Text of Recommendation | Complete an NFC-specific risk assessment to ensure implementation of key controls relevant to the Payroll financial statement assertion (e.g., through complete and timely SOC 1® reports and/or internal AOC CUECs). If the AOC becomes aware that the content of NFC-related SOC 1® reports will continue to be provided in an untimely manner, AOC management should implement, through its risk assessment, a process to separately identify and assess mitigating and compensating controls to its environment. Additionally, for known control deficiencies at the service and key subservice providers, the AOC should identify compensating control(s) to mitigate the risks within the AOC control environment. |
---|---|
Recommendation Number | 4 |
Recommendation Status | Closed |
Significant Recommendation | No |
Recommendation Questioned Costs | $0 |
Recommendation Funds for Better Use | $0 |
Submitting OIG | |
---|---|
Linked Report |