Docstoc

IV USDA Internal Control Efforts

Document Sample
IV USDA Internal Control Efforts Powered By Docstoc
					Office of the Chief Financial Officer United States Department of Agriculture

2008 FINANCIAL MANAGEMENT TRAINING

Internal Control Efforts at USDA
Presented by

Michael A. Fiene

Agenda/Efforts
 OCFO’s Internal Control Division  IT Executive Steering Committee  Internal Control Boot Camp  Risk Assessment Methodology  CSAM  Other Internal Control Efforts
Office of the Chief Financial Officer 1

Internal Control Efforts at the Fiene House

Office of the Chief Financial Officer

2

Office of the Chief Financial Officer

3

Keys to a Self-Sustaining IC Program
 Education/Training  Communication  Automated Compliance Tools  Streamline & Consolidate Reviews  Offices of Control & Compliance (OCCO)

Office of the Chief Financial Officer

4

OCFO’s Internal Control Division (ICD)

Office of the Chief Financial Officer

5

OCFO-ICD Mission Statement
 To promote and support the USDA’s internal control program in order to provide reasonable assurance that:
 USDA operations are effective & efficient  USDA complies with applicable laws and regulations  USDA financial reports are reliable

Office of the Chief Financial Officer

6

What Does OCFO-ICD Do?
 Review and monitor USDA operations & systems

 Assist/coach USDA and its agencies in their internal control efforts
 Promote effective internal control practices in order to support audits  Provide training and facilitate communication

Office of the Chief Financial Officer

7

OCFO-ICD Staff
 Michael A. Fiene, Director

 Ronda F. Price, Deputy Director, Financial Control Specialist
 Patricia Price, Administrative Control Specialist  Fiscal Control Specialist (IS) (Vacant)  3 positions (vacant)

Office of the Chief Financial Officer

8

IT Executive Steering Committee (IT-ESC)

Office of the Chief Financial Officer

9

IT-ESC
 Established by Chuck Christopherson, November, 2006  Joint OCFO and OCIO effort to address the ongoing IT material weakness and provide leadership and direction

 Co-Chaired by Jon Holladay, Deputy CFO and Chris Smith, Deputy CIO
 Meet every Thursday

Office of the Chief Financial Officer

10

IT-ESC
 16 agencies brief the IT-ESC

 Seek common solutions to common problems
 Results
    

Joint CIO/CFO meetings (Monthly) Communication I/C Bootcamp CSAM Risk Assessment Methodology

Office of the Chief Financial Officer

11

USDA Internal Control Boot Camp

Office of the Chief Financial Officer

12

Internal Control Boot Camp
“In the first three years of Sarbanes-Oxley, companies have under-invested in staff training and technology (e.g. automated compliance tools) to support cost-effective compliance and they’ve over-invested in outside consultants.” Source: Journal of Accountancy, July, 2006

Office of the Chief Financial Officer

13

Internal Control Boot Camp
Question: “What are the key qualities to look for in a high-performing internal auditor? Does a CPA help?” Answer: “A key quality is having invested the time and resources to be fully conversant with all internal control guidance. This allows him or her to have “fact-based” debates with their external auditor over how to meet internal control requirements cost-effectively.”

Source: Journal of Accountancy, July, 2006
Office of the Chief Financial Officer 14

Internal Control Boot Camp
 Topics Covered
 Internal Control Laws & Regs  CSAM  Internal Controls – IT Track

 Internal Controls – Financial Track
 Evaluating the Severity of Control Deficiencies  Corrective Action Plans (Root Cause)

Office of the Chief Financial Officer

15

Internal Control Boot Camp
 Objective
 Provide a better understanding of audit and internal

control concepts to USDA professionals who have not had any recent audit experience or who have never been auditors in their professional careers.

 First Boot Camp
 Kansas City, Missouri, February 11 – 15, 2008  70 Participants (40 IT, 30 Financial)  20 USDA Agencies Represented

 Future Boot Camps
 Washington, DC  St. Louis, MO  New Orleans, LA
Office of the Chief Financial Officer 16

Risk Assessment Methodology

Office of the Chief Financial Officer

17

Risk Assessment Methodology/Framework
CAP/ POA&M Control Objective

Likelihood Potential Issue A-123, Appendix A Audit FISMA Actual Counter Measure Threat(s) Capability History Gain Attributable Detectability

Magnitude Significance Loss of Life Top Secret/Secret Confidential Privacy Data Operations Impact Equipment Loss

Weakness/ Deficiency

Vulnerability Exploitability Obj. Counter Measure

Risk Level Accept Risk?

Compensating Controls Designed Effectively Operating Effectively

Costs To Reduce

Document Decision

Office of the Chief Financial Officer

18

Risk Assessment Workshops (August, 2008)
 Washington, DC  Kansas City, MO  St. Louis, MO  New Orleans, LA  Albuquerque, NM

Office of the Chief Financial Officer

19

Cyber Security Assessment and Management System (CSAM)

Office of the Chief Financial Officer

20

CSAM
Agency
System System System

Control

Control

Control

Control

Control

Control

Test(s)

Test(s)

Test(s)

Test(s)

Test(s)

Test(s)

Results

Results

Results

Results

Results

Results

Pass

Fail

Pass

Fail

Pass

Fail

Pass

Fail

Pass

Fail

Pass

Fail

Assess Risk

Assess Risk

Assess Risk

Assess Risk

Assess Risk

Assess Risk

Accept Risk

POA&M

Accept Risk

POA&M

Accept Risk

POA&M

Accept Risk

POA&M

Accept Risk

POA&M

Accept Risk

POA&M

Office of the Chief Financial Officer

21

CSAM
 Allows for transparency of systems and controls  Upload supporting documents/artifacts  Customizable  Flexible reporting  Use for A-123, Appendix A assessment of financial/process controls.

Office of the Chief Financial Officer

22

Other Internal Control Efforts at USDA

Office of the Chief Financial Officer

23

Other Internal Control Efforts
 A-123, Appendix A assessment over FFATA data  Combine required internal control reviews/assessments (FMFIA, FFMIA, FISMA, etc.)  Streamline required internal control reviews/assessments (ongoing monitoring)  Establish Office of Control and Compliance at each agency

Office of the Chief Financial Officer

24

Internal Control Compliance
USDA’s INTEGRATED INTERNAL CONTROL PROGRAM

LAWS

FMFIA

FFMIA

FISMA

PRIVACY ACT

IPIA

REGULATIONS (OMB, Department)

OMB Circular A-123 OMB Circular A-123, Appendix A

OMB Memos: OMB Circular A-127 OMB Circular A-130 M-06-15 M-06-16 M-06-19 M-07-16

OMB Circular A-123, Appendix C

USDA DR 2100-01

OMB Memo 07-19

REPORTING

Law Specific Reports

Law Specific Reports

Law Specific Reports

FMFIA ASSURANCE STATEMENT

Office of the Chief Financial Officer

25

Office of the Chief Financial Officer United States Department of Agriculture

2008 FINANCIAL MANAGEMENT TRAINING


				
DOCUMENT INFO