This Circular defines management’s responsibilities for enterprise risk management
(ERM) and internal control. The Circular provides updated implementation guidance to Federal
managers to improve accountability and effectiveness of Federal programs as well as mission support operations through implementation of ERM practices and by establishing, maintaining,
and assessing internal control effectiveness. Dated July 15, 2016.
Pursuant to OMB Circular No. A-123, agencies are required to manage risk in relation to achievement of reporting objectives. Prior to this update, Appendix A was prescriptive and rigorous in what agencies were required to implement in order to provide reasonable assurances over internal controls over financial
reporting (ICOFR). This update balances that rigor with giving agencies the flexibility to
determine which control activities are necessary to achieve reasonable assurances over internal
controls and processes that support overall data quality contained in agency reports. Updated June 6, 2018.
The goal of this revised version of OMB Circular A-123 's Appendix C is to transform the
improper payment compliance framework to create a more unified, comprehensive, and less
burdensome set of requirements. Updated June 26, 2018.
Emphasizes the need to keep confidential the Executive Branch's internal deliberations regarding the various issues and options that were considered in the process leading to the President's budget decisions. Dated April 25, 2001.
Provides a checklist from the National Institute of Standards and Technology (NIST) for protection
of remote information. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. Dated June 23, 2006.
Provides a list of existing requirements and questions department or agency assessment teams should utilize, as an initial step, to assess the current state of information systems security. Dated January 3, 2011.
This memorandum provides agencies with guidance for managing information security risk on a continuous basis and builds upon efforts towards achieving the cybersecurity Cross-Agency Priority goal. Dated November 18, 2013.
This memorandum provides agencies with fiscal year (FY) 2019 reporting guidance and deadlines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). This memorandum also consolidates several government-wide reporting requirements into a single document to eliminate duplicative or burdensome processes. Dated October 25, 2018.