Accountability & Audit Readiness: Sustaining Army’s Strength

Managers’ Internal Control ProgramFY 2015 1st Quarter Teleconference

21 October 2014

Office of the Assistant Secretary of the Army (Financial Management & Comptroller) (OASA(FM&C))

Accountability & Audit Readiness: Sustaining Army’s Strength

Roll Call Opening Remarks FY 2015 Schedule of Events FY 2015 Open Material Weaknesses FY 2015 ASOA Preparation/AAA Audit Enterprise Governance, Risk and Compliance

(GRC) Update Future Significant Events Questions/Comments

Agenda

2

Accountability & Audit Readiness: Sustaining Army’s Strength

Opening Remarks

3

FY 2015 Schedule of EventsCompleted Date Event OPR

√ 9 Oct 2014 1st Qtr Senior Level Steering Group/Senior Assessment Team (SLSG/SAT) SLSG

21 Oct 2014 1st Qtr Teleconference with Reporting Organizations SAFM-FO

8 Jan 2015 2nd Qtr Teleconference with Reporting Organizations SAFM-FO

15 Jan 2015 2nd Qtr SLSG/SAT SLSG

2 Apr 2015 3rd Qtr Teleconference with Reporting Organizations SAFM-FO

9 Apr 2015 3rd Qtr SLSG/SAT SLSG

15 May 2015 Annual statements from Army commands (ACOMs), Army service component commands (ASCCs) and direct reporting units (DRUs) due to OASA(FM&C) Commands

29 May 2015 Annual statements from HQDA Principal Officials due to OASA(FM&C)HQDA

Principal Officials

4

FY 2015 Schedule of EventsCompleted Date Event OPR

18 Jun 2015 Draft Army statement of assurance delivered to SLSG/SAT members for coordination

SAFM-FO

26 Jun 2015 SLSG/SAT member comments on draft Army statement due to OASA(FM&C) HQDA Principal Officials

1 Jul 2015 4th Qtr Teleconference with Reporting Organizations SAFM-FO

9 Jul 2015 4th Qtr SLSG/SAT SLSG

21 Jul 2015 Release final draft Army statement thru DASA(FO) to SecArmy for signature SAFM-FO

24 Aug 2015 Final signed Army statement delivered to the Secretary of Defense SAFM-FO

5

FY 2015 Open Material Weakness(Carried over from FY 2014)

• Status of Open Material weaknesses:

– 6 Open Internal Control over Operations Expeditionary Contracting Oversight of Service Contracts Reporting of New Equipment in Transit Second Destination Transportation (SDT) Reporting Accurate Obligations for the Permanent Change of Station (PCS) Program Basic Allowance for Subsistence (BAS)

– 23 Open Internal Control over Financial Reporting (ICOFR) General Fund – 13 Army Working Capital Fund – 10

– 3 Open Internal Control over Financial Systems (ICOFS) GFEBS – Super User Privileged Management (SPM) access to application layer GFEBS – Configuration Management LMP – Army Working Capital Fund systems do not collect and record financial

information as required by U.S. Generally Accepted Accounting Principles (GAAP)

6

Accountability & Audit Readiness: Sustaining Army’s Strength

FY 2015 ASOA Preparation

7

Accountability & Audit Readiness: Sustaining Army’s Strength

No significant changes from FY 2014 ASOA guidance. FY15 guidance is routing for signature and will be

issued soon. FY15 Army Audit Agency (AAA) Audit

– Planning meeting held with DASA (FO) on 10 October 2014– Objectives of audit:

• MICP – verify the program provides effective oversight of operational and financial internal controls.

• Audit Readiness – verify Army activities have sufficient processes and procedures support and sustain financial audit readiness.

– Priority and Order of Review:• 2 – 3 commands with SBR/SBA priority in first quarter • 4 – 8 commands for GE and OM&S in 2nd and 3rd quarter

FY 2015 ASOA Preparation/AAA Audit

8

Accountability & Audit Readiness: Sustaining Army’s Strength

Enterprise Governance, Risk and Compliance (GRC) Update

9

Accountability & Audit Readiness: Sustaining Army’s Strength

Principal Mission Requirements for Directorate of Accountability and Audit Readiness:

– Ensure compliance with Congressionally-mandated milestones to produce auditable financial statements by 2017

– Ensure compliance with provisions of OMB Circular A-123 governing the Managers’ Internal Control Program (MICP)

Both missions require an effective strategy of integrating overall risks and controls with existing ERP and other systems and key processes to achieve and sustain an effective audit ready posture

Government Accountability Office report (GAO-13-123) cited DoD as a whole with not following many risk management principles necessary for effective risk management

Integrity of our processes and controls and the audit readiness of our financial statements are driving the need for a sound and comprehensive GRC strategy!

