As state and local governments increasingly depend on information technology (IT) systems to serve the public, the need to audit the controls in and around these systems increases. To help mitigate risk and to provide best-practice guidance to both state and local governments, the State Auditor’s Office performs IT audits. Because governments collect sensitive and confidential information from the public, it is critical to have good controls to protect that information.
Our Office worked with the National State Auditors Association (NSAA) to bring its annual IT audit conference and workshop to Tacoma this year. The NSAA provides guidance, resources and training to state audit offices nationwide.
Bringing the NSAA IT conference to Washington provided an outstanding training opportunity for more than 30 State Auditor’s Office staff and 16 internal auditors from large Washington agencies. IT auditors from 30 other states also converged on Tacoma for the event.
The State Auditor’s Office is a leader in the IT audit field; the work we perform in cybersecurity audits provides valuable and practical recommendations that help improve the security posture for governments in Washington. Three of our staff presented on the cybersecurity work our Office has performed. This garnered a lot of interest from out-of-state auditors, who might want to replicate this work in their home states. Our Office also led a presentation on emerging issues for IT audit, which generated some good audience discussion.
In addition, we assembled an expert panel of cybersecurity experts from the FBI, Microsoft, Emagined Security and Washington’s Security Operations Center. This group put on an amazing presentation on incident response — valuable training to help keep your information safe.