Auditors identify weaknesses in company policies and practices, but they often act like the same users they laugh about behind closed doors. And they often don’t protect their own data, or the sensitive data they access in the course of doing their jobs.
How many times have you observed auditors do the following (I’d love to hear YOUR stories):
When I joined LinkedIn, it was because it was BUSINESS-like and so un-Facebook. As much as I like LinkedIn, it is becoming too much like Twitter and Facebook. Or perhaps it is more accurate to say that LinkedIn features are being used in the same casual manner.
I’m still thinking about the IT auditor interviews I did recently. Not only did I get frustrated with the interviewees, I struggled with my co-interviewers. I not only thought some of their questions were poor, but they branded me a “tough interviewer.”
A few weeks ago, I did several phone interviews and concluded that no abundance of skilled IT auditors are looking for jobs these days.
First, isn’t the purpose of the interview to determine what a person’s experience is, and whether that experience is a good match for the position? At least 3 of the interviewees provided negative information about themselves unexpectedly:
A couple of us were arguing about the differences between random, haphazard, and judgmental sampling. One person said that picking samples here and there manually was random sampling. I argued the method described was actually haphazard sampling. Another said that haphazard sampling was not appropriate and that “audit judgment” was valued, not haphazard sampling.
Part 1 of an article at AuditNet notes that audit teams need to increase their use of technology, specifically data analytics, to continue adding value to their companies. The author contends that data analytics can provide more assurance at a lower cost than the traditional cyclical approach to auditing (while I noticed the author, John Verver, is a VP of ACL Services and has a vested interest in this, I agree with him).
I wonder sometimes how many controls fail due to personal issues instead of design and performance issues. In other words, do controls fail more because of communication, turf, and personal issues or is it that the control is poorly designed or not performed?
A Security Scout adventure…
A friend of mine noticed a truck blocking the exit of the parking ramp where he works, which is a big, international company. Since he was just arriving for the morning, it didn’t seem to matter, but a red light started to blink slowly in the back of his brain.
