Category Archives: Audit

No Metrics, Little Analytics

analytic metrics, numbersIf your department doesn’t track metrics on your analytics, you are probably not doing analytics or you are making little progress in analytics.

In either case, its obvious that analytics isn’t very important to your management.

Which is one of the points I made in my post, 10 Signs Mgmt Doesn’t Really Support Analytics.

So far, I have encountered very few audit departments that track meaningful metrics about their analytics.

Counting the number of projects that include analytics isn’t enough.

Continue reading

1 Comment

Filed under Audit, Data Analytics, How to..., Written by Skyyler

CISA Does NOT an IT Auditor Make

cisa study guide, tipsPassing the CISA exam does not make you a good IT auditor anymore than passing a driving test makes you a good driver.
Passing either exam says that you know the basics, but you still have a lot to learn.

Most likely, you still don’t know how and when to use what you know and apply it to the current situation. That’s why experience is necessary. Lots of it.

I’m going on a rant here, so reader beware. If you read on, make sure you hang in there until I make my main point in the end.

You just won’t feel the love right away…

Continue reading

10 Comments

Filed under Audit, Certification, Employment, How to..., Technology, Written by Skyyler

Robotics to Replace ACL, Part 2

robot replace ACLPreviously I wrote Will Robotics (RPA) Replace ACL?

The short answer is no, and I describe the reasons in that post.

But that doesn’t mean someone won’t try.

Shortly after I wrote my original robotics post, I encountered robotics vs. ACL, part 2.

Continue reading

1 Comment

Filed under ACL, Audit, Scripting (ACL), Technology

Require Analytic Skills to Hire and Promote 

up down arrowsUnless your department is still in the early stages of your analytics journey, analytic skills should be one of your hiring and promotion criteria.

In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.

One of the signs is that hiring and promotion decisions are made without reference to a person’s analytic skills.

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Employment, How to..., Written by Skyyler

Which Way is Analytic North?

compass analyticsTo create a successful analytics program in internal audit, you must have a plan. A plan that points to analytic North.

That requires WRITTEN goals.

In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.

One of the signs that indicates management isn’t really serious about analytics is that management does not require every staff member to have measurable analytic goals.

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Excel, How to..., Written by Skyyler

Dedicate an Analytics Champion

analytics leaderTo create a successful analytics program in internal audit, you must dedicate a person to serve as an analytic champion.

In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.

The first sign I noted was the lack of a full-time analytic champion.

Continue reading

7 Comments

Filed under Audit, Data Analytics, Written by Skyyler

Security Camera Saves Auditor $60

video camerA security camera helped this auditor recoup $60 recently, 2 months after I lost it.

You might recall my previous encounter with security cameras in Do Your Security Cameras Give Good Customer Service?

I was back in the same store, but this time I had a different problem.

Continue reading

Leave a comment

Filed under Audit

10+ Signs Mgmt Doesn’t Really Support Analytics

mgmt doesn't support analyticsYour management says it wants more analytics, but does it really support analytics? Here’s 10+ signs that indicate that your mgmt:

  • Does NOT knows what it takes to get analytics off the ground
  • Believes that analytics multiply like rabbits, naturally
  • Is NOT willing to make the adjustments required to deliver and sustain real value.

Continue reading

5 Comments

Filed under Audit, Data Analytics, How to..., Technology, Top 10, Written by Skyyler

New IT Auditor (and WannaBEs) Master List

Here’s a list of all my posts to-date related to becoming or growing as an IT Auditor, all in one place for easy reference.
I’ll add other posts as they are written.

Continue reading

11 Comments

Filed under Audit, Employment, How to..., Security, Technology

Use LinkedIn to get an IT Audit job

If you’re looking for an IT Audit job, here’s how to use LinkedIn to get noticed.

new-auditorIn a nutshell, you need to enhance your LinkedIn profile so that everyone knows you’re working hard at learning IT auditor skills.

If you’re already working as an IT auditor, use these suggestions to get noticed more and move ahead (or into another company with more opportunities).

Continue reading

4 Comments

Filed under Audit, Certification, Employment, How to..., Technology

Why Internal Auditors Should Care about Robotic Process Automation

3 Comments

Filed under Audit, Data Analytics, Employment, How to..., Technology

Audit Management Sometimes Sucks

see no evilWhen internal auditors (or those pretending to be such) do poor work and don’t follow the appropriate audit and IT standards, they are unprofessional. However, I put the blame at the feed of audit management.

