If YOUR audit department doesn’t embrace data, analytics, and automation eventually, your audit department will NOT exist.
No data, no analytics. No analytics, no automation. Eventually, no audit department.
Editor Note: This post really applies to all departments in a company, but mainly I’m addressing auditors, but you might want to read between the business lines….
By embrace, I don’t mean have one or two auditors working on this. I mean the entire department.
Before you cite all the regulatory requirements mandating the existence of an audit department in companies, having an audit department in name only won’t cut it.
Having an inept audit department will not be acceptable to regulators, and it shouldn’t be acceptable to company management either. Or Audit Committees!
Companies need skilled and efficient auditors that can do the heavy lifting, and this need will only increase.
Continue reading →
Filed under Audit, Data Analytics, Employment, Technology, Written by Skyyler
Tagged as Audit, audit committee, automation, business, CAE, dashboard, data, department, die, integrated, irrelevant, model, process, quality, query, regulatory, relevant, requirement, unfaithful
If you probe networks, systems, and applications, you need a GOOJ card to protect yourself and your job.
In How to Stay Out of Jail, I recommended that anyone who scans, probes, or pokes networks, systems, or devices should always carry a get-out-of-jail (GOOJ) card. I also provided some reasons why such a card is critical.
Continue reading →
Filed under Audit, How to..., Security, Technology
Tagged as administrative access, application, audit committee, configuration, cracking, dumpster diving, encryption, exploits, forced entry, GOOJ, impersonation, investigations, logging, monitoring, network, probe, scanner, Security, sniffer, social engineering, system, tools, vulnerabilities, weaknesses