OMB Circular A-123

Lessons Learned

OMB Circular A-123

Lessons Learned

FEDERAL ADVISORYFEDERAL ADVISORY

Sean HoffmanSean HoffmanPartnerPartnerKPMG LLPKPMG LLP

2©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Historical Look at Controls vs. Performance ImprovementHistorical Look at Controls vs. Performance Improvement

PerformanceFocused

PerformanceBiased

ControlFocused

ControlBiasedControlBiased

Performanceand ControlOptimized

Business Improvement

Ris

k M

anag

em

ent

Late 1990’s

2007 andBeyond…

Y2K

PMA &Scorecard

A-123 / SOX

3©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

A Familiar JourneyA Familiar Journey

Comply

Integrate and Automate

Transform

Process Improvement

Ris

k M

itig

atio

n

“Check the box”

Reduce the cost of compliance

Get some value

4©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Integrate A-123 with Other EffortsIntegrate A-123 with Other Efforts

Avoid Stovepipes. Make A-123 – umbrella over your entire “Controls Program”

A-123

5©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Understanding Total Cost of ControlUnderstanding Total Cost of Control

1. Internal costs within the agency

2. Upfront costs to scope and launch project

3. Outside A-123 contractor

4. Ongoing testing & monitoring costs

5. IG interaction

6. Correcting deficiencies

A-123 “Visible”

Initial Compliance, Ongoing Assessment

and Monitoring

Source: KPMG LLP (U.S.), 2004

6©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Understanding the Nature of ControlsUnderstanding the Nature of Controls

Automated

Manual

Detective Preventive

Agency X Control Portfolio

In basic terms, a control is an activity that validates information and creates a context for action. The control itself is manual or automated, detective or preventive.

10,000+ Controls

1,000+ Processes

200+ Systems

Typical Agency

Source: KPMG LLP (U.S.), 2004

7©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Source: KPMG LLP (U.S.), 2004

Understanding Total Cost of ControlUnderstanding Total Cost of Control

Largely “Hidden” Business

Performance

1. Performance of the controls

2. Management review

3. Error correction

8©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

S-O “Visible”

Initial Compliance, Ongoing Assessment

and Monitoring

Source: KPMG LLP (U.S.), 2004

Understanding Total Cost of ControlUnderstanding Total Cost of Control

TotalCost of Control

Largely “Hidden” Business

Performance

9©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Automated

Manual

Detective Preventive

Evolving Contro

ls

Agency XXX – Summary Analysis of Control

Evolving the Controls PortfolioEvolving the Controls Portfolio

Evolving the portfolio of manual/detective controls toward an automated, preventive state is central to reducing costs and increasing the business value

of controls over time.

Source: KPMG LLP (U.S.), 2004

10©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.

Contact InformationContact Information

Sean Hoffman, PartnerKPMG LLP202.533-5564shoffman@kpmg.com

KPMG LLP, the audit, tax and advisory firm (www.us.kpmg.com), is the U.S. member firm of KPMG International. KPMG International's member firms have 113,000 professionals, including 6,800 partners, in 148 countries.

 

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions are those of the author and do not necessarily represent the views and opinions of KPMG LLP.