Who Audits the Auditors?

Auditors identify weaknesses in company policies and practices, but they often act like the same users they laugh about behind closed doors. And they often don’t protect their own data, or the sensitive data they access in the course of doing their jobs.

How many times have you observed auditors do the following (I’d love to hear YOUR stories):

  • Use weak passwords.
  • Carry confidential data unprotected on thumb drives
  • Carry confidential data unprotected on huge external hard drives
  • Email sensitive client documents in plain text across the Internet.*
  • Fail to lock their screens when they leave their laptop**

* Encrypting data sent via email seems to irritate Big 4 auditors the most!
** I’ve seen Big 4 auditors with no screen saver configured. Hey, that’s MY company’s data you’re playing with!

Next time you hear of PII being exposed because of confidential data stored on a laptop, you might just wonder if an auditor was involved–or at fault.

2 Comments

Filed under Audit, Security

2 responses to “Who Audits the Auditors?

  1. None of you, especially those of the big 4, have ever seen sloppy auditors?

    Like

  2. I tend to think that the lack of comments on this post indicates that no auditors like dog food. Auditors bayonet the wounded, but seldom shine their own shoes….

    Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s