Given that 60% of CFOs lost their jobs within 3 months of reporting a material weakness, what controls do you have in place? Are they effective?
Q: Was this a one-time deficiency, or was this the result of repeated audits identifying the same deficiency, thus raising it to the level of material weakness?
Most of these are 1st time deficiencies and noted as "New Issues" according to auditors report (see Blog.Veriphyr.com for the report link).
For example, terminated users who continued to have access rights to applications is discussed on p23 and it is specificaly noted as a "New Issue" and not a "Repeat Issue".
At least one was identified as "New Issues" but the weakness had been going on for serveral years. For instance on page 37 it is reported that on one application "recertification of accounts was conducted when the application was acquired and brought online at FEMA in FY 2007 and has not been conducted since."
It appear that it was the number and severity of the deficienies that led them to be "considered a material weakness in IT controls and financial system functionality."
If you have more questions or need more details let me know
No comments:
Post a Comment