Today’s guest is Greg Wilshusen, director of Information Security Issues, at the Government Accountability Office. When the typical citizen hears the word “audit” there is certain association with Torquemada and the Spanish Inquisition. A similar reaction occurs when a federal information professional learns that the GAO will be making a visit.
The reason Wilshusen is in the studio is to dispel some of the fear and trepidation that may occur if your agency gets a letter from the GAO.
First all, they do not act capriciously in targeting organizations. They are the agents for Congress. When a Congressional committee sees something that doesn’t look good, they will ask the GAO to do an investigation.
Secondly, (with the possible exception of some members of the intelligence committee) the GAO acts in a transparent fashion. An agency will get an initial meeting and a final meeting with its report. There is no J. Edgar Hoover secret file for these inquiries.