/
Mastering IT Audit Readiness: A Proactive Playbook for Federal Agencies
Published on
Mastering IT Audit Readiness: A Proactive Playbook for Federal Agencies

By Cecil Dildine, senior program director at Electrosoft

Few things get the attention of federal agency leaders faster than news of an upcoming IT audit. All federal defense and civilian agencies must undergo routine IT audits to ensure compliance with stringent regulations, including FISCAM, FISMA, FIAR, NIST and SSAE standards. However, many struggle to achieve a state of readiness, often resorting to reactive remediation rather than proactive planning.

Instead of scrambling when an audit occurs, agencies with mature IT audit readiness policies and practices can anticipate audit requirements, reduce their risks and support seamless compliance.

To engage with prominent government officials about IT partnership goals, be sure to sign up for the Potomac Officers Club’s 2025 Digital Transformation Summit, happening April 24 in Tysons Corner, Virginia.

The Evolution of IT Audits

Since the 1970s, IT audits have evolved from basic system reviews to sophisticated assessments. Today’s audits focus on three primary objectives:

  • Compliance: Ensuring IT systems and infrastructure comply with legal and regulatory requirements.
  • Security: Verifying data security and employee adherence to security protocols.
  • Performance: Identifying vulnerabilities and recommending risk mitigation measures.

Federal IT audits are typically performed by independent public accounting firms, or IPAs, which assess compliance against established criteria. Audit frequency is determined by law (e.g., financial statement audits are annual events) and regulations. 

Common Challenges

There are three key challenges many agencies face when preparing for the audits:

  • Readiness – Struggling to compile the necessary documentation and maintain compliance with shifting regulations.
  • Remediation – Addressing deficiencies post-audit, which can be time-consuming and resource-intensive — ultimately delaying corrective action.
  • Reaching a proactive posture – Lacking the internal mechanisms to continuously self-identify and address IT risks before an audit occurs.

Shifting to a proactive approach will allow your agency to embed audit readiness into daily operations, reducing the burden of compliance and enhancing overall security.

Three Steps to Proactive Readiness

A structured approach to IT audit readiness minimizes last-minute efforts and improves an agency’s ability to achieve clean audit opinions. 

Three key strategies include:

1. Integrate IT audits into normal operations

Given the annual nature of financial statement audits and the ongoing monitoring required for IT controls, agencies must encourage a culture where compliance is a continuous risk management effort. Communicate the importance of audit readiness, ensuring your team understands the necessity of ongoing compliance rather than viewing audits as disruptive events.

2. Establish a centralized audit readiness project management office

A dedicated PMO can be an essential asset to help achieve and maintain IT audit readiness by:

  • Developing standardized policies, procedures and templates.
  • Providing training to your staff on IT compliance requirements.
  • Serving as a centralized source of truth for audit progress, reporting and documentation.

By implementing a structured PMO, your agency can streamline audit readiness efforts, track compliance status and enable informed decisions based on real-time data.

3. Assign accountability for IT controls

Successful audit readiness requires clear accountability for internal controls. Assign action officers to oversee your control areas to ensure:

  • Defined roles and responsibilities for compliance activities.
  • Consistent execution of IT policies and procedures.
  • Proper documentation and evidence collection to support audits.

With dedicated personnel responsible for IT controls, your agency can maintain compliance as part of the day-to-day rhythm of your operations. 

Preparing Documentation for IT Audits

Comprehensive documentation is the backbone of IT audit readiness. Federal auditors adhere to the “trust and verify” principle, requiring tangible proof of compliance. 

To support the audit, compile:

  • System inventory – A list of all your certified and accredited IT systems and data assets.
  • Regulatory compliance documents – Applicable laws, regulations, risk assessments, manuals and agreements.
  • Internal policies and procedures – Agency-specific controls implementing federal requirements.
  • IT control documentation – Detailed records of your controls, their execution, review cycles and compliance evidence.

Establishing and maintaining these records in a centralized repository allows agencies to quickly provide auditors with necessary materials, reducing the risk of findings due to missing documentation.

Addressing Audit Findings With a Corrective Action Plan

When deficiencies are identified, agencies receive a notice of findings and recommendations, or NFR. The NFR outlines issues related to access controls, security management, system configurations and more. Agencies must then develop a corrective action plan, or CAP, to address these deficiencies.

A CAP should include:

  • A root cause analysis identifying the underlying factors contributing to noncompliance.
  • Specific actions to correct deficiencies and prevent recurrence.
  • A timeline for remediation and assigned accountability.

If agencies don’t have the in-house expertise to ensure that corrective actions align with best practices and regulatory expectations, they may consider working with an expert contractor who does.

