Assessment of Information Technology Systems That Enable and Sustain Audit Readiness
Joint DON Memo - Publish Date: 09/17/12
This memo provides details on the process the Department of the Navy must follow to improve financial information and move towards auditable financial statements. They must do this in order to comply with the challenge put forth by the Secretary of Defense to attain financial auditability by 2014. The FY2011 National Defense Authorization Act requires the Department of Defense to be audit ready by 2017.
Subj: Assessment of Information Technology Systems That Enable and Sustain Audit Readiness
Ref: (a) UNSECNAV memo of 10 Jan 12, Subj: Achieving Audit Readiness
(b) UNSECNAV memo of 3 Dec 10, Subj: DON IT/Cyberspace Efficiency Initiatives and Realignment
(c) DON CIO memo of 20 Dec 10, Subj: DON IT/Cyberspace Efficiency Initiatives and Realignment Tasking
(d) DON CIO memo of 15 Dec 11, Subj: DON IT Policy Guidance for Fiscal Year 2012
Encl: (1) List of the Defense Business Systems
1. The Department of Defense (DoD) is the only major federal agency that has not received a qualified financial audit opinion. The FY2011 National Defense Authorization Act requires the DoD to be audit ready by 2017. The Secretary of Defense (SECDEF) has challenged DOD to attain financial auditability by achieving audit readiness of the Statement of Budgetary Resources (SBR) by 2014. To comply with the law, the Department of the Navy (DON), in conjunction with the DoD is in the process of improving financial information and moving towards auditable financial statements. By reference (a), the Under Secretary of the Navy (UNSECNAV) has been fully engaged in this effort and has emphasized that achieving this ambitious audit readiness goal will require us to work together closely. Your personal attention and active participation are required to ensure the success of our audit readiness efforts.
2. The outputs of audit readiness activities will enable the DON to make more informed resource allocation decisions, execute efficient business processes to support our warfighting, and improve effectiveness of Command business and financial operations. Audit readiness is also an important way to give Congress and taxpayers confidence in our fiscal stewardship – especially at a time when costs are exponentially rising and budgets are decreasing. Per references (b), (c), and (d) the Department has several initiatives in place that complement and further audit readiness, specifically the reduction of applications and systems that do not meet the DON business, information technology (IT), and financial process standards.
3. Our Defense business IT systems (includes financial and non-financial feeder systems) are a part of the critical infrastructure that will support our ability to achieve and sustain an auditable business and financial environment. Based on information maintained in the DON variant of the DoD IT Portfolio Repository (DITPR-DON), over 190 systems (enclosure (1)) support the Department’s complete set of financial statements. A comprehensive assessment of the business processes and data within these systems is key to our success in achieving audit readiness objectives.
4. Previously, DoD Financial Improvement and Audit Readiness (FIAR) guidance only required the review of Defense Information Assurance Certification and Accreditation Process (DIACAP) scorecards. Based on feedback from previous assertion attempts, the DIACAP procedures have proven to be insufficient to satisfy audit readiness requirements. Current guidance from the FIAR Directorate identifies the Federal Information System Controls Audit Manual (FISCAM) control activities and techniques for a financial statement audit as the authoritative measure to support audit readiness assertions.
5. As a result of the need to have strong internal controls, the DON is performing pre-audit assessments of our important Defense business systems across all business segments. Your personal attention is required to ensure the success of these assessments as it relates to the IT controls that are owned and operated by the system program managers.
6. We request that you provide both a Command Information Officer and Financial Management Point of Contact (POC) for the Defense Business System(s) identified in enclosure (1) for your organization. The Command Information Officer will be the lead for the business system and business feeder system and the Financial Management POC will be the lead for the financial data and financial business process. Your Command Information Officer, in conjunction with the Financial POC, will coordinate with other key IT, program, and subject matter expert personnel within your organization to support this audit readiness effort for the next 120 days. Your Command Information Officer and Financial Management POC will provide in writing a complete list of the systems owned and operated for your organization to Ms. Anna Tarrant, DON CIO (firstname.lastname@example.org) and Ms. Patricia Dickerson, OASN(FM&C/FMO) (email@example.com), within 10 business days from the date of this memo. Once these POCs are identified and communicated to Ms. Tarrant and Ms. Dickerson, the following activities will be scheduled and your participation is requested for:
- Attending working group sessions that will provide context to the importance of IT controls testing for financial statement audits, understanding the FISCAM methodology and how the DON is approaching its execution in support of audit readiness;
- Conducting self assessments based on the FISCAM methodology and DON FMO guidance;
- Working with the DON FMO to develop and implement corrective action plans as necessary; and
- Ensuring this group's outcomes and recommendations are in alignment and coordinated with current ongoing efficiency-related initiatives within the ASN (RD & A), DCMO, and DON CIO communities.
7. With your full support, we can identify our control deficiencies early and work to correct them before the formal audits begin. This will increase the level of reliance that internal auditors have on our systems and therefore decrease the amount of detail work that must be done to issue an audit opinion. Your leadership and support is essential to the DON's ability to achieve auditable financial statements.
Terry A. Halvorsen
Department of the Navy Chief Information Officer
Eric K. Fanning
Deputy Under Secretary of the Navy/Deputy Chief Management Officer
Gladys J. Commons
Assistant Secretary of the Navy (Financial Management and Comptroller)
Sean J. Stackley
Assistant Secretary of the Navy (Research Development and Acquisition)