From Audit Readiness to Audit Sustainment
Achieving a full financial statement unmodified audit opinion is a significant accomplishment given the unique DoD business environment and known material weaknesses currently preventing DoD from completing successful audits. St. Michael’s brings proven expertise and experience to identify and overcome challenges, implement compliant and sustainable business practices, and prepare organizations to achieve success in an audit.
- Identify target areas for evaluation and testing: high risk business processes, SecDef focus areas
- Perform sustainment testing on low risk areas to confirm continued audit-ready state
- Apply the "auditor lens" to testing efforts
- Determine if adequate and appropriate supporting documentation exists to support key financial events and transactions
- Document test results and clearly identify any deficiencies
- Develop actionable recommendations that can be incorporated to corrective action plans (CAPs)
- Support CAP completion by partnering with process owners
- Leverage test results to support the annual Statement of Assurance
- Analyze and document universe of transactions
- Identify the location of populations and transactions to be sampled for testing, audit or examination – including those outside of the General Ledger system
- Identify reconciliations and interface controls supporting existence and completeness over the universe of transactions, including feeder systems to the accounting system of record
- Determine if adequate supporting documentation exists to support universe of transactions
- Reconcile the General Ledger to transaction detail
- Tie specific financial statement line items to the corresponding transactions
- Utilize audit-like procedures during internal control testing to familiarize process and system owners with PBC response procedures
- Evaluate organizational ability to produce evidential matter in a timely manner
- Provide expertise with supporting audits within DoD: hands’ on experience with OSD’s ARC Tool and audit procedures
- Evaluate PBC requests upon receipt and provide guidance to system and process owners
- Evaluate PBC responses prior to response to auditor for appropriateness and completeness Evaluate auditor-issued NFRs and provide recommendations for corrective actions
- Monitor and update agency CAP reporting in the NFR Database
- Write detailed step-by-step desk guides to assist agency personnel with obtaining evidential matter for internal control and substantive testing
- Identify service providers and evaluate results of SSAE No. 18 reports and impact to the agency
- Develop and execute Complementary User Entity Control (CUEC) testing for access, general, and business process controls
- Develop complete inventory of all systems and micro-applications that impact the control environment
- Understand technical architecture and transactional data flows
- Integrate Standard Financial Information Structure (SFIS) standards where applicable
- Evaluate service provider relationships and related MOU/MOA
- Perform Federal Information Systems Control Audit Manual (FISCAM) testing
- Test Information Technology (IT) General and Application controls
Audit Sustainment Key Success Story
St. Michael’s team supporting a defense agency was recognized by the COR as a direct contributor to the agency’s audit readiness success. This support contributed to the agency being selected by OSD to undergo an early, stand-alone full financial statement audit, separate from the consolidated Tier 3 and Tier 4 Other Defense Organization (ODO) audit. St. Michael’s support includes: (1) documenting and assessing business processes and controls; (2) executing annual control testing, which informs the annual Statement of Assurance; (3) assessing and identifying Complementary User Entity Controls (CUECs) to test, including access controls, general controls, and business process controls; (4) evaluating and recommending improvements to policies and procedures; (5) managing external audit requests, to include evaluation of the “ask” and reviewing responses prior to submission; and (6) providing actionable recommendations to inform CAP milestones and working with process owners to monitor Corrective Action Plan (CAP) completion.