Federal Agencies Must Accurately Categorize IT, Cyber Positions, GAO Reports

workforce database

After reviewing 24 Federal agencies that cover work in IT, cybersecurity, or cyber-related projects, the Government Accountability Office (GAO) found in a report today that six of these agencies did not accurately categorize the work roles of their work positions and that 22 assigned non-IT roles to about 19 percent of their IT positions.

These agencies were required to complete assigning work role codes to vacant positions by April 2018. But many human resource and IT officials from the agencies reported to GAO that they had not completely or accurately categorized the roles for IT positions. GAO said that mislabeling work roles has only hurt these agencies in addressing the Federal drought of workforce and technological talent.

“By assigning work roles that are inconsistent with the IT, cybersecurity, and cyber-related positions, the agencies are diminishing the reliability of the information they need to improve workforce planning,” GAO wrote.

The Defense, Justice, and Energy Departments, as well as the Environmental Protection Agency, General Services Administration, and National Aeronautics and Space Administration were the six agencies that reported to GAO that they could not identify or assign codes to all their vacant positions.

The Office of Personnel Management (OPM) planned to issue further guidance for all agencies to track IT and cyber vacancies by January this year. OPM officials reported that agencies have focused on the assignment codes to filled positions, but tracking vacancies is difficult because agencies have different ways of doing so.

More broadly, however, 22 of the 24 agencies assigned the work role code “000”–which designates non-IT or non-cyber functions–to anywhere between 5 and 86 percent of their positions, GAO found.

GAO made 28 recommendations to the 22 agencies it flagged in the report. The report called for them to review their work code assignments and assign appropriate codes to IT, cyber security, and cyber-related vacant positions more specifically. To the six agencies that failed to assign codes to all its vacant positions, GAO suggested they finish coding those that cover IT and cyber functions.

“[U]ntil agencies accurately categorize their positions, their ability to effectively identify critical staffing needs will be impaired,” GAO wrote.

Recent