Auditing the Auditors: Do IGs Get IT?

Everybody’s heard of the Federal IT skills shortage–but it isn’t just IT departments that are struggling. A recent Council of the Inspectors General on Integrity and Efficiency (CIGIE) report on cyber security and IT modernization finds agencies’ Offices of the Inspector General (OIG) are struggling with an IT skills gap of their own. CIGIE brings OIGs together to talk about common challenges and areas for improvement.

Break With the Past

CIGIE finds that the traditional way OIGs audit their agencies isn’t quite effective for IT topics. Investigating and formulating a formal report is often too slow for cybersecurity issues, and may reveal security vulnerabilities to the public. CIGIE proposes a more nimble approach and recommends setting up working groups to consider deploying briefings and dashboards to replace traditional reports.

Tech Talk

Let’s face it, Federal tech is complex–and modernization initiatives afoot will surface new tensions between yesterday and today. CIGIE found that auditors did not feel that they had enough technical background to begin to evaluate their agencies’ IT performance. It proposes more dialogue between OIGs and technical experts to establish appropriate standards.

CIGIE also found that various agencies’ OIGs evaluate the same cloud providers multiple times across multiple agencies using different methodologies. The report recommends coordinating audit efforts among agencies.

Culture Club

There’s also a broader issue of changing the culture in OIGs. Many times auditors don’t know how to audit intensely technical projects, but learning the audit process can be just as confusing for new hires with primarily IT experience. CIGIE recommends increased cross training for new hires.

Hunt the Lone Wolf:

A big-picture recommendation–OIGs are better together. CIGIE proposes a yearly focus area that would allow IT personnel from across agencies to focus in on one issue and to collaborate on developing associated best practices–rather than taking a lone-wolf approach. It also suggests increased general communication among IT personnel who work across OIGs. CIGIE recommends establishing an annual forum to allow OIGs to connect and communicate, as well as setting up an online space that would allow for constant communication.

Seems even auditors get the IT blues–ain’t no happiness nowhere…

Recent