A DEPARTMENTAL PERSPECTIVE

Drive Value through Compliance with the Green Book – Stop Checking the Box

Drive Value through Compliance

with the Green Book – Stop Checking

the Box

United States Department of AgricultureOrganization Chart

Drive Value through Compliance with the Green Book – Stop Checking the Box

Drive Value through Compliance

with the Green Book – Stop Checking

the Box

What We Found

• Internal control activities are very compartmentalized and siloed

• Component agencies and staff offices are at varying levels of maturity with their risk management and internal control programs

• Internal control is still viewed by some as a financial activity/responsibility

• Component agencies and staff offices want some structure and more training to implement their risk management and internal control programs

Drive Value through Compliance with the Green Book – Stop Checking the Box

Drive Value through Compliance

with the Green Book – Stop Checking

the Box

What We’ve Accomplished• Inter-agency workshops identified

potential areas for integration• Identified specific training needs• Broad-based communication efforts

(focusing on outside of the financial community)

• In Progress - Revising our Departmental Regulation and manual with stakeholder involvement

Drive Value through Compliance

with the Green Book – Stop Checking

the Box

Future State

• New Risk Management Framework will:– Provide senior management with actionable

information that supports executive-level risk management decision-making

– Establish a Tone-at-the-Top that reflects maintaining an effective Internal Control System is a shared responsibility across many organizational levels (e.g., executives, managers, agency staff)

– Facilitate and support an integrated approach to maintaining internal controls over operations, reporting & compliance

AN AGENCY PERSPECTIVE

Drive Value through Compliance with the Green Book – Stop Checking the Box

FEMA Risk Management and Compliance (RM&C) Division

A-123 Activities: Conduct tests of

design (TOD) and tests operational effectiveness (TOE) of internal control, remediation and verification and validation (V&V),and continuous monitoring.

Conference Spending Activities: Coordinates with requesting

personnel to process travel and conference requests with the goal of reducing costs, gather supporting documentation for expenses, and periodically report metrics to DHS.

USA Spending Activities: Report Assistance Prime

Awardee data to USASpending.gov twice per month.

A-133 Activities: Coordinate between auditor and

auditee, provide audit advise, communicate issues and results with the necessary Federal agencies and regulation authorities, and obtain or conduct audit quality control reviews.

IPERIA Activities: Assess and report on

improper payment findings in accordance with OMB Circular A-123 Appendix C, the Improper Payments Elimination and Recovery Act of 2010 (IPERA), Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERA), and DHS guidance.

Financial Statement Audit Support Activities: Performs risk assessments of

audit activities to target processes for pre-audit review. RM&C also fosters ongoing dialogue with auditors to coordinate and discuss draft NFRs prior to issuance.

A-123 IPERIA

Financial Statement

Audit Support

USA Spending

Conference Spending

A-133

Evolving Requirements

and Duties

Resources Available

Enhanced ELC

Requirements

Fraud Risk

Program

Continuous

Monitoring

Technology

Staff

Resources

Evolving Requirements and Duties from

The New Green Book

• Landscape is changing with a focus on continuous monitoring rather than annual assessments.

– Department is revising guidance and the DHS playbook for internal control programs.

• DHS is seeking a clean audit opinion on internal controls for FY 2016.

• Additional requirements and duties are being added to existing processes.

– Continuous Monitoring.– Fraud Risk.– Enhanced ELC Requirements.

• Facing Pressure with resource constraints.– Need to streamline process.– Discover efficient ways of doing business to be

more effective.

Audit Remediation

Document Inputs

Work inputs being performed by different teams and processes

Automated

Consolidation

Dashboard Analytic Outputs

Assessments

NFR and Audit Process

Risk Areas

Real-time visual display of data for decision making and risk

management

RM&C Process Improvement Efforts

SharePoint Tool

Benefits:

• Efficiencies• Collaboration• Standardization• Business intelligence

• Version control• Automated DHS

submissions• Analytics

Data Analytics

• Bringing processes together in one centralized space.

• Providing real-time information to senior leaders in order to make actionable data driven decisions instead of ad-hoc reports and briefings that take weeks to produce.

• Facilitates reporting objective in the COSO framework.

How These Processes and Tools Relate to

The New Green Book Principles

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

• Improves oversight and accountability with performance metrics.• Establishes a structure to allow program offices to conduct internal

control assessments and share the responsibility of maintaining an effective internal control program throughout the agency.

• Document both qualitative and quantitative risk analysis for current year and multi year planning purposes.

• Provides more time for analysis and responding to change.

• Improves control activities with collaborative remediation plans.

• Improves data integrity with the standardization of business processes.

• Communicates internal control status, results, and documentation both internally and externally.

• Performs ongoing monitoring of the control environment using real-time dashboards and briefing decks.

• Provides a platform to remediate deficiencies and monitor progress.

Next Steps

• Promoting the tools and templates developed for risk management processes to other agency stakeholders as a way of increasing organizational efficiencies and strengthening internal controls.

• Collaborating with other DHS Components on sharing the tools an templates developed as well as best business practices to strengthen DHS for the FY 2016 audit.

• Training FEMA program offices on maintaining an effective internal control environment and performing their own assessments.– Increasing accountability by sharing performance metrics across

the agency.