Some Periodic Reviews Provide Little Assurance

I’ve written before how some periodic reviews provide management with little assurance, but management doesn’t realize how little.

My previous post focused mostly on server access. In this post, I want to look at normal user access.

For example, let’s assume your company has a policy that states that all IDs must be assigned within an Active Directory group. In other words, IDs are assigned to groups, and groups are assigned to assets; IDs should not be assigned directly to an asset.

Assume the control you are testing states that user access is reviewed annually.

Continue reading →

Blogging about Internal Audit (10 tips)

A looooooong time ago, Leeann asked me to write a post about blogging about internal audit, so here goes. Most of this post applies to blogging on any subject, too.

First of all, there is a dearth of good internal audit blogs, and even less good IT audit blogs. So if you’re thinking about, we sure could use you in the blogsphere!

Writing a blog is hard work, and you often get tired of it. Life finds a way to get in the way. This is my 11th year of the blog (see the first post here), which, ironically, was written by skyyler. Fortunately, we’ve gotten better since that first year.

Blogging about internal audit is like a moon shining in a dark place… here’s my 10 tips…

Continue reading →

Mack-the-Auditor Gets Audited! Part 3

This is the third of 3 posts; this post describes how I audited the auditors and my perspective on the whole thing.

Read the first post (background) and the second post (audit results).

Continue reading →

Mack-the-Auditor Gets Audited! Part 2

This is the second of 3 posts; this post describes the audit, some speed bumps, and the audit results.

Read the first post here, which provides the background on the audit and the audit’s scope.

Continue reading →

Mack-the-Auditor Gets Audited! Part 1

Usually, I’m the one doing the auditing, but this time, I (Mack) was the one who was audited.

It was a great experience for me.

Well, sort of. No one likes being audited (ahem). But it gave me a fresh perspective of how others feel when I audit them.

This is the first of 3 posts; this post contains some background info on the project that was audited, and the second one discusses the audit and the results, and in the third post, I describe my perspective on the whole thing, and some takeaways.

Continue reading →

Why this pic on this blog?

Have you ever wondered why I selected the picture above to represent my blog?

This picture illustrates so many aspects and nuances of this blog’s theme.

Here’s your chance to put on your thinking cap, and based on what skyyler and I have written about over the years, tell me what YOU think it represents.

As the comments roll in, we’ll comment on them.

Then, after a few weeks, I’ll peel back my brain and give you a peek inside as to what my reasons were.

Not sure how many of you will take me up on the challenge, but here goes…

 

Don’t Miss all the Free Advice & Info

While you are checking out my blog, make sure you don’t miss all the free advice that’s laying around.

And I’m not talking about the blog posts (those are good too).

Whether you a new reader or you’ve been around since the beginning (2009!), when you find a post you like, don’t forget to do the following after you read it:

1. Look in the upper right corner of the website for my Quick Links. This will take you to multiple posts on these subjects.
2. Use the Search Box to search for key words.
3. When you read a post, check out the Comments. We respond to a lot of questions and provide information that isn’t in the blog posts.
4. Leave a question of your own in Comments. We will respond.