We recommend that the Chief Operating Officer\Chief Risk Officer develop and implement a formal process to review and evaluate the completeness and accuracy of ICP documentation submitted. Validation procedures should include a formal review: To ensure all required documentation has been submitted by the due date. Where documentation has not been provided, NARA should have a formal process in place to follow up and obtain the required documentation. Of ICP documentation submitted to ensure it is both complete and accurate. Where discrepancies are identified, NARA should have a formal process in place to follow up with management so corrections can be made. Of each office’s submission to determine whether risks identified and conclusions made are appropriately supported. Of test plans and test results for all high-risk or highly critical functions to ensure they clearly demonstrate the office’s methodology for performing testing and reaching conclusions. Of monitoring plans and monitoring results for all functions that clearly show the extent of monitoring performed, the office’s methodology for performing the monitoring, and the rationale for its conclusions
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
733bcaa5-379b-4a20-8f7e-779239389a75-4
Recommendation Number
4
Significant Recommendation
Yes