Department of Homeland Security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Department of Homeland Security Federal Emergency Management Agency PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on
  • Presentation posted in: General

Department of Homeland Security Federal Emergency Management Agency Association of Government Accountants Improving Controls Can Improve Program Performance Audio Conference on Internal Controls June 8, 2011. Agenda. FEMA’s History FEMA’s Audit Remediation/Internal Control Efforts:

Download Presentation

Department of Homeland Security Federal Emergency Management Agency

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Department of homeland security federal emergency management agency

Department of Homeland Security

Federal Emergency Management Agency

Association of Government Accountants

Improving Controls Can Improve Program Performance

Audio Conference on Internal Controls

June 8, 2011


Agenda

Agenda

  • FEMA’s History

  • FEMA’s Audit Remediation/Internal Control Efforts:

    • Mission Action Plan (MAP) Process

    • Internal Control Board

    • Internal Control Program

    • A-123/IPIA Program

    • Accomplishments and Impact

    • Risk Assessment

  • Moving Forward


Fema history

FEMA: History


Financial statement audit history

Financial Statement Audit History

  • In FY06, FEMA had a total of six material weaknesses (MWs) and contributed to the Department’s disclaimer conditions


A 123 ipia history

A-123/IPIA History

  • FEMA began A-123 compliance activities in FY06 and performed TOD/TOE assessments of several business processes

  • FEMA focused on remediating internal control weaknesses in FY08 and resumed its A-123 assessments in FY09

  • FEMA began IPIA compliance activities in FY06 and tested one Program

  • FEMA was non-compliant with IPIA requirements until FY08


Fema remediation internal control efforts

FEMA: Remediation/Internal Control Efforts


Fema audit progress

FEMA Audit Progress

  • FEMA has made significant progress over the past 5 years to strengthen its internal controls and reduce control weaknesses


Mission action plan map

Mission Action Plan (MAP)

  • Definition: An overall plan that FEMA’s management creates to correct specific deficiencies. These plans contain items such as a Root Cause Analysis and milestones with specific completion dates and remedial actions.

  • Process:


Root cause analysis

Root Cause Analysis

Definition:The specific underlying cause(s) of events that lead to control deficiencies. They fall under one or more of the following areas:

  • Human Capital – Insufficient training, need for more people, or wrong people in positions

  • Process – Break in the process flow, need for updated or additional processes

  • Policy – Insufficient or no policies or procedures in place

  • Systems – System failures or inadequate systems

    Benefits of an Effective RCA:

  • Critical to preventing similar recurrences

  • Over time, the root causes identified across the population of control deficiencies can be used to target major opportunities for improvement


Case study financial reporting

Case Study – Financial Reporting

Issues

  • Lack of sufficient resources with the required financial management skill set within the OCFO to ensure segregation of duties and oversight over the financial reporting process

  • Inadequate processes and controls to ensure that all adjustments are fully researched, substantiated, documented, and/or appropriately reviewed prior to preparation and submission of financial data to the Department

  • Insufficient level of review and approval of supporting documentation for significant JVs recorded in the general ledger/Treasury Information Executive Repository (TIER)

  • Lack of policy and procedures and clearly documented roles and responsibilities over the financial reporting process

  • Systematic errors related to incorrect attributes and poor data quality

    Corrective Actions

  • Filled strategic OCFO vacancies to aid in implementing corrective actions to correct control weaknesses

  • Developed and implemented improved control procedures over the TIER process (including TIER to GL reconciliation procedures)

  • Developed and published budget/finance blueprint to improve accuracy of budget entries

  • Updated, published, and implemented OCFO’s Journal Voucher (JV) Process standard operating procedures

  • Improved JV documentation and the review/approval of JVs

  • Performed data clean-up


Internal control board icb

Internal Control Board (ICB)

  • Objectives

  • Support FEMA’s internal control structure through improved control awareness, communication, and coordination

