IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

State Auditor Seeks Review of Financial Controls

In a request for proposal, the California State Auditor’s Office is looking for contractors capable of conducting an “Information Systems Controls Review” of the Financial Information System for California.

financial software_shutterstock_202695988
This story is limited to Techwire Insider members.
This story is limited to Techwire Insider members. Login below to read this story or learn about membership.
The California State Auditor’s Office is seeking assistance from IT companies to review the controls of a crucial state financial entity.

In a request for proposal (RFP) released Dec. 29, the state auditor is looking for contractors capable of conducting an “Information Systems Controls Review” of the Financial Information System for California (FI$Cal). Generally, the auditor seeks “qualified and independent proposers” to provide services encompassing the 2021-2022 and 2022-2023 fiscal years and, at the auditor’s discretion, the 2023-2024 fiscal year. Among the takeaways:

  • The state is in “the later stages of developing FI$Cal, an enterprise resource planning (ERP) system,” according to the RFP, with functionality via Oracle’s PeopleSoft and Hyperion applications “in integrated modules for accounts receivable, accounts payable, general ledger, cash management, asset management, solicitations and contracts, budget, and procurement.” Information from FI$Cal is crucial for the state to produce its Annual Comprehensive Financial Report (ACFR) and the auditor does a yearly independent audit of the state’s ACFR “in accordance with the (American Institute of Certified Public Accountants) AICPA’s Statements on Auditing Standards,” as well as federal standards. FI$Cal is “responsible for system maintenance, upgrades and enhancements, as portions of the system are implemented, as well as for supporting system users.” The auditor has also been independently monitoring the FI$Cal project during development, “including the contracts for Independent Project Oversight (IPO) and Independent Verification and Validation (IV&V) services,” per the RFP.
  • Per the scope of work, the control review is confined to “those general controls over the FI$Cal system maintained by the Department of FI$Cal and will be conducted in accordance with the Federal Information System Controls Audit Manual (FISCAM)” on auditing information system controls. The control review will include security management, access controls, configuration management and segregation of duties. If the contractor selected finds “considerable design deficiencies that render a control unreliable in preventing or detecting material misstatements, upon agreement with the state auditor, the control will not be tested.” Contractor responsibilities include understanding the “operational processes and internal controls” and doing a “formal, written risk assessment and audit plan,” documenting functions, sub-functions and general management and organizational controls around the operation. These may include Oracle Identity and Access Management, Oracle DB, PeopleSoft Financials, Active Directory, Linux OS, WebLogic and Phire. The contractor must also test the effectiveness of controls, do “workpapers” and provide them incrementally to the auditor for review, and collaborate with auditor staff.
  • Minimum qualifications include experience in doing “general control reviews of enterprise resource planning systems used by complex governmental organizations” for budgeting, accounting, procurement and cash management; proven knowledge of financial audit techniques and control procedures; active licenses/certifications “relevant to the performance of a control review, including Certified Information Systems Auditor and Certified Public Accountant”; and having done at least three similar general control reviews of ERPs of complex governmental groups. Desirable qualifications include previous experience “reviewing and assessing general controls supporting Oracle PeopleSoft Financials.”
  • The contract value isn’t stated and the duration isn’t explicit. But for the contractor selected, “formal, written findings” are due by Sept. 30 for FY 2020-21; by Sept. 29, 2023, for FY 2022-2023; and by Sept. 27, 2024, for FY 2023-2024 if the third year option is exercised. Questions are due by 4 p.m. Jan. 14, and answers will come by 4 p.m. Jan. 24. Proposals are due by 9 a.m. Feb. 7 and will be evaluated Feb. 7-10. A notice of intent to award will be issued at 4 p.m. Feb. 10; contract award is slated for Feb. 22, and work start date is March 1.
Theo Douglas is Assistant Managing Editor of Techwire.