OMB Circular No. A-123, Management's Responsibility for Internal ControlThis update to 0MB Circular A-123 reflects the Administration's commitment to combatting fraud, waste, and abuse in agency operations through the identification, response to, and remediation ofrisks.Prior versions of Circular A-123 have overly deferred to direction and priorities of external entities whose views are not binding on the Executive Branch such as the Government Accountability Office. Doing so has failed to prioritize agency internal control processes to adequately protect American taxpayer dollars, leading to documented examples of widespread abuse.
^^
In March the President signed Executive Order 14249 Protecting America's Bank Account Against Fraud, Waste, and Abuse which reinforced agencies' responsibilities under 0MB Circular A-123 to identify, prevent, and reduce fraud, waste, and abuse. It is the responsibility of all Federal managers to effectively manage the internal control process to identify, prevent, reduce, and eradicate risks. This update underscores that the ultimate goal of our internal control framework is to enable effective stewardship of taxpayer resources and operational accountability.
^^
Since 1981 , the Federal Manager's Financial Integrity Act (FMFIA) has mandated Federal agencies to establish internal controls and report annually on their effectiveness. Circular A-123 ensures federal agencies are accountable for their operations and finances, foster transparency, and responsibly manage and safeguard taxpayer funds.
^^
This Circular provides streamlined guidance for agencies to improve internal control assessment and continuous monitoring. All organizational levels and employees are responsible for internal control and identifying risks at every level of agency operation.
^^
This revision provides agencies with guidance on adopting a comprehensive, preventative, risk-informed approach to internal control that enhances decision-making, improves program performance, ensures the integrity of Federal operations, and protects Taxpayer dollars.
^^
The revision of Circular A-123 is effective upon issuance and supersedes all previous versions.
^^
Submitter's Note: This StratML rendition was compiled from the source by ChatGPT.Office of Management and Budget
OMB
89deda97-e8b1-414b-9469-4f7a605bcba0Russell T. VoughtDirector Federal agencies safeguard taxpayer resources and achieve mission objectives through effective, risk-informed, and continuously monitored internal control.3056141b-c7bb-4c9a-964e-aba69b9d416bTo guide executive agencies in establishing and maintaining internal control systems that improve operational effectiveness, strengthen accountability, manage risk, support reliable reporting, and ensure compliance with applicable laws and regulations.62151502-7323-4891-b16e-8e114b58524dIntegrityDemonstrate ethical conduct and honest stewardship throughout agency operations.AccountabilityAssign responsibility clearly and report candidly on control effectiveness and deficiencies.EfficiencyUse controls and resources in a cost-beneficial manner that improves program performance.TransparencyCommunicate internal control results, weaknesses, and corrective actions clearly to leadership and oversight bodies.StewardshipProtect Federal funds, assets, information, and public trust.PreventionPrioritize risk-informed preventive action against fraud, waste, abuse, and operational failure.IntroductionEstablish the statutory basis, purpose, and government-wide significance of internal control for Federal operations, reporting, compliance, and mission achievement.0be7d77a-d0bb-493d-8658-ab398539439b1DefinitionDefine internal control as a continuous process effected by oversight bodies, management, and personnel to provide reasonable assurance that operational, reporting, and compliance objectives will be achieved.a89b7857-4934-4d92-a9b4-8930b732fabe1.1ImportanceEmphasize the importance of internal control in mitigating risk, preventing fraud, waste, and abuse, preserving accountability, and maintaining public trust.14c0e122-9279-406f-9cb9-e0930fe08a6d1.2RolesAssign internal control responsibilities across leadership, management, and workforce levels so that accountability for design, implementation, oversight, and execution is clear.9ab137ee-06ad-4d61-b925-60eca4f2d0542LeadershipRequire agency heads and senior leaders to set the tone at the top, establish policy and governance, oversee risk and controls, and issue annual assurance statements under FMFIA.1e1d8a9a-88c4-428c-b005-97dc4750c0222.1ManagementRequire managers, program managers, and financial managers to monitor activities, identify risks, educate personnel, and ensure control activities operate effectively within their areas of responsibility.51784dcd-1814-4929-a457-7cdd01f5e88f2.2PersonnelRequire staff and personnel to perform assigned work in accordance with established controls, correct errors, and report risks or control failures to appropriate supervisors.072da46a-b558-40fc-b38e-1b0c292f92c72.3ImplementationEstablish requirements for effective internal control implementation at agency leadership and program or operational levels, including control environment, risk assessment, control activities, information and communication, monitoring, and training.fb7ab002-55bd-453b-a595-03fff567bd812.4FrameworkDefine the internal control framework through five components and associated principles that agencies should design, implement, and operate effectively and in an integrated manner.192b59d8-5087-4ece-9b97-d5290666f0d83EnvironmentEstablish a control environment grounded in integrity, ethical values, organizational structure, competence, and accountability.52b3ae1e-cc55-4295-a059-c44ce6c16c903.1AssessmentIdentify, analyze, evaluate, and respond to risks in light of mission objectives, risk appetite, risk tolerance, and significant internal or external change.e189cad3-169e-4fc5-a3a7-aa91275d5a103.2ActivitiesDesign and implement preventive and detective control activities through policies and procedures that mitigate risks to acceptable levels.0f43da30-e5c0-4770-b08c-45c357a105c33.3CommunicationGenerate and communicate