By implementing Onspring’s OMB A-123 out-of-the-box software, federal agencies can instill a structured, integrated, and automated approach to manage risk and stay compliant, saving measurable time and effort – all without the need for IT or DevOps resources.
“Federal agencies still relying on manual spreadsheets, email silos, or legacy software to manage risk, internal controls, and POA&Ms can now take advantage of the best-in-class automation tried and tested in the private sector,” said Brett Sommers, Director of Product at Onspring. “Our OMB A-123 Risk & Controls software represents a significant leap forward in enabling federal agencies to meet the evolving demands of enterprise risk management and control compliance. We remain committed to delivering innovative solutions that drive efficiency, transparency, and compliance to the federal market.”
Onspring GovCloud OMB A-123 Risk & Controls software strategically aligns with the mandates of the Federal Managers Finance Integrity Act (FMFIA) and the Government Accountability Office’s (GAO) Green Book, ensuring comprehensive support for enterprise risk management capabilities and internal control processes. The software captures and categorizes controls based on type, including Controls Over Reporting, Fraud, Privacy, Security, and External Service Provider, in addition to providing dynamic scoping and testing of internal controls according to requirements. The software also offers full ERM capabilities, including risk identification, automated assessments, control evaluations, response tracking, and mapping to controls.
- Risk Profile Identification and Evaluation – Defines overall risk profile, establishes risk objectives, and facilitates ongoing risk identification and assessments while leveraging data to drive required reporting and communications with key stakeholders.
- Internal Control Management – Defines a system of internal controls, aligning with standard internal control components and principles outlined by the GAO Green Book. Enables internal control assessments and formal reporting of results, including the classification and evaluation of Internal Controls Over Reporting (ICOR) as outlined in OMB Circular A-123 Appendix A.
- Integration with POA&M Process – POA&M integration enables federal agencies to identify and classify deficiencies, establish corrective action plans, and report in real-time issue severity, ownership, and status.
- Stakeholder Management – Facilitates the assignment of Risk and Control Program Oversight responsibilities as outlined in the Circular in a centralized, real-time data platform for the Senior Management Council (SMC), Senior Assessment Team (SAT), and Risk Management Council (RMC).
- Availability of Control Components, Principles, and Attributes – Addresses the critical requirement of capturing and relating Internal Control Components, Principles, and Attributes. This framework is readily available to users for reference when defining and documenting internal controls, ensuring a robust and comprehensive approach to risk management.
This is the third cloud-based software product released by Onspring GovCloud in a FedRAMP environment to address federal agencies’ current and future risk management requirements. Earlier this year, Onspring GovCloud released a stand-alone POA&M Management product and a comprehensive Governance, Risk & Compliance (GRC) suite specifically designed for federal agencies.