Author Archives: ITauditSecurity

About ITauditSecurity

Mack is an IT auditor and author of the ITauditSecurity blog for IT, audit, and security professionals. The blog provides HOW-TOs, analysis, and humor.

A Sneaky Way to Analyze IT Controls

When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.

I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.

Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).

It Began a Few Years Back

It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.

Continue reading

Advertisements

Leave a comment

Filed under Audit, Case Files, Security, Technology

Before You Analyze Data

Before you start analyzing data, you need to 1) know you have the right data, and 2) understand the data and the process that produced it.

This post assumes, of course, that you already accomplished some of the hardest tasks already: figuring out what data you need, where to get it, and actually getting the data. Good luck with that. :)

This post is part of the Excel: Basic Data Analytic series.

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Excel, How to...

How to Profile Data

Before you analyze data, you should profile it.

Otherwise, your analysis may not be too broad, too narrow, or you may miss some important insights or errors.

This post is part of the Excel: Basic Data Analytic series.

Data profiling is developing a profile of your data, just as facial profiles of a person, taken from various angles, helps you size up a person’s nose, identify whether his chin is sagging, and how far apart the person’s eyes are.

Continue reading

2 Comments

Filed under Audit, Data Analytics, Excel, How to...

Is ACL Analytics Dying?

Spiral deathI fear that ACL Analytics is dying, and has been as long as I’ve been ranting about it.

Making Laurie Schultz their CEO helped, but I don’t think it has been enough.

NOTE: I wrote this well over a month ago, long before I posted the ACL Officially Changes Name & Spots post; I just got sidetracked and forgot about this post. I stumbled across it today in my Drafts folder. I decided to publish it ‘posthumously’ (so to speak) to show 1) how much I’m agonizing over ACL’s direction, 2) how I’ve always felt about ACL’s software, and 3) provide some balance to my previous post.

Continue reading

13 Comments

Filed under ACL, Audit, Data Analytics, Written by Skyyler

Quote of the Weak – Clean Data Manually

clean data manuallyIf you are in IT, audit, or security (or any other job requiring data analysis), you should NOT be cleaning data manually.

Let me share a recent experience with you….

A young IT auditor texted me at work and asked for some Active Directory user account data that I capture automatically every week, using some scheduled ACL scripts.

If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here.

Continue reading

2 Comments

Filed under Audit, Case Files, Data Analytics, Excel, How to..., Quote of the Weak, Security, Technology

Job Automation Quiz

automation quiz

Test how much you know about automation technologies by taking the job automation quiz at Financial Management magazine.

Continue reading

Leave a comment

Filed under Audit, Free, Security, Technology

ACL Robotics is NOT Robotics

RPA the robotContrary to what ACL has been touting as their new ‘robotics’ feature, it is NOT robotics process automation (RPA).

[The ‘robotics’ feature is due out later in 2018. It appears to be ACL’s latest attempt to get you to use their GRC software.]

ACL, via John Verver, defines the term this way in his RPA article: “The idea is a relatively simple one: get computers to perform tasks normally performed by humans, and cut resource and time requirements for many repetitive activities.” Continue reading

3 Comments

Filed under ACL, Audit, Data Analytics, Scripting (ACL), Technology