7
Inspector General Act (IG Act) of 1978, as amended, requires that IGs submit semiannual reports
to the Congress on significant abuses and deficiencies identified in their audits, and to
recommend actions to correct those deficiencies.
Just as Federal agency management has been subject to more stringent internal control
requirements than private sector entities, auditors of Federal entity financial statements have
traditionally been subject to more rigorous auditing requirements relating to internal control than
their counterparts in the private sector. Before the passage of the Sarbanes-Oxley Act and its
increased audit requirements, auditing standards in the private sector did not require auditors to
test internal control if they did not plan to rely on the internal control in performing their audit.
These standards also did not require auditors to publicly report, in writing, internal control
deficiencies found during the audit. In contrast, the auditing requirements issued by OMB for
audits of agency-wide financial statements under the CFO Act have always required the auditor
to perform sufficient tests of internal control to support a low assessed level of control risk for
those internal controls that have been properly designed and placed in operation. And since
1981, Government Auditing Standards have required auditors to publicly report, in writing,
deficiencies in internal control found during financial statement audits.
In addition to legislative and regulatory requirements, initiatives implemented by the
Administration have also strongly impacted the Federal control environment. Under the PMA,
OMB monitors internal control weaknesses regularly. To receive green, or a successful rating,
on the PMA scorecard, agencies must eliminate all internal control weaknesses. Quarterly, OMB
monitors agency performance in meeting corrective action plan targets established under the
PMA scorecard. Agencies are required to submit corrective action plans to OMB to resolve
internal control weaknesses reported. Quarterly, agencies are graded on their progress in
achieving the corrective action milestones contained in their plans. Across the government, a
total of 13 new weaknesses were reported in FY 2004 – a net increase of two new weaknesses
from FY 2003. This increase, albeit small, may be attributed to the accelerated reporting
requirement mandated by OMB, which placed greater emphasis on the need for effective
financial reporting controls. However, as internal control is strengthened at agencies to routinely
meet accelerated reporting dates, internal control weaknesses should be reduced. Total FMFIA
material weaknesses and nonconformances decreased by nearly 11 percent.
New Efforts to Improve Internal Control
In light of the new requirements for publicly-traded companies contained in the Sarbanes-
Oxley Act, OMB re-examined the existing internal control requirements for Federal agencies.
As a result, A-123, which implements FMFIA, has been revised to strengthen the requirements
for conducting management’s assessment of internal control over financial reporting. The
circular is effective beginning in fiscal year 2006.
A-123 recognizes that there is an appropriate balance between controls and risk in an
agency’s programs and operations. Too many controls can result in inefficient and ineffective
government. The benefit should outweigh the cost. Under A-123, agencies are required to
integrate their internal control efforts to meet the requirements of FMFIA with other efforts to
improve effectiveness and accountability. Internal control should be an integral part of the entire
cycle of planning, budgeting, management, accounting, and auditing. It should support the
effectiveness and the integrity of every step of the process and provide continual feedback to