Functional Statements > Office of Inspector General

E. INFORMATION TECHNOLOGY AUDITS AND COMPUTER CRIMES INVESTIGATIONS (EFT)

This component centralizes the information technology operations capabilities. The unit directs, controls, coordinates, and provides a full range of advanced computer and statistical techniques services required by Audit Services, Investigation Services, and Management Services, conducts IT Audits and Cybercrime investigations. ITACCI is comprised of the Information Technology Audit Division (ITAD), the Computer Assisted Assessment Techniques Division (CAATD), and the Technology Crimes Division (TCD). This centralized concept ensures maximum coordination and cooperation both internally and externally.

Information Technology Audit Division

ITAD uses non-organizational teams to conduct IT audits of internal Departmental systems. The teams are responsible for liaison with the Department and participation on Departmental teams as appropriate.

In performing its functions, the teams:

• Develop policies and procedures on the application of IT audit techniques.
• Provide advice and assistance related to the Department’s internal systems.
• Provide real-time assessment of information technology developments.
• Conduct general and application control reviews.
• Conduct system security and vulnerability assessments of the Department’s systems and networks.
• Conduct quick response audits.
• Conduct research on best practices and emerging technologies.
• Review proposed IT policies for the Department.
• Establish liaison with other OIG groups and outside audit entities for the purpose of sharing knowledge, identifying the most effective software tools, developing performance standards, and improving audit performance.

TOP

CAATD – Computer Assisted Assessment Techniques Division

The Computer Assisted Assessment Techniques Davison directs, controls, coordinates, and provides a full range of advanced computer and statistical technique services to Audit Services, as well as providing advanced techniques assistance to Investigation Services and Evaluation, Inspection and Management Services.

In performing its responsibilities, the Division:

• Develops policies and procedures for the application of advanced techniques.
• Identifies and recommends procurement of software packages that enhance the operations of the Division.
• Modifies and develops innovative methodologies for employing data extraction and analysis software, statistical analysis, and other advanced techniques.
• Provides assistance and guidance to audit teams, investigators, and management team members in the extraction and analysis of computerized files from Departmental and external sources.
• Provides guidance to staff and senior management on data warehousing, data mining, and computer and mathematical modeling.

TOP

Technology Crimes Division

The Technology Crimes Division (TCD) is the OIZG component responsible for investigating computer security incidents within ED, as well as, conducting forensic analysis of computer systems and other electronic media in support of criminal investigations. In addition, it is responsible for the coordination, tracking, and conduct of proactive data mining activities and projects; referring the results of those efforts to the field for investigation. TCD is comprised of fill-time Computer Crime Investigators (CCIs), technical professionals, and program analysts. All CCIs have full statutory law enforcement authority as granted by Congress.

In performing its responsibilities, the Division:

• Perform cybercrime investigations in response to attacks against, as well as unauthorized access of, Department of Education information systems, networks, computer systems, or databases.
• Investigates the criminal misuse of Departmental computers, which could include the accessing of child pornography.
• Performs forensic analysis of computer media in support of criminal investigations by both TCD and OIG Investigation Services.
• Develop policies and procedures on the application of advanced evidence collection, preservation, and analysis techniques.
• Performs the intermediate step of validation of data query results to reduce or eliminate false positives, cross-checking data with other publicly and privately available databases, conducting sophisticated link analysis, and ultimately generating productive investigative referrals for Investigation Services field offices.
• Conducts proactive data mining initiatives and is responsible for the project management of those products, which includes coordination with field offices, tracking efforts, and reporting results.

TOP