OMB has revised its guidance to agencies on reporting of data integrity risks, primarily to comply with requirements of the Digital Accountability and Transparency Act, or DATA Act, for public reporting of spending, and with the recently issued President’s Management Agenda’s requirement to reduce reporting burdens on agencies while still maintaining transparency.
Memo M-18-16 notes that “agencies are subject to many legislative and regulatory requirements that promote and support effective internal controls,” including its own Circular A-123. That circular and its Appendix A requires agencies to provide an annual “assurance statement” on the overall adequacy and effectiveness of their internal controls related to operations, reporting, and compliance.
“Prior to this update, Appendix A was prescriptive and rigorous in what agencies were required to implement in order to provide reasonable assurances over internal controls over financial reporting. This update balances that rigor with giving agencies the flexibility to determine which control activities are necessary to achieve reasonable assurances over internal controls and processes that support overall data quality contained in agency reports,” it says.
The memo further requires agencies to develop a data quality plan to achieve the objectives of the DATA Act Act and review and assess it annually for three years or until the agency determines that sufficient controls are in place to achieve the reporting objective.