Configuration Change Impact Analysis Policy-Aware Copilot
Description
Answer policy, FMR, FIAR, and local SOP questions for configuration change impact analysis using approved sources; provide citations and draft compliant next steps. The MVP would connect ICAM, SailPoint, MyAuth, ERP roles, audit logs, control catalogs, system access reviews and produce read-only recommendations for DoD CIO, Component CIO/FM, System owners, OUSD(C).
AI / analytics pattern
LLM + retrieval-augmented generation
Automation level / stage
human-facing assistant
Expected benefit
Improved policy consistency, shorter research time, better training and compliance support.
Audit / financial statement impact
Control environment; reliability of financial systems and reports
Controls / human review
Human review for unusual/high-dollar items; policy citations; audit logs; role-based access; periodic accuracy testing. RAG answers must cite approved sources; no free-form legal/financial determinations without policy owner review.
Data needed
ICAM, SailPoint, MyAuth, ERP roles, audit logs, control catalogs, system access reviews; master/reference data; audit logs; policy/control requirements; prior exceptions; relevant document evidence.
Possible metrics
citation accuracy; first-contact resolution; user satisfaction; policy answer QA pass rate
MVP scope
Start with one Component/reporting entity and one subprocess (configuration change impact analysis) for two close/audit cycles; read-only outputs first.
Related material weakness / control objective
Systems control environment and IT access controls