When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.
I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.
Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).
It Began a Few Years Back
It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.
Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
If you’re an auditor, you’re most likely not the most popular person around, at least in most companies. Unfortunately, auditors are hated (I don’t think that’s too strong a word in some circles) for a number of reasons, as noted below. Fortunately, most of them are avoidable.
- SOX is a waste of time. For most auditees, SOX takes a lot of valuable time away from accomplishing the “real work” of keeping the business running. When you hear this complaint, it usually means one or more of the following is true: Continue reading