Transitioning From Reactive to Proactive Compliance

The ultimate goal of IT audit readiness is achieving consistent clean audit opinions. This is best achieved by shifting to a proactive posture that prevents issues before they arise.

A proactive IT audit strategy includes:

  • Standardized audit life cycle procedures – Documented processes for compliance activities, stakeholder engagement and issue resolution.
  • Training and monitoring programs – Ongoing education that keeps your staff informed about regulatory changes and compliance best practices.
  • Centralized performance tracking – A unified system for tracking IT control effectiveness, identifying risks and reporting audit readiness status.

By embedding these elements into your operations, you can improve audit outcomes, strengthen IT security, and reduce the burden of last-minute compliance efforts.

With the right strategies and expertise, your agency can turn IT audits from dreaded events into part of your daily operations, enhancing agency effectiveness and resilience.

Mastering IT Audit Readiness: A Proactive Playbook for Federal Agencies
/
Executive Order Establishes Strategic Bitcoin Reserve
Published on
Executive Order Establishes Strategic Bitcoin Reserve

President Donald Trump has signed an executive order to establish a U.S. Digital Asset Stockpile and a strategic reserve that will treat bitcoin as a reserve asset.

The EO came days after Trump ordered the Presidential Working Group to establish a U.S. Cryptocurrency Reserve.

The White House said Thursday the reserve will be funded with the Department of the Treasury-owned bitcoin that was forfeited as part of criminal or civil asset forfeiture cases.

The EO authorizes the secretaries of Commerce and Treasury to develop budget-neutral strategies for acquiring additional bitcoin without imposing incremental costs on taxpayers.

Digital Asset Stockpile

According to the order, the U.S. Digital Asset Stockpile consists of Treasury-owned digital assets forfeited in criminal or civil asset forfeiture proceedings. The secretary of the Treasury may devise strategies for responsible stewardship of such assets, including potential sales from the stockpile.

The EO seeks to ensure a strategic approach to overseeing U.S. digital assets and directs agencies to provide accounting of their digital asset holdings to the President’s Working Group on Digital Asset Markets and the secretary of the Treasury.

Policy for Managing Cryptocurrencies

The new policy intends to address the disjointed management of cryptocurrencies seized through forfeiture by federal agencies by taking steps to centralize control, ownership and management of such assets within the government.

The administration also aims to harness the power of digital assets for national prosperity.

/
Larry Allen Joins GSA as Assoc. Admin of Office of Government-wide Policy
Published on
Larry Allen Joins GSA as Assoc. Admin of Office of Government-wide Policy

Larry Allen, a seasoned government contracting professional with extensive knowledge of procurement policies, supply chain management and regulatory compliance, has been named associate administrator of the Office of Government-wide Policy in the General Services Administration.

The agency said Thursday Allen will oversee OGP’s policy development and implementation while focusing on enhancing efficiency and transparency and leading innovation across federal acquisition, real estate and technology programs. In addition, the new administrator will lead efforts to modernize acquisition strategies and enhance government-wide operations. Allen will leverage more than 30 years of public sector experience in his new administrative role.

Allen’s Career History

The executive serves as president and expert witness for Allen Federal Business Partners. His main responsibility is to help companies drive business growth through comprehensive planning. Allen briefly served as managing director at BDO USA, where he assisted companies in developing federal market strategies and conducting market research on trends.

From 2012 to 2016, Allen worked as an adjunct instructor at George Washington University, teaching federal indefinite-delivery/indefinite-quantity contracting. The new GSA executive also served as president of the Coalition for Government Procurement for over two decades. He led the major trade association with a membership of more than 350 government contractors. Allen started his career as a legislative assistant in the House of Representatives.

“I am honored to join GSA and the new administration to support the mission of making government work smarter and more efficiently,” said Allen. “Through strategic policy initiatives, we will strengthen acquisition practices, enhance transparency and deliver greater value to federal agencies and the American taxpayer.”

//
CSA Secures New Navy Task Order for IT Support
Published on
CSA Secures New Navy Task Order for IT Support

Client Solution Architects will continue providing services to the Commander, Navy Installations Command, or CNIC, under a new recompete task order for Tier II of the command’s Next Generation Information Technology Support program

CSA has established “a strong, trusted partnership with CNIC” as a foundation for the company to further contribute value to NGEN-Tier II, said Emily Tyson, the company’s senior program manager. “We look forward to supporting CNIC’s mission and the dedicated Navy personnel it serves,” she added.

Task Order’s Scope

The new task order calls for continuing support for CNIC IT services through CSA’s management of the NGEN-Tier II help desk operations at the command’s Washington, D.C. headquarters. The company will also manage the headquarters’ wireless mobility services and install strategic technical systems enhancing the command’s IT infrastructure. In addition, CSA will work with the CNIC’s chief information officer on special projects.

