With the Department of Defense (DoD) continuing its efforts of moving to the Risk Management Framework (RMF), Washington Headquarters Services (WHS) Financial Management Directorate (FMD) has established an independent team, which includes Global Shield IS, to perform a Federal Information Systems Controls Audit Manual (FISCAM) assessment of its Enterprise Resource Planning application and its surrounding environment.
FISCAM was established by the Government Accountability Office (GAO) and the President’s Council on Integrity and Efficiency (PCIE) as a complement to the Financial Audit Manual (FAM). FISCAM presents a methodology for performing information system control audits of Federal and other governmental entities in accordance with professional standards such as National Institute of Standards and Technology (NIST), Special Publication (SP) 800-53.
The FISCAM methodology provides a top-down, risk-based approach which evaluates:
- Entity-wide controls and their effect on audit risk
- IT General and Application controls and their impact on transaction processing
The FISCAM IT controls model is depicted below. Starting with the General Control categories and ending in the Business Process Application Controls.
The FISCAM team is conducting on-going testing efforts through March 31, 2015.