Top 10 Bad Jobs

I was checking out the latest post of my new blogger colleague from London, Audit Monkey, and read the following….

I’m sitting here in reflective mood thinking what the ‘Top 10′ worst possible jobs could be. Here’s my list.

10. Internal Auditor
9. Internal Auditor
8. Internal Auditor
7. Internal Auditor
6. Internal Auditor
5. Internal Auditor
4. Internal Auditor
3. Internal Auditor
2. Internal Auditor
1. Internal Auditor. Sorry, late correction, Senior Internal Auditor.

That gave me a good chuckle. Check out the rest of his post here. The only job that is worse is a senior internal auditor that is hiring and managing IT audit contractors. I don’t want to get started on contractors…

Although being an  internal auditor can be a sad job, I’ve had some other jobs that had their ups and dips. Here’s the differences I’ve noted between them.

System/Network Administrator – The only time people come to see you is when something is wrong and they want to see you strung up, even though it’s usually caused by a ID-ten-T error* from a user in their own department who ignored some IT policy.

Admins have access to almost everything on the network, servers, etc., so even though it’s a thankless, 24 x 7 job, they are in control. The destiny of others is in their fists. Most admins have gone to the LAN closet and unplugged the network connections of their enemies once or thrice, or had them blocked from reaching the Internet accidentally.

Information Security Analyst – Most of the time, these guys are chasing others. When they attend a meeting, everyone hopes he’s not the target. Like auditors, security folks usually bring bad news that no one wants to hear or fix.

Normally, the security analyst is given no access to anything (segregation of duties), but that’s okay, because he knows how to steal the access he needs. That’s the fun of being the security guy, all the hacking and pentesting (with a GOOJ card of course), but the downside is that he has to help fix it. Security problems are always his to deal with, regardless of who caused it. Security is also a 24 x 7 job.

Auditor – Do I really need to go into this?

Auditors are the homing pigeons that everyone wants to shoot due to their bad tidings they bring. Bad tidings of how management and staff ignored common sense, policy, regulations, and their mom’s advice, and did it their own way by the edge of their pants.

I’m always humored that auditors, like news reporters, simply report on what’s happening. They don’t make it up, they just shine a really bright light on it. And for some reason, it’s always the light bearer’s fault.

Auditors usually aren’t given much access to systems and the like, but they can ask for and be given access to pretty much anything per the audit charter. That seems to sober people up, and it I’ve found mentioning it is usually enough; I’ve never had to produce the audit charter and wave it at anyone.

Unlike the security guy, the auditor gets to find the problems, but doesn’t have to fix them. He makes his recommendations, and goes home and eats supper. Usually a 9 to 5 job. Ain’t so bad after all.

* For those not familiar with this help desk term, write it out: I D 10 T



Filed under Audit, Humor/Irony, Top 10

7 responses to “Top 10 Bad Jobs

  1. 9 to 5 for internals, externals, not so much. Although they get to avoid having to fix the problems – unless they’re somehow able to “sell” that work as an external. :P


  2. Rafael Rosado

    Not only does the internal auditor have a 9-5 job (usually) and get to have supper with the family at night, but also has some spare time to write entries in blogs and even social network on Facebook. ;)

    I need a life…..


  3. Reminds me of the Simpsons episode where Marge works as an estate agent – “there’s the truth’ (*smiles and nods); ‘and there’s the truth’ (*frowns and shakes head solemnly)
    Shining a light on what is already there should be a good thing.


  4. Pingback: Some of my Favorites | ITauditSecurity

  5. Rishabh

    Hi Mack,
    I am with IT for a decade now, largely into application development. I want to make a switch to IT audit and thats where Google brought me to your blog when I had searched – “IT Audit job with little or no experience” . I have been avidly reading your blog since then and have been finding it very insightful.

    But the blog post – top 10 bad jobs – got me confused. Whole list comprises internal auditing job.
    Have I missed the sarcasm or is internal audit so bad ?

    I am in a perm role and as advised by you have started studying for CISA and once confident about cracking I will talk with my manager about switching internally within the organization.

    Please advise.



    • Rishabh,
      You missed the sarcasm. What my friend was writing about (I was quoting him) is that auditing can be a tough job because it’s an adversarial job – you are often highlighting mistakes, things that were overlooked, and sometimes, intentional bad behavior. You often are the bearer of bad news, and auditees forget that they and the auditor are on the same team.

      But don’t let that stop you, as auditors server an important role in keeping a company on the right track (the track that the leaders said they want to take). The grief an auditor gets when dealing with it is part of the journey and the challenge.

      I’ve built my reputation on and won the respect of many of my auditees (who I have delivered bad news to many times) due to how I handled the delivery – first, I make sure my facts are correct, and I come along aside them as a friend and give them advance notice so they can alert their managers before the results are published (never surprise an auditee).

      I am always excited about app developers becoming auditors because they tend to be detail-oriented and understand how to read and critique code (among other things), something that is becoming more and more important in today’s connected and automated world.

      Few auditors can read and interpret code, and fewer auditors want to learn it. When you apply for audit jobs, remember to mention that you understand coding (networking, databases, troubleshooting, testing, etc.), and use that to sell the benefits you can bring to audit.

      I will remind you (and my readers that it is my belief) that it is more important to understand HOW TO AUDIT (the principles and strategies) than it is to understand technology, but since you already understand some technology aspects, if you master auditing eventually, you will be ahead of the pack. Just don’t neglect the audit process as you study for the CISA.

      Please stop by often with questions and report how your journey is going. It encourages me and my readers when they see someone doing what they are too scared to do. Keep going!

      Wish you the best, Mack


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.