Background Review

10

Accountability & Audit Readiness: Sustaining Army’s Strength

Applies an integrated internal controls approach. Leverages IT tools for efficiency of documentation, testing

and remediation. Greatly reduces manual controls and increases automated

controls. Documents evidence supporting the Annual Statement of

Assurance and reduces dependence on manual data calls. Provides Senior Level Management performance

indicators/metrics in a “Dashboard Environment” to improve decision capabilities.

Benefits of Enterprise GRC Environment

11

Accountability & Audit Readiness: Sustaining Army’s Strength

Enterprise GRC Working Group established in early 2013 to integrate perspectives of Audit Readiness, ERP development and sustainment teams , AESIP Data Hub and OBT.

Problem Statement defining the Financial Management needs of the Army Enterprise for an automated risk management solution approved in December 2013.

Performance of Work Statement developed and provided to APG contracting office for solicitation of vendor proposals.

Contract awarded to Kearney & Company on 06 May 14– Contract end date is 29 December 2014

Kick-off meeting held with Kearney & Company team on 09 May 14.

Army Enterprise GRC Initiative

12

Accountability & Audit Readiness: Sustaining Army’s Strength

Evaluate the Army strategy for Financial Risk Management and approach for key financial systems

– Identification of key risks within the General Fund Enterprise Business Systems (GFEBS), Global Combat Support System – Army (GCSS-A) and Logistics Management Program (LMP) ERP systems

– Projection of potential risks encountered within the Integrated Pay and Personnel System – Army (IPPS-A) ERP system

– Application of controls to address identified risks

– Analysis of factors that impact sound risk management such as command and control structure, maturity of current systems, personnel and resource constraints and existing policies

– Non-financial reporting and system risks identified through the MICP within Army subordinate commands

Kearney GRC Contract: Task 1

13

Accountability & Audit Readiness: Sustaining Army’s Strength

Top 3 Recommendations

Focus on building Army wide risk management capabilities prior to focusing on the technology to support GRC, they can be implemented “slightly” in parallel with the technology lagging by a minimum of 6 – 9 months

– Establish a program to drive accountability and transparency and simplify / integrate existing risk management activities and committees into a coordinated program with a clear vision, objectives and executive support

– Utmost focus should be placed on the people and the process, technology will not succeed without well trained people and standardized process to support an enterprise wide program with varying mission goals, objectives and outputs

Develop a plan to converge GRC technology implementation in the ERPs with the enterprise wide GRC technology consideration/implementation

– Maturity of the application and general controls within the ERPs is a major driver of GRC technology success at the enterprise level

Develop GRC technology requirements for all levels of the organization and for all stakeholders, utilize a top-down/bottoms-up approach to requirements documentation and development, identify all dependencies as early as possible

– Select key Commands/reporting organization and or HUB to pilot risk management implementation and roll-out

Strategy Function / Management ExecutionResources

Accountability & Audit Readiness: Sustaining Army’s Strength

Assess Army Enterprise GRC Informational Needs

– Identification of key data management requirements

– Identification of key metrics measurements requirements

– Identification of continuous monitoring requirements – Identification of financial management and other ad hoc

reporting requirements

Kearney GRC Contract: Task 2

15

Accountability & Audit Readiness: Sustaining Army’s Strength

Requirements for Army’s GRC Informational Needs

16

Accountability & Audit Readiness: Sustaining Army’s Strength

Evaluate potential Enterprise GRC solutions

– Review and assess Enterprise GRC business requirements

– Assess alternative Enterprise GRC solutions to meet Army’s business requirements

– Implement pilot for validation

Kearney GRC Contract – Task 3

17

Accountability & Audit Readiness: Sustaining Army’s Strength

Complete Task 3 vendor assessments and analysis of GRC solution capabilities

Receive final deliverable products from Kearney – GRC Contract ends on December 29, 2014

Present Kearney assessment and recommendations to Army senior leadership in January 2015 for decision regarding way ahead

Next Steps

18

Accountability & Audit Readiness: Sustaining Army’s Strength

FY 2015 Audit Committee: 14 Nov 2014, 1300-1400 (EST)

FY 2015 2nd QTR Teleconference:8 Jan 2015, 1100-1200 (EST)

FY 2015 2nd QTR SLSG/SAT:15 Jan 2015, 1300-1430 (EST)(Pentagon Library Conference Center, Room B1)

Future Significant Events

19

Accountability & Audit Readiness: Sustaining Army’s Strength

Questions/Comments

20