FMFIA and Internal Controls - PowerPoint PPT Presentation

1 / 65
About This Presentation
Title:

FMFIA and Internal Controls

Description:

Also, provide an understanding of the financial reporting requirements and ... will be in safeguarding assets, deterring waste, fraud, abuse and mismanagement. ... – PowerPoint PPT presentation

Number of Views:534
Avg rating:3.0/5.0
Slides: 66
Provided by: nga8
Category:

less

Transcript and Presenter's Notes

Title: FMFIA and Internal Controls


1
FMFIA and Internal Controls
  • NOAA Finance Conference May 10, 2007

2
Outline
  • Purpose
  • Internal Controls (I/C)
  • Legislative Requirements for (I/C)
  • OMB Circular A-123
  • OMB Circular A-136
  • Audit and Internal Control Process
  • Reporting Requirements
  • Audit and Internal Control Finding Process

3
Purpose
  • To provide an understanding of FMFIA and internal
    controls and why they are important to all NOAA
    staff (not just the accountants).
  • Also, provide an understanding of the financial
    reporting requirements and annual audit process.

4
Internal Controls
5
So what are Internal Controls?
  • An integral component of an organizations
    management that provides reasonable assurance
    that the following objectives are being achieved
  • Effectiveness and efficiency of operations,
  • Reliability of financial reporting, and
  • Compliance with applicable laws and regulations.

6
So what are Internal Controls?
  • Internal Controls ensure that what should happen
    does happen!
  • Policy
  • Procedures
  • Authorizations
  • Chain of custody
  • Devices (locks)

7
So what are Internal Controls?
  • Managements first line of defense in preventing
    or detecting noncompliance or abuse.

8
Why are Internal Controls Important?
  • They help ensure proper accountability for
  • Validity and reliability of data
  • Efficiency and economy of all activities
  • Compliance with laws and regulations
  • Achievement of agency objectives, and
  • Safeguarding of assets.

9
Why are Internal Controls Important?
  • Controls are fundamental to the successful
    accomplishment of your mission.

10
How am I responsible?
  • Management is responsible for having an effective
    system of internal controls, but we all have a
    role in the effective implementation of these
    controls.
  • People are what make internal controls work.

11
Types of Internal Controls
  • 1. Managerial
  • Include overall policy, planning internal
    review functions.
  • 2. Program/Operational
  • Involve agency activities that relate to the
    mission or role of the agency/program.
  • These controls focus on program performance and
    economy and efficiency of operations.

12
Types of Internal Controls
  • 3. Accounting
  • Relates to the safeguarding assets and the
    reliability of financial reports.
  • 4. Administrative
  • Applies to actions leading to the authorization
    of transactions and events based on compliance
    with established policy and procedures.

13
Types of Internal Controls
  • 5. Financial
  • Applies to activities and processes involving the
    authorization and payment or collection of money.
  • The focus is on the accountability of funds,
    authorization, and safeguards to protect money.

14
Internal Control Environment
  • General Control Activities
  • Reasonable Assurance
  • Balance between cost and benefit of a control.
  • Supportive Attitude
  • Positive and supportive attitude towards
    controls.
  • Competent Personnel
  • Personnel have the skills and knowledge to
    perform their job.

15
Internal Control Environment
  • Control Objectives
  • The purpose of the control and the specific
    targets to be achieved are clearly understood.
  • What is the control trying to prevent?
  • Control Techniques
  • Mechanisms used to achieve control objectives.
  • Testing is conducted on control objectives to
    determine if the objective is effective and
    efficient.

16
Internal Control Environment
  • Control Techniques consist of
  • Documentation
  • Written policies and procedures.
  • Recording of transactions
  • Accurate and timely recording of transactions.
  • Execution of transactions
  • Authorized and executed by persons acting within
    the scope of their authority.

17
Internal Control Environment
  • Segregation of Duties
  • No individual should control over all aspects of
    a transaction or event.
  • Supervision
  • Work should be reviewed and approved by person
    other than the preparer.
  • Security
  • Physical control over vulnerable assets
  • Limit access to authorized individuals
  • Periodic reviews/inventories to account for
    resources.

