Federal Intelligence Agency
Our client, a global systems integration firm, was supporting an Intelligence Agency’s System/ Applications Audit and Compliance Team to prepare for a Federal Information Systems Control Audit Manual (FISCAM) assessment and obtain an unqualified audit opinion.
- Financial Improvement and Audit Readiness (FIAR)
- ICD 503
The team’s mission was to ensure effective controls over the Agency’s technical infrastructure and business applications for the production of timely, reliable, and accurate data that can be independently validated and sustained.
TSGi identified an IT Assurance professional with the right education and professional experience mix to support the Intelligence Agency in this effort. Some key areas of support include:
- Assessing fifteen Information Systems/ Applications supporting financial operations
- Supporting the PMO and Integrated Audit Teams (IAT) for SSAE-16 requirements gathering
- Identifying recommendations and remediation plans/ meetings after conclusion of FISCAM assessments
- Providing expertise and execution in FISCAM, FIAR guidance, ICD 503/ DJSG, NIST SPs and FIPs, OMB Circulars, FMFIA, FFMIA, and SSAE-16
- Conducting evaluation of general controls and business process application controls for design and operating effectiveness through observation, inquiry, inspection, and re-performance
- Assisting in development, coordination, execution, and administration of SSAE-16s – project plan, control requirements collection and disbursement, liaison between SAACT and IATs/PMO, service providers, evaluation of received SSAE-16s for compliance and strategies for corrective action plans
As a result of these efforts, the Intelligence Agency is achieving IT Audit Recommendations as if the systems are going through an actual FISCAM Audit. Plans of Action and Milestones (POAMS) and Corrective Action Plans (CAP) for each system that was assessed have been or are being developed. This will help the Agency in identifying and addressing issues as they prepare for the future audits. This project also resulted in conducting Gap Analysis for systems that are not up to date with NIST standards.