A DoD Agency Program Office responsible for overseeing information systems critical to the Agency’s financial statement audit contracted with a cloud managed service provider (MSP) vendor, but overlooked including requirements to support the Agency’s annual audit effort as part of its vendor agreement. As a result, following transition of the Agency’s information systems to the cloud environment, neither the Program Office nor the MSP were able to produce critical documentation required by the Agency’s auditor, impacting the Agency’s ability to successfully complete their mandatory audit.
A DoD Agency Program Office responsible for overseeing information systems critical to the Agency’s financial statement audit contracted with a cloud managed service provider (MSP) vendor, but neglected to include requirements to support the Agency’s annual audit effort as part of its vendor agreement.
Due to the urgent impact on the Agency’s financial audit, the Program Office engaged Alta Via Consulting to investigate and identify risks to the ongoing Agency audit and state of the MSPs readiness to address future audit requirements. Our investigation reported that no preparations were made to document MSP processes and associated internal controls relevant to audit and services provided by the MSP.
Additionally, our investigation found that clear and structured coordination between information systems in scope for financial statement audit was lacking. As a result, Alta Via was asked to develop a strategy to address audit and compliance concerns and to develop a longer-term solution and roadmap to track future auditability compliance for the Agency and its related business units.
Alta Via developed an agile strategy to leverage existing processes, tools, and capabilities to best meet the Program Office’s needs from its MSP. This was presented as a roadmap to help the Program Office achieve longer-term success during future audits.
Alta Via Consulting helped the Agency gain visibility into the opportunities for improvement with its vendors and support entities, allowing for organization to ready for future Agency-wide audits. Alta Via continues to engage with the Program Office and MSP to provide improvement opportunities and recommendations.