment Team • Develop a Detailed Plan and Methodology • Meld Bureau Efforts into an Interior Approach • Defined the Methodology and Materiality Level • Identified Significant Account Groups to Test, and Identifying the Major Risks • Identified Business Processes and Subprocess; Currently Documenting • Engaged a Contractor for Assistance
The Nuts and Bolts • Obtain A Clear Understanding of Departmental Requirements to Facilitate a Top Down Approach • Process Documentation • Identifying Process Owners • Linking Transactions, Accounts, Financial Statement Line Items, and Other Key Reports • Identify Significant Line Items • Identifying Key Controls
DOI Implementation Schedule • Tight Deadline for Compliance • Planning Nearly Complete • Finalizing Assessment Plan • Assessment Began in February 2006 • Testing Began March and End July 2006 • Summarizing Results in July 2006 • Reporting in August 2006
Next Steps – Instilling Management Controls Culture and Repetitive Processes • Maintain Management Involvement and Support • Develop and Increase Automated Control Activities/Processes Using Systems • Improve Process Maturity- Improve Risk Assessment Quality, Enhance Awareness at Program Level • Identify Enterprise Options – Integrated Tools, “Dashboards” and Testing Capabilities • Enhance Communication Plan Activities
Next Steps - Continued • Improve Training Presentation • Optimize Resources • Optimize Plan • Align with Embedded Processes Management and IT Control Monitoring
Continue Integration - IT Security and A-123 • Guidance on Updated NIST and Draft OMB Guidance on FISMA. • Mapped Requirements Like NIST to A123 Plan. • Reiterate that FISMA Reviews Need to be Concluded by June 30. • Security for Applications.