Cotton and Company

Assurance

Expertise > [Assurance]

Cotton & Company’s Assurance Practice includes financial management and information assurance professionals who specialize in providing audit and attestation services.

Our guiding mission is to serve the public’s interest by promoting transparency and accountability. We believe an audit’s value is maximized when its findings, conclusions, and recommendations position stakeholders—including congressional overseers, federal leaders, and the public–to make positive change for the public good.

To that end, we offer a wide range of assurance services to meet the specific needs of our stakeholders and constantly strive to provide value, regardless of whether the engagement is intended to fulfill a statutory requirement, meet a congressional or legislative mandate, or achieve objectives identified by the organization.

Financial Statement Audits
Since its founding in 1981, Cotton & Company has served the public interest by performing audits. Since the passage of the Chief Financial Officer (CFO) Act in 1990, we have been offering federal financial statement audit services to federal agencies. We have performed CFO Act engagements on behalf of more than three dozen federal CFOs and Offices of Inspectors General (OIGs) in the Executive and Legislative Branches.

Performance Audits
The business of government is to support the public. Performance audits are the platform from which we facilitate federal agencies’ provision of accountability and transparency in their execution of federal programs.

Generally Accepted Government Auditing Standards (GAGAS) states, “Performance audit provide objective analysis, findings and conclusions to assist management and those charged with governance and oversight with, among other things, improving program performance and operations, reducing costs, facilitating decision making by parties responsible for overseeing or initiating corrective action and contributing to public accountability.” Cotton & Company has been providing performance audit services as described in GAGAS since the 1994 Revision that included provisions for performance audits, beginning on or after January 1, 1995.

We have evaluated programs as diverse as:

  • Information security programs under the Federal Information Security Modernization Act (FISMA)
  • Data Act reliability audits
  • IPERA compliance to reduce improper payments
  • Review of Claims filed for federal programs were processed in compliance with policies and procedures
  • Review Federal program control designs to provide reasonable assurance that program objectives were met
  • Review programmatic controls were operating effectively during the period under audit

IT and Cybersecurity Audits
Cotton & Company has performed numerous FISMA audits and other custom IT and cybersecurity performance audits. Our testing includes:

  • Evaluations of access controls,
  • Configuration and change management,
  • Systems development life cycle including audits of Agile and Waterfall implementations, disaster recovery and contingency planning, and
  • Overall governance and security frameworks.

We have also performed in depth cyber security audits of firewall design and implementation including analysis of firewall rules sets and implementation, management and monitoring of security information event management tools used as part of security operations centers.

Attestation
Cotton & Company offers services to perform attestations under American Institute of Certified Public Accountants (AICPA) Security and Organizational Controls (SOC). SOC offerings include:

  • SOC 1 – Report on controls as a service organization relevant to user entities internal control over financial reporting
  • SOC 2 – Report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy
  • SOC 3 – Report on controls at a service organization using the trust services criteria for a general use report

We also have performed a variety of audits under AICPA SSAE 19 Agreed Upon procedures (AUP) engagements. An AUP engagement allows the auditor to perform specific agreed-upon procedures of a specific subject matter and issue a report based on the results of those procedures.

Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) Assessment Services

Assurance Leadership Team

Loren Loren Schwartz
CPA, CISSP, CISA
Partner lschwartz@cottoncpa.com
Jesse_Carpenter Jesse Carpenter
CPA
Partner jcarpenter@cottoncpa.com
steve Steven Koons
CPA, PMP
Managing Partner skoons@cottoncpa.com
Liz Lang Liz Lang
CPA
Partner
elang@cottoncpa.com
alan Alan Rosenthal
CPA, CFE
Partner arosenthal@cottoncpa.com
Edmund Fernandez Edmund Fernandez
Senior Manager efernandez@cottoncpa.com
La Kisha Gallman La Kisha Gallman
CISA
Senior Manager lgallman@cottoncpa.com
Matthew Gorman Matthew Gorman
Senior Manager mgorman@cottoncpa.com
Simon Lee Simon Lee
CISA, CISSP
Senior Manager slee@cottoncpa.com
Marvin Muhumuza Marvin Muhumuza
CISA, ITILv3
Senior Manager mmuhumuza@cottoncpa.com

Quick Links

Advisory
Assurance
Contracts and Grants
Fraud Risk Management
Litigation Support
Thought Leadership
Report Fraud
Employee Portal

CPA Firm Permits
Virginia: 132183
Maryland: 39250
DC: CPC920055

Contact Us

635 Slaters Lane
4th Floor
Alexandria, VA 22314
P: 703.836.6701
F: 703.836.0941
Contact Form
Map

Let’s Be Social

FacebookTwitterInstagramLinkedin squareYoutube square
AnswersQuestioned

Disclaimer | Privacy © 2017 Cotton & Company LLP

From Accounting Today, [March, 9 2015] © [2015] SourceMedia, Inc.. All rights reserved. Used by permission and protected by the Copyright Laws of the United States. The printing, copying, redistribution, or retransmission of this Content without express written permission is prohibited