Since the passage of the Chief Financial Officer (CFO) Act in 1990, our professionals have been offering federal financial statement audit services to federal agencies. We have performed CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.

Sikich evaluates the adequacy of internal control structures to safeguard government funds and ensure com­pliance with contract terms and conditions and also review whether the auditee complied with contract terms and conditions. For these types of audits, we determine if costs incurred are reasonable, allocable, eligible, and allowable in accordance with laws, regulations, and contract terms and conditions. We have identified millions of dollars of questioned costs for government recovery.

The business of government is to serve the public, and performance audits help federal agencies deliver the accountability and transparency that mission demands. Under Generally Accepted Government Auditing Standards (GAGAS), performance audits provide objective analysis to strengthen program performance, reduce costs, support decision-making, and enhance public accountability. Sikich has delivered these services since GAGAS first introduced performance audit provisions in 1994. Our experience spans evaluations of FISMA information security programs, DATA Act reliability, IPERA compliance, claims processing accuracy, and the design and effectiveness of federal program controls.

Our professionals have performed extensive FISMA and custom IT and cybersecurity performance audits across federal environments. Our work includes assessing access controls, configuration and change management practices, system development life cycle processes for both Agile and Waterfall implementations, and the effectiveness of disaster recovery and contingency planning. We also evaluate overall governance structures and security frameworks. In addition, our team has conducted in-depth cybersecurity audits of firewall architecture and rule sets, as well as the implementation, management, and monitoring of SIEM tools that support security operations centers.

Sikich devotes substantial resources to its employee benefits practice, which offers clear advantages to plan sponsors such as assurance of quality and an efficient audit process. Receive help from highly trained and experienced professionals, many of whom are specialists in employee benefit plan audits, administration and consulting services.

Sikich provides attestation services under the AICPA Security and Organizational Controls (SOC) framework, including SOC 1 reports focused on controls relevant to financial reporting, SOC 2 reports addressing security, availability, processing integrity, confidentiality, and privacy, and SOC 3 reports that apply the trust services criteria for general use. Our team also conducts AICPA SSAE 19 Agreed-Upon Procedures (AUP) engagements, performing targeted procedures over specific subject matter and delivering reports that clearly outline the results of those procedures.

Our services include conducting audits of contractor/grantee indirect cost rates for federal or state agencies. We also assist organizations in preparing and submitting indirect cost rates submissions.

Sikich supports the mission of internal audit—to enhance and protect organizational value through risk-based, objective assurance, advice, and insight. We deliver a full range of internal audit services aligned with the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF). Our systematic, risk-based approach uses customized audit programs, tools, and templates to evaluate and strengthen governance, risk management, and control processes. Our experience spans outsourced, co-sourced, and augmented audit engagements across IT and non-IT areas, as well as IPPF-based quality assurance reviews, third-party and vendor risk assessments, cybersecurity and fraud risk evaluations, forensic accounting investigations, data analytics initiatives, and privacy audits.

Audit support services include assisting organizations in preparing for audits by federal or state agencies.

Sikich professionals provide DoD contractors with expertise to navigate the new and evolving requirements to help protect and defend the U.S. Defense supply chain from cyber risks that include:

Conducting performance audits to address compliance with the National Institute of Standards and Technology Special Publication (NIST SP) 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, as well as performing cyber security and Federal Information Security Modernization Act (FISMA) audits.

Performing IT and cyber security audit testing that includes evaluating access controls; configuration and change management; systems development life cycles, including audits of Agile and Waterfall implementations, disaster recovery, and contingency planning; and overall governance and security frameworks.

Although the CMMC Accreditation Body has not yet approved any organizations as CMMC Third-Party Assessment Organizations (C3PAOs), Sikich is following the processes to become a C3PAO that can provide participating defense industrial base (DIB) partners and contractors with consistent and informative assessments against the defined set of controls/best practices within the CMMC program. In addition, our Advisory team currently stands ready and able to assist DIB partners and contractors with their CMMC readiness efforts.