I thought I’d lead you on a backward journey to explore some of my favorite posts. Just for fun, notice the year some of these posts were written.
I’ve picked several posts that are a bit different from each other. Most likely, you haven’t seen most of these posts.
Filed under ACL, Audit, Case Files, How to..., Humor/Irony, Quote of the Weak, Security Scout, Technology
For the past few years, I’ve been outspoken about auditors that 1) don’t do much data analysis, OR 2) rely only on tools like ACL, IDEA, Arbutus, and the like to do their data analysis.
In this post, I’m going to provide some reasons auditors should not rely on only on these tools. I’ve dealt with this before, but I want to look at it from some different angles.
In this post, I’m speaking only to auditors, as they alone are called to audit the technology and processes their companies use.
In this post, when I mention ‘ACL+’, I am referring to ACL, IDEA, Arbutus, and any other tool that typically only auditors use. I’m also including ACL ‘Robotics’ in this list.
In this post, I’m going to step on people’s toes, but my readers should be used to that by now.
Filed under ACL, Audit, Data Analytics, Data Science, Excel, Machine Learning, Python, Scripting (ACL), Technology
If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, you could bookmark the list and work your way through it as you have time.
Filed under Audit, Certification, Employment, Excel, Free, How to..., Humor/Irony, Technology
N
orman Marks, of the Institute of Internal Auditors, likes to hire auditors who can think.
You should too.
How does he do it?
Filed under Audit, Employment, How to...
If you’re in the mood for auditor humor (is that an oxymoron?), the IIA’s Mike Jacka has something for you.
Filed under Audit, Humor/Irony
If you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?
Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.
Filed under Audit, Certification, Security, Technology
You can kill an auditor in 10 easy steps. If you’re a manager, it’s even easier. Here’s how:
1. Insist that all periods are followed by 2 spaces. Those days are long gone and so are typewriters. But some managers who review workpapers still insist on this. No kidding!
A little help for non-auditors: a workpaper describes 1) the control being tested, 2) the steps used to select samples and perform the test, 3) the evidence gathered and how it was analyzed, 4) the conclusion, and if the test failed, usually 5) a broad recommendation of what might be done to resolve it.
2. When reviewing workpapers electronically, question an obvious mistake instead of correcting it. For example, I numbered my test steps 1, 2, 3, 5. Just fix it and move on. Don’t waste your time and mine writing things like “is this number correct?” and then sending it back to me to fix it, especially when it’s the only correction in the workpaper. Just fix it! If multiple errors exist, say something to me or send it back and ask me to review all numbers and references. By pointing out a single error, you are wasting shareholder dollars. I sure hope you feel better now!
Filed under Audit, How to..., Written by Skyyler
Previously I’ve discussed why auditors are hated and how auditors can be lovable. But when I saw a Q & A in the ISACA journal about hating auditors, I had to dive in again. Here’s the gist of the article, with my comments in italics. Although there’s some similarity to the posts I’ve mentioned above, they take a slightly different tack through the audit seas.
Auditors that do the following are “hated”…
Filed under Audit
Remember the Security Scout adventure where I roamed the basement of a major bank and found questionable security issues? If you missed it or need a refresher, read Major Bank Invites Hackers In?
Guess what happened at the bank?
Filed under Audit, Security, Security Scout
I landed on KAUDITOR’s Auditing and Accounting blog and found this joke:
Kenny, an accountant, who just joined the big 4, was having a hard time sleeping and goes to see his private doctor. “Doctor, I just can’t get to sleep at night.”
Filed under Humor/Irony
The SANS Audit Advice and Resources* website has a free checklists section:
6 VMWare Settings Every IT Auditor Should Know About
5 Things Every IT Auditor Needs to Know About: SSH Configuration
The Life of an Auditor blog has this resignation letter, supposedly left by a PWC auditor, on that fateful last day. Whether it’s real or fictional, some days are really like this, aren’t they?
Check it out:
As many of you now know this friday will be my last day with PwC so I wanted to say good bye and thank you for everything. My decision to leave was not a snap decision as it may have seemed but a well thought out process.
Filed under Audit, Humor/Irony
If you’re an auditor, you’re most likely not the most popular person around, at least in most companies. Unfortunately, auditors are hated (I don’t think that’s too strong a word in some circles) for a number of reasons, as noted below. Fortunately, most of them are avoidable.
Filed under Audit
I’m still thinking about the IT auditor interviews I did recently. Not only did I get frustrated with the interviewees, I struggled with my co-interviewers. I not only thought some of their questions were poor, but they branded me a “tough interviewer.”
Filed under Audit, Employment
A few weeks ago, I did several phone interviews and concluded that no abundance of skilled IT auditors are looking for jobs these days.
First, isn’t the purpose of the interview to determine what a person’s experience is, and whether that experience is a good match for the position? At least 3 of the interviewees provided negative information about themselves unexpectedly:
Filed under Audit, Employment, Humor/Irony
Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.
ITauditSecurity 