A Visit from DCAA

Posted August 9th, 2007 by

I helped give our auditors from the Defense Contract Audit Agency (DCAA) some education on how managed services work. We did the usual presentation–who the building tenants are, what takes place in the various floors, and what services we offer.

In case you’re not familiar with DCAA, the basic rundown is that they are the financial auditors for government contracts.  They look at your numbers and try to detect how and where you are committing financial fraud.  In our case, we have distinct service descriptions and a set of financial and operational metrics to support  the numbers (ie, each server requires 1 hour per month on average to do patching and fix outages, so the cost to us is $100, add your markup and that’s the cost per month to monitor and manage a device).

This is risk management through education for us.  When you have auditors who don’t understand why an IT operations shop would need 13K gallons of diesel fuel (I thought you did IT?), the least you can do is to educate them.

Similar Posts:

Posted in Risk Management, The Guerilla CISO | 2 Comments »

2 Responses

  1.  Darren Couch Says:

    Do you at least have the ledger showing the equivalent amount of Ammonium Nitrate on another page? 😉

  2.  rybolov Says:

    No, that’s all paid for under the “slush fund” tab. =)

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: