FFMIA - Lessons Learned from the FFMIA Compliance Assessment Process

1. FFMIA - Lessons Learned from the FFMIA Compliance Assessment Process • Involve top management, without their backing you will not pass the validation. • Involve change management; every team is affected by blue book as every action has a financial reaction. Communicate FFMIA requirements to the entire project. Pass out the blue book to your functional teams so they will include the relevant blue book requirements in their scope definitions right up front. • Negotiate which requirements apply to your program. The four projects discussed had between 130 and 570 requirements applied to them. (There are over 1600 blue book requirements). • Tie each requirement to the test scenario that proves it; group them with their test scenarios as a scenario can test more than one requirement. Meet daily to agree which requirements have been tested, testing status and keep it in your requirements database. Use scenarios to test the requirements. EI Toolkit Document version 1.0, November 2003 Last validated: November 2003

2. Lessons Learned from the FFMIA Compliance Assessment Process • Ensure you have the right people, financially savvy, program savvy, SAP savvy, audit savvy. Don’t verge off the beaten trail; don’t explore; and follow the script. Don’t have the same person talk and drive SAP, as it is too confusing. Again, don’t get off the beaten trail. • Ensure the trail is beaten, review test scripts (dry run) before the testers get there. • Ensure you have test data because you can’t develop purchase orders in production. Easier if you are live for 6 months or so before you test so you have data. NEMAIS captured data just before year-end so they could do year- end closeouts. • Don’t schedule the test until you are ready; you can’t risk failure. • Some requirements can be passed with plans, i.e. archiving. Most of the projects didn’t have archiving capability, as it is expensive and not required for another two years. Testers on all four projects accepted plans and strategy documents. EI Toolkit Document version 1.0, November 2003 Last validated: November 2003

3. Lessons Learned from the FFMIA Compliance Assessment Process • FMEA website provides matrix on what changes and when you should be tested depending on whether you are a system of record. • Identify problem areas up front and layout your strategy for working around them. Manual work arounds are acceptable if you have a strategy in place. • Assign an FFMIA compliance manager and dedicate resources to meeting the requirements, preparing documentation and holding regular status meetings. Very detailed process. Good documentation and tracking are required. Develop an agreed upon process for tracking. • Take screen shots of each screen as you test, cross-reference to the requirement and develop a data file to provide to the testers. • Have a master list of all documentation required. You can never have too much documentation. Have it ready in advance and negotiate what documentation the ICF requires, so the list is complete (provide magnetically). EI Toolkit Document version 1.0, November 2003 Last validated: November 2003

4. Lessons Learned from the FFMIA Compliance Assessment Process • Properly define roles so users can execute required transactions. • Work with the testers so you may anticipate their needs. EI Toolkit Document version 1.0, November 2003 Last validated: November 2003