In performing audit services, DoD auditors should: [1]
Audit services involve planning, fieldwork, and reporting. The amount of time spent on each stage will vary based on the size, complexity, and nature of the audit. However, formal decisions should be made as progress is made throughout the audit. DoD auditors should be knowledgeable of the specific requirements applicable to planning, fieldwork, and reporting in accordance with GAGAS.
(1) Planning. During the planning stage, auditors gather the needed information on the most significant and material areas for identifying risks and their significance to the audit objective(s). The emphasis should be on identifying the primary audit objective(s) and designing the audit approach and plan. During planning, auditors should obtain an understanding of internal controls and risks of fraud, as appropriate, that are likely to occur as they relate to the audit objective(s) in order to effectively plan the audit and to determine the nature, timing, and extent of tests to be performed.
(2) Fieldwork. Auditors perform fieldwork to collect, analyze, interpret, and document the information necessary to accomplish the audit objectives, complete the audit plan, and support the audit results. Auditors should complete an assessment of the sufficiency and appropriateness of audit evidence in its entirety during fieldwork according to GAGAS.
(3) Reporting. Auditors should prepare a written audit report for each audit in accordance with GAGAS. DoD audit organizations should develop reporting procedures and policies covering the form, content, distribution, and timeliness of reports.
AcqLinks and References:
The U.S. Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress. Often called the “congressional watchdog,” GAO investigates how the federal government spends taxpayer dollars. They support congressional oversight by:
Website: Government Accountability Office (GAO)
Mission Statement
The mission of the GAO is to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government for the benefit of the American people. We provide Congress with timely information that is objective, fact-based, nonpartisan, nonideological, fair, and balanced.
AcqLinks and References:
In the detection and reporting of potential fraud and illegal acts, DoD auditors should: [1]
A. Maintain sufficient knowledge of the characteristics and indicators of fraud, techniques used to commit fraud, and the types of fraud associated with the activities being audited. Such knowledge is necessary for the auditor to be reasonably effective in determining the adequacy of controls to deter opportunities to commit fraud or illegal acts, and in evaluating evidence that these acts might have been committed. The DoD audit organizations should work closely with investigative organizations to develop additional information on the characteristics or indicators of fraud and share it with other DoD audit organizations.
B. Plan audits (except for review-level and agreed upon procedures-level attestations) to provide reasonable assurance of detecting fraud in accordance with generally accepted Government auditing standards (GAGAS). Fraud risks should be taken into consideration throughout the audit, including during audit planning and evidence evaluation.
C. Consult with investigative organizations when auditors identify fraud risk or when indications of fraud come to the auditor’s attention. Auditors should document the situation and promptly notify the appropriate DoD investigative organization according to DoD Instruction 5505.2 “Criminal Investigation of Fraud Offenses” (Reference (v)). Following notification of investigators, the auditors should notify the top official of the entity under audit of the situation unless advised otherwise by investigators or it is obviously inappropriate (e.g., the top official is involved).
D. Recognize fraud indicators and refer and consult as early as possible with investigators to determine the approach and additional audit work needed if fraud or illegal acts have occurred or are likely to have occurred. When consultation with the investigative organization determines that additional procedures are needed, auditors should design procedures to provide reasonable assurance of detecting such fraud. When necessary, and in consultation with the investigative organization, auditors should perform additional audit work to determine whether fraud likely occurred and the effect on the audit findings.
E. Provide reasonable assurance to detect fraud (except for review-level and agreed-upon procedures-level attestations) in accordance with GAGAS. Auditors are not expected to provide absolute assurance of detecting fraud, illegal acts, or abuse. Absolute assurance is not attainable and thus even a properly planned and performed audit may not detect a material misstatement resulting from fraud.
F. Determine the best way to report the results. The method of reporting the audit results will vary depending upon individual circumstances. Audit matters dealing with fraud or illegal acts shall be covered in a separate written audit report if this would facilitate the timely issuance of an overall report on other aspects of the audit. The opinion of legal counsel should be obtained on the reporting method chosen. Auditors should limit their public reporting to matters that would not compromise investigative or legal proceedings.
AcqLinks and References:
To conduct a successful audit, it’s important that all participating organizations are coordinated with. There are four activities that should be addressed for coordination. These activities are:
1. Coordination Requirements
Coordination with any organization should begin as early in the audit planning process as is practical. Coordination requirements of the DoD audit organizations extend beyond merely exchanging audit schedules with other organizations and providing audit reports upon request. Coordination should also involve sharing strategic and audit plans, and establishing close liaison and good working relationships with other DoD internal audit and review organizations, external review organizations, and DoD managers.
2. Coordination of Audit Services with Contractors
DoD Instruction 7600.02 provides the process that DoD audit organizations should use to coordinate audit services involving contractor records to avoid duplication of work.
