Audit and Compliance
We employ our in-depth knowledge of the diverse audit standards and compliance/regulatory requirements applicable to the government and private sectors to help clients build robust internal controls and meet their compliance standards.
We have experience in performing audits in accordance with generally accepted auditing standards (GAAS), Generally Accepted Government Auditing Standards (GAGAS), and the audit guidance issued by the Office of Management and Budget (OMB) and the Government Accountability Office (GAO).
We also have experience assessing internal controls using the COSO framework.
Our team follow the highest professional standards from the Government Auditing Standards and the American Institute of Certified Public Accountant (AICPA) in executing audits and compliance reviews.
We have technical experience in auditing controls and assessing risks in applications, databases, and operating systems including Oracle Financials, PeopleSoft, Momentum, Oracle, Sybase, SQL Server, Windows, UNIX/Linux, AS 400, zOS, RACF, ACF2 and Top Secret.
Below are some examples of our audits and compliance services:
· FISCAM/CFO Act Information Systems Audit
· FISMA Compliance Audits
· COBIT Audit
· SSAE 16/18 System and Organization Controls (SOC) 1, SOC 2, and SOC 3 Audits
· Cybersecurity Audits utilizing NIST and AICPA frameworks.
· A-123 Audits
· CFO Act Financial Audit
· Database and Operating system technical audits
Transit Financial Management
We help small, medium, and large FTA grant recipient transit agencies to implement effective financial management systems and controls to ensure compliance with federal regulations and the grants agreements.
We help clients to understand and comply with the requirements of the different FTA funding sources such as the Urbanized Area Formula Funding program (5307), Rural Areas Formular Program (5311), Enhanced Mobility of Seniors & Individuals with Disabilities (5310), Capital Investment Grants (5309), CARES, CRSSA, and ARPA.
We have experience in reviewing Central Service Cost Allocation Plans and Indirect Cost Rate proposals to determine whether the methodology for calculating the proposed rates meet the requirements of 2 CFR Part 200, FTA policies, and other applicable Federal regulations. We have experience in negotiating fair and reasonable rates on behalf of the cognizant agency.
Below are some examples of our Transit Financial Management services:
· Full scope financial system reviews of transit grant recipients
· Grants management and expenditure assessment
· Technical assistance support for transit agencies
· Central Service Cost Allocation Plans Review
· Indirect Cost Rate Plans review
Information Security and Cybersecurity Consulting
Our services help clients to stay ahead of evolving cybersecurity and information security threats and risks to ensure confidentiality of information, integrity of data, and availability of resources and services.
We help clients to implement effective information security programs that ensure that risks are appropriately assessed, and adequate controls are implemented to address the risks. Our team has working experience across over 20 federal departments and agencies, multiple transit
agencies, and private companies. Our understanding of the diverse federal and private compliance environments and dedication to excellence enables us to promptly respond to the needs of our clients.
We also help clients in the federal government to implement the Risk Management Framework (RMF). The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization, control selection, implementation, and continuous monitoring.
We have experience in using vulnerability assessment tools to assess cybersecurity controls to identify vulnerabilities and risks. We also utilize the NIST and AICPA Cybersecurity frameworks.
Below are some examples of our information security and cybersecurity services:
· SSAE 16/18 audit readiness assessments
· FISCAM/FISMA Audit readiness
· Internal controls assessments
· Corrective Action Plans Support
· Security Assessment and Authorization (SA&A) for Federal Agencies
· Assessment and Authorization documentation (Security Plans, Risk Assessments, Security Assessment Reports, POA&M etc.)
· Vulnerability scanning and analysis.
· Transit agencies cybersecurity assessment.
Training
We provide training in cybersecurity, information security, and transit financial management for clients preparing for compliance audits and looking for avenues to build knowledge and capacity for staffs tasked with key responsibilities.
Our team has provided trainings at the national and regional levels in the transit industry.
We have provided specialized training focused on specific transit grant recipients to address topics like preparation of cost allocation plans, Federal Financial Reports, and Milestone Projects Reports.
Below are some examples of our training services:
· Nationwide FMO Financial Management training for transit agencies
· Financial Management System for new FTA recipients
· Federal Financial Reporting
· Cost Allocation Plans preparation
· FTA Funding Sources
· FISCAM Audit