Federal agencies are misstating work roles for a portion of their information technology (IT) workforces, making it difficult for them to better understand their critical personnel needs, which is necessary to help them plan to fill these needs, in particular for cyber security expertise, the Government Accountability Office (GAO) says in a new report.

A 2015 law requires agencies to “identify and categorize all of their IT and cyber-related positions,” says the report on the federal cyber security workforce. “However, most of the agencies we reviewed likely miscategorized the work involved in many positions. For example, 22 of 24 agencies assigned a ‘non-IT’ code to 15,779 (about 19%) of their IT positions.”

The report says that all of the 24 agencies it reviewed have “assigned work roles” to IT, cyber security and cyber-related jobs,  although six of these say they haven’t completed assigning roles to vacant positions despite an April 2018 deadline to do so.

Of 20 IT positions assigned codes, the Defense Department has 11 positions identified with codes that are consistent with the position description and the Department of Homeland Security has identified 10 positions consistent with the code consistent with the position description, GAO says.

The report cites human resources and IT officials at the 24 agencies as saying they either incompletely or inaccurately categorized work codes because they ‘had not completed validating the accuracy of the assigned codes.”