18
Internal Control Environment
Internal Control Activities
General Control Activities
Specific Control Activities
  • Reasonable Assurance
  • Supportive Attitude
  • Competent Personnel
  • Control Objectives
  • Documentation
  • Recording of Transactions
  • Execution of Transactions
  • Segregation of Duties
  • Supervision
  • Security
  • Control Techniques

19
Key Points
  • People are what make internal controls work.
  • We all have a responsibility for internal
    controls.
  • The cost of an internal control should not exceed
    the benefit derived from the control.
  • The Internal Control Environment sets the tone
    for the organization.
  • It determines how efficient and effective the
    controls will be in safeguarding assets,
    deterring waste, fraud, abuse and mismanagement.

20
Legislative Requirement for Internal Controls
21
Legislative Requirements
  • Key Legislation
  • Federal Managers Financial Integrity Act (FMFIA)
    of 1982 (Integrity Act)
  • Agency heads must annually evaluate internal
    controls and report
  • Section 2 Assurance on overall adequacy and
    effectiveness of internal controls within the
    agency and on financial reporting.
  • Section 4 Whether financial management systems
  • conform to government-wide requirements
  • Implemented by OMB Circular A-123

22
Legislative Requirements
  • Key Legislation
  • Chief Financial Officers Act of 1990 (CFO Act)
  • Executive Branch departments, agencies, and
    entities required to submit audited financial
    statements and interim financial statements.
  • Implemented by OMB Circular A-136.

23
OMB Circular A-123
24
OMB Circular A-123
  • Prescribes policies and standards for evaluating,
    improving, and reporting on internal controls.
  • Implements the Federal Managers Financial
    Integrity Act (FMFIA) of 1982 (Integrity Act)
  • Agencies must annually evaluate and report on
  • Section 2 -Adequacy and effectiveness of internal
    controls
  • Section 4 Financial management systems

25
Whats new?
  • Major revision to A-123, December 2004
  • Addition of Appendix A
  • Requires a separate assurance statement on the
    effectiveness of the internal controls over
    financial reporting.
  • Requires management to perform direct testing of
    the internal controls in place in order to
    support the new assurance statement.
  • New assurance statement as of June 30 will be
    part of the Performance and Accountability Report
    (PAR) which includes agency performance measures
    and audited financial statements as of September
    30.

26
Why was A-123 revised?
  • Passage of Sarbanes-Oxley Act of 2002 (SOX)
  • Requires that management of publicly-traded
    companies strengthen their processes for
    assessing and reporting on internal controls over
    financial reporting.

27
Why was A-123 revised?
  • SOX served as the push for the Federal government
    to re-evaluate its current policies relating to
    internal controls over financial reporting and
    managements responsibilities.
  • No government wide policy concerning audits of
    federal internal controls.

28
Why was A-123 revised?
  • Empty Clean Opinions
  • Intent of the CFO Act was that annual financial
    statements would flow from, and be a routine
    by-product of an effective system of internal
    controls.
  • Years of preparing financial statements have
    shown that this is not a reality.
  • Heroic efforts to manually compile financial
    statements because financial systems are unable
    to produce financial statements.

29
Why was A-123 revised?
  • No consistency between agencies as to type of
    internal control audits and opinion issued by
    auditors.
  • Only eleven of the 24 CFO agencies reported an
    audit of internal controls.
  • Audit opinions referenced a variety of internal
    control criteria.

30
OMB Circular A-136
31
OMB Circular A-136
  • Provides guidance on financial reporting for
    Executive Branch departments, agencies, and
    entities.
  • Establishes requirement to submit
  • audited financial statements,
  • interim financial statements, and
  • Performance and Accountability Reports (PAR)
    under the Chief Financial Officers Act of 1990
    (CFO Act).

32
Key Points
  • OMB Circular A-123 implements FMFIA
  • Annual assertion on adequacy and effectiveness of
    internal controls.
  • OMB Circular A-136 implements the CFO Act
  • Quarterly financial statements
  • Annually, independent audit of agency financial
    statements

33
Audit and Internal Control Process
34
Audit and Internal Control Process
  • Annual audit and internal control process which
    consists of
  • FMFIA Program Reviews (OMB-123)
  • Program Internal Control Reviews
  • Management Control Reviews
  • OMB A-123, Appendix A Reviews
  • Financial statement audit by KPMG (OMB-136)

35
Audit and Internal Control Process


CFO Act of 1990
FMFIA
PAR
Audit Process
Internal Control Process
OMB A-136
OMB A-123 Appendix A
OMB Circulars
36
Audit and Internal Control Process
  • FMFIA Program Reviews (OMB A-123)
  • Test internal controls related to a non-financial
    program or process.
  • Requires testing internal controls over financial
    reporting (OMB A-123, Appendix A).
  • Annual Financial Statement Audit (OMB A-136)
  • Annual Departmental audit by KPMG
  • Conducts the audit on behalf of the DOC Office of
    Inspector General.