3. Coordination of Audit Service Information with the GAO
DoD Instruction 7650.02 provides the process that DoD audit organizations should use to coordinate GAO reviews and reports to reduce the potential for duplication of effort.
4. Liaison with Other Organizations
DoD audit organizations should establish procedures for identifying efforts that are completed, in process, or planned by other audit, investigative, and inspection organizations and management review groups and consider those efforts in the planning process.
AcqLinks and References:
DoD Components, Officials and Program Offices can contract with private auditing services when non-Federal auditors are not available. They should follow requirements described in
Manual: DoD Manual 7600.07 “DoD Audit Manual” – 2 Aug 2015
Non-Federal auditors who perform work for the DoD are subject to Generally Accepted Government Auditing Standards (GAGAS) and must be licensed or work for a firm that is licensed in the State or other jurisdiction where they operate their professional practices. Below is a list of the seven (7) main steps for contracting private auditing services.
1. Planning for Procurement of Auditing Services
Planning identifies what audit services are needed, when and how they should be provided, and what provisions should be in the audit services contract. Planning also helps ensure proper information is collected to effectively structure a solicitation package.
2. Communicating Requirements
The solicitation package should be clearly written and set forth all terms, conditions, and evaluation criteria as well as the scope of the work required. The solicitation package should also be well-distributed and -publicized to ensure full and open competition.
3. Review Solicitations
The DoD Component or cognizant DoD audit organization will provide the solicitation package to the Office of the Assistant Inspector General for Audit Policy and Oversight, IG (OAIG APO) for review prior to its release to prospective bidders.
4. Selecting a Contractor and Technical Evaluation
The evaluation process should ensure contractor proposals are responsive to the agency’s needs, consistently and objectively evaluated, and that contracts are awarded fairly. Competent and experienced personnel should be assigned to the technical evaluation panel. When evaluating a solicitation, items to consider include the soundness of the technical approach of the contractor’s proposal, the qualifications of the organization performing the audit service, the qualifications of the team proposed to perform the audit service, the quality control process of the organization performing the audit service, and references provided by the organization performing the audit service.
5. Provide Technical Assistance
The cognizant DoD audit organization should furnish technical advice to the contractor as requested.
6. Monitor Performance
The DoD audit organization should develop appropriate guidelines for their staff to monitor contract performance and provide input to the contracting officer for contractor interim and final performance reporting, deliverables, and payment. Any adverse conditions found during contract performance should be reported to the contracting officer and the users of the services. In addition, the cognizant DoD audit organization should perform an acceptance review of completed audit work before final contract payment is made.
7. Debarment, Suspensions, and Referrals
Substandard work by a non-Federal auditor may warrant referral for sanctions by the appropriate State licensing authorities or suspension and debarment by the contracting authority. The Assistant Inspector General for Audit Policy and Oversight is the only official authorized to make referrals for sanctions by appropriate licensing authorities.
AcqLinks and References:
The physical architecture is the physical layout of a system and its components in a schema. It refers to some representation of the structure or organization of the physical elements of the system. The physical architecture should be part of the Allocated and Product Baselines.
SMC Systems Engineering Handbook Example – Page 25
The development of the physical architecture consists of one or more logical models or views of the physical solution. The logical models or views may consist of conceptual design drawings, schematics, and block diagrams that define the systems form and the arrangement of the system components and associated interfaces. The development of a physical architecture is an iterative and recursive process and will evolve together with the requirements and functional architecture. Development of the physical architecture is complete when the system has been decomposed down to lowest system element or configuration item level, and it is critical that this process identify the design drivers as early as possible. Therefore, it is imperative that the driving requirements be identified and the combined processes—Stakeholder Requirements Definition, Requirements Analysis, and Architecture Design—will provide key insights to risk early in the development life cycle, allowing for mitigating strategies. [1]
Key activities performed when developing a physical architecture and design include:
AcqLinks and References:
The DoDAF Meta Model (DM2) defines architectural data elements and enables the integration and federation of Architectural Descriptions. It establishes a basis for semantic (i.e., understanding) consistency within and across Architectural Descriptions.
Website: DoDAF Meta Model (DM2)
The purposes of the DM2 are:
The DM2 supports the exchange and reuse of architectural information among Components, and Federal and Coalition partners, thus facilitating the understanding and implementation of interoperability of processes and systems. As the DM2 matures to meet the ongoing data requirements of process owners, decision makers, architects, and new technologies, it will to a resource that more completely supports the requirements for architectural data, published in a consistently understandable way, and will enable greater ease for discovering, sharing, and reusing architectural data across organizational boundaries.
To facilitate the use of information at the data layer, the DoDAF describes a set of models for visualizing data through graphic, tabular, or textual means. These views relate to stakeholder requirements for producing an Architectural Description.
What and Where is the DM2
In accordance with standard data modeling conventions, the DM2 has several levels, as shown in the figure below.
AcqTips:
AcqLinks and References:
