Share on Google+Share on FacebookShare on LinkedInShare on TwitterShare on DiggShare on Stumble Upon
Custom Search
 
  

CONDUCTING INSPECTIONS

Advantages can be gained from using both scheduled and surprise inspections. A scheduled inspection should meet the general policy requirements of the particular facility and should occur at least annually. This could be a major inspection conducted by an outside command, an internal inspection, or a spot check inspection to review specialized items of interest, perhaps as a result of previous inspection reports of findings. The distinguishing characteristic is that it is scheduled in advance, with a resultant flurry of preparation by the AIS facilities. It motivates cleaning up loose ends, but limits what can really be learned from the inspection.

A surprise inspection is designed to test on a no-notice basis certain elements of security and control. It should be approved by the commanding officer of the command in charge of the AIS facility. It can be accomplished by the command or an external inspection team. It can be used to test those elements best reviewed on a surprise basis, such as fire response, access control, and personnel complacency.

When a scheduled inspection is conducted, the first step normally is to interview AIS personnel. Generally, the first walk-through includes interviews with the AIS technical manager. Searching questions, rather than leading questions, should be the rule, and the best approach is to allow the interviewee to talk as freely as possible. If you are the interviewer, ask questions to put the interviewees in the position of probing for their answers. For example, "What is your biggest access control problem?" not "Do your people wear badges?" Ask how illegal entry or sabotage would be accomplished. Do not hesitate to ask the same questions of more than one person. It is interesting how varied the responses can be.

The conduct of the interviewer is important. Strive to be open in dealing with interviewees. Avoid allusions to private information and obscure References

to other people or events or in any other way cultivating an air of mystery or superiority. It goes without saying the use of good human relations techniques is essential to a successful interview. Nothing can be gained by being belligerent and antagonizing the interviewee. Your conduct should be firm and inquisitive, but also calm, sincere, and open. Probe in some detail any answer that appears evasive or defensive.

Taking notes is a matter of individual preference. Some people take very adequate notes at listening speed. Others must devote all their attention to listening. If note taking is a problem, the interview could be conducted by two-person teams. Another alternative is to use a portable tape recorder, making certain the interviewee knows in advance that the interview is being taped. If a two-person team or a tape recorder is not available, attempt to listen and absorb as much as possible, then record notes and impressions directly after the conclusion of the interview.

The evaluation tests can be scheduled or come as a surprise. Most security inspections include testing the emergency, fire, evacuation, and disaster recovery activities. Access controls should also be tested on a no-notice basis. Tests are best scheduled or conducted early in the inspection rather than after everyone is alerted to the presence of the inspection team. Special concern, guidance, and instructions must be taken into consideration when the AIS facility has armed guards. It is possible to test the adequacy of programmed controls and data authorization by submitting jobs that attempt to bypass these controls. Take care not to destroy live data. However, if AIS upper management believes error detection and correction controls really work, then there should be no objection to the introduction of deliberate errors to test these controls.

The inspection team should convene periodically, preferably at the end of each day's activity, to review progress and to compare notes. Areas of weakness or concern should be highlighted, and additional tests or interviews scheduled to investigate further any particular areas of concern. Copies of the inspection working paper should be classified, numbered, dated, and organized for ease of understanding, review, and comparison.

At the completion of the inspection, a written report is to be prepared immediately, while impressions are still fresh. As a rule, the inspection report includes:

An executive summary;

A description of the inspection-dates locations, scope, objectives, and so forth;

A detailed report of observations made;

Conclusions drawn from the observations; and

Recommendations for corrective actions, as appropriate.

The degree of cooperation received should be noted and favorable conclusions should be given the same prominence as deficiencies. Tables, charts, and matrices of results, statistical tests, and conclusions may be very helpful. Distribute the final report to the AIS facility and the command upper management as prescribed in the planning phase.







Western Governors University
 


Privacy Statement - Copyright Information. - Contact Us

 Integrated Publishing, Inc. - A (SDVOSB) Service Disabled Veteran Owned Small Business