The company secured the task order under CNIC’s Program Management Oversight Services vehicle, a multiple-award, indefinite-delivery/indefinite quantity contract. The contract vehicle supports the strategic operations of the CNIC headquarters’ nine directors and regional commanders worldwide.

Two-Decade Partnership

CSA has been a CNIC partner since 2006. Besides CNIC’s NGEN-Tier II task order, CSA also secured in October 2023 a recompete task order for the Navy Marine Corps Intranet NGEN program.

The Naval Service Training Command initially awarded the company’s NMCI task order under a potential three-year contract that CSA secured in November 2022.

/
NASA Wants Commercial Contractor for ISS Robotic System
Published on
NASA Wants Commercial Contractor for ISS Robotic System

NASA is soliciting proposals from private contractors capable of operating the International Space Station’s Astrobee robotic system. The solicitation seeks a commercial partner to run the system’s three cube-shaped robots, including their sustainment engineering and utilization, NASA said Thursday. 

The agency’s Announcement for Partnership Proposals for Astrobee’s operations, which was posted on SAM.gov, followed a NASA request for information issued in August on commercial capabilities for the robotic system.

Requirements of the Solicitation

NASA wants proposals from private contracts capable of providing ground-based testing, equipment and needed laboratory space. The agency seeks a partner who will take responsibility of the Astrobee system throughout the operational life of the ISS. Astrobee’s commercial operator will also set milestone objectives and ensure the system’s continuing technology development to support future commercial space initiatives. The deadline for proposal submissions is on March 21.  

Eugene Tu, director at NASA’s Ames Research Center, which led the Astrobee project, expressed excitement on a commercial partnership in the robot system. 

“Astrobee has been a beacon for robotic and autonomous research in space for many years, working with academia and industry partners across our country and internationally,” Tu noted.

Ground-Based Operational Control 

The ISS incorporated the Astrobee system in 2019, with its three free-flying robots — Bumble, Honey and Queen — working autonomously or managed by ground-based operators. It operates as one of the systems for routine ISS duties, such as documentation, to enable astronauts to focus on more complex work and experiments. 

In 2021, NASA tested the Integrated System for Autonomous and Adaptive Caretaking software on Bumble for flight navigation in the ISS and detected a simulated ventilation jam. Other experiments performed with the Astrobee robots have included testing mechanical adhesive technology and mapping the station.

/
Chris Scolese on NRO’s Satellite Deployment Efforts & Ground Investments
Published on
Chris Scolese on NRO’s Satellite Deployment Efforts & Ground Investments

Chris Scolese, director of the National Reconnaissance Office and a five-time Wash100 awardee, said the government and industry should leverage the potential of the architecture and other capabilities NRO has deployed in space and on the ground.

NRO said Wednesday Scolese made the call to action during the Intelligence and National Security Alliance Leadership Dinner.

Proliferated Satellite Constellation

During the event, the NRO director talked about the deployment of a proliferated network of more than 150 satellites and the agency’s move to expand the computing power of its ground systems to facilitate the collection of more data.

“Today, we have the data and the tools to help answer some of the toughest intelligence challenges of our time; to strengthen security, readiness, and lethality; and to effectively respond to disasters and humanitarian crises around the world,” Scolese told the audience.

The 2025 Wash100 awardee noted that NRO’s satellite architecture is strengthening observational persistence and shortening revisit times to bolster U.S. space-based intelligence capabilities.

Strengthening Partnerships

During the event, Scolese mentioned NRO’s investments in advanced computing, including artificial intelligence and machine learning, and ground systems to improve data processing and advance the development of dashboards and other tools. 

He also highlighted the importance of partnerships with key stakeholders to leverage the potential of the agency’s technological investments.

“The NRO is moving faster than ever before,” Scolese said. “It’s time for all of us to work together – government, industry, academia, allies, and other partners – by combining our respective authorities, capabilities, and talents to enable a more secure present and future.”

/
Air Force, Northrop Grumman Test Sentinel ICBM Solid Rocket Motor
Published on
Air Force, Northrop Grumman Test Sentinel ICBM Solid Rocket Motor

The U.S. Air Force and Northrop Grumman have conducted a demonstration of the Sentinel intercontinental ballistic missile, or ICBM, stage-one solid rocket motor on Thursday at the company’s facility in Promontory, Utah.

Modernizing ICBM Systems to Address Nuclear Threats

The full-scale qualification static fire test verified the validity of the motor’s design, the Air Force said Thursday. During the test, the accuracy of digital engineering models were proven accurate, taking the stage-one solid rocket motor one step closer to obtaining full qualification. This development also moves the ICBM modernization program forward towards production and deployment as it builds upon previous static fire tests of the second and third stages of the Sentinel program.

