Department of Homeland Security
1 / 31

Department of Homeland Security Federal Emergency Management Agency - PowerPoint PPT Presentation

  • Uploaded on

Department of Homeland Security Federal Emergency Management Agency Association of Government Accountants Improving Controls Can Improve Program Performance Audio Conference on Internal Controls June 8, 2011. Agenda. FEMA’s History FEMA’s Audit Remediation/Internal Control Efforts:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Department of Homeland Security Federal Emergency Management Agency' - gardenia-dudley

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Department of Homeland Security

Federal Emergency Management Agency

Association of Government Accountants

Improving Controls Can Improve Program Performance

Audio Conference on Internal Controls

June 8, 2011


  • FEMA’s History

  • FEMA’s Audit Remediation/Internal Control Efforts:

    • Mission Action Plan (MAP) Process

    • Internal Control Board

    • Internal Control Program

    • A-123/IPIA Program

    • Accomplishments and Impact

    • Risk Assessment

  • Moving Forward

Financial statement audit history
Financial Statement Audit History

  • In FY06, FEMA had a total of six material weaknesses (MWs) and contributed to the Department’s disclaimer conditions

A 123 ipia history
A-123/IPIA History

  • FEMA began A-123 compliance activities in FY06 and performed TOD/TOE assessments of several business processes

  • FEMA focused on remediating internal control weaknesses in FY08 and resumed its A-123 assessments in FY09

  • FEMA began IPIA compliance activities in FY06 and tested one Program

  • FEMA was non-compliant with IPIA requirements until FY08

Fema audit progress
FEMA Audit Progress

  • FEMA has made significant progress over the past 5 years to strengthen its internal controls and reduce control weaknesses

Mission action plan map
Mission Action Plan (MAP)

  • Definition: An overall plan that FEMA’s management creates to correct specific deficiencies. These plans contain items such as a Root Cause Analysis and milestones with specific completion dates and remedial actions.

  • Process:

Root cause analysis
Root Cause Analysis

Definition:The specific underlying cause(s) of events that lead to control deficiencies. They fall under one or more of the following areas:

  • Human Capital – Insufficient training, need for more people, or wrong people in positions

  • Process – Break in the process flow, need for updated or additional processes

  • Policy – Insufficient or no policies or procedures in place

  • Systems – System failures or inadequate systems

    Benefits of an Effective RCA:

  • Critical to preventing similar recurrences

  • Over time, the root causes identified across the population of control deficiencies can be used to target major opportunities for improvement

Case study financial reporting
Case Study – Financial Reporting


  • Lack of sufficient resources with the required financial management skill set within the OCFO to ensure segregation of duties and oversight over the financial reporting process

  • Inadequate processes and controls to ensure that all adjustments are fully researched, substantiated, documented, and/or appropriately reviewed prior to preparation and submission of financial data to the Department

  • Insufficient level of review and approval of supporting documentation for significant JVs recorded in the general ledger/Treasury Information Executive Repository (TIER)

  • Lack of policy and procedures and clearly documented roles and responsibilities over the financial reporting process

  • Systematic errors related to incorrect attributes and poor data quality

    Corrective Actions

  • Filled strategic OCFO vacancies to aid in implementing corrective actions to correct control weaknesses

  • Developed and implemented improved control procedures over the TIER process (including TIER to GL reconciliation procedures)

  • Developed and published budget/finance blueprint to improve accuracy of budget entries

  • Updated, published, and implemented OCFO’s Journal Voucher (JV) Process standard operating procedures

  • Improved JV documentation and the review/approval of JVs

  • Performed data clean-up

Internal control board icb
Internal Control Board (ICB)

  • Objectives

  • Support FEMA’s internal control structure through improved control awareness, communication, and coordination

  • Set the tone of the organization’s control environment

  • Prioritize, direct, and monitor internal control activities

  • Improve internal control environment and achieve objectives

  • Address enterprise-wide/cross-cutting internal control issues requiring collaboration at FEMA’s most senior levels of leadership

  • Structure

  • Chaired by the FEMA Deputy Administrator

  • Championed by the FEMA Administrator

  • Comprised of a cross-functional team of senior FEMA officials/representatives

Value of the ICB

  • Demonstrates commitment of senior leadership (“tone at the top”)

  • Provides the governance structure needed to improve internal controls and achieve program goals and business objectives

  • Establishes accountability throughout the agency

  • Increases awareness as to the importance of maintaining effective internal control through continuous monitoring

  • Improves integration and coordination of internal control-related activities

  • Positions agency to better address multiple requirements

  • Strengthens annual assurance statement process

Internal controls program icp overview
Internal Controls Program (ICP) - Overview

  • Created in November 2008 and chartered in January 2009

  • Key Functions:

    • Provides support to its divisions/offices to remain compliant with Federal internal control requirements:

      • Federal Manager’s Financial Integrity Act (FMFIA)

      • Office of Management and Budget (OMB) Circular A-123

    • Oversees the assessment of internal control within each Mission Support Bureau (MSB) Office to ensure compliance with governing legislative, regulatory, and Departmental guidance

    • Summarizes and communicates results of the assessments to FEMA’s Deputy Associate Administrator

    • Assists the MSB Offices in creating their annual Assurance Statements

Icp activities
ICP Activities

  • In FY11, the ICP performs the following activities:

    • Conducting a self-assessment of each MSB Office’s Entity-Level Controls (ELCs)

    • Coordinating the design and implementation of more effective/efficient Business Processes

    • Performing a FEMA-Wide Risk Assessment to assist the Region and Program Offices create their Assurance Statements

  • Below is an example of the Tools & Templates used:

Icp structure
ICP Structure

ICP Chair:

