KOMPSYS is a recognized leader in assisting federal entities with a broad range of audit and advisory services. Our Company and its professionals have continued to remain prepared to respond to the changing federal environment in each of our service areas.
The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency.
A key aspect of FISMA includes an annual assessment of an agency's progress in meeting these requirements. KOMPSYS has substantial experience in performing independent FISMA audits for agency Office of Inspector General’s (OIG). These audits focus on determining management’s effectiveness in implementing and maintaining an agency-wide security management program that includes:
KOMPSYS is experienced in performing numerous types of technical security reviews both in support of financial and IT audits and as stand-alone engagements including:
Certification and Accreditation (C&A) is a risk management process intended to:
C&A provides management with an assessment of the extent to which management, operational, and technical security controls for an information system are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system. Management uses this assessment to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.
KOMPSYS helps agencies perform C&A of their systems while maintaining an auditor’s perspective. This audit perspective helps ensure:
KOMPSYS’ information assurance group provides support for financial auditors performing Federal Financial Statement Audits.
To complete this work we follow the GAO’s Federal Information System Controls Audit Manual (FISCAM) which outlines audit procedures for conducting IT audit work for financial statement audits. We conduct our general and application controls reviews using the newest version of FISCAM, which was released by the GAO in February 2009. The new version includes eight general and application control areas:
In addition to application control work performed in support of financial statement audits, we also perform:
KOMPSYS has performed numerous federal privacy audits. These audits have been conducted for agencies both to comply with existing federal privacy requirements and to assess agencies overall risk related to the collection, storage, and handling of personally identifiable information. Our privacy audit methodology focuses on:
Review the agency’s documented privacy and data protection procedures with regard to the collections, use, sharing, disclosure, transfer, and security of personal information in identifiable form relating to institution employees and the public