Listed below is a representative sample of our on-going and recently completed projects (past five years).

IT components of Financial Improvement Audit Readiness (FIAR) assessment and implementation support [included annual internal controls assessments, development of requisite changes to individual IT policies and procedures, facilitation of control deficiency remediation and SSAE 16 & 18 audit readiness support] (for five years – 2012 to 2017)
————————————————————–

IT internal controls over financial reporting (OMB A-123 Appendix A) compliance audits (for the past five years – since 2012)
————————————————————–

FISMA-based controls development, compliance inspection standards development and inspector training (for the past three years – since 2014)
————————————————————–

FISCAM and NIST controls design, Security authorization documentation assessment and improvement, and SSAE 16/18 deficiency remediation and audit liaison support
————————————————————–

IT internal controls over financial reporting (OMB Circular A-123, Appendix A) deficiency remediation and audit readiness support
————————————————————–

Department-wide risk assessment for the unintended and/or voluntary release of Personally Identifiable Information (PII)
————————————————————–

Federal Information Security Management Act (FISMA) compliance assessment and ISO/IEC 20000, 27001 and 27002 certification readiness assessment [also included IT Business Impact Analysis (BIA), IT Risk Assessment and development/modification of IT policies and procedures]
————————————————————–

IT governance policies and procedures assessment, development and implementation utilizing industry best practice
————————————————————–

Benchmark assessment of IT policies and procedures against multiple industry standards, including ISO/IEC 27001 and 27002, Information Security Framework, NIST SP 800-53 and COBIT
————————————————————–

Benchmark assessment of IT policies and procedures against multiple industry standards, including ISO/IEC 27001 and 27002, Information Security Framework, NIST SP 800-53 and COBIT
————————————————————–

IV&V of the District-wide financial system against functional and technical requirements
————————————————————–

IT controls over financial reporting (Sarbanes-Oxley 404) compliance audit
————————————————————–

IT controls over financial reporting (Sarbanes-Oxley 404) compliance audit
————————————————————–

IT controls over financial reporting (Sarbanes-Oxley 404) compliance audits (two years)
————————————————————–

Best practice assessment of vendor management and outsourcing of IT services and policies & procedures development
————————————————————–

Application Portfolio Management model development, proof of concept and implementation support
————————————————————–