130 likes | 470 Views
Introduction System Access Rights (PBIS and Navy ERP). . Audit Readiness.
E N D
Audit Readiness The challenges of financial management at the Department of Defense (DoD) has been well documented. Neither the Department nor the Military Services has successfully passed the scrutiny of an independent audit. As a result, each Service has been directed by the Under Secretary of Defense (Comptroller) (USDC(C)) to undertake efforts to provide financial information with greater reliability, accuracy, and timeliness. A critical factor in these efforts at the Navy is the Financial Improvement Program (FIP). The Naval Sea Systems Command (NAVSEA) FIP represents a series of Department of the Navy (DoN)-wide and command-specific efforts designed to enhance internal controls, standardize processes, and obtain an unqualified audit opinion. The following training material is a part of that effort to provide the NSWC Carderock community an overview of key internal controls for Property, Plant and Equipment in preparation for a financial audit.
Potential Weaknesses and Deficiencies This module explains the steps and documentation necessary for the NAVSEA comptroller representative to ensure that all system users have the appropriate system access rights and that all SAARs are reviewed and approved by authorized supervisors Unauthorized personal could gain access to PBIS. Unauthorized personal could gain access to the Navy ERP system. Unauthorized transactions could occur in PBIS. Unauthorized transactions could occur in the Navy ERP system.
Obtain the list of total population of users with read and write access Obtain a listing of PBIS and Navy ERP users Obtain and inspect the associated SAARs. Identify any “super users” and/or system administrators Module Assessment Quiz Module Review
Performance The performance of this control is on a yearly basis
Control Description Access to revise budgetary data in PBIS and Navy ERP is based on the employee’s job function. Requests for access and user rights are reviewed and approved by the FMB and/or command management, as evidenced by the associated SAAR. (Manual, Preventive).
References - • Listing of PBIS and Navy ERP users • System Authorization Access • Request Forms (DD 2875s) -
Methodology As part of the FIP sustainment effort, NAVSEA HQ and the GF field activities comptroller departments need to implement the following steps to mitigate any potential risks associated with this process.
MethodologyStep1 Obtain a system generated listing of PBIS and Navy ERP users with access to budgetary control modules.
MethodologyStep 2 Obtain the list of total population of users with read and write access in the systems.
MethodologyStep 3 Obtain and inspect the associated SAARs to verify that access was approved by the appropriate member of management. If there is no documentation supporting management’s review and approval, note the exception.
MethodologyStep 4 Identify any “super users” and/or system administrators and confirm that administrator access was utilized appropriately. If access was used to circumvent internal controls, note the exception.