Federal Emergency Management Agency (FEMA) IT Audit
Audits of DHS Information Systems that
process financial data are critical in that they assure
stakeholders that the financial data produced by the
Information Systems is accurate and verifiable. Adverse
audit findings must be identified and eventually eliminated.
When FEMA was faced with unfavorable Federal Information
System Management Act (FISMA) audit findings, they turned to
DRC for remediation and resolution.
DRC provides a full set of services to
support IT audits. We assist in determining root causes and
required corrective actions to address audit findings,
resolve audit issues, and implement recommendations. We
provide subject matter expertise, have conducted training on
root cause analysis within DHS, and have leveraged this
knowledge to help FEMA confirm whether root causes are being
addressed in its own remediation plans.
DRC applies the root cause analysis
approach defined in the DHS Plan of Action and Milestones (POA&M)
guide and training documentation. The results of this effort
yield corrective action plans and milestones that can
successfully remediate the general and application control
DRC supports DHS by providing guidance,
training, and feedback to the components on the development
and maintenance of POA&Ms. DRC also reviews POA&M data and
presents current information to FEMA system security
officers, managers, and owners to ensure that the Trusted
Agent FISMA (TAF) POA&M development tool is properly updated
and maintained. Additionally, DRC utilizes the existing
audit database and shared network drive to track audit
requests and remediation efforts to further ensure timely
delivery of information.
Our work evaluating the results of
remediation activities ensures successful completion of
remediation activities, as well as follow up to validate
that the remediation was effective.
Developed a strong working
relationship with DHS external and internal auditors
involved in the FEMA audits.
Established an open, two-way line of
direct communication with DHS auditors.
Cut through bureaucratic stonewalls
to obtain clarifications and resolutions to important
audit issues faster.
Enables FEMA to provide auditors
with requested information in a more timely fashion.
Interested in more information?