New fiscal year brings into effect Circular A-123, which imposes internal controls within Federal agencies similar to those required of private firms by Sarbanes-Oxley
IT staffs at Federal agencies must now grapple with auditing requirements similar to those faced by private companies under Sarbanes-Oxley, thanks to Circular A-123, which went into effect in the 2006 fiscal year.
Among other things, agencies must produce an annual report on their internal financial controls, showing that the controls have been documented and tested. The new requirements are said to go beyond previous internal US government accounting requirements, and some observers wonder if the agencies will be able to find the money needed to implement them.
It is assumed that the main effort facing the agencies will be the same as it was in many private companies that instituted SOX compliance: not establishing new controls but uncovering and documenting what controls already exist.
The new A-123 rules derive from the revision of a law originally adopted in 1982. The new standards were released in December by the Office of Management and Budget.
Source: IT Compliance Institute