Large Financial Company
April 16, 2019
The Situation
The Company was awarded a >$1B contract, in which the Company took possession of real property and loan servicing valued at multiple hundreds of millions of dollars. The Company did not have systems or internal controls to be compliant with the contract terms.
Results
Cherry Bekaert served as an advisor to the Company on understanding contract compliance requirements and IT controls. We created a compliance matrix for all requirements (policy, system, training, reporting) and a plan for implementation. We worked with them to develop all required systems, processes, procedures, training and reporting to meet requirements, including a redesign of Timekeeping, the Accounting System, and Government Property Reporting. We prepared their initial CAS Disclosure Statement, and completion of the required Incurred Cost Submissions (ICS). Now several years later, we still assist the Company annually by reviewing their rate structure, updating the CAS Disclosure statement, and preparing their ICS.
Additionally, we advised the Company on the IT systems used to support its federal contract for compliance with Federal Information Security Management Act (FISMA), the NIST Risk Management Framework (SP 800-37, Rev 1, SP 800-53 Rev, SP 800-30 Rev 1, SP 800-18, SP 800-63), Clinger-Cohen, OMB A-123, OMB A-130, FIPS 199 and FIPS 200 Compliance.