Continue reading

7 Comments

Filed under Audit, Employment

How to get an IT Audit job with little or no experience

I get asked all the time, “How do I get a job in IT audit with little or no experience?”

When Michael Onuoha asked me this question (see here), I thought I’d share my response with my readers.

You’ll find these same answers scattered around the blog as I answered people in the past, but I thought I’d pull it all together into one place.

Breaking into any field can be difficult, but it can be done. Especially when the demand for IT auditors is so high.

Continue reading

26 Comments

Filed under Audit, Certification, Employment, How to..., Technology

Top 10 Reasons Why Being an IT Auditor is So Hard

tenBefore you choose a career as an IT auditor, consider my top 10 reasons why being an IT auditor is so hard.

Continue reading

3 Comments

Filed under Audit, Employment, Technology, Top 10

Careers After IT Auditing

life-after-it-auditRecently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading

16 Comments

Filed under Audit, Employment, How to..., Technology

Do you have User IDs Hidden in the Cloud?

hidden-in-the-cloudIt’s 10 o’clock in the cloud. Do you know where all your user IDs are? Are some hidden in the cloud?

Cloud security if often cloudy because it’s not on premise where you can control it easier.

That means you may have powerful user IDs in the cloud that your security team knows nothing about, which means….

Continue reading

2 Comments

Filed under Audit, Case Files, Technology

Real Auditors Use Excel PowerPivot

powerpivot iconIf you’re an auditor and you are not yet using Excel PowerPivot, you are missing the next greatest thing since spreadsheets arrived.

If you are NOT an auditor, and you don’t use PowerPivot, you’re in the same boat with the auditors mentioned above, and it is sinking.

In other words, if you use Excel, you should be learning Excel PowerPivot. It’s that big.

Let me explain why.

NOTE: I updated this post quite a bit with new info…

Continue reading

13 Comments

Filed under Audit, Data Analytics, Excel, Free, Technology

Make Audits Easier, More Effective in the New Year

I previously blogged about some audit tips that make audits later in the New Year easier and more effective.

I made some minor updates to the post and am sharing it again.

Audit Tips for the New Year

Leave a comment

Filed under Audit

Auditors, Do Data Analytics or Die

If you’re an auditor, you need data analytic skills or you will die.

Or put another way, if you don’t acquire them in the next 1-5 years, you will no longer be an auditor.

Pretty bold statement, isn’t it?

Continue reading

10 Comments

Filed under Audit, Data Analytics, Employment, Free, Technology, Written by Skyyler

New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.

Continue reading

15 Comments

Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

Mack Falls Prey to Phishing Email

phishing emailIt finally happened: I fell prey to a phishing email.

I actually clicked a link.

At work, no less. Not good.

Continue reading

3 Comments

Filed under Audit, Employment, Humor/Irony

Some of my Favorites

Since some of you are newer to the blog, I thought I’d bring a couple of my favorite posts to your attention.

Continue reading

Leave a comment

Filed under ACL, Audit, How to..., Security, Technology, Top 10

ACL Import Fails, No Error?

import errorToday I was adding a new table to a scripted ACL project and kept getting an error.

This project automatically opens a folder on the LAN, reads the files in the folder, and loads all of them.

All I did was add one more file to the folder. ACL refused to load that one file.

Syntax error.

WTS?

Continue reading

Leave a comment

Filed under ACL, Audit, Data Analytics, Scripting (ACL), Technology

Transform Data Fast with Excel Flash Fill

Excel Flash Fill, the un-formula filler, formatter, and concatenatorYou can easily use Excel’s Flash Fill tool to transform data fast, without formulas.

Did you catch that? Without formulas!

Flash Fill has been around a few years, but few people, including auditors, seem to be aware of it.

This tool is so easy to use, you could learn it AND teach it to your mom in 4 minutes. Really.

Continue reading

5 Comments

Filed under Audit, Data Analytics, Excel, How to...

Dilbert Does Big Data

Dilbert does Big Data
If you like Dilbert cartoons or big data, you might enjoy Dilbert’s adventures in data analysis, data mining, data privacy, security, and dealing with a dumb manager.

Continue reading

Leave a comment

Filed under Audit, Data Analytics, Humor/Irony

How to Describe What an IT Auditor Does?

IT auditor shot serverIf you’re an IT auditor, how do you describe your job to those who don’t understand technology or auditing? Even more interesting, how do others describe your activities?