  • Set the tone of the organization’s control environment

  • Prioritize, direct, and monitor internal control activities

  • Improve internal control environment and achieve objectives

  • Address enterprise-wide/cross-cutting internal control issues requiring collaboration at FEMA’s most senior levels of leadership

  • Structure

  • Chaired by the FEMA Deputy Administrator

  • Championed by the FEMA Administrator

  • Comprised of a cross-functional team of senior FEMA officials/representatives


Department of homeland security federal emergency management agency

Value of the ICB

  • Demonstrates commitment of senior leadership (“tone at the top”)

  • Provides the governance structure needed to improve internal controls and achieve program goals and business objectives

  • Establishes accountability throughout the agency

  • Increases awareness as to the importance of maintaining effective internal control through continuous monitoring

  • Improves integration and coordination of internal control-related activities

  • Positions agency to better address multiple requirements

  • Strengthens annual assurance statement process


Internal controls program icp overview

Internal Controls Program (ICP) - Overview

  • Created in November 2008 and chartered in January 2009

  • Key Functions:

    • Provides support to its divisions/offices to remain compliant with Federal internal control requirements:

      • Federal Manager’s Financial Integrity Act (FMFIA)

      • Office of Management and Budget (OMB) Circular A-123

    • Oversees the assessment of internal control within each Mission Support Bureau (MSB) Office to ensure compliance with governing legislative, regulatory, and Departmental guidance

    • Summarizes and communicates results of the assessments to FEMA’s Deputy Associate Administrator

    • Assists the MSB Offices in creating their annual Assurance Statements


Icp activities

ICP Activities

  • In FY11, the ICP performs the following activities:

    • Conducting a self-assessment of each MSB Office’s Entity-Level Controls (ELCs)

    • Coordinating the design and implementation of more effective/efficient Business Processes

    • Performing a FEMA-Wide Risk Assessment to assist the Region and Program Offices create their Assurance Statements

  • Below is an example of the Tools & Templates used:


Fy11 assurance statement process

FY11 Assurance Statement Process


Icp structure

ICP Structure

ICP Chair:

FEMA Deputy Administrator

ICP Sponsor:

Director of RM&C

ICP Lead:

RM&C Staff

ICP Core Team


Value of the icp

Value of the ICP

  • Develops an internal control ethic in all employees

  • Identifies areas of weakness and vulnerability

  • Creates remediation plans to improve FEMA’s efficiency and effectiveness

  • Allows FEMA to stay ahead of auditors

  • Manages the Enterprise-Wide Internal Control Issues

  • Enhances focus on customer experience

  • Improves decision making

  • Increases accountability

  • Trains FEMA employees across FEMA programs

  • Moves control monitoring to the front end of the process


A 123 progress

A-123 Progress

*FEMA determined the need to perform an A-123 assessment

** DHS exempted FEMA from performing an A-123 assessment to focus on remediation efforts for FY2008


A 123 current year activities

A-123 – Current Year Activities

  • Perform A-123 assessments over the Fund Balance with Treasury Process and the Purchase and Fleet Card Programs

  • Extend assessments to focus on internal controls over operations

  • Integrate A-123 into the Internal Control Program


Ipia progress

IPIA Progress

  • FEMA began IPIA compliance activities in FY06 and tested one Program

  • For FY11, FEMA is testing nine Programs (including the Port Security Grant Program (PSGP))

  • FEMA’s past and current IPIA activities include testing, risk assessments, pilot studies, and communications strategy development

  • Over time, FEMA Programs have taken on increasing levels of responsibility for and collaboration with IPIA testing and related activities


Accomplishments and impact

Accomplishments and Impact

FEMA has performed activities to improve its internal controls and program performance including, but not limited to:

  • Implemented an audit remediation and internal controls strategy that has led to the successful downgrading/elimination of 5 out of 6 material weaknesses

  • Sustained progress to date through continued efforts to monitor and strengthen internal controls over financial reporting and operations

  • Improved communication with external auditor resulting in a more effective and efficient annual financial statement audit

  • Enhanced Management’s assessment of internal controls over financial reporting and operations