Experts from Northrop Grumman and the Air Force Nuclear Weapons Center are currently analyzing the test results.

The Sentinel program is set to replace the Minuteman III ICBM weapon system. This ICBM modernization initiative is vital to national defense particularly against nuclear threats.

“As we modernize our nuclear triad, the ICBM Systems Directorate is driven to securely deliver America’s ICBM capabilities,” said Brig. Gen. William Rogers, director of the ICBM Systems Directorate of the Air Force Nuclear Weapon Center. “This brings us one step closer to fielding the Sentinel weapon system, a vital component of our nation’s strategic deterrence and a testament to our unwavering commitment to national security.”

//
NCCoE Selects Participants for DevOps Security Practices Project
Published on
NCCoE Selects Participants for DevOps Security Practices Project

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has announced the nine organizations who will participate in a project seeking to address challenges associated with DevOps and software supply chain security.

The selected “technology collaborators” in the Software Supply Chain and DevOps Security Practices Project are Black Duck, Dell Technologies, DigiCert, Endor Labs, GitLab, Google, IBM, Microsoft and Scribe Security, NCCoE said Thursday.

Mission: To Design, Build Innovative Technologies

The organizations were selected after submitting proposed capabilities that align with the project’s vision. They signed a cooperative research and development agreement with the government to provide expertise and hardware or software that would be utilized to design and build innovative technologies.

The participants will work with a project team to develop risk-based strategies and recommendations for secure DevOps and software supply chain practices. The effort envisions implementing the DevSecOps practices to proof-of-concept use-case scenarios, which could help organizations identify and mitigate cybersecurity risks posed by the software supply chain.

Launched in May 2023, the project aims to assist organizations maintain the volume and velocity of software delivery by using a cloud-native strategy and automated platforms. It also targets to showcase current and future secure development practices, tools and frameworks to address cybersecurity challenges.

/
Trump Admin Says US Military Attracting More Recruits
Published on
Trump Admin Says US Military Attracting More Recruits

President Donald Trump said the U.S military is attracting more recruits following the start of his second administration in January.

According to Trump, his executive order ending diversity, equity and inclusion programs across the federal government led to a surge of Americans enlisting to serve the military, the Department of Defense said Wednesday. The president reported the recruitment uptick during his address to a joint session of Congress on Tuesday.

“I am pleased to report that in January, the U.S. Army had its single best recruiting month in 15 years and that all armed services are having among the best recruiting results ever in the history of our services,” Trump said.

Rebuilding the U.S. Military

Earlier, Secretary of Defense Pete Hegseth issued a statement underscoring the Trump administration’s policy. Hegseth, a 2025 Wash100 Award recipient, stressed he intends to rebuild the country’s military focusing “on lethality, meritocracy, accountability, standards and readiness.”

Establishing ‘Golden Dome,’ Increasing US Shipbuilding Capacity

Trump also discussed the government’s upcoming military modernization efforts, such as creating a defense system to intercept incoming missile attacks. The president asked Congress to fund “Golden Dome,” which he pointed out is part of the administration’s initiatives to build “the most powerful military of the future.”

In addition, Trump pledged to expand the country’s shipbuilding capacity and announced the establishment of an Office of Shipbuilding within the White House. Under the new office, the government will offer tax incentives to drive domestic shipbuilding, Trump said. “We are also going to resurrect the American shipbuilding industry, including commercial shipbuilding and military shipbuilding,” the president explained.

/
DOD Releases Federal Acquisition Regulation Class Deviation
Published on
DOD Releases Federal Acquisition Regulation Class Deviation

The Department of Defense has issued a class deviation directing contracting officers to dissolve and replace Federal Acquisition Regulation, or FAR, solicitation provisions and contract clauses associated with the Equal Employment Opportunity executive order.

DOD said Wednesday John Tenaglia, principal director of defense pricing, contracting, and acquisition policy, signed the class deviation titled Restoring Merit-Based Opportunity in Federal Contracts on Tuesday.

According to the document, contracting officers are not required to amend contract actions nearing the end of the performance period, including those with less than six months remaining, and those without options to extend.

Removing the Term ‘Gender’

The class deviation also directs the removal of the term “gender” in the FAR to comply with the Defending Women from Gender Ideology Extremism and Restoring Biological Truth to the Federal Government EO signed by President Trump in January.

GSA-Issued Class Deviations to FAR

In February, the General Services Administration released two deviations to FAR and procurement practices to implement three recent executive orders, including the Ending Illegal Discrimination and Restoring Merit-Based Opportunity EO

GSA noted that the FAR deviations will allow federal contracting officers to modify existing contracts and solicitations without imposing penalties on the contract holder or the government.

1 189 190 191 192 193 2,706