Here’s what I say, but I’m not satisfied with it:

I review computer systems and networks to determine whether they are secure and that access to those systems is limited to the appropriate people.

I review the policies and procedures that describe how those systems are used and determine whether those documents make sense, are up-t0-date, and are followed.

Continue reading

15 Comments

Filed under Audit, Employment, Humor/Irony, Technology

FREE CISA Exam Practice Questions

cisa study guide, tipsIf you’re looking for FREE practice questions for the CISA exam, I found a good resource.

The site provides over 900 questions for you to test yourself.

Continue reading

35 Comments

Filed under Audit

Behind Locked Doors: Conclusion

office doorMost of the team deployed to the 2 departments and started emptying wastebaskets in the ‘wastebasket audit‘ exercise, collecting all the trash in large carts on wheels.

Two others were posted as look-outs in the main hallways outside the target department.

I carried my black bag of tools and approached THE door.

I pulled out my favorite flat-head screwdriver. Originally, I was going to remove the closing arm at the top of the door and then pry the hinge pins out of the hinges.

This is the fifth and final post in a series. See the previous post, Behind Locked Doors: Part 4. Start with Behind Locked Doors: Part 1.

Continue reading

4 Comments

Filed under Audit, Case Files, fraud, Security, Technology

Behind Locked Doors: Part 4

office doorI had to get that database fast.

After a long security team meeting, garnished with lots of pepperoni and green olive pizza, we divided the staff into 2 teams.  Team A started scanning and probing the target department’s servers in search of vulnerabilities that would provide us with admin access over the network.

Team B started planning a physical intrusion in case Team A failed.

After a couple hours, I was notified that the vulnerability team came up short. None of the identified vulnerabilities could be used to escalate our permissions.

A member of the physical intrusion team called maintenance and requested help from a specific maintenance guy: Zeke. The security team member said that we “needed Zeke’s help locating an electrical breaker panel” in a certain department.

This is the fourth post in a series. See Behind Locked Doors: Part 3. The next post will be the conclusion.

Continue reading

Leave a comment

Filed under Audit, Case Files, fraud, Security, Technology

Behind Locked Doors: Part 3

batphoneA couple days after I provided Leeda with access to the suspect’s email, her number flashed on my phone again.

I picked up the phone and said, “Hi, Leeda. Find anything interesting in that guy’s email?” I  knew she wouldn’t tell me much, but I pried anyway. It was second nature.

I could hear the Internal Audit manager’s smile when she said,”Nice try, Mack. You know that street only goes one way, and you’re headed in the wrong direction.”

This is the third post in a series. See Behind Locked Doors: Part 2.

Continue reading

2 Comments

Filed under Audit, Case Files, fraud, Security, Technology

Behind Locked Doors: Part 2

batphoneThis time, it was my turn to call someone for help.

The phone rang half a ring before I heard a familiar “Hello?” on the other end.

“Hi, James, it’s Mack. I need a favor from you, and I need today, before 5 pm.”

“Not urgent, huh?”, James teased.

“Not really, I just need it today. And I need you to keep it quiet,” I warned.

This is the second post in a series. See Behind Locked Doors: Part 1.

Continue reading

6 Comments

Filed under Audit, Case Files, fraud, Security, Technology

Behind Locked Doors: Part 1

batphoneIt all started when the phone rang, which was typical.

Typical in the days when I was a security manager…

“Information Security, Mack here,” I said, as I continued to read the magazine in front of me.

“Hey Mack, this is Leeda. I need your help,” the voice said, as my mind started coming back online.

Leeda was a manager in Internal Audit; when I heard from her, it usually meant I had to carve a few weeks out of my schedule. Fast.

Continue reading

3 Comments

Filed under Audit, Case Files, fraud, Security, Technology

Quotes of the Weak (NOT)

Over the years, I think that Skyyler and I have penned some pretty funny lines.

If you’re in the mood for some humor, read on and discover why these lines appeared in these posts.

Usually, we were making a serious point in a comical way.

Continue reading

8 Comments

Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler

Check Excel Data for Blank and Invalid Values (Part 1 – Dropdown)

basic data analytics1You can check for blank and invalid data in Excel several ways.

Depending on the size of the file and your preferences, you can either scroll through the dropdown list, sort each column from A to Z and then Z to A, or apply a filter.

Sometimes, you need to use a combination of these methods.

It’s important to know how these methods treat data differently and to be aware of their limitations.

Continue reading

3 Comments

Filed under Audit, Data Analytics, Excel, How to...