Sneak Preview: OMB Revises Circular A-123 To Integrate ERM

August 12, 2016 | By Jerry Ashworth | Post a Comment

xsass_bookshot(The following was excerpted from a recent article in the Single Audit Information Service.) The Office of Management and Budget (OMB) has revised Circular A-123, which now integrates enterprise risk management (ERM) with internal controls in federal program planning and operations to improve accountability.

OMB Circular A-123 defines federal agency management’s responsibility for ERM and internal control, and provides guidance for implementing ERM practices and for establishing, maintaining and assessing internal control effectiveness. Formerly known as Management’s Responsibility for Internal Control, the revised Circular A-123 is now entitled Management’s Responsibility for Enterprise Risk Management and Internal Control. According to OMB, “The circular emphasizes the need to integrate and coordinate risk management and strong and effective internal control into existing business activities and as an integral part of managing an agency.”

Circular A-123 is issued under the authority of the Federal Managers’ Financial Integrity Act of 1982 (31 U.S.C. 3512), and the Government Performance Results Act Modernization Act (Pub. L. 111-352). In the circular, which was not one of the eight OMB circulars that was rolled into the uniform guidance, OMB states that ERM is “an effective agencywide approach to addressing the full spectrum of the organization’s external and internal risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos. ERM provides an enterprise-wide, strategically-aligned portfolio view of organizational challenges that provides better insight about how to most effectively prioritize resource allocations to ensure successful mission delivery.”

ERM is a process through which agencies and organizations look at potential risks that could adversely affect the conduct of business. ERM is explained by the Council of Sponsoring Organizations of the Treadway Commission (COSO), which also developed the COSO Framework for internal controls, noted in the uniform guidance (§200.303), as “a process, effected by an entity’s board of directors, management and other personnel applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

(The full version of this story has now been made available to all for a limited time on Thompson’s Grants Compliance Expert site.)


Post a Comment

Your email is never shared. Required fields are marked *