Revised OMB Circular A-123: SOX for Federal Agencies
Hawkins, Kyleen W., Hardwick, Kim, The Journal of Government Financial Management
On December 21, 2004, the U.S. Office of Management and Budget (OMB) sent a memo to federal agency CFOs, COOs, CIOs and program managers announcing a rewrite of OMB Circular No. A-123, Management's Responsibility for Internal Control. The revisions to OMB A-1 23 are in response to the Sarbanes-Oxley Act of 2OO2, which contains increased internal control responsibilities for management and auditors of publicly traded companies.
The OMB revisions are an effort to help ensure that federal agencies' fiduciary responsibilities for public funds are fulfilled by strengthening requirements related to evaluating, documenting and reporting on internal controls. The internal control standards introduced by the rewrite are those found in the Committee of Sponsoring Organizations (COSO) control framework (described below). While the circular mainly relates to controls over financial reporting, agency management is also responsible for establishing and maintaining internal control to ensure effective and efficient operations and compliance with laws and regulations. Internal control requirements relate equally to the design of the control structure and the effective operation of the control structure over time, and are effective for fiscal year 2006. Agencies are encouraged to take steps in fiscal 2005 to prepare for the new requirements.
From the Foreign Corrupt Practices Act of 1977 to the Sarbanes-Oxley Act of 2002 (SOX), concern has been growing over the ability of organizations to prevent fraud and ensure accurate financial reporting. Despite early efforts of the securities and Exchange Commission (secX the American Institute of Certified Public Accountants (AICPA) and other organizations to promote the establishment of proper control systems, the 1980s saw myriad financial failures in the banking industry. Failures were particularly acute in savings and loan (S&L) institutions where S&Ls were losing money because of skyrocketing interest rates and a mismatch of assets and liabilities. In the short period between 1980 and 1982, S&L income plummeted from a high of $781 million to a low of negative $4.6 billion. During this same period, 118 S&Ls with $43 billion in assets failed. In addition to operational problems, numerous instances of fraud were uncovered in S&Ls and other institutions, including financial reporting frauds that served as attempts to hide some of the catastrophic losses that led to the business failures.
It was in the wake of the S&L crisis that the U.S. model for internal control was born. This model was developed by a committee formed in 1985 from five accounting organizations, which sponsored the National Commission on Fraudulent Financial Reporting, an independent, private sector organization that studied the causal factors that led to the fraudulent financial reporting of the 1980s. The National Commission on Fraudulent Financial Reporting was known as the Treadway Commission, so named after its chairman, James C. Treadway Jr. After delivering their report in 1987, the organizations that sponsored the Treadway Commission were asked to develop guidelines for companies to use in evaluating and improving their internal controls. So, the Treadway Commission's COSO developed a model of internal control called Internal ControlIntegrated Framework. However, the document, which has become the U.S. model for internal control, is simply referred to as "COSO."
From the time it was first published in 1992 until the passage of the Sarbanes-Oxley Act of 2002, implementation of the COSO model was largely voluntary and, therefore, sporadic at best. Only certain financial institutions with assets of more than $500 million were required to have internal certifications and external audits on their internal controls. COSO principles served as the benchmark for these attestations.
Much like the S&L crisis of the 1980s, the late 1990s and early 200Os saw a rash of financial frauds and business failures, including Enron, WorldCom, Tyco and others. …