Onspring GovCloud Launches OMB A-123 Risk & Controls Software for Federal Agencies

 The cloud-based software is the first to offer OMB content in ready-made workflows and reports that directly integrate with POA&M processes.

OVERLAND PARK, Kansas, December 5, 2023 — Onspring GovCloud, a cloud-based GRC software platform with FedRAMP In Process designation, announced today the launch of its OMB A-123 Risk & Controls Management product – empowering federal agencies to meet the stringent requirements outlined in the Office of Management and Budget (OMB) Circular A-123, “Management’s Responsibility for Enterprise Risk Management and Internal Control.” The Onspring GovCloud OMB A-123 Risk & Controls product is the first cloud-based software offering OMB content in ready-made workflows and reports that directly integrate with POA&M processes.

OMB A-123 Control Summary in Onspring GovCloud

By implementing Onspring’s OMB A-123 out-of-the-box software, federal agencies can instill a structured, integrated, and automated approach to manage risk and stay compliant, saving measurable time and effort – all without the need for IT or DevOps resources.

“Federal agencies still relying on manual spreadsheets, email silos, or legacy software to manage risk, internal controls, and POA&Ms can now take advantage of the best-in-class automation tried and tested in the private sector,” said Brett Sommers, Director of Product at Onspring. “Our OMB A-123 Risk & Controls software represents a significant leap forward in enabling federal agencies to meet the evolving demands of enterprise risk management and control compliance. We remain committed to delivering innovative solutions that drive efficiency, transparency, and compliance to the federal market.”

Onspring GovCloud OMB A-123 Risk & Controls software strategically aligns with the mandates of the Federal Managers Finance Integrity Act (FMFIA) and the Government Accountability Office’s (GAO) Green Book, ensuring comprehensive support for enterprise risk management capabilities and internal control processes. The software captures and categorizes controls based on type, including Controls Over Reporting, Fraud, Privacy, Security, and External Service Provider, in addition to providing dynamic scoping and testing of internal controls according to requirements. The software also offers full ERM capabilities, including risk identification, automated assessments, control evaluations, response tracking, and mapping to controls.

Product highlights:

  • Risk Profile Identification and Evaluation – Defines overall risk profile, establishes risk objectives, and facilitates ongoing risk identification and assessments while leveraging data to drive required reporting and communications with key stakeholders.
  • Internal Control Management – Defines a system of internal controls, aligning with standard internal control components and principles outlined by the GAO Green Book. Enables internal control assessments and formal reporting of results, including the classification and evaluation of Internal Controls Over Reporting (ICOR) as outlined in OMB Circular A-123 Appendix A.
  • Integration with POA&M Process – POA&M integration enables federal agencies to identify and classify deficiencies, establish corrective action plans, and report in real-time issue severity, ownership, and status.
  • Stakeholder Management – Facilitates the assignment of Risk and Control Program Oversight responsibilities as outlined in the Circular in a centralized, real-time data platform for the Senior Management Council (SMC), Senior Assessment Team (SAT), and Risk Management Council (RMC).
  • Availability of Control Components, Principles, and Attributes – Addresses the critical requirement of capturing and relating Internal Control Components, Principles, and Attributes. This framework is readily available to users for reference when defining and documenting internal controls, ensuring a robust and comprehensive approach to risk management.

This is the third cloud-based software product released by Onspring GovCloud in a FedRAMP environment to address federal agencies’ current and future risk management requirements. Earlier this year, Onspring GovCloud released a stand-alone POA&M Management product and a comprehensive Governance, Risk & Compliance (GRC) suite specifically designed for federal agencies. 

OMB A-123 Risk Summary in Onspring GovCloud
POA&M Integration with OMB A-123 in Onspring GovCloud

About Onspring GovCloud

Onspring GovCloud is a no-code, cloud-based GRC software platform that enables risk reduction and compliance efficiencies to federal agencies through automated workflows, notifications, and real-time analytics. For five years running, Onspring has been named the #1 GRC software for its product features, customer experience, and ROI. Explore Onspring’s past performance across financial services, insurance, healthcare, logistics, and business services industries on the Onspring website.