Skip to Navigation
Skip to Main content
OIG Home
OIG Home


Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Board Report: 2015-IT-B-001 January 30, 2015

Audit of Planned Physical and Environmental Controls for the Board’s Data Center Relocation

available formats

Appendix A: Scope and Methodology

The scope of this second audit of the data center relocation included reviewing the planned PE controls for the data center, reviewing the change order and procurement processes, and following up on the budget and project schedule recommendations from the initial audit.

To accomplish our objective, we reviewed two memorandums that established reliance on FRB Richmond's implementation of SAFR controls and on the RBOPS reviews of the Baltimore branch facility, and we met with the project leader for the RBOPS protection review to review documentation supporting the examination. We also reviewed the data center design guideline documents. We then obtained and reviewed documentation supporting the change order and procurement processes, including policies and tracking logs. We also reviewed the Board's budget documents and supporting documentation relating to cost estimates for the data center, project schedules, and status reports provided to us by the Board's Data Center Relocation Manager.

We interviewed Division of IT and Management Division personnel who are involved in the data center relocation, and we conducted a site visit to the Baltimore Branch of FRB Richmond to observe the construction status and to discuss and observe the planned PE controls. We attended weekly teleconferences with the general contractor to discuss the status of the construction of the data center, and we reviewed meeting minutes and other documents associated with the build-out. Further, we reviewed the contract with the general contractor and the service-level agreement with FRB Richmond. We conducted our fieldwork from April 2014 to July 2014.

We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.