Information Technology Controls Self-Assessment Of Financially Relevant Information Systems
Joint DON Memo - Publish Date: 06/26/14
The purpose of this memo is to respond to the Secretary of the Navy's direction that the Department's Schedule of Budgetary Activity must be audit ready in Fiscal Year 2014, with full audit readiness achieved by 2017.
Subj: INFORMATION TECHNOLOGY CONTROLS SELF-ASSESSMENT OF FINANCIALLY RELEVANT INFORMATION SYSTEMS
Ref: (a) ASN (FM&C) and DON CIO Financial Information System Working Group (FISWG) Charter of 29 Jan 14
(b) ASN (RD&A), ASN (FM&C), DUSN/DCMO, and DON CIO Joint Memo of 17 Sep 12
(c) ASN (FM&C) and DON CIO Joint Memo of 7 Nov 13
Encl: (1) List of Systems Designated for IT Controls Self-Assessment
1. The purpose of this memorandum is to respond to the Secretary of the Navy’s direction that the Department's Schedule of Budgetary Activity (SBA) must be audit ready in Fiscal Year (FY) 2014, with full audit readiness achieved by 2017. The Assistant Secretary of the Navy (Financial Management & Comptroller) (ASN (FM&C)) and the Department of the Navy Chief Information Officer (DON CIO) established the Financial Information System Working Group (FISWG) in reference (a) as a decision-making body to define the DON financial systems target environment and prescribe corrective measures for audit-related enterprise deficiencies. Reference (b) directed that financially significant information technology (IT) systems employ National Institute of Standards (NIST) Special Publication 800-53 controls and Federal Information System Control Audit Manual (FISCAM) methodology supplemented by DON Office of Financial Operations (FMO) guidance. Reference (c) provides prioritized controls for implementation.
2. IT systems identified by FMO as significant to a financial statement audit will undergo third party FISCAM assessments. The remaining financially relevant systems will undergo the IT Controls Self-Assessment Process approved by the FISWG with ASN (FM&C) and DON CIO concurrence. The process is guided by six workbooks that program managers of the systems listed in enclosure (1) will complete in a phased approach to be determined by FMO.
3. Pilot studies of the self-assessment program are currently underway. Beginning in the Third Quarter of FY 2014 and after completion of these studies, FMO will contact system owners to schedule self-assessments. Responsible commands who are unable to meet the FMO-approved schedule should immediately notify their command Financial Improvement and Audit Readiness (FIAR) lead as well as FMO-2.
4. Questions or comments regarding this memorandum may be directed to
Mr. Danny Chae, OASN (FM&C) FMO, Accounting and Finance Systems Division, (FMO-1), at Danny.Chae@navy.mil or (202) 685-6729.
Department of the Navy
Chief Information Officer (Acting)
Assistant Secretary of the Navy
(Financial Management and Comptroller)