110 likes | 213 Views
D epartment of F inance 2009 F inancial I ntegrity and S tate M anagers A ccountability A ct (FISMA). OSAE sets the PACE ~ Premier Auditing Consulting and Evaluations!. Review Phases. Phase I – Department Wide Risk Assessment Phase II – Identification of Controls and Control Testing
E N D
Department of Finance2009FinancialIntegrity andState Managers AccountabilityAct (FISMA) OSAE sets the PACE ~ Premier Auditing Consulting and Evaluations!
Review Phases • Phase I – Department Wide Risk Assessment • Phase II – Identification of Controls and Control Testing • Phase III – Corrective Action Plan • Phase IV – Subsequent evaluations
Phase I Department Wide Risk Assessment
Initial Meeting • Executive Management • Principle Functions • Questions related to the Principle Functions • What units are involved to accomplish this function? • How do we do it? • Who’s impacted by the results? • What could go wrong? • Results of the initial meeting – Risk Statements
Second Meeting • Word-smithed the Risk Statements • Option Finder • Likelihood • Impact • Heat Map
Phase II Identification of Controls and Control Testing
Control Discussion • Executive Management • Go over the Risk Statements • Identify Controls that are in place • Identify Controls that might be implemented • Complete the Risk and Control Matrix Risk and Control Matrix1.xls
Testing of Controls • Tested a sample controls to ensure they were working as intended. • Revisited the heat map. • Complete the Risk and Control Matrix Risk and Control Matrix2.xls
Phase IIICorrective Action • Executive Management’s responsibility • 30 day deadline • 6 month deadline
Phase IVSubsequent Evaluations • Continuous Process • Interim Evaluations • Re-evaluation of Risks and Controls • Lower Level Risk Assessments