News photo banner


DISA’s Application Hosting Services Receive Clean Audit Opinion

The application hosting services offered by the Defense Information Systems Agency (DISA) recently received an unqualified clean opinion from independent public auditors for the 2012 Statement of Standards for Attestation Engagements Number 16 (SSAE16) audit.  The unqualified opinion complements DISA’s 2011 Defense Working Capital Fund clean audit opinion and further substantiates DISA’s commitment to fiscal responsibility and audit readiness.

“This audit confirms DISA’s position as the premier provider of enterprise services for the Department of Defense,” said Alfred Rivera, DISA’s director of Enterprise Services.  

The SSAE16 is the authoritative guidance for reporting on the design and operational effectiveness of controls used by service organizations, and replaces the Statement on Auditing Standards Number 70.  SSAE16 examines those who provide services (including the hosting of applications) that affect the financial statements of another organization.  DISA hosts applications on approximately 1,147 machines that contribute to financial statements throughout the Department of Defense.

A substantial benefit of this audit is that DISA’s mission partners may also use this report to support their own audit readiness initiatives, while reducing cost, as auditors would not need to duplicate the work performed as part of the SSAE16. As each mission partner goes through its own organization-wide financial audit, the report of DISA’s clean opinion for SSAE16 can suffice for the examination of those specific controls the agency provides. These controls do not have to be reexamined for the larger audits of our mission partners.

The SSAE16 audit reviewed the service description, examined management controls, and ensured the controls are operating effectively. The clean opinion provides DISA’s mission partners with confidence that DISA’s hosting services maintain their applications with the integrity and security required to meet the mission.

This favorable opinion is the result of a seven-year effort that has successively improved processes, standardized controls, and upgraded technology. Access control, for example, has been dramatically enhanced and there has been improved documentation of processes through this effort. 

In preparation for next year’s SSAE 16 audit, the agency continues to work on process improvements, as well as enhancements to controls and validation.

For more information regarding the audit, please contact

Visit DISA’s online service catalog for additional information regarding application hosting services.



Posted October 23, 2012