by Tony Myers-Burton
The Department of Defense (DoD) has been undergoing a major financial audit for approximately the last seven years in response to a congressional mandate that the department be financially compliant. Electrosoft is assisting one DoD component in achieving this goal by providing audit support services. Simply put, these services involve reviewing the issues auditors raise and helping to resolve them. Yet, there is nothing simple about this effort given the number, age and complexity of the financial and operational systems involved as well as the agency’s unique mission.
To address complexity, we formed a four-company team with a singular charter: one team, one badge, one customer focus. Team Electrosoft, as we prefer to be called, comprises 22 members with expertise in auditing, SAP, security and process reengineering, among other specialties. We align ourselves along deliverables-based work packages and pride ourselves in delivery excellence. We develop robust corrective action plans that support the government in addressing deficiencies.
We align ourselves along deliverables-based work packages and pride ourselves in delivery excellence.
Our customer’s ultimate vision is straightforward: Achieve a clean financial audit while improving mission effectiveness.
Over the past five years, Team Electrosoft’s perspective on audit support services has evolved significantly. At first, our efforts were purely reactive. We offered tactical fixes to remediate identified risks. A couple of years into the effort, we continued to be reactive. However, our tactical solutions incorporated strategic, robust solutions that focus on avoiding issue recurrence. Guiding policies and procedures articulated in the National Institute of Standards and Technology Cybersecurity Framework (NIST 800-53), the Federal Information System Controls Audit Manual (FISCAM) and the Financial Improvement and Audit Readiness (FIAR) methodology, among others, formed the bases for the standards we recommended as strategic solutions. This past year, our approach has evolved into a proactive role. We built a visionary roadmap through 2027 for the executive team and implemented a series of new audit processes. One was a self-identified deficiency and remediation process. Its goal is to self-identify issues and resolve deficiencies before the auditors provide findings.
How does Team Electrosoft support help the government discern issues early? We use a two-pronged approach:
- Through the development of an effective internal controls testing methodology that is based on FISCAM and leverages a comprehensive Risk Control Matrix (RCM), where Team Electrosoft led the development effort.
- By helping to implement robust policies, procedures and tools as well as training key stakeholders, including annual refresher training. This effort identifies priorities for testing and control evaluation, among other key elements.
The processes developed by Team Electrosoft to address both Independent Public Accountant and self-identified deficiencies are encapsulated in Standard Operating Procedures and Job Aids, replete with detailed documentation, training materials, and a KPI-based tracking tool. A fundamental tenet of this process is addressing auditor “observations” when surfaced as opposed to waiting for them to be formally elevated to “finding” status. Experience showed us that 99% of observations ultimately attained finding status. By intervening at the observation stage, our ability to develop responsive action plans within the prescribed 30-day window rose significantly from 66% on time to 98% on time.
We are proud of our Electrosoft Team and its successes to date. We are prouder still that our audit support services program was the recipient of an excellence award bestowed by our customer agency.