Quick Path


Sikich’s Federal Audit services team includes financial management and information assurance professionals who specializing in providing audit and attestation services.

Our guiding mission is to serve the public’s interest by promoting transparency and accountability. We believe an audit’s value is maximized when its findings, conclusions, and recommendations position stakeholders – including congressional overseers, federal leaders, and the public – to make positive change for the public good.

To that end, we offer a wide range of audit and assurance services to meet the specific needs of our stakeholders and constantly strive to provide value, regardless of whether the engagement is intended to fulfill a statutory requirement, meet a congressional or legislative mandate, or achieve objectives identified by the organization.


Since the passage of the Chief Financial Officer (CFO) Act in 1990, our professionals have been offering federal financial statement audit services to federal agencies. We have performed CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.


Sikich evaluates the adequacy of internal control structures to safeguard government funds and ensure com­pliance with contract terms and conditions and also review whether the auditee complied with contract terms and conditions. For these types of audits, we determine if costs incurred are reasonable, allocable, eligible, and allowable in accordance with laws, regulations, and contract terms and conditions. We have identified millions of dollars of questioned costs for government recovery.


The business of government is to support the public. Performance audits are the platform from which we facilitate federal agencies’ provision of accountability and transparency in their execution of federal programs.

Generally Accepted Government Auditing Standards (GAGAS) states, “Performance audit provide objective analysis, findings and conclusions to assist management and those charged with governance and oversight with, among other things, improving program performance and operations, reducing costs, facilitating decision making by parties responsible for overseeing or initiating corrective action and contributing to public accountability.” Our team at Sikich has been providing performance audit services as described in GAGAS since the 1994 Revision that included provisions for performance audits, beginning on or after January 1, 1995.

We have evaluated programs as diverse as:

  • Information security programs under the Federal Information Security Modernization Act (FISMA)
  • Data Act reliability audits
  • IPERA compliance to reduce improper payments
  • Review of Claims filed for federal programs were processed in compliance with policies and procedures
  • Review Federal program control designs to provide reasonable assurance that program objectives were met
  • Review programmatic controls were operating effectively during the period under audit


Our professionals have performed numerous FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes:

  • Evaluations of access controls,
  • Configuration and change management,
  • Systems development life cycle including audits of Agile and Waterfall implementations, disaster recovery and contingency planning, and
  • Overall governance and security frameworks.

We have also performed in depth cyber security audits of firewall design and implementation including analysis of firewall rules sets and implementation, management and monitoring of security information event management tools used as part of security operations centers.

employee Benefit Plan Audits

Sikich devotes substantial resources to its employee benefits practice, which offers clear advantages to plan sponsors such as assurance of quality and an efficient audit process. Receive help from highly trained and experienced professionals, many of whom are specialists in employee benefit plan audits, administration and consulting services.


Sikich offers services to perform attestations under American Institute of Certified Public Accountants (AICPA) Security and Organizational Controls (SOC). SOC offerings include:

  • SOC 1 – Report on controls as a service organization relevant to user entities internal control over financial reporting
  • SOC 2 – Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy
  • SOC 3 – Report on controls at a service organization using the trust services criteria for a general use report

We also have performed a variety of audits under AICPA SSAE 19 Agreed Upon procedures (AUP) engagements. An AUP engagement allows the auditor to perform specific agreed-upon procedures of a specific subject matter and issue a report based on the results of those procedures.


Sikich professionals provide DoD contractors with expertise to navigate the new and evolving requirements to help protect and defend the U.S. Defense supply chain from cyber risks that include:

  • Conducting performance audits to address compliance with the National Institute of Standards and Technology Special Publication (NIST SP) 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, as well as performing cyber security and Federal Information Security Modernization Act (FISMA) audits.
  • Performing IT and cyber security audit testing that includes evaluating access controls; configuration and change management; systems development life cycles, including audits of Agile and Waterfall implementations, disaster recovery, and contingency planning; and overall governance and security frameworks.

Although the CMMC Accreditation Body has not yet approved any organizations as CMMC Third-Party Assessment Organizations (C3PAOs), Sikich is following the processes to become a C3PAO that can provide participating defense industrial base (DIB) partners and contractors with consistent and informative assessments against the defined set of controls/best practices within the CMMC program. In addition, our Advisory team currently stands ready and able to assist DIB partners and contractors with their CMMC readiness efforts.


Our services include conducting audits of contractor/grantee indirect cost rates for federal or state agencies. We also assist organizations in preparing and submitting indirect cost rates submissions.


Sikich supports the mission of internal audit, which is to can enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. We provide organizations a variety of internal audit services in compliance with the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).

Our systematic, risk-based approach leverages customized internal audit programs, tools, and templates that enable us to evaluate and improve the efficiency and effectiveness of governance, risk management, and control processes. Our internal audit assurance and consulting services include:

  • Engagement-level audit support via outsourcing, co-sourcing, and staff augmentation – including IT, non-IT and integrated audits
  • Quality assurance services and engagement reviews in accordance with IPPF
  • Third-party / vendor risk management assessments
  • Cybersecurity assessments
  • Fraud risk management assessments
  • Forensic accounting investigation
  • Data analytics
  • Privacy audits


Audit support services include assisting organizations in preparing for audits by federal or state agencies.

Request a Consultation

Sikich’s Federal Audit services team includes financial management and information assurance professionals who specialize in providing audit and attestation services. Contact us if we can help you.