1.
General. The COMSEC custodian and the unit commander should conduct frequent inspections and
checks of their cryptofacility. They must ensure that high levels of individual and collective security awareness
are maintained.
2.
COMSEC account audits.
a. The CCSLA conducts formal audit of COMSEC accounts. These audits involve the physical
inventory of all COMSEC material charged to an account. This includes hand-receipted material. They also
involve checking accounting records and files and reviewing internal accounting and operating procedures. These
audits are conducted separately from INSCOM cryptofacility inspections.
b. Audits are normally scheduled through the responsible command, although they may be
unannounced. The CCSLA sets the priority of COMSEC account audit. To do this, it uses the following criteria:
(2) The size, type of account, and number of transactions.
(3) The classification and sensitivity of material held in an account.
(4) Accounting problems noted by the ACCOR.
(5) Physical incidents related to or caused by accounting errors.
(6) Unauthorized absence of a custodian or others holding material on hand receipt.
(7) Requests for audit by the local commander.
(8) INSCOM recommendation.
c. There are five major areas to an audit; however, an audit is not limited to them. The five areas are:
(1) Verifying the completeness and accuracy of all accounting records and files.
(2) Verifying the knowledge of and adherence to COMSEC policy and procedure by the COMSEC
custodian and the alternate.
SS0137
7-2