Specifications include, but are not limited to: 1. The scope of the control review is limited to those general controls over the FI$Cal system maintained by the Department of FI$Cal and will be conducted in accordance with the Federal Information System Controls Audit Manual (FISCAM), a methodology for auditing information system controls. 2. The control review will include the following specific areas: (a) Security Management (b) Access Controls (c) Configuration Management (d) Segregation of Duties 3. If the Contractor determines there are considerable design deficiencies that render a control unreliable in preventing or detecting material misstatements, upon agreement with the State Auditor, the control will not be tested.
