GAO Releases Planning Guide for Security Audits

The US General Accounting Office (GAO) has released a set of guidelines that help audit information systems to arrive at a more acceptable level of security. Members of the National State Auditors Association (NSAA) and auditors from local government cooperated with the GAO to produce the guide. Security auditors can use the guidelines to develop a path for auditing that includes developing a strategy, implementing an audit, and assessing the results of an audit.

"To be effective in ensuring accountability, auditors must be able to evaluate information systems security and offer recommendations for reducing security risks to an acceptable level. To do so, they must possess the appropriate resources and skills," a GAO representative said.

The guide helps outline crucial aspects of information system security audits, including (but not limited to) defining mission-critical objectives, determining an audit environment, identifying security risks, assessing employee skill sets, addressing legal issues, partnering and using consultants, and assessing costs involved with auditing and strengthening security. The detailed 60-page guide is available in Adobe Portable Document Format (PDF) at the GAO Web site and at the National Association of State Auditors, Comptrollers, and Treasurers (NASACT) Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.