The “fear” of being audited

What should you do when you learn your agency is being audited by the Government Accountability Office? Find out this week when host John Gilroy interviews Greg...

Today’s guest is Greg Wilshusen, director of Information Security Issues, at the Government Accountability Office.  When  the typical citizen hears the word “audit” there is certain association with Torquemada and the Spanish Inquisition.  A similar reaction occurs when a federal information professional learns that the GAO will be making a visit.

The reason Wilshusen is in the studio is to dispel some of the fear and trepidation that may occur if your agency gets a letter from the GAO.

head shot of Greg Wilshusen
Greg Wilshusen, director, information strategic issues, Government Accountability Office

First all, they do not act capriciously in targeting organizations. They are the agents for Congress.  When a Congressional committee sees something that doesn’t look good, they will ask the GAO to do an investigation.

Secondly, (with the possible exception of some members of the intelligence committee) the GAO acts in a transparent fashion.  An agency will get an initial meeting and a final meeting with its report.  There is no J. Edgar Hoover secret file for these inquiries.

Finally, you may be shocked to learn that Wilshusen estimates that as many of 90% of the GAO’s recommendations in the area of cybersecurity are implemented after the review.

If you are looking over your shoulder and need some guidelines for a cybersecurity audit, listen to Greg Wilshusen.


Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories