OMB A-123
What is OMB A-123?
The Office of Management and Budget (OMB) Circular A-123 defines management's responsibility for internal control in Federal agencies.
What is its purpose?
This Circular provides guidance to Federal managers on improving the accountability and effectiveness of Federal programs and operations by establishing, assessing, correcting, and reporting on internal control. The attachment to this Circular defines management’s responsibilities related to internal control and the process for assessing internal control effectiveness along with a summary of the significant changes. The Circular provides updated internal control standards and new specific requirements for conducting management’s assessment of the effectiveness of internal control over financial reporting (Appendix A). This Circular emphasizes the need for integrated and coordinated internal control assessments that synchronize all internal control-related activities.
How is it implemented?
Agencies and individual Federal managers must take systematic and proactive measures to (i) develop and implement appropriate, cost-effective internal control for results-oriented management; (ii) assess the adequacy of internal control in Federal programs and operations; (iii) separately assess and document internal control over financial reporting consistent with the process defined in Appendix A (iv) identify needed improvements; (v) take corresponding corrective action; and (vi) report annually on internal control through management assurance statements.
Successful implementation of this Circular requires Agencies to establish and foster an open, transparent culture that encourages people to communicate information about potential risks and other concerns with their superiors without fear of retaliation or blame.
How does FISMA affect us and our customers?
Each Federal employee is responsible for safeguarding Federal assets and the efficient delivery of services to the public. Federal leaders and managers are responsible for establishing goals and objectives around operating environments, ensuring compliance with relevant laws and regulations, and managing both expected and unexpected or unanticipated events. They are responsible for implementing management practices that identify, assess, respond, and report on risks. Risk management practices must be forward-looking and designed to help leaders make better decisions, alleviate threats and to identify previously unknown opportunities to improve the efficiency and effectiveness of government operations. Management is also responsible for establishing and maintaining internal controls to achieve specific internal control objectives related to operations, reporting, and compliance. Management must consistently apply these internal control standards to meet the internal control principles and related components outlined in this circular and to assess and report on internal control effectiveness at least annually. Risk management practices must be taken into account when designing internal controls and assessing their effectiveness. Annually, agencies must develop a risk profile coordinated with their annual strategic reviews. Further, management must provide assurances on internal control effectiveness in its Agency Financial Report (AFR) or the Performance and Accountability Report (PAR). Information regarding identified material weaknesses and corrective actions should be included in any of the three preceding reports.
For more information, please see below references:
https://www.whitehouse.gov/sites/default/files/omb/memoranda/2016/m-16-17.pdf