Using RMF to Improve Audit Results

The Department of Defense (DoD) has been under some level of financial statement audit for the last several years. The majority of information technology (IT) Notification of Findings and Recommendations (NFRs) are coming from areas that could have been detected and corrected during the Risk Management Framework (RMF) process. As a result, auditors are finding significant control deficiencies and material weaknesses for systems authorized under RMF. With the scope of the audit expanded to full financial statements, additional IT systems will be audited leading to more findings. RMF can be used as a tool to enforce compliance with audit requirements and decrease the volume of IT NFRs.

Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.