Presentation is loading. Please wait.

Presentation is loading. Please wait.

FFMIA Systems Requirements Integrity - Service - Innovation

Published byCollin Thornton Modified over 6 years ago

Similar presentations

Presentation on theme: "FFMIA Systems Requirements Integrity - Service - Innovation"— Presentation transcript:

1 FFMIA Systems Requirements Integrity - Service - Innovation
Purpose To provide an update on the Project of Correlating the FFMIA Financial Management Systems Requirements to the FISCAM Hyper Critical Controls. FFMIA Systems Requirements 9/18/2018 Integrity - Service - Innovation

2 Why a Correlation of FFMIA and FISCAM Controls?
Duplication of efforts during testing and assessments exist FFMIA Requirements and FISCAM Controls testing is independent of one another however, both are systems related Many FFMIA Requirements supports FISCAM Controls System Managers and Customers may not recognize the FFMIA/FISCAM relationship Changing Environment Management changes Legacy and ERP’s system changes Volume of both the FFMIA Requirements and the FISCAM Controls to be tested and assessed Provide a useful tool to improve the efficiency and effectiveness for each effort Identify the correlation for customers 9/18/2018 Integrity - Service - Innovation

3 Benefits of the Linkage of FFMIA and FISCAM Controls
FFMIA Assessments and FISCAM Controls testing can be completed simultaneously Identify Linked FISCAM Controls to FFMIA Requirements and test and assess at the same time Leverage existing documentation to support the testing and assessment process Key Supporting Documentation (KSD) Deficiency Reports Corrective Action Plans Increase Operational Excellence 9/18/2018 Integrity - Service - Innovation

4 Example of FFMIA Requirements to FISCAM Controls
Identified FFMIA Requirement Linked Hyper Critical FISCAM Controls AS-2.2: Control Activity: Application users are appropriately identified and authenticated. Control Technique: Identification and authentication is unique to each user. All approved users should enter their user ID (unique) and password (or other authentication) to gain access to the application. DRRT DFAS Owned System BB# The system shall provide the capability for an authorized user to identify if an adjustment is required to change official accounting records or to correct errors made during the preparation of a cash report. AS-2.4.3: Control Activity: Access to the application is restricted to authorized users. Control Technique: Access is limited to individuals with a valid business purpose (least privilege). Linked Hyper Critical FISCAM Controls FFMIA-FISCAM Identified FFMIA Requirement BB# The system must generate an audit trail of transactions recorded as a document moves from its source through all document statuses. IN-2.5.3: Control Activity: Rejected interface data is isolated, analyzed and corrected in a timely manner. Control Technique: Audit trails are used to identify and follow-up on interface errors. The corrections to interface errors are included in the audit trail. CAPS-W DFAS Owned System AS-3.7.1: Control Activity: Movement of programs and data among libraries is controlled. Control Technique: A group independent of the user and programmers control movement of programs and data among libraries. Before and after images of program code are maintained and compared to ensure that only approved changes are made. Identified FFMIA Requirement CDS DFAS Owned System Linked Hyper Critical FISCAM Controls BB# The system must have edits preventing a user from making a payment generated internally within the system / Disbursing Office if it has not been certified in the system. AS-4.2.1: Control Activity: Application controls prevent users from performing incompatible duties. Control Technique: Users are prevented by the application from executing incompatible transactions, as authorized by the business owners. 9/18/2018 Integrity - Service - Innovation

5 Integrity - Service - Innovation
Questions? Us at: 9/18/2018 Integrity - Service - Innovation

Download ppt "FFMIA Systems Requirements Integrity - Service - Innovation"

Similar presentations

INTERNAL CONTROLS.

INTERNAL CONTROLS.
Configuration Management

Configuration Management
“The Honeywell Web-based Corrective Action Solution”

“The Honeywell Web-based Corrective Action Solution”
STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)
General Ledger and Reporting System

General Ledger and Reporting System
QUT Payroll Services Sessional eForm Presented by Christine Delaney, QUT Payroll Manager with Technical Support from Edward Eacock, QUT Financial Systems.

QUT Payroll Services Sessional eForm Presented by Christine Delaney, QUT Payroll Manager with Technical Support from Edward Eacock, QUT Financial Systems.
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
1 © Copyright Doug Hillman 2000 Internal Control and Cash.

1 © Copyright Doug Hillman 2000 Internal Control and Cash.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 15-1 Accounting Information Systems 9 th Edition Marshall.

©2003 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, Romney/Steinbart 15-1 Accounting Information Systems 9 th Edition Marshall.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.

SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
The Islamic University of Gaza

The Islamic University of Gaza
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
The University of California UC Financial Management Jim Corkill Controller, Accounting Services & Controls University of California, Santa Barbara November,

The University of California UC Financial Management Jim Corkill Controller, Accounting Services & Controls University of California, Santa Barbara November,
IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.
New Form Approval Process. Background New Process is effective April 1, 2014 Changes Chapter 4 in the Library Manual (the reissued 2014 manual will be.

New Form Approval Process. Background New Process is effective April 1, 2014 Changes Chapter 4 in the Library Manual (the reissued 2014 manual will be.
Copyright © 2007 Pearson Education Canada 1 Chapter 20: Audit of the Capital Acquisition and Repayment Cycle.

Copyright © 2007 Pearson Education Canada 1 Chapter 20: Audit of the Capital Acquisition and Repayment Cycle.
Information Systems Security Operational Control for Information Security.

Information Systems Security Operational Control for Information Security.

Similar presentations

Ads by Google