Federal Emergency Management Agency (FEMA) IT Audit

Challenge

Audits of DHS Information Systems that process financial data are critical in that they assure stakeholders that the financial data produced by the Information Systems is accurate and verifiable. Adverse audit findings must be identified and eventually eliminated. When FEMA was faced with unfavorable Federal Information System Management Act (FISMA) audit findings, they turned to DRC for remediation and resolution.

Solutions

DRC provides a full set of services to support IT audits. We assist in determining root causes and required corrective actions to address audit findings, resolve audit issues, and implement recommendations. We provide subject matter expertise, have conducted training on root cause analysis within DHS, and have leveraged this knowledge to help FEMA confirm whether root causes are being addressed in its own remediation plans.

DRC applies the root cause analysis approach defined in the DHS Plan of Action and Milestones (POA&M) guide and training documentation. The results of this effort yield corrective action plans and milestones that can successfully remediate the general and application control weaknesses identified.

DRC supports DHS by providing guidance, training, and feedback to the components on the development and maintenance of POA&Ms. DRC also reviews POA&M data and presents current information to FEMA system security officers, managers, and owners to ensure that the Trusted Agent FISMA (TAF) POA&M development tool is properly updated and maintained. Additionally, DRC utilizes the existing audit database and shared network drive to track audit requests and remediation efforts to further ensure timely delivery of information.

Our work evaluating the results of remediation activities ensures successful completion of remediation activities, as well as follow up to validate that the remediation was effective.

Benefits/Achievements

Developed a strong working relationship with DHS external and internal auditors involved in the FEMA audits.
Established an open, two-way line of direct communication with DHS auditors.
Cut through bureaucratic stonewalls to obtain clarifications and resolutions to important audit issues faster.
Enables FEMA to provide auditors with requested information in a more timely fashion.

Interested in more information?