37
Audit and Internal Control Process
  • FMFIA Program Reviews (OMB A-123)
  • Program Internal Control Review
  • Management Control Review (MCR)

38
Audit and Internal Control Process
  • FMFIA Program Reviews (OMB A-123)
  • Program Internal Control Review
  • Comprehensive look at the internal controls for a
    selected program.
  • Conducted by the Financial Policy Compliance
    Division/Office of the CFO.
  • Independence from program area.

39
Audit and Internal Control Process
  • Program Internal Control Review
  • Reviewing background information and document the
    process cycle under review.
  • Analyzing the control environment.
  • Organizational structure,
  • Policy and procedures,
  • Planning, and
  • Organizational checks and balances.

40
Audit and Internal Control Process
  • Program Internal Control Review
  • Testing internal controls.
  • Focuses on written requirements and actions.
  • Testing verifies that actions have been taken as
    planned.
  • Evaluating the Internal Controls
  • What did the evidence tell us?
  • Is there compliance with the policy and
    procedures?

41
Audit and Internal Control Process
  • Program Internal Control Review
  • Report findings.
  • Make recommendations and request corrective
    actions.
  • OCFO monitor corrective actions on a quarterly
    basis.
  • Corrective actions will be reviewed by internal
    auditor for completeness.

42
Audit and Internal Control Process
  • Management Control Review
  • Evaluate internal controls of a specific activity
    (within a program or process).
  • Guidance issued by Financial Policy Compliance
    Division/Office of the CFO.
  • Available on the Finance Office web site.
  • http//www.corporateservices.noaa.gov/finance/Int
    ernal20Controls.html

43
Audit and Internal Control Process
  • Management Control Review
  • Conducted by Line and Staff Offices
  • Self-assessment of their internal controls.
  • Allows management to determine if
  • A positive and supportive environment exists
  • Laws, regulations, policies and procedures are
    being followed as directed
  • Internal controls exist and they are cost
    effective and
  • Corrective actions are needed.

44
Audit and Internal Control Process
  • Management Control Review
  • Steps for conducting a MCR consists of
  • Conducting a risk assessment
  • Reviewing internal controls
  • Reporting findings and
  • Monitoring
  • Developing corrective action plan,
  • Implementing corrective actions, and
  • Reporting progress to OCFO.

45
Key Points
  • FMFIA Program Reviews (OMB-123) consist of
  • Program Internal Control Reviews (CFO)
  • Management Control Reviews (LO/SO)
  • Annual financial statement audit (OMB-136)
    conducted by KPMG.
  • Independent CPA firm contracted by OIG.

46
Reporting Requirements
47
Reporting Requirements
  • Annual audit and internal control process which
    consists of
  • FMFIA Program Reviews (OMB-123)
  • Program Internal Control Reviews
  • Management Control Reviews
  • OMB A-123, Appendix A Reviews
  • Financial statement audit by KPMG (OMB-136).

48
Reporting Requirements
  • FMFIA Program Reviews (OMB A-123)
  • Program Internal Control Reviews (OCFO)
  • Written report issued by July 31 (or sooner).
  • Draft report issued to program area for comments
    before Final report is issued.
  • Final report sent to Line Office CFO and Program
    area.
  • Departmental data call August/September.
  • Included in the FMFIA Report as of September 30.
  • Quarterly monitoring of corrective actions.

49
Reporting Requirements
  • FMFIA Program Reviews (OMB A-123)
  • Management Control Reviews (LO/SO)
  • Completed by June 30 with written report issued
    by July 31.
  • Data call by DOC August/September
  • FMFIA Report as of September 30.
  • Quarterly monitoring of corrective actions.

50
Reporting Requirements
  • OMB A-123, Appendix A
  • Completed August 31 for internal control in place
    as of June 30.
  • Assurance statement dated September 30.
  • Included in the PAR as of September 30.
  • Quarterly monitoring of corrective actions.

