“ Circular A-123 and the statute it implements, the Federal Managers’ Financial Integrity Act of 1982, are at the center of the existing Federal requirements to improve internal control.”
“ To ensure Congress and the public that the Federal Government is committed to safeguarding its assets and providing reliable financial information .” “ A re-examination of the existing internal control requirements for Federal agencies was initiated in light of the new internal control requirements for publicly-traded companies contained in the Sarbanes-Oxley Act of 2002 .”
No material weaknesses were found in design or operations
August 29, 2006 Manager Department of Energy Fiscal Year 2xxx Annual Assurance Statement on Internal Control over Financial Reporting The [Agency’s] management is responsible for establishing and maintaining effective internal control over financial reporting, which includes safeguarding of assets and compliance with applicable laws and regulations. The [Agency] conducted its assessment of the effectiveness of the [Agency’s] internal control over financial reporting in accordance with OMB Circular A-123, Management’s Responsibility for Internal Control. Based on the results of this evaluation, the [Agency] can provide reasonable assurance that internal control over financial reporting as of June 30, 2xxx was operating effectively and no material weaknesses were found in the design or operation of the internal controls over financial reporting. Sincerely, Head of Agency
Similarities of SOX and Circular A-123 Appendix A An audit is required for DHS and the U.S. Postal Service is electing to include an audit Audit opinion on internal controls over financial reporting Management assertion on internal control effectiveness Testing of control design and operating effectiveness Documentation of internal controls “ Top Down” approach Materiality criteria COSO internal control standard Management responsibility for effectiveness of internal controls over financial reporting A-123 App A SOX Sec 404 Area
“ Internal control is an integral component of an organization’s management that provides reasonable assurance that the following objectives are being achieved:
effectiveness and efficiency of operations,
reliability of financial reporting, and
compliance with applicable laws and regulations."
Internal control standards and the definition of internal control are based on GAO, Standards for Internal Control in the Federal Government, November 1999, “Green Book.”
Committee of Sponsoring Organizations (COSO) Framework
Control Environment The control environment sets the tone of an organization, influencing the control consciousness of its people
Risk Assessment Every entity faces a variety of risks from external and internal sources that must be assessed both at the entity and the activity level.
Control Activities These policies and procedures help ensure management directives are carried out.
Information and Communication Pertinent information must be identified, captured and communicated in a form and timeframe that supports all other control components.
Monitoring Internal control systems need to be monitored – that assesses the quality of the system’s performance over time.
Treadway Commission established Internal Control Integrated Framework published in 1992 Image courtesy of sox-online.com
Financial Statement Assertion Framework from A-123 P E R C V The financial report is presented in the proper form and any required disclosures are present resentation and Disclosure All assets and liabilities have been properly valued, and where applicable, all costs have been properly allocated aluation All reported transactions actually occurred during the reporting period and all assets and liabilities exist as of the reporting date xistence and Occurrence All assets are legally owned by the agency and all liabilities are legal obligations of the agency ights and Obligations All assets, liabilities, and transactions that should be reported have been included and no unauthorized transactions or balances are included ompleteness
Each agency must negotiate an implementation plan with OMB
DOE has negotiated a general implementation schedule of 3 years
2-year implementation schedule for contractors
Year 1, test high-risk processes
Year 2, test the remaining processes
A-123 parallels SOX by requiring agency executives to validate the effectiveness of internal controls with the agency head making assurances to the taxpayers that internal controls are working effectively.