Audit Reports

This report presents the results of our quality control review (QCR) of KPMG LLP’s report on the Enterprise Service Center’s (ESC) description of its system and the suitability of the controls’ design and operating effectiveness. KPMG conducted its attestation engagement in accordance with the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements Number 18, Office of Management and Budget (OMB) requirements, and generally accepted Government auditing standards. OMB requires ESC, as a management services provider, to either provide its user organizations with independent audit reports on the design and effectiveness of its internal controls, or allow user auditors to perform tests of its controls. To meet this requirement for the period of October 1, 2016, through June 30, 2017, we contracted with KPMG.

 

KPMG found that: (1) ESC’s description of its controls fairly presents the system that was designed and implemented throughout the period of October 1, 2016, through June 30, 2017; (2) the controls related to the control objectives stated in the description were suitably designed to provide reasonable assurance that the control objectives would be achieved if the controls operated effectively throughout the period of October 1, 2016, through June 30, 2017, and user entities applied the complementary controls assumed in the design of ESC’s controls throughout the period October 1, 2016, through June 30, 2017; and (3) the controls operated effectively to provide reasonable assurance that the control objectives stated in the description were achieved throughout the period October 1, 2016, through June 30, 2017, if complementary user entity controls, assumed in the design of ESC’s controls, operated effectively throughout the period October 1, 2016, through June 30, 2017. Our QCR disclosed no instances in which KPMG did not comply, in all material respects, with generally accepted Government auditing standards.