The Department of Defense (DoD) has been under some level of financial statement audit for the last several years. The majority of information technology (IT) Notification of Findings and Recommendations (NFRs) are coming from areas that could have been detected and corrected during the Risk Management Framework (RMF) process. As a result, auditors are finding significant control deficiencies and material weaknesses for systems authorized under RMF. With the scope of the audit expanded to full financial statements, additional IT systems will be audited leading to more findings. RMF can be used as a tool to enforce compliance with audit requirements and decrease the volume of IT NFRs.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.