Guidehouse Risk Management Framework to Mitigate Risk and Improve Compliance
Based on a series of initial discovery assessments of a federal agency command control center, the command center lacked standard business processes and related documentation, compliance with systems requirement, and clear roles of responsibilities for audit and audit remediation. The command center required support to address a variety of financial deficiencies and built the command center’s cybersecurity program.
Guidehouse made targeted recommendation for governance structures, developed an audit readiness maturity model for the command center self-assessment of accountability and audit. Our team led three of the focus areas targeting Information Systems and Command Cybersecurity Programs. The team also evaluated the compliance and status of requirements implementation to initiate transition of seven financially relevant systems into the Risk Management Framework (RMF) process. Furthermore, the team led workshops to create process documentation for key segments of the business operations to support audit requests, performed controls gap analysis, and built artifacts for an internal control library based on process standardization effort and other observations. Guidehouse team developed a tool and deployed it to five of the seven systems to map RMF requirements to the Financial Management Overlay and incorporate into the RMF process. In addition, the team developed an access conflict matrix and guided the command center through adjustments by removing conflicting roles and streamlining processes to support appropriate access and roles.