My Python Journey, Part 2

In my previous Python post, I described the first steps of my python journey.

In this post, I want to respond to Grant’s comments that he left here re: auditors getting into programming, and specifically python.

[For my readers who don’t know, Grant is the founder, President and Chief Architect of Arbutus Software Inc, which specializes in audit analytics (he usually doesn’t mention that he was involved in writing the first versions of ACL too).

So his words have experience to back them up, and while I’m flattered he pops in here and there to comment on my little blog, I don’t hesitate to disagree with him occasionally .]

Continue reading →

Software Components NOT Removed from Servers

While installing and configuring some new software on my Windows server, I noticed that the IT department forgot to remove some previous software components from my server.

I remember seeing the notice that the software was being uninstalled and replaced by another package.

I could have removed the left over components myself (I am admin on the server), but I wanted to see if they would ever be removed. Did the Windows server team forget about this, or did the team not concern itself with such things? Maybe the procedures don’t include a process to ensure all components are removed.

I waited about 2 months, but the components were not removed.

Continue reading →

A Sneaky Way to Analyze IT Controls

When auditors need to identify and understand IT controls, they search the company intranet, review policies, look for Github repositories, review inventories, schedule meetings, and analyze IT asset data.

I stumbled on a better way to get insight into the IT controls in my company, and I didn’t have to email anyone, do any research, or frankly, anything outright. The IT controls came after me.

Fortunately, the IT controls were blind to the fact that I am an IT auditor. To them, I was just an ordinary bloke. But that didn’t last long (more on that later).

It Began a Few Years Back

It all started a couple years ago when I was building the infrastructure required to support our data analytic efforts in internal audit.

Continue reading →

Careers After IT Auditing

Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).

I couldn’t find much on the Internet on this topic, but there’s a lot of options.

I’ve actually worked in quite a few of the areas mentioned below…

Continue reading →

Why Hate Auditors?

If you’re an auditor, you’re most likely not the most popular person around, at least in most companies. Unfortunately, auditors are hated (I don’t think that’s too strong a word in some circles) for a number of reasons, as noted below. Fortunately, most of them are avoidable.

• SOX is a waste of time. For most auditees, SOX takes a lot of valuable time away from accomplishing the “real work” of keeping the business running. When you hear this complaint, it usually means one or more of the following is true: Continue reading →