  • Improved awareness, communication and coordination at all levels of the agency

  • Integrated processes and assessments

  • Established the ICB to address enterprise-wide/cross-cutting issues


Risk assessment overview

Risk Assessment Overview

  • FEMA faces a variety of risks that could detract from its mission to build, sustain, and improve the Nation's capability to prepare for, protect against, respond to, recover from, and mitigate all hazards

  • FEMA’s risk assessment methodology is flexible and scalable to allow for the development of a multi-year implementation plan that will improve financial reporting and operational processes and infrastructure

  • FEMA’s risk assessment methodology is intended to employ comprehensive risk management to enhance FEMA programs and operations


Risk assessment framework

Risk Assessment Framework

  • Combines traditional “bottom-up” and “top-down” stakeholder value approach


Risk assessment methodo logy

Risk Assessment Methodology

  • FEMA’s risk assessment methodology involves a five step process:

    • Planning – Gather information and conduct interviews

    • Drafting the Risk Strategy Map – Populate tool to capture and analyze risk

    • Evaluating Risk – Complete Risk Register Template

    • Prioritizing Activities – Prioritize based on Inherent Risk and Control Environment

    • Preparing the Annual Plan – Identify processes to be remediated by corrective action or assessed through Self Inspection Plan (A-123)


Risk assessment outcomes

Risk Assessment Outcomes

  • The intersection of the inherent risk rating and the control environment strength on the Risk Assessment Matrix details the proposed follow-up activity

High

Assessment of Controls

Remediation

5

4

3

2

1

Inherent Risk

Assess Controls on Rotational Basis

Lower Remediation Priority

Low

1 2 3 4 5

Strong

Weak

Control Environment


Value of the risk assessment

Value of the Risk Assessment

  • FEMA’s Risk Assessment Methodology provides the following benefits:

  • Includes ICOFR and ICOOPs processes/risks/controls

  • Directly links to actionable outcomes including: processes to be assessed and remediation areas of focus

  • Creates a simple, not overly complex methodology that is flexible and scalable for business needs

  • Has the approval and sponsorship of the ICB

  • Links to strategic goals and objectives

  • Forms an Annual Plan, which takes into account prioritization, current initiatives, and resource considerations


Fema moving forward

FEMA: Moving Forward


Moving forward

Moving Forward

  • Implement a process to more effectively and efficiently assess entity-wide risks, evaluate internal controls, improve processes, and achieve compliance with Federal requirements

  • Create an organizational structure and culture that promotes the importance and value of internal control and accountability throughout the agency

  • Promote the integration and coordination of internal control-related activities throughout the agency

  • Establish a formal standardized entity-wide process/methodology/tool for assessing risks to better prioritize internal control initiatives and remediation efforts and dedicate resources where most needed

  • Move beyond a compliance driven responsiveness toward strategic decision making based on risks


Fema s future state

FEMA’s Future State

FEMA’s future state will enable us to more effectively and efficiently assess entity-wide risks, evaluate internal controls, improve processes, achieve compliance with Federal requirements, and achieve program goals and business objectives

Internal Control Board

• Cross Functional

• Oversight

• Direction

• Monitoring

Program / Operations

Financial

Information Systems

  • FMFIA – Sec. 2

  • Charge Cards (A-123, App. B)

  • ICOFR (A-123, App. A)

  • IPIA/IPERA (A-123, App. C)

  • FMFIA – Sec. 4

  • FISMA

  • FFMIA

  • Mission Action Plans

  • Policies & Procedures

  • Business Process Redesign

  • Communication

  • Reporting & Tracking Progress

  • Training

Remediation

Benefits

  • Effective and Efficient Operations

  • Compliant with Laws & Regulation

  • Reliable Financial Reporting


Department of homeland security federal emergency management agency

Contact Information:

Kathy Hill: Director of Risk Management & Compliance – FEMA OCFO

Email: [email protected]


Department of homeland security federal emergency management agency

Questions


  • Login