GPS: From Military Secret to Civilian Necessity and the Lessons for Internal Auditors
Access our free Reputational Risk Rapid Response Toolkit ongoing insights, expert frameworks, CPE opportunities, and industry connections by subscribing to The Risk Register.
Where emerging risks meet actionable insights.
When you open your phone’s map app, you’re tapping into a system that began as one of the most closely guarded military technologies in the world. Global Positioning System (GPS) satellites now guide delivery trucks, emergency services, farmers’ tractors, and even your fitness tracker but this wasn’t always the case. The GPS story is not just about navigation; it’s a blueprint for layered controls, risk mitigation, and governance evolution, the same principles internal auditors navigate every day.
A Quick History of GPS
- Cold War beginnings – In 1957, the Soviet launch of Sputnik sparked the idea that satellites could be used for navigation. The U.S. military pursued the concept, leading to the Navstar GPS program in 1973. The system was designed primarily for military precision targeting, but with a parallel channel for civilian use.
- Selective Availability (SA) – To prevent adversaries from exploiting GPS, civilian signals were intentionally degraded with pseudo-random errors, limiting accuracy to about 100 meters. Military receivers could bypass these errors using encrypted correction keys.
- Opening the system – In 1983, after Korean Air Lines Flight 007 was shot down after straying off course, President Reagan announced GPS would eventually be made available for civilian navigation. The system reached full operational capability in the mid-1990s.
- Clinton’s move – In May 2000, President Bill Clinton ordered SA turned off, instantly improving civilian GPS accuracy to within 20 meters. The ability to re-activate SA in emergencies was retained — a built-in contingency control.
Internal Control Lessons Embedded in GPS
GPS wasn’t just an engineering feat; it was a case study in control design:
- Layered Access Rights
- Military users had encrypted access to full accuracy; civilian users got a limited version until risk tolerance shifted.
- Auditor takeaway: Systems should grant access proportional to user needs and trust level, with clear escalation protocols.
- Deliberate Risk Mitigation
- SA was an intentional “downgrade” as a preventive control against hostile use.
- Internal Auditor takeaway: Sometimes a control isn’t about enabling more, but restricting capabilities until safeguards are in place.
- Governance Maturity and Transparency
- Over time, the Department of Defense evolved GPS governance — setting milestones, phasing in civilian access, and retaining emergency levers.
- Internal Auditor takeaway: Governance should be dynamic, adapting to changing risk environments while documenting decisions and thresholds.
- Continuous Monitoring & Correction
- Systems like Differential GPS (DGPS) used fixed reference points to measure and correct signal errors in real time.
- Internal Auditor takeaway: Monitoring is not passive; effective controls identify deviations, measure them, and feed corrective actions back into the system.
- Contingency Planning
- The U.S. retained the technical capability to re-enable SA in military zones if needed.
- Internal Auditor takeaway: Critical systems need fallback mechanisms for extraordinary circumstances, and those should be tested periodically.
Why This Matters for Internal Auditors
GPS is a powerful metaphor for what internal audit can do inside an organization:
- Navigation, not just braking – We don’t only stop problems; we guide decision-makers toward safer, smarter routes.
- Adaptive controls – Like SA, controls can be tightened or loosened as conditions change.
- Precision through verification – Just as DGPS corrects errors against known points, internal audit validates processes against policy and performance standards.
- Preparedness for disruption – Retaining the “switch” to tighten controls is like having a well-tested business continuity plan.
Final Thought
From Cold War secrecy to an everyday utility, GPS has shown that systems can evolve responsibly while balancing accessibility and security. Internal auditors operate in that same tension, enabling business efficiency while safeguarding assets. If we design controls with the same layered, adaptable, and monitored approach, we can help our organizations reach their destinations with accuracy and confidence.
Stay connected: follow us on LinkedIn and explore more at www.CherryHillAdvisory.com.
