To create a successful analytics program in internal audit, you must have a plan. A plan that points to analytic North.
That requires WRITTEN goals.
In an earlier post I outlined 10 Signs Mgmt Doesn’t Really Support Analytics.
One of the signs that indicates management isn’t really serious about analytics is that management does not require every staff member to have measurable analytic goals.
Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
- “Deficiencies, even in our security technologies, are an unfortunate fact of life,” says Shipley.
If you work in information security or IT audit (and I don’t mean IT SOX audit), I’d advise you to carry a “get-out-of-jail” (GOOJ) card at all times. In short, get permission before you do your dirty work.
Filed under Audit, Security