As an auditor, I am told all the time by the business that “we have a current project plan that is addressing that risk”, which implies that I shouldn’t waste everyone’s time writing up an audit issue regarding the problem.
It means that the risk isn’t as big as it appears.
Really?
Filed under Audit, Case Files, Humor/Irony, Quote of the Weak, Security
The other day I was in a meeting to discuss a new analytics project and discovered the team had no end goal.
When the discussion started with the software to be used, I knew they were already off track.
Filed under Audit, Case Files, Data Analytics, Humor/Irony, Quote of the Weak
It seems to me that auditing as a profession is not full of critical thinkers, much less thinkers.
If you read my last post about auditor judgment, I’m struggling with some of the junior auditors that I’m working with.
But I’m also struggling with quite a few of the senior auditors that I work with, those that are my peers (which means they peer at what I’m doing and how I’m doing it and then continue on their merry paths).
I came to this opinion based on most of the auditors I’ve met through the years across many companies, small and big, and across sectors, including public service. And also by the many articles calling for the profession to do more critical thinking, and yes, it is needed.
But let’s start with plain old thinking (walk before run).
Filed under Audit, Data Analytics, Excel, Humor/Irony, Technology
We recently acquired a new data analysis tool in our department, which prompted some of our newbie auditors to share their misunderstanding of auditor judgment and basic data analysis.
A group of less experienced and newer auditors were selected to try out the new tool before it was rolled out department-wide.
If you’re not familiar with my ‘Quote of the Weak’ series, I described it briefly in About. For a list of posts in this series, see here. If you haven’t seen one of these posts before, it’s because I haven’t had one in a while…
Filed under Audit, Data Analytics, Humor/Irony, Quote of the Weak, Technology
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology
About a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.
Let me first give you a little background….
I worked for a great IT director, who moved to another company, much bigger, and brought me with him.
In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.
If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.
Filed under Case Files, Humor/Irony, Security, Security Scout, Technology
It finally happened: I fell prey to a phishing email.
I actually clicked a link.
At work, no less. Not good.
Filed under Audit, Employment, Humor/Irony
If you like Dilbert cartoons or big data, you might enjoy Dilbert’s adventures in data analysis, data mining, data privacy, security, and dealing with a dumb manager.
Filed under Audit, Data Analytics, Humor/Irony
If you’re an IT auditor, how do you describe your job to those who don’t understand technology or auditing? Even more interesting, how do others describe your activities?
Here’s what I say, but I’m not satisfied with it:
I review computer systems and networks to determine whether they are secure and that access to those systems is limited to the appropriate people.
I review the policies and procedures that describe how those systems are used and determine whether those documents make sense, are up-t0-date, and are followed.
Filed under Audit, Employment, Humor/Irony, Technology
Over the years, I think that Skyyler and I have penned some pretty funny lines.
If you’re in the mood for some humor, read on and discover why these lines appeared in these posts.
Usually, we were making a serious point in a comical way.
Filed under Audit, Humor/Irony, Quote of the Weak, Security, Technology, Written by Skyyler
And in unprotected documents.
Lots of passwords. Lots of documents. Lots of easy access.
Filed under Audit, Humor/Irony, Security
If you’re in the mood for auditor humor (is that an oxymoron?), the IIA’s Mike Jacka has something for you.
Filed under Audit, Humor/Irony
While commenting on AuditMonkey’s blog, I noted that because companies often don’t do the right thing, auditing is a noble profession.
Mainly because we can right some of those wrongs.
Then I said…
Filed under Audit, Humor/Irony, Quote of the Weak
If you need to read about how to be an irritating auditor, you obviously haven’t been auditing very long. According to most auditees, that quality comes with the territory, right? I hope not!
Filed under Audit, How to..., Humor/Irony
Here’s my list of the top 10 reasons to be an IT auditor:
10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.
9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).
Filed under Audit, Humor/Irony, Technology, Top 10
Recently I was having a problem with my phone connecting to another device, and I tried almost everything, including reconfiguring my phone and the other device. Finally, I decided to reboot my phone, and suddenly my phone connected. Perhaps the device configuration + phone reboot was what it needed, but I now wonder if the phone reboot alone would have done the trick and saved me a lot of unnecessary work. The problem is, I won’t know unless it happens again.
Filed under Humor/Irony
I recently found a Sarbanes-Oxley (SOX) Space Lazer (sic) on a network security diagram. No kidding. The following items also appeared:
Filed under Humor/Irony, Security, Technology
May is Audit Awareness Month, so if you want to host an event to promote audit at your organization, you’re short on time.
I wrote about this last year, and all the links on that post are still good, so see May = Audit Awareness Month for ideas.