relevant, timely, accurate, and quality information internally and externally to support the functioning of internal control.d0a69397-738f-44f9-a717-045f0a4c5ae33.4MonitoringContinuously monitor internal control components, evaluate performance over time, and resolve identified deficiencies promptly.37ccda8a-ab9f-4298-927c-cd40a43481013.5AssessmentManage and assess the internal control system through documentation, evaluation, deficiency identification, audits, and corrective action.36ce240f-ad93-4e80-aa71-048fbecac9814DocumentationMaintain sufficient documentation to support risk assessments, control design and operation, monitoring results, corrective action plans, and annual assurance statements.ddce8658-e88d-4ff5-9b1d-5a49b41eec6b4.1EvaluationConduct risk-based internal control assessments that evaluate principles, components, and the overall system of internal control against agency objectives.f3d4a8c1-092a-4cb0-8297-74b2bda9fa604.2DeficienciesIdentify, elevate, and analyze internal control deficiencies at every level of agency processes, including those requiring reporting to supervisory levels and Inspectors General.e7f6ee95-2f2e-49e6-8238-4c42cab2efcf4.3AuditsUse internal and external audits to evaluate control effectiveness, validate compliance, and inform improvement of internal control and risk management processes.899662b5-e800-4920-8196-da43c575ed434.4Corrective ActionDevelop, resource, track, test, validate, and document corrective action plans that address root causes and resolve identified control deficiencies without delay.3be0ff49-6dee-478b-a3ba-d48f6469aca64.5ReportingReport annually on internal control effectiveness, system conformance, deficiencies, and corrective actions in a clear and accountable manner.ccc7d758-0e8e-42b3-808f-081779ae65325AssuranceProvide annual assurance statements in the AFR, PAR, or other designated management report regarding the effectiveness of internal control and the conformance of financial management systems.6230cff0-f0b7-43fe-b724-2822d2b3acb35.1Deficiency ReportingDifferentiate among control deficiencies, significant deficiencies, and material weaknesses, and report each category at the level required by the Circular.f0e9a7c4-8f50-4b92-8754-5673a79d92545.2TransparencyCommunicate performance summaries, deficiency status, and corrective action progress to senior leadership, OMB, Congress, and other relevant oversight bodies as appropriate.cb730b85-08e7-4488-98f9-7b535b88d5355.3Risk ManagementIntegrate risk management into internal control so agencies can identify, assess, respond to, monitor, and report on risks affecting mission achievement.30097bd7-c038-464b-b139-226f0ffc90c16IntegrationEmbed risk management into internal control processes so that controls are informed by systematic assessment of likelihood, impact, and changing conditions.d48faab2-1e7e-439e-a939-bfd718cfe35a6.1ToleranceDefine risk tolerance and unacceptable events in relation to objectives, performance variance, and materiality.b4808aa3-7331-4fd7-9ea6-48b677955a1e6.2MonitoringMonitor legislation, funding, mission, program, and environmental changes so that risk responses and controls remain current and effective.f5de5a70-d632-4872-9066-2ea1cee2281a6.3Decision-MakingUse forward-looking risk management to improve risk-based decisions, reduce threats, and identify opportunities to enhance government efficiency and effectiveness.1a33ede0-c88c-4b36-92e2-7dff8f663f806.4PracticesEncourage agencies to strengthen internal control through practical methods, institutional structures, data use, training, and cross-functional coordination.c473c278-0316-4d11-a1b3-c7671d90dfc57BenchmarkingEstablish benchmarks and indicators to assess internal control effectiveness over time and in relation to mission needs and applicable standards.a7f1874b-e262-4451-962c-78ee62fe9bc57.1MetricsIncorporate performance metrics for executives and senior leaders that reinforce effective risk identification, mitigation, and control strengthening.b8f8680f-69d6-4da5-b33e-82a089377c367.2AutomationUse automated systems and technologies, where feasible, to streamline risk assessments, control testing, monitoring, and performance analysis.e6761beb-7494-4691-b749-d5c399ea17377.3CouncilsDevelop risk management councils and related governance mechanisms to oversee agency risk profiles, assessments, and responses.f04f44f0-1b95-46d8-8ad2-f52ee49e0adb7.4ProfilesCreate risk profiles that identify significant risks, sources of uncertainty, current and proposed responses, and portfolio-level tradeoffs.8a95b616-6c41-40cf-b21d-3b548db3849b7.5AnalyticsImplement data analytics to monitor key performance indicators, identify trends, uncover inefficiencies, and assess control effectiveness in real time.3d121bb5-cd3e-48fe-b580-b6cceb41582a7.6TrainingProvide regular training so employees understand risks, controls, policy changes, procedures, and technologies relevant to their responsibilities.ef5c349d-d470-46fa-952c-ae61ab5617a97.7CollaborationPromote collaboration across functions responsible for risk assessment, control implementation, strategic planning, and performance monitoring.ecf680ba-55dc-4aee-b050-060ca40361d67.8OversightMaintain oversight of service organizations and outsourced functions so third-party arrangements remain aligned with agency objectives, risk tolerance, and internal control responsibilities.256b18b2-51a0-4b76-81c1-7c878ed6ff207.9ConclusionReinforce the expectation that agencies will use effective internal control and risk management to safeguard resources, protect information, ensure compliance, and improve mission outcomes and accountability.254a1229-ae33-44e6-97a8-59ba1496abaa8Mission AchievementAdvance internal control systems that help agencies achieve Federal program missions and objectives successfully.4d5963bc-fa01-4b6a-b35e-f24c6e4e53cc8.1AdaptationStrengthen agency capacity to manage a broad range of risks and adapt internal control frameworks to increasingly complex operating environments.ddd2b5c8-cf53-4335-895a-c83c50d1fe948.22026-03-102026-04-19thttps://www.whitehouse.gov/wp-content/uploads/2026/03/OMB-Circular-No.-A-123-2026.pdfOwenAmburOwen.Ambur@verizon.net