TSTC has based its audit practice on two audit / evaluation dimensions: compliance and effectiveness. This two-pronged approach allows TSTC to determine if an organization's operations, internal controls, etc. are 1) compliant with defined criteria and 2) effective in terms of producing a desired and measurable result or outcome. Using these complimentary audit measures allows TSTC to determine the health and maturity of the organization with the ultimate goal of a series of actionable recommendations that not only meet organizational needs and mission but are cost effective and in compliance with Federal Law, Regulations, and organizational Policy and Directives.

Audit, Inspections, Evaluations, and Assessments

TSTC often performs an audit or an inspection, consisting of a thorough and formal evaluation of an organization's systems processes and controls, against a set standard or documented process (e.g., GAO's Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity). These two types of evaluation are designed to provide an assessment through a qualified independent assessment of representations about the system or process. An audit or an inspection may also provide a gap analysis of the operating effectiveness of the internal controls.

TSTC inspections are more flexible than what one normally experiences with an audit. TSTC Inspection "auditors" use professional judgment in selecting the type of work to be performed and the standards that apply to the work; defining the scope of work; selecting the inspection methodology; determining the type and amount of evidence to be gathered; and choosing the tests and procedures for the work. Professional judgment is then applied when actually performing the tests and procedures and when evaluating and reporting the results of the work.

TSTC audits differ from inspections in that an audit makes representations about likely future results if conditions are not remedied via the recommendations. A TSTC inspection evaluates current and past results - it does not make any predictions regarding the future. Inspections are best used for organizations whose processes are maturing since present and existing policy is only valid for the present and may have no correlation to a future state.

Performing audit, inspections, evaluations, and assessments of agencies of the Federal Government is very complex and involves many stakeholders. There are financial audits, CFO Act audits, performance audits, compliance audits, effectiveness audits, grant audits, IT audits, and so forth. The TSTC multi-disciplined approach and diverse staff skill set have allowed us to provide award winning FISMA audit, IT remediation, and Program Management / Investment Management evaluations for such clients as the Federal Communication Commission (FCC) Office of the Inspector General (OIG), the United States Coast Guard Office of the Chief Financial Officer (CFO), and the Environmental Protection Agency (EPA) OIG, amongst others. No matter what type of engagement you may require, TSTC has the resources and applied experience to bring a trained team to the task.