OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting

OMB Circular A-123 – Management’s Responsibility for Internal Control

• Policy• Applicability• Sources of Information• Assessment, Documentation and Reporting Tools

Presented By: Anda Coiner, Accounting – Program Support Branch

(304) 480-8414; Email: [email protected]

Policy

Management is responsible for establishing and maintaining internal control to achieve the objectives of effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.

Policy (Continued)

Management shall consistently apply internal control standards to meet each of the internal control objectives and to assess internal control effectiveness.

Applicability

24 CFO Act Agencies

Sources of Information

The assessment of Internal Control can be performed using a variety of information sources. Management has primary responsibility for assessing and monitoring controls and should use other sources as a supplement to its own judgment

Sources of Information - Examples

• Audits of Financial Statements

• Reviews of Financial Systems

• Annual Evaluations and reports pursuant to FISMA and OMB Circular No. A-130

•Knowledge Gained from Daily Operations and Systems

•Management Reviews

•IG and GAO Reports (Audits, Inspections, Reviews, Investigations)

•Program Evaluations

Assessment, Documentation and Reporting Tools

• Appendix A of OMB Circular No. A-123 • GAO-01-1008G – Internal Control Management

and Evaluation Tool• Treasury’s Catalog of Transactions • Treasury’s Test Plan Template

Assessment, Documentation and Reporting Tools (Continued)

Provides a methodology for agency management to assess, document, and report on the internal controls over financial reporting


1. Establish a Senior Assessment Team– Provides oversight of the assessment process

– Ensures objectives are clearly communicated

– Ensures that the assessment is carried out in a through, effective, and timely manner

– Identifies staff to perform assessment

– Determines scope of the assessment (financial reports)

– Determines assessment design and methodology


2. Evaluate Internal Control at the Entity Level (5 Components of Internal Control)– Control Environment

• Obtain sufficient knowledge to understand management’s attitude awareness, and actions concerning the control environment


2. Evaluate Internal Control at the Entity Level (Continue)– Control Environment (Continued)

• Integrity and Ethical Standards. Commitment to Competence, management philosophy and operating style, Organizational structure, Assignment of authority and responsibility, Human Resource Policies and Practices


2. Evaluate Internal Control at the Entity Level (Continued)– Risk Assessment

• Complexity or Magnitude of Programs, Operations, Transactions, etc., Accounting Estimates, Related Party Transactions, Extent of Manual Processes, Changes in Operating Environment


2. Evaluate Internal Control at the Entity Level (Continued)– Control Activities

• Policies and Procedures, Management Objectives, Planning and Reporting Systems, Analytical Review and Analysis, Segregation of Duties, Safeguarding of Records, and Physical and Access Controls


2. Evaluate Internal Control and the Entity Level (Continued)– Information and Communication

• Type and Sufficiency of Reports Produced, Manner in which Information Systems Development is Managed, Disaster Recovery, Communication of Employees’ Control related Duties and Responsibilities, how incoming communication is handled


2. Evaluate Internal Control and the Entity Level (Continued)– Monitoring

• Self Assessments by Management, Evaluations by the IG or External Auditor, Direct Testing


2. Evaluate Internal Control and the Entity Level (Continued)– GAO-01-1008G – Internal Control Management and

Evaluation Tool is useful in evaluating and documenting the 5 components of internal control

• Each section contains a list of major factors as well as points and sub-points to consider when completing the assessment process.

www.gao.gov – Search for Report Number – GAO-01-1008G


3. Determine Significant Accounts or Groups of Accounts– Identify those that individually or collectively could have a

material effect on the financial report. (Consider both Qualitatively and Quantitatively)

• Treasury has identified 7 ‘Core’ Financial Processes– Budget and Finance, Accounting, Purchasing, Accounts Payable & Payments, Sales, A/R, &

Collections, Manage Assets & Liabilities, Reporting & Information, and Information Technology


4. Identify and Evaluate Major Classes of Transactions– Identify the major classes of transactions that

materially affect those accounts• Treasury has identifued 119 individual transactions

for testing.


