Review finds flaws with DISA's auditors

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Camille Tuutti

By Camille Tuutti

|

Who watches the watchers? At DISA, the IG's office may itself be in need of some oversight.

Auditors at the Defense Information Systems Agency aren’t up to par and have received a failing grade for their inability to follow governmentwide auditing standards, according to a new report.

The Defense Department’s Office of the Assistant Inspector General for Audit Policy and Oversight found DISA’s Office of Inspector General had “significant deficiencies” in complying with its system of quality control. Federal audit organizations are rated on a scale of pass, pass with deficiencies or fail; DISA's received a failing grade.

The Aug. 7 audit findings showed DISA auditors conducted only sporadic quality assurance reviews. While reviews were performed in November 2008 and February 2011, none were conducted during 2010. An audit organization is required to do ongoing assessments of work completed on audits on at least a yearly basis.

The DISA OIG's leadership was also criticized for lacking professional judgment because it failed to adhere to generally accepted government auditing standards (GAGAS) and their system of quality control on all four audit assignments reviewed.

“We determined that the DISA IG audit organization did not exercise professional judgment due to the array of noncompliances found in the majority of auditing standards areas including quality control and assurance, supervision, evidence, documentation, reporting, independence, planning, and the use and application of GAGAS,” Randolph Stone, deputy inspector general for policy and oversight, wrote in the audit report.

Overall, the system of quality control for the DISA IG audit organization was considered well designed. However, the DISA Audit Handbook came under fire for not including procedures for notifying the management when an audit uncovers something that’s no longer independent or objective. The guidance also fell short of policies on how the audit organization tracks staff training.

The recommendations were:

  • DISA's director should create a plan for both DISA and DOD's audit offices to review audits for compliance with internal quality assurance policies, procedures and GAGAS, and;
  • Agency officials should update the audit handbook to include policies and procedures that address shortcomings.

DISA’s inspector general has agreed with the recommendations.

NEXT STORY: At NOAA, there's gambling at Rick's