Upload
gillian-richards
View
212
Download
0
Embed Size (px)
Citation preview
OMB Circular A-123
Lessons Learned
OMB Circular A-123
Lessons Learned
FEDERAL ADVISORYFEDERAL ADVISORY
Sean HoffmanSean HoffmanPartnerPartnerKPMG LLPKPMG LLP
2©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Historical Look at Controls vs. Performance ImprovementHistorical Look at Controls vs. Performance Improvement
PerformanceFocused
PerformanceBiased
ControlFocused
ControlBiasedControlBiased
Performanceand ControlOptimized
Business Improvement
Ris
k M
anag
em
ent
Late 1990’s
2007 andBeyond…
Y2K
PMA &Scorecard
A-123 / SOX
3©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
A Familiar JourneyA Familiar Journey
Comply
Integrate and Automate
Transform
Process Improvement
Ris
k M
itig
atio
n
“Check the box”
Reduce the cost of compliance
Get some value
4©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Integrate A-123 with Other EffortsIntegrate A-123 with Other Efforts
Avoid Stovepipes. Make A-123 – umbrella over your entire “Controls Program”
A-123
5©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Understanding Total Cost of ControlUnderstanding Total Cost of Control
1. Internal costs within the agency
2. Upfront costs to scope and launch project
3. Outside A-123 contractor
4. Ongoing testing & monitoring costs
5. IG interaction
6. Correcting deficiencies
A-123 “Visible”
Initial Compliance, Ongoing Assessment
and Monitoring
Source: KPMG LLP (U.S.), 2004
6©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Understanding the Nature of ControlsUnderstanding the Nature of Controls
Automated
Manual
Detective Preventive
Agency X Control Portfolio
In basic terms, a control is an activity that validates information and creates a context for action. The control itself is manual or automated, detective or preventive.
10,000+ Controls
1,000+ Processes
200+ Systems
Typical Agency
Source: KPMG LLP (U.S.), 2004
7©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Source: KPMG LLP (U.S.), 2004
Understanding Total Cost of ControlUnderstanding Total Cost of Control
Largely “Hidden” Business
Performance
1. Performance of the controls
2. Management review
3. Error correction
8©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
S-O “Visible”
Initial Compliance, Ongoing Assessment
and Monitoring
Source: KPMG LLP (U.S.), 2004
Understanding Total Cost of ControlUnderstanding Total Cost of Control
TotalCost of Control
Largely “Hidden” Business
Performance
9©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Automated
Manual
Detective Preventive
Evolving Contro
ls
Agency XXX – Summary Analysis of Control
Evolving the Controls PortfolioEvolving the Controls Portfolio
Evolving the portfolio of manual/detective controls toward an automated, preventive state is central to reducing costs and increasing the business value
of controls over time.
Source: KPMG LLP (U.S.), 2004
10©2007 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. Printed in the U.S.A.
Contact InformationContact Information
Sean Hoffman, PartnerKPMG [email protected]
KPMG LLP, the audit, tax and advisory firm (www.us.kpmg.com), is the U.S. member firm of KPMG International. KPMG International's member firms have 113,000 professionals, including 6,800 partners, in 148 countries.
All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions are those of the author and do not necessarily represent the views and opinions of KPMG LLP.