The federal counterpart to the Office of the Washington State Auditor, the Governmental Accountability Office (GAO) released a report on Tuesday demonstrating the vitally important role of cybersecurity auditing in the information age. Vulnerabilities in government systems can be exploited by criminals looking to harm the public, as detailed in the GAO’s audit findings.
The Office of the Washington State Auditor helps local governments protect themselves from cybersecurity threats through a variety of means, including conducting cybersecurity audits on both the local and state levels. SAO also provides local governments with the training and resources they need to better understand the ever-changing landscape of cybersecurity. Responding to the increased demand for cybersecurity resources by Washington’s local governments, SAO has begun developing a new suite of materials specifically designed to address local government concerns. By partnering with governments across Washington and providing them with our valuable audit services, we help protect Washingtonians from potential cyber harm.
Photo courtesy of the Washington Army National Guard
In early July, our Senior IT Security Specialist Sunia (Lulu) Laulile (pictured)participated in the International Collegiate Cyber Defense Invitational at Highline College in Des Moines, Washington. In this exercise, Lulu’s team attacked the systems the students were defending. You can read more about this event on the Washington Army National Guard’s blog.
Our Office has a whole team of highly capable and talented cybersecurity experts like Lulu whose job it is to ensure sensitive public data held by other Washington state governments is secure. We issue reports aimed at helping governments improve their security posture in an era of ever-increasing cyber threat. Read our most recent cybersecurity report on our website.
Today we are publishing the culmination of four years of audit work on Alternative Learning Experience programs, available here. There are more than 250 ALE programs across Washington, taking shapes as different as alternative high schools, online courses, or specific classes or programs in public schools.
We have seen significant improvement in compliance with the requirements ALE programs must meet. We have also documented the special role these programs have in our education system. Most students seek out ALE as an educational choice, but for students who find traditional school settings overwhelming, who have significant medical issues, and many others, these alternative approaches to education are invaluable.
In 2013, the Legislature asked us to review ALE programs by auditing their finances and measuring student outcomes. Since then, we’ve audited the compliance of every ALE program in the state with more than 10 full-time students. We’ve visited ALE programs in person, interviewed educators and surveyed students and parents. The reports released today meet the intent of the Legislature’s request.
The financial audits show more school districts are following ALE compliance requirements, resulting in lower levels of questioned costs. The performance audit work on student outcomes used qualitative analysis of information from educators, parents and students to document the value ALE instruction has within the state’s educational system. But because of ongoing data quality issues, we were not able to independently verify the effectiveness of these programs.
Improving academic data will enable Washingtonians to make better choices in our education system overall. Better data will require continued effort from the Office of the Superintendent of Public Instruction, the more than 300 school districts and education programs, the Education Research and Data Center, and others. We have offered recommendations for data improvement in our report, as well as recommendations to resolve common noncompliance issues we’ve found in audits of individual programs.
Please visit our website for an interactive map of ALE programs statewide, our reports and other materials. We want to empower every Washingtonian with information about their public services.
The Pacific Northwest Intergovernmental Audit Forum (PNIAF) held its annual training March 15-16 in Victoria, B.C. Auditors came from state, local, federal and provincial audit agencies, representing Washington, Oregon, California and British Columbia. The weather was beautiful and we had a great agenda. Continue reading
Did you know that the State Auditor offers free, in-depth evaluations of local government’s cybersecurity systems? In an article published today, the Pew Charitable Trust details the cutting-edge role the Washington State Auditor has in ensuring the IT system security of local governments around the state. This service helps protect local governments and their residents’ sensitive data from increasingly sophisticated hacking attempts. Want to learn more about how the Office of the Washington State Auditor is a leader in cyber security work? Check out the City of Mill Creek’s IT security performance audit here.
School districts have asked the State Auditor’s Office to let them know in advance the areas they can expect auditors to emphasize in upcoming audits. This list will help your district prepare for audits examining FY 2016. If you have questions, your local audit team is available year round: they can answer technical questions and point you to additional guidance on specific areas of audit. Continue reading
Doctors sometimes make mistakes, and those mistakes can have life-or-death consequences for patients. Washington, like every other state, uses boards to license and regulate doctors and other healthcare providers, and can impose discipline on providers.
The Washington State Auditor’s Office recently released a performance audit that looked at two of these boards. The Medical Quality Assurance Commission (MQAC) is one of the largest, regulating 31,000 medical doctors and physician assistants. The Board of Osteopathic Medicine and Surgery (BOMS) is one of the smallest, regulating about 1,800 osteopathic doctors and physician assistants, but was included because medical and osteopathic doctors often do the same work in the same settings. Continue reading
Information can be transmitted, shared and read electronically around the world almost instantaneously. However, even as information has become increasingly digital, printed materials still play an important role in business and government operations. The Washington State Auditor’s Office published an audit October 31, 2016, that focused on the state’s printing services. The audit followed up on a 2011 audit that made recommendations to reduce the state’s printing costs. While the audit focused on the state’s centralized printing services provider, Printing & Imaging (P&I) within the Department of Enterprise Services (DES), its findings and recommendations may also be helpful to many other governments as they try to minimize spending. Continue reading
The National Association of State Chief Information Officers (NASCIO) conducts an annual survey of state Chief Information Officers to learn about the top policy and technology issues state governments face. State Chief Information Officers (CIOs) have ranked cyber security as the top priority on every survey since 2014. At the State Auditor’s Office, we are also concerned about cyber security. To help state agencies and local governments protect their IT systems and data, we conduct IT security performance audits designed to assess opportunities for improvement. We plan to continue these audits to strengthen the security posture of our state and local governments.
In 2016, the Deloitte-NASCIO cyber security study was completed. This study surveyed states’ Chief Information Security Officers (CISOs) for their perspectives and insights cyber security issues. Interestingly, some of what the state CISOs reported in the survey aligned with what state agencies reported to our Office during our IT security performance audits. Specifically, they named adequate resources, including funding and staffing for IT security, as a significant challenge. However, the study’s results indicate CISOs and CIOs are having a strong, positive impact on cyber security, which is encouraging.