Tag Archives: auditor

New IT Auditors Should Start Here

new-auditorIf you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.

These posts will:

  1. Provide basic information regarding IT audit and security and links to other sources.
  2. Help you avoid some of the hidden pitfalls that control owners and auditors face.
  3. Give you ideas and approaches for some common and uncommon audits.
  4. Give you a few chuckles.

If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, yoo could bookmark the list and work your way through it as you have time.

Continue reading

13 Comments

Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology

Hiring Auditors Who Can Think

Nthinkorman Marks, of the Institute of Internal Auditors, likes to hire auditors who can think.

You should too.

How does he do it?

Continue reading

5 Comments

Filed under Audit, Employment, How to...

Jacka’s Most Interesting and Geeky Auditor

If you’re in the mood for auditor humor (is that an oxymoron?), the IIA’s Mike Jacka has something for you.

Continue reading

1 Comment

Filed under Audit, Humor/Irony

CISA vs. CIA Certification

cisa study guide, tipsIf you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?

Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.

Continue reading

165 Comments

Filed under Audit, Certification, Security, Technology

Plan to Test the Test Plan

Always test the test plan and make sure it actually tests the control or risk being assessed. And make sure the tester (especially when you are observing the tester rather than performing the test yourself) actually follows the test plan.

During a segregation of duties (SOD) test for an expense report approval system, an auditor was observing a client perform a test.  The client was supposed to enter his user ID into the Approver field to demonstrate that he could not approve his own expense report.

Continue reading

2 Comments

Filed under Audit

How to Kill an Auditor

You can kill an auditor in 10 easy steps. If you’re a manager, it’s even easier. Here’s how:

1. Insist that all periods are followed by 2 spaces. Those days are long gone and so are typewriters. But some managers who review workpapers still insist on this. No kidding!

A little help for non-auditors: a workpaper describes 1) the control being tested, 2) the steps used to select samples and perform the test, 3) the evidence gathered and how it was analyzed, 4) the conclusion, and if the test failed, usually 5) a broad recommendation of what might be done to resolve it.

2. When reviewing workpapers electronically, question an obvious mistake instead of correcting it. For example, I numbered my test steps 1, 2, 3, 5. Just fix it and move on. Don’t waste your time and mine writing things like “is this number correct?” and then sending it back to me to fix it, especially when it’s the only correction in the workpaper. Just fix it! If multiple errors exist, say something to me or send it back and ask me to review all numbers and references.  By pointing out a single error, you are wasting shareholder dollars. I sure hope you feel better now!

Continue reading

7 Comments

Filed under Audit, How to..., Written by Skyyler

More on Hating Auditors

Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again.  Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.

Auditors that do the following are “hated”…

Continue reading

4 Comments

Filed under Audit