The “fear” of being audited

Today’s guest is Greg Wilshusen, director of Information Security Issues, at the Government Accountability Office.  When  the typical citizen hears the word “audit” there is certain association with Torquemada and the Spanish Inquisition.  A similar reaction occurs when a federal information professional learns that the GAO will be making a visit.

The reason Wilshusen is in the studio is to dispel some of the fear and trepidation that may occur if your agency gets a letter from the GAO.

head shot of Greg Wilshusen
Greg Wilshusen, director, information strategic issues, Government Accountability Office

First all, they do not act capriciously in targeting organizations. They are the agents for Congress.  When a Congressional committee sees something that doesn’t look good, they will ask the GAO to do an investigation.

Secondly, (with the possible exception of some members of the intelligence committee) the GAO acts in a transparent fashion.  An agency will get an initial meeting and a final meeting with its report.  There is no J. Edgar Hoover secret file for these inquiries.

Finally, you may be shocked to learn that Wilshusen estimates that as many of 90% of the GAO’s recommendations in the area of cybersecurity are implemented after the review.

If you are looking over your shoulder and need some guidelines for a cybersecurity audit, listen to Greg Wilshusen.



Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.

Sign up for breaking news alerts