4. Identify and Evaluate Major Classes of Transactions (Continued)– Transaction Examples

• Cash Reconciliation (AC-6)

• Budgetary to Proprietary Relationships (AC-7)

• Reconciliation of Intra/Inter Governmental Transactions (AC-9)

• System & Maintenance of System Application Security (IT-2)

• Verify Systems Software Change Control Procedure (IT-3)


5. Gain Understating of Control Design to Achieve Management Assertions– Inquires of Agency Personnel

– Inspection of Documents, Reports, or Electronic Files

– Observation of the application of the control

(‘Walk-Through’)

Controls are ‘Effective’, ‘Moderately Effective’ or ‘Not Effective”


6. Test Controls and Assess Compliance to Support Management Assertions– Determine the extent to which the controls were

applied, the consistency of their application, and who applied them. Test plans should be developed at the Transaction Level.

• Examples of how testing can be performed – Inquiry, Inspection, Observation, and Re-performance


6. Test Controls and Assess Compliance to Support Management Assertions (Continued)– Test Plans must be documented and should include

the following components: (Treasury has developed a template)

• Test Objective and Expected Results

• Type of Assertion provided by the Control

• Type of Test

• Sample Size

• Testing Procedures

• Test Results


7. Overall Assessment– Statement of Assurance

• Overall Conclusion as to the Design and Operation of the Internal Controls over Financial Reporting

• Include whether the controls are operating effectively or whether material weaknesses exist in the design or operation

– OMB Circular A-123 includes an example of the Statement of Assurance

http://www.whitehouse.gov/omb/circulars/a123/a123_rev.pdf

Questions ?

Anda Coiner, Accounting – Program Support Branch


SAS-70 – Agency Internal Control Considerations

• Overview

• Examples

Overview

Designed with the expectation that certain internal controls would be implemented by customer agencies. The application of such controls by the customer agencies is necessary to achieve all control objectives in ARC’s SAS 70 Report

Examples

Specific Agency Control considerations are provided for Control Objectives (CO) 1-3, 5-6, 8-12 and 18

• CO 1 – Obligations

• CO 2 – Disbursements

• CO 3- Unfilled Customer Orders, Receivables and Cash Receipts

• CO 4 – Deposits

• CO 5 – Payroll Accruals

• CO 6 – Payroll Disbursements

• CO 8 – Accruals

• CO 9 – Government-Wide Reporting

• CO 10 – Administrative Spending

• CO 11 – Budget

• CO 12 – Manual Journal Entries

• CO 18 – System Access

Examples (Continued)

Obligations– Properly approve and accurately enter obligations into the

procurement and travel systems in the proper period

– Send valid requests to record manual obligations to ARC in a timely manner

– Review open obligation reports for completeness accuracy and validity

– Restrict customer agency access to authorized individuals

Disbursements– Approve invoices for payment and send approved invoices

to ARC in a timely manner

– Approve travel vouchers and accurately enter the vouchers into GovTrip in the proper period

– Review financial reports provided by ARC to ensure disbursement transactions are complete and accurate

Unfilled Customer Orders, Receivables and Cash Receipts

– Monitor and pursue collection of delinquent balances

– Review unfilled customer orders, re3ceivable and advance reports for completeness, accuracy and validity

Payroll Accruals and Payroll Disbursements

– Review financial reports to ensure that payroll accruals and disbursements are complete and accurate

– Verify that payroll processed by third-party providers is complete and accurate

Accruals– Review open accrual reports for completeness, accuracy,

and validity

– Approve and send revenue and expense accruals to ARC in a timely manner

Government Wide Reporting– Review Financial Reports prepared for external use are

complete, accurate, and submitted in a timely manner

– Provide certification of FACTS II

Administrative Spending– Properly approve and accurately enter obligations into the

procurement and travel systems in the proper period

– Send valid requests to record manual obligations

– Review open obligations reports for completeness, accuracy and validity

Budget– Review financial reports to ensure that budget entries are

complete and accurate

– Send approved budget

– Communicate customer agency required levels of budget and spending controls

– Communicate OMB apportionment status

– Monitor usage of BA under CR

System Access– Review and approve users for appropriateness

QUESTIONS ?

Anda Coiner, Accounting – Program Support Branch