FEMA Deputy Administrator

ICP Sponsor:

Director of RM&C

ICP Lead:

RM&C Staff

ICP Core Team

Value of the icp
Value of the ICP

  • Develops an internal control ethic in all employees

  • Identifies areas of weakness and vulnerability

  • Creates remediation plans to improve FEMA’s efficiency and effectiveness

  • Allows FEMA to stay ahead of auditors

  • Manages the Enterprise-Wide Internal Control Issues

  • Enhances focus on customer experience

  • Improves decision making

  • Increases accountability

  • Trains FEMA employees across FEMA programs

  • Moves control monitoring to the front end of the process

A 123 progress
A-123 Progress

*FEMA determined the need to perform an A-123 assessment

** DHS exempted FEMA from performing an A-123 assessment to focus on remediation efforts for FY2008

A 123 current year activities
A-123 – Current Year Activities

  • Perform A-123 assessments over the Fund Balance with Treasury Process and the Purchase and Fleet Card Programs

  • Extend assessments to focus on internal controls over operations

  • Integrate A-123 into the Internal Control Program

Ipia progress
IPIA Progress

  • FEMA began IPIA compliance activities in FY06 and tested one Program

  • For FY11, FEMA is testing nine Programs (including the Port Security Grant Program (PSGP))

  • FEMA’s past and current IPIA activities include testing, risk assessments, pilot studies, and communications strategy development

  • Over time, FEMA Programs have taken on increasing levels of responsibility for and collaboration with IPIA testing and related activities

Accomplishments and impact
Accomplishments and Impact

FEMA has performed activities to improve its internal controls and program performance including, but not limited to:

  • Implemented an audit remediation and internal controls strategy that has led to the successful downgrading/elimination of 5 out of 6 material weaknesses

  • Sustained progress to date through continued efforts to monitor and strengthen internal controls over financial reporting and operations

  • Improved communication with external auditor resulting in a more effective and efficient annual financial statement audit

  • Enhanced Management’s assessment of internal controls over financial reporting and operations

  • Improved awareness, communication and coordination at all levels of the agency

  • Integrated processes and assessments

  • Established the ICB to address enterprise-wide/cross-cutting issues

Risk assessment overview
Risk Assessment Overview

  • FEMA faces a variety of risks that could detract from its mission to build, sustain, and improve the Nation's capability to prepare for, protect against, respond to, recover from, and mitigate all hazards

  • FEMA’s risk assessment methodology is flexible and scalable to allow for the development of a multi-year implementation plan that will improve financial reporting and operational processes and infrastructure

  • FEMA’s risk assessment methodology is intended to employ comprehensive risk management to enhance FEMA programs and operations

Risk assessment framework
Risk Assessment Framework

  • Combines traditional “bottom-up” and “top-down” stakeholder value approach

Risk assessment methodo logy
Risk Assessment Methodology

  • FEMA’s risk assessment methodology involves a five step process:

    • Planning – Gather information and conduct interviews

    • Drafting the Risk Strategy Map – Populate tool to capture and analyze risk

    • Evaluating Risk – Complete Risk Register Template

    • Prioritizing Activities – Prioritize based on Inherent Risk and Control Environment

    • Preparing the Annual Plan – Identify processes to be remediated by corrective action or assessed through Self Inspection Plan (A-123)

Risk assessment outcomes
Risk Assessment Outcomes

  • The intersection of the inherent risk rating and the control environment strength on the Risk Assessment Matrix details the proposed follow-up activity


Assessment of Controls







Inherent Risk

Assess Controls on Rotational Basis

Lower Remediation Priority


1 2 3 4 5



Control Environment

Value of the risk assessment
Value of the Risk Assessment

  • FEMA’s Risk Assessment Methodology provides the following benefits:

  • Includes ICOFR and ICOOPs processes/risks/controls

  • Directly links to actionable outcomes including: processes to be assessed and remediation areas of focus

  • Creates a simple, not overly complex methodology that is flexible and scalable for business needs

  • Has the approval and sponsorship of the ICB

  • Links to strategic goals and objectives

  • Forms an Annual Plan, which takes into account prioritization, current initiatives, and resource considerations

Moving forward
Moving Forward

  • Implement a process to more effectively and efficiently assess entity-wide risks, evaluate internal controls, improve processes, and achieve compliance with Federal requirements

  • Create an organizational structure and culture that promotes the importance and value of internal control and accountability throughout the agency

  • Promote the integration and coordination of internal control-related activities throughout the agency

  • Establish a formal standardized entity-wide process/methodology/tool for assessing risks to better prioritize internal control initiatives and remediation efforts and dedicate resources where most needed

  • Move beyond a compliance driven responsiveness toward strategic decision making based on risks

Fema s future state
FEMA’s Future State

FEMA’s future state will enable us to more effectively and efficiently assess entity-wide risks, evaluate internal controls, improve processes, achieve compliance with Federal requirements, and achieve program goals and business objectives

Internal Control Board

• Cross Functional

• Oversight

• Direction

• Monitoring

Program / Operations


Information Systems

  • FMFIA – Sec. 2

  • Charge Cards (A-123, App. B)

  • ICOFR (A-123, App. A)

  • IPIA/IPERA (A-123, App. C)

  • FMFIA – Sec. 4



  • Mission Action Plans

  • Policies & Procedures

  • Business Process Redesign

  • Communication

  • Reporting & Tracking Progress

  • Training



  • Effective and Efficient Operations

  • Compliant with Laws & Regulation

  • Reliable Financial Reporting

Contact Information:

Kathy Hill: Director of Risk Management & Compliance – FEMA OCFO

Email: [email protected]