51
Reporting Requirements
  • Financial Statement Audit
  • Quarterly financial statements submitted to DOC
    by
  • 1st Quarter January 11
  • 2nd Quarter April 11
  • 3rd Quarter July 11
  • 4th Quarter October 11

52
Reporting Requirements
  • Financial Statement Audit
  • Audit conducted by KPMG April to November.
  • Opinion issued on the financial statements as of
    September 30.
  • PAR issued by November 15 (includes auditor
    opinion).

53
Reporting Requirements
Financial Audit (KPMG) (OMB A-136)
FMFIA Program Reviews (OMB A-123)
OMB A-123 Appendix A


NOAA FMFIA Report
DOC Financial Statements
DOC FMFIA Report
DOC Performance Accountability Report (PAR)
DOC Appendix A Assurance Stmt.
54
Audit and Internal Control Finding Process
55
Audit and Internal Control Findings Process
  • FMFIA Program Reviews (OMB-123)
  • Program Internal Control Reviews
  • Findings issued by NOAA CFO and monitored by the
    Financial Policy Compliance Division
    (FPCD)/OCFO.
  • Quarterly monitoring.
  • Request for updates on progress to remedy finding
    sent out by the15th of the month following the
    end of a quarter.  The due date is two weeks
    later.

56
Audit and Internal Control Findings Process
  • Management Control Reviews
  • Findings issued by LO/SO.
  • Monitored by both FPCD/OCFO and LO/SO.
  • Quarterly monitoring.
  • OMB A-123, Appendix A Reviews
  • Findings issued by NOAA CFO and monitored by
    FPCD/OCFO.
  • Quarterly monitoring.

57
Audit and Internal Control Findings Process
  • Annual Financial Statement Audit
  • KPMG issues draft Notice of Finding
    Recommendation (NFR)
  • Verify factual accuracy as much as possible
    before issuance of NFR form
  • Distribute (simultaneously) to
  • Bureau liaison (OCFO)
  • Commerce Office of Inspector General (OIG)
  • Commerce Office of Financial Management (OFM)

58
Audit and Internal Control Findings Process
  • Annual Financial Statement Audit
  • Response requirements to NFR by Responsible Party
  • In written format within one week of distribution
  • Signed and dated
  • Supporting documentation provided for disagree
    responses
  • KPMG replies to disagree responses in written
    format within one week of receipt of response
  • KPMG does not have to accept a non-concurrence
    response to a NFR.

59
Audit and Internal Control Findings Process
  • Corrective Action Plans (CAPs)
  • Once the Internal Control or Management Letter
    has been issued, a CAP needs to be developed for
    all findings.
  • CAPs need to address the finding even though you
    still may not agree with the finding.

60
Audit and Internal Control Findings Process
  • Developing Corrective Action Plans (CAPs)
  • Use format provided with Internal Control or
    Management Letter.
  • Clearly state actions to be taken to remedy the
    finding with corresponding dates.
  • Provide overall date of completion.
  • Monitoring by FPCD/OCFO.
  • FMFIA Program Reviews quarterly.
  • OMB 123, Appendix A quarterly.
  • Annual Financial Audit (KPMG) monthly.

61
Annual KPMG Audit Process
June - Nov
Nov - Dec
Jan - June
Draft Mgmt. Letter
Corrective Action Plan (CAP)
KPMG Auditor
Draft Notice of Finding (NFR)
Comment Period
Implement Corrective Actions
Monthly Updates to CFO
Comment Concurrence Period
Final Mgmt. Letter
NOAA A-123 Auditor
KPMG Auditor
Final NFR
Review
62
Key Points
  • Corrective Action Plan (CAP) must be developed
    for findings.
  • FMFIA Program Reviews quarterly monitoring
  • Annual audit (management letter) monthly
  • KPMG does not have to accept a non-concurrence
    response.
  • The time to request changes to a finding is when
    it is presented too late after the issuance of
    the final report or management letter.

63
How can I learn more?
  • OMB Circular A-123
  • http//www.whitehouse.gov/omb/financial/offm_circu
    lars.html
  • Implementation Guide for OMB Circular A-123
    Appendix A
  • http//www.cfoc.gov/documents/Implementation_Guide
    _for_OMB_Circular_A-123.pdf

64
How can I learn more?
  • OMB Circular A-136
  • http//www.whitehouse.gov/omb/circulars/a136/a136_
    revised_2006.pdf
  • GAO Standards for Internal Control in the
    Federal Government http//www.gao.gov/special.p
    ubs/ai00021p.pdf

65
Questions?
Write a Comment
User Comments (0)
About PowerShow.com