DoD IG flunks DISA IG
The office that internally audits the Defense Information Systems Agency has itself received a failing grade in a review (.pdf) by the Defense Department inspector general.
For a report dated Aug. 7, the DoD IG reviewed four of the 14 reports the DISA IG issued from fiscal 2009 to March of fiscal 2011. Federal audit organizations can receive one of three ratings: pass, pass with deficiencies, or fail.
The DISA IG audit organization failed because of poor compliance with its own system of quality control. The DoD IG says the system was suitably designed to abide by generally accepted government auditing standards, or GAGAS.
One way DISA auditors failed to comply was in performing some nonaudit services without formally checking to see whether providing those services would impact auditors' independence.
All nine of the DISA auditors whom DoD IG interviewed did tell the DoD IG that they did not perform any nonaudit services that could impact their independence, though.
Another mistake that led to the failing grade was a lack of supervisory reviews of auditors' work on one of the four projects the DoD IG reviewed.
The DoD IG also found that the DISA auditors did not always perform annual quality-assurance reviews. They performed reviews in November 2008 and February 2011, but didn't do any in fiscal 2010.
And the February 2011 review was done specifically to prepare for this DoD IG report, it notes.
A senior auditor completed both reviews, even though a branch chief is supposed to, the report adds.
DISA IG Kristopher Miltner said his office will provide in-house training to improve understanding of and compliance with GAGAS standards.
He also concurred with the DoD IG's recommendation that his office reevaluate the current goal of completing audits within 180 days.
- download the report, DODIG-2012-116 (.pdf)