Hey, I’m recycling last year’s post, so this must be a GREEN blog!
Filed under Audit, Humor/Irony
If you have any idea of who Bruce Schneier is, you have to check out http://www.schneierfacts.com/. It is useless funny facts about Bruce a la Chuck Norris. Try not to LOL.
Filed under Humor/Irony, Security
I found some really pathetic password help pages on a company’s intranet while I was there visiting.
This is a large company that most people would recognize, and it is subject to plenty of government regulations. Overall, I’ve heard the security is pretty tight, but since I’ve never worked there, I can’t speak from experience. Except, that is, the experience I mentioned in an earlier post, Randomly Generate Weak Passwords. Perhaps all their security is what Bruce Schneier likes to call “security theater.”
Filed under Audit, Humor/Irony, Security, Security Scout
I was in a hurry, trying to print out a bridal registry list from a kiosk in a well-known store. I punched in the bride’s name and the list popped up. I pressed the PRINT button on the screen. The first page appeared as expected, but then things became a little more interesting.
Filed under Humor/Irony, Technology
I found a great graphic that documents the main steps in a typical IT audit. If you don’t find this funny, please tell me why. Check it out here.
Filed under Audit, Humor/Irony
Back in September, two audit groups shook hands…
IIA and ISACA signed a formal memorandum of understanding (MOU), which means they’ll scratch each others’ back. The IIA’s president, Richard Chambers, explains what it means for the future in his blog.
Notice that both CEOS are listed at the bottom of the memo and that one of them is void of certifications…
Filed under Audit, Humor/Irony
I was at a client’s site looking for more contract work when the manager of the department started telling me about their great IT security website on their Intranet. She clicks on their random generator password page and shows me how you can generate a block of “approved” passwords, sanctioned by their security department. At the top of the page, a banner read: Select a Strong Password!
Filed under Humor/Irony, Security, Security Scout
Remember my post about the High Cost of 401K Accounts? My blog must have a wider reach than I realize, because someone at the trust company took my advice, and I received a check in the mail.
Filed under Humor/Irony
Whether you’re new to this blog or not, you might have missed a few good posts. Here’s some links and short descriptions.
Schneier’s Security Trade-offs – Security expert Bruce Schneier’s 5 questions for assessing the security process of anything.
Filed under Humor/Irony, Security
Some people do not understand that both diamonds and the Internet are forever. I found this statement in a discussion on LinkedIn:
I am excited about 2 interviews next week even though I’m not fully qualified for either one.
Filed under Employment, Humor/Irony, Quote of the Weak, Security
Who thinks the IIA is stuffy? No one, if Mike Jacka has anything to say about it…
A song to be sung to auditees…
Filed under Audit, Humor/Irony
I landed on KAUDITOR’s Auditing and Accounting blog and found this joke:
Kenny, an accountant, who just joined the big 4, was having a hard time sleeping and goes to see his private doctor. “Doctor, I just can’t get to sleep at night.”
Filed under Humor/Irony
A colleague of mine is doing some testing for an audit director that changes her mind frequently on how to deal with audit findings. Occasionally, she is all about nailing control owners who do not have all their ducks groomed and in a row. At other times, she pushes Audit to work as hard as possible to pass all controls.
Filed under Audit, Humor/Irony, Quote of the Weak
A friend of mine heard this one and passed it on to me:
Auditors are those who get to the battlefield after the war is over and stab the wounded.
Filed under Humor/Irony, Quote of the Weak
Thanks to TycoonBlogger (my favorite “blogging” blogger), I finally know what this blog is about.
Based on his Find out your blog’s personality type post, I found and ran the Typealyzer tool against my blog. It analyzes a blog and provides its Myers- Briggs Type. Here’s what it said about this blog:
The analysis indicates that the author of https://itauditsecurity.wordpress.com/ is of the type:
Filed under Blogging, Humor/Irony
During the Olympics, an advertisement for a medication for treating major depressive disorder (MDD) caught my attention. It aired appropriately after I became depressed that Apollo Ohno was disqualified in the speed skating short track:
Filed under Audit, Humor/Irony, Quote of the Weak
Stupid Spam Comments 2
Like most bloggers, I get really stupid spam comments. Fortunately, the spam filter or widget, Akismet, has caught everyone one I’ve received so far. As a result of the filter, I was able to make my blog more comment-friendly (I’d love to tell you all about it, but that would only invite more spam, and I like bacon a bit more).
Continue reading →
Share this:
Like this:
Leave a comment
Filed under Blogging, Humor/Irony
Tagged as akismet, bacon, blog comment, filter